Fix BLE semaphore leak in Bluefruit library

Patches Bluefruit library to fix semaphore leak bug that causes device lockup when BLE central disconnects unexpectedly (e.g., going out of range, supervision timeout). Co-authored-by: Liam Cottle <[email protected]> Co-authored-by: oltaco <[email protected]>
6 months ago · 1a3f7a7ea9
2 changed files with 201 additions and 1 deletions
--- a/arch/nrf52/extra_scripts/patch_bluefruit.py
+++ b/arch/nrf52/extra_scripts/patch_bluefruit.py
@ -0,0 +1,198 @@
 """
 Bluefruit BLE Patch Script
 Patches Bluefruit library to fix semaphore leak bug that causes device lockup
 when BLE central disconnects unexpectedly (e.g., going out of range, supervision timeout).
 Patches applied:
 1. BLEConnection.h: Add _hvn_qsize member to track semaphore queue size
 2. BLEConnection.cpp: Store hvn_qsize and restore semaphore on disconnect
 Bug description:
 - When a BLE central disconnects unexpectedly (reason=8 supervision timeout),
  the BLE_GATTS_EVT_HVN_TX_COMPLETE event may never fire
 - This leaves the _hvn_sem counting semaphore in a decremented state
 - Since BLEConnection objects are reused (destructor never called), the
  semaphore count is never restored
 - Eventually all semaphore counts are exhausted and notify() blocks/fails
 """
 from pathlib import Path
 Import("env")  # pylint: disable=undefined-variable
 def _patch_ble_connection_header(source: Path) -> bool:
    """
    Add _hvn_qsize member variable to BLEConnection class.
    This is needed to restore the semaphore to its correct count on disconnect.
    Returns True if patch was applied or already applied, False on error.
    """
    try:
        content = source.read_text()
        # Check if already patched
        if "_hvn_qsize" in content:
            return True  # Already patched
        # Find the location to insert - after _phy declaration
        original_pattern = '''    uint8_t  _phy;
    uint8_t  _role;'''
        patched_pattern = '''    uint8_t  _phy;
    uint8_t  _hvn_qsize;
    uint8_t  _role;'''
        if original_pattern not in content:
            print("Bluefruit patch: WARNING - BLEConnection.h pattern not found")
            return False
        content = content.replace(original_pattern, patched_pattern)
        source.write_text(content)
        # Verify
        if "_hvn_qsize" not in source.read_text():
            return False
        return True
    except Exception as e:
        print(f"Bluefruit patch: ERROR patching BLEConnection.h: {e}")
        return False
 def _patch_ble_connection_source(source: Path) -> bool:
    """
    Patch BLEConnection.cpp to:
    1. Store hvn_qsize in constructor
    2. Restore _hvn_sem semaphore to full count on disconnect
    Returns True if patch was applied or already applied, False on error.
    """
    try:
        content = source.read_text()
        # Check if already patched (look for the restore loop)
        if "uxSemaphoreGetCount(_hvn_sem)" in content:
            return True  # Already patched
        # Patch 1: Store queue size in constructor
        constructor_original = '''  _hvn_sem   = xSemaphoreCreateCounting(hvn_qsize, hvn_qsize);'''
        constructor_patched = '''  _hvn_qsize = hvn_qsize;
  _hvn_sem   = xSemaphoreCreateCounting(hvn_qsize, hvn_qsize);'''
        if constructor_original not in content:
            print("Bluefruit patch: WARNING - BLEConnection.cpp constructor pattern not found")
            return False
        content = content.replace(constructor_original, constructor_patched)
        # Patch 2: Restore semaphore on disconnect
        disconnect_original = '''    case BLE_GAP_EVT_DISCONNECTED:
      // mark as disconnected
      _connected = false;
    break;'''
        disconnect_patched = '''    case BLE_GAP_EVT_DISCONNECTED:
      // Restore notification semaphore to full count
      // This fixes lockup when disconnect occurs with notifications in flight
      while (uxSemaphoreGetCount(_hvn_sem) < _hvn_qsize) {
        xSemaphoreGive(_hvn_sem);
      }
      // Release indication semaphore if waiting
      if (_hvc_sem) {
        _hvc_received = false;
        xSemaphoreGive(_hvc_sem);
      }
      // mark as disconnected
      _connected = false;
    break;'''
        if disconnect_original not in content:
            print("Bluefruit patch: WARNING - BLEConnection.cpp disconnect pattern not found")
            return False
        content = content.replace(disconnect_original, disconnect_patched)
        source.write_text(content)
        # Verify
        verify_content = source.read_text()
        if "uxSemaphoreGetCount(_hvn_sem)" not in verify_content:
            return False
        if "_hvn_qsize = hvn_qsize" not in verify_content:
            return False
        return True
    except Exception as e:
        print(f"Bluefruit patch: ERROR patching BLEConnection.cpp: {e}")
        return False
 def _apply_bluefruit_patches(target, source, env):  # pylint: disable=unused-argument
    framework_path = env.get("PLATFORMFW_DIR")
    if not framework_path:
        framework_path = env.PioPlatform().get_package_dir("framework-arduinoadafruitnrf52")
    if not framework_path:
        print("Bluefruit patch: ERROR - framework directory not found")
        env.Exit(1)
        return
    framework_dir = Path(framework_path)
    bluefruit_lib = framework_dir / "libraries" / "Bluefruit52Lib" / "src"
    patch_failed = False
    # Patch BLEConnection.h
    conn_header = bluefruit_lib / "BLEConnection.h"
    if conn_header.exists():
        before = conn_header.read_text()
        success = _patch_ble_connection_header(conn_header)
        after = conn_header.read_text()
        if success:
            if before != after:
                print("Bluefruit patch: OK - Applied BLEConnection.h fix (added _hvn_qsize member)")
            else:
                print("Bluefruit patch: OK - BLEConnection.h already patched")
        else:
            print("Bluefruit patch: FAILED - BLEConnection.h")
            patch_failed = True
    else:
        print(f"Bluefruit patch: ERROR - BLEConnection.h not found at {conn_header}")
        patch_failed = True
    # Patch BLEConnection.cpp
    conn_source = bluefruit_lib / "BLEConnection.cpp"
    if conn_source.exists():
        before = conn_source.read_text()
        success = _patch_ble_connection_source(conn_source)
        after = conn_source.read_text()
        if success:
            if before != after:
                print("Bluefruit patch: OK - Applied BLEConnection.cpp fix (restore semaphore on disconnect)")
            else:
                print("Bluefruit patch: OK - BLEConnection.cpp already patched")
        else:
            print("Bluefruit patch: FAILED - BLEConnection.cpp")
            patch_failed = True
    else:
        print(f"Bluefruit patch: ERROR - BLEConnection.cpp not found at {conn_source}")
        patch_failed = True
    if patch_failed:
        print("Bluefruit patch: CRITICAL - Patch failed! Build aborted.")
        env.Exit(1)
 # Register the patch to run before build
 bluefruit_action = env.VerboseAction(_apply_bluefruit_patches, "Applying Bluefruit BLE patches...")
 env.AddPreAction("$BUILD_DIR/${PROGNAME}.elf", bluefruit_action)
 # Also run immediately to patch before any compilation
 _apply_bluefruit_patches(None, None, env)
--- a/platformio.ini
+++ b/platformio.ini
@ -79,7 +79,9 @@ extends = arduino_base
 platform = nordicnrf52
 platform_packages =
  framework-arduinoadafruitnrf52 @ 1.10700.0
-extra_scripts = create-uf2.py
+extra_scripts = 
  create-uf2.py
  arch/nrf52/extra_scripts/patch_bluefruit.py
 build_flags = ${arduino_base.build_flags}
  -D NRF52_PLATFORM
  -D LFS_NO_ASSERT=1