• State TI Thinks Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 51 subscribers
  • Views 378 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2642R: Calling gapBondMgrReadBondRec() causes Hwi exception at next disconnection

Shuyang Zhong
Expert 4870 points
Part Number: CC2642R
Other Parts Discussed in Thread: SYSCONFIG

SDK: simplelink_cc13xx_cc26xx_sdk_7_10_02_23

I am following the BLE5-Stack User's Guide to extract bonding information in simple_peripheral to aquire the IRK. I followed the "Extract Bonding Information" chapter to call 

gapBondMgrReadBondRec() in SimplePeripheral_processPairState -> case GAPBOND_PAIRING_STATE_BOND_SAVED, the IRK was successfully displayed after bonding with a cellphone.

But when the cellphone disconnected with the peripheral, the peripheral entered Error_raiseX. The ROV showed that an Hwi exception occured:

I'm not sure what caused this issue. Please help review my code changes and suggest if my implementation has a problem or the stack has an issue under this use case. I attached my simple_peripheral.c as below. I also disabled the "Send Parameter Update Request" option in SysConfig to make it quicker to bond.

simple_peripheral.c.txt

Best regards,

Shuyang

  • 0
    TI__Guru** 101450 points

    Hi Shuyang,

    Thank you for reaching out.

    I am afraid I could not identify the issue by reading your code.

    In order to go further, could you please follow the "Deciphering CPU Exceptions" chapter of the debugging guide? https://software-dl.ti.com/simplelink/esd/simplelink_cc13xx_cc26xx_sdk/7.10.02.23/exports/docs/ble5stack/ble_user_guide/html/ble-stack-5.x-guide/debugging-index.html#deciphering-cpu-exceptions

    In addition, it would be interesting to assess whether some subsets of the code you have implemented (I was especially thinking about the "Display_printf" instruction) could be impacting the behavior here.

    Best regards,

  • 0 in reply to Clément
    TI__Expert 4870 points

    Hi Clement,

    I think I have been able to locate the problem. In gapBondMgrReadBondRec() it calls osal_snv_read to read out the characteristic configuration to charCfg, the size of this variable should be sizeof(gapBondCharCfg_t) * gapBond_maxCharCfg:

        // Load the characteristic configuration
    VOID osal_snv_read(GATT_CFG_NV_ID(idx), sizeof(gapBondCharCfg_t) * gapBond_maxCharCfg, charCfg);

    However in the demo code from BLE5-Stack User's Guide, the input variable charCfg for gapBondMgrReadBondRec() is just a variable of struct gapBondCharCfg_t:

    static gapBondCharCfg_t charCfg;

uint8_t readStatus = FAILURE;
readStatus = gapBondMgrReadBondRec(pPeerAddrType,
                                   peerDeviceAddr,
                                   &pSavedBondRec,
                                   &pLocalLtk,
                                   &pPeerLtk,
                                   pPeerIRK,
                                   pPeerSRK,
                                   pPeerSignCount,
                                   &charCfg);

    This mismatched variable size leads to the variable next to charCfg be overwritten unintentionally, in my case paramUpdateList, and ends up with the bus fault when paramUpdateList is read in SimplePeripheral_clearPendingParamUpdate.

    I have a simple fix by changing charCfg to an array of 4 before calling gapBondMgrReadBondRec(), where 4 equals the static variable gapBond_maxCharCfg in gapbondmgr.c. This may not be elegant but it fixed the hardfault.

    static gapBondCharCfg_t charCfg[4]; // 4 = gapBond_maxCharCfg in gapbondmgr.c

uint8_t readStatus = FAILURE;
readStatus = gapBondMgrReadBondRec(pPeerAddrType,
                                   peerDeviceAddr,
                                   &pSavedBondRec,
                                   &pLocalLtk,
                                   &pPeerLtk,
                                   pPeerIRK,
                                   pPeerSRK,
                                   pPeerSignCount,
                                   //&charCfg);
                                   charCfg);

    In gapbondmgr.c, similar implementation can also be found by allocate memory of sizeof (gapBondCharCfg_t) * gapBond_maxCharCfg for the pointer charCfg:

        // Space to read a char cfg record from NV
    gapBondCharCfg_t *charCfg = (gapBondCharCfg_t *)MAP_osal_mem_alloc( sizeof (gapBondCharCfg_t) * gapBond_maxCharCfg );

    Maybe can we consider to fix the demo code in the chapter of Extract Bonding Information in future SDK release?

    Best regards,

    Shuyang

  • 0 in reply to Shuyang Zhong
    TI__Guru** 101450 points

    Hi Shuyang,

    Thank you for reporting this.

    I have fixed the documentation to avoid future issues.

    Best regards,

  • 0 in reply to Clément
    TI__Expert 4870 points

    Thanks!

    Best regards,

    Shuyang