Revert "[nrf noup] bluetooth: conn: Skip buffer ref count check in send_buf"

This reverts commit adb8f4e.

Signed-off-by: Marek Pieta <[email protected]>

Author: MarekPieta

subsys/bluetooth/host/conn.c

@@ -711,27 +711,19 @@ static int send_buf(struct bt_conn *conn, struct net_buf *buf,
 
 	uint16_t frag_len = MIN(conn_mtu(conn), len);
 
-	/* If ATT sent callback is delayed until data transmission
-	 * is done by BLE controller, the transmitted buffer may
-	 * have an additional reference. The reference is used to
-	 * extend lifetime of the net buffer until the data
-	 * transmission is confirmed by ACK of the remote.
+	/* Check that buf->ref is 1 or 2. It would be 1 if this was
+	 * the only reference (e.g. buf was removed from the conn
+	 * tx_queue). It would be 2 if the tx_data_pull kept it on
+	 * the tx_queue for segmentation.
 	 *
-	 * send_buf function can be called multiple times, if buffer
-	 * has to be fragmented over HCI. In that case, the callback
-	 * is provided as an argument only for the last transmitted
-	 * fragment. The `buf->ref == 1` (or 2) check is skipped
-	 * because it's impossible to properly validate number of
-	 * references for the sent fragments if buffers may have the
-	 * additional reference.
-	 *
-	 * Otherwise, check that buf->ref is 1 or 2. It would be 1
-	 * if this was the only reference (e.g. buf was removed from
-	 * the conn tx_queue). It would be 2 if the tx_data_pull
-	 * kept it on the tx_queue for segmentation.
+	 * Allow for an additional buffer reference if callback is
+	 * provided. This can be used to extend lifetime of the net
+	 * buffer until the data transmission is confirmed by ACK of
+	 * the remote.
 	 */
-	__ASSERT_NO_MSG(IS_ENABLED(CONFIG_BT_ATT_SENT_CB_AFTER_TX) || (buf->ref == 1) ||
-			(buf->ref == 2));
+	if (buf->ref > 2 + (cb ? 1 : 0)) {
+		__ASSERT_NO_MSG(false);
+	}
 
 	/* The reference is always transferred to the frag, so when
 	 * the frag is destroyed, the parent reference is decremented.