- 
                Notifications
    You must be signed in to change notification settings 
- Fork 8.1k
Bluetooth: Controller: Fix use-after-release in lll_scan/lll_scan_aux #98024
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Bluetooth: Controller: Fix use-after-release in lll_scan/lll_scan_aux #98024
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR fixes a use-after-release bug in the Bluetooth controller's scanning functionality when using deferred execution for offset calculations. The issue occurs when a prepare parameter passed to mayfly_enqueue goes out of scope before the deferred callback executes.
- Adds persistent storage for prepare parameters in the lll_scanstructure
- Copies required values from stack-allocated parameters to the persistent storage before enqueueing
- Updates variable naming for consistency (retval→ret)
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description | 
|---|---|
| subsys/bluetooth/controller/ll_sw/lll_scan.h | Adds prepare_paramfield tolll_scanstruct underCONFIG_BT_CTLR_SCHED_ADVANCED | 
| subsys/bluetooth/controller/ll_sw/nordic/lll/lll_scan_aux.c | Copies prepare parameters to persistent storage before mayfly enqueue | 
| subsys/bluetooth/controller/ll_sw/nordic/lll/lll_scan.c | Copies prepare parameters to persistent storage and fixes variable naming | 
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
e3e140c    to
    2fe4c21      
    Compare
  
    Fix use-after-release in lll_scan/lll_scan_aux when using mayfly_enqueue to defer execution of the offset calculation using ull_sched_mfy_after_cen_offset_get(). Apply suggestion from @Copilot Signed-off-by: Vinayak Kariappa Chettimada <[email protected]>
2fe4c21    to
    f0a222a      
    Compare
  
    | 
 | 



Fix use-after-release in lll_scan/lll_scan_aux when using mayfly_enqueue to defer execution of the offset calculation using ull_sched_mfy_after_cen_offset_get().
Fixes #97967.