I'm using the DFU bootloader from the nRF5 SDK 15.0.0. To initialise the DFU service from the application the ble_dfu_buttonless_async_svci_init() function from the nRF5 SDK is invoked (there's a different implementation compiled in depending on whether bonded or unbonded DFU is used).
The ble_dfu_buttonless_async_svci_init() function uses nrf_dfu_svci_vector_table_set() to temporarily redirect interrupts to the bootloader so that DFU SVC calls can be made. If an interrupt in the application occurs during this temporary vector table redirection, an interrupt handler inside the bootloader ends up being called rather than the expected interrupt handler from the application.
There are two cases in the ble_dfu_buttonless_async_svci_init() function which I think could be improved:
- A critical section should surround temporary redirection of the vector table so that interrupts occurring during DFU SVC calls do not result in unwanted interrupts being handled by the bootloader instead of the main application.
- The error handling inside the ble_dfu_buttonless_async_svci_init() function should be improved, removing the early returns occurring in the VERIFY_SUCCESS() macro. Currently, if an error occurs in one of the DFU SVC calls (eg if nrf_dfu_set_peer_data_init() returns a non-zero error code), then the ble_dfu_buttonless_async_svci_init() function will return with an error code, but the interrupt vector table redirection will still be in place.
I've attached a patch file which shows how these issues could be addressed.
NOTE: I haven't tested this patch in its current form so further review will be necessary.
