bluetooth: hci_driver: Fix deadlock in MPSL workq

[PavelVPV]

This PR fixes deadlock in MPSL workq caused by bt_buf_get_rx with
K_FOREVER.

Previously, calling bt_buf_get_rx with K_FOREVER could block
indefinitely if the requested pool had no available buffers. This
blocking affected the MPSL work queue, preventing it from processing
other work items, including critical timeslot events like
MPSL_TIMESLOT_SIGNAL_CANCELLED and MPSL_TIMESLOT_SIGNAL_BLOCKED.

The issue becomes more severe if a background flash operation coincides
with this scenario. Flash operations often execute on the system work
queue (sysworkq), which can delay host work items responsible for
freeing buffers in the RX pool. In such cases:

• Flash operations stall, waiting for a timeslot event from the MPSL
  work queue.
• The MPSL work queue remains blocked by bt_buf_get_rx.
• This results in a deadlock, causing the flash operation to timeout and
  triggering a warning.

This PR modifies the HCI driver to call bt_buf_get_rx with
K_NO_WAIT. If no buffer is immediately available, it relies on a
callback to notify when a buffer is freed. This change ensures the MPSL
work queue remains unblocked, allowing other work items to execute while
waiting for a buffer.

[NordicBuilder]

The following west manifest projects have changed revision in this Pull Request:

Name	Old Revision	New Revision	Diff

✅ All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

[NordicBuilder]

CI Information

^{To view the history of this post, clich the 'edited' button above}
Build number: 6

Inputs:

Sources:

sdk-nrf: PR head: e434180985eba1d76383ab3ddfaacce90ebfc0f8

more details

sdk-nrf:

PR head: e434180985eba1d76383ab3ddfaacce90ebfc0f8
merge base: 658662845a8e4d4cb677800c8d36acfac9176c90
target head (main): 0e43ec203ca7d66c6e4e0a07da76a1ea9f0e99b3
Diff

Github labels

Enabled	Name	Description
	ci-disabled	Disable the ci execution
✅	ci-all-test	Run all of ci, no test spec filtering will be done
	ci-force-downstream	Force execution of downstream even if twister fails
	ci-run-twister	Force run twister
	ci-run-zephyr-twister	Force run zephyr twister

List of changed files detected by CI (1)

subsys
│  ├── bluetooth
│  │  ├── controller
│  │  │  │ hci_driver.c

Outputs:

Toolchain

Version: 11349092be
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:11349092be_912848a074

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

• ◻️ Toolchain - Skipped: existing toolchain is used
• ✅ Build twister - Skipped: Skipping Build & Test as it succeeded in a previous run: 5
• ✅ Integration tests
  • ✅ test-sdk-audio
  • ✅ desktop52_verification - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-boot
  • ✅ test-fw-nrfconnect-apps - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test_ble_nrf_config - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-ble_mesh - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-ble_samples
  • ✅ test-fw-nrfconnect-chip - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nfc - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_libmodem-nrf - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_serial_lte_modem - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_zephyr_lwm2m - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_samples - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ doc-internal - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_thingy91 - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf_crypto - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-rpc - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-rs - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-fem - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-tfm - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-thread - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-zigbee - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-find-my - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_mosh - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_positioning - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-sidewalk - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-wifi - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-low-level - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_nrf_provisioning - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-pmic-samples - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-mcuboot - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-dfu - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-ps - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-secdom-samples-public - Skipped: Job was skipped as it succeeded in a previous run

Note: This message is automatically posted and updated by the CI

[NordicBuilder]

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

[PavelVPV]

DNM until upstream PR is merged and downstreamed: zephyrproject-rtos/zephyr#81646

[PavelVPV]

This was removed for testing as the fix makes BT_CONN_TX_NOTIFY_WQ feature unnecessary. It will be reverted once upstream PR is merged.

[PavelVPV]

Added for testing with the upstream fix. Will be reverted.

[PavelVPV]

Moved from the draft state as no more work is needed for the change and would like to get feedback on the change.

[rugeGerritsen]

Thanks for this nice change, and also for taking the time to describe how and what problem it solves.

I believe we should add a changelog entry and update known issues. I suggest to do that in a separate PR.

[github-actions]

This pull request has been marked as stale because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 7 days. Note, that you can always re-open a closed pull request at any time.

[NordicBuilder]

Memory footprint analysis revealed the following potential issues

sample.matter.template.debug[nrf7002dk/nrf5340/cpuapp]: High ROM usage: 911938[B] - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf7002dk/nrf5340/cpuapp]: High ROM usage: 820770[B] - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)

Note: This message is automatically posted and updated by the CI (latest/sdk-nrf/PR-18953/5)

[alwa-nordic]

Approved. I'm not sure whether or not the second commit e434180 is a good idea or not, but I'm fine with it. I assume it's done for performance.

It does raise the complexity slightly, as there are now multiple stack usage scenarios when invoking hci_driver_receive_process. This could make it harder to determine the needed stack sizes.

I assume the SDC callback is also on the MPSL work thread, so there is still only one thread that can call into hci_driver_receive_process.