From 4c92b0dddc9a53453cb0028ca84df331d5688bac Mon Sep 17 00:00:00 2001 From: Julien Calixte Date: Mon, 13 Jul 2026 10:25:25 +0200 Subject: [PATCH] fix(sync): move mbedTLS allocations to PSRAM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit esp-idf's default is internal-RAM-only, and a TLS connection needs ~33 KB of it (two ~17 KB I/O buffers + contexts) at the exact moment :sync pushes — with Wi-Fi, USB host, the editor and libgit2 resident, mbedtls_ssl_setup failed there on the first real-repo push (and its failure path then hit the stream double-free fixed in the previous commit). TLS buffers are CPU-only data, so PSRAM is safe; the handshake is network-bound. --- firmware/sdkconfig.defaults | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/firmware/sdkconfig.defaults b/firmware/sdkconfig.defaults index bee6fa4..d9071b2 100644 --- a/firmware/sdkconfig.defaults +++ b/firmware/sdkconfig.defaults @@ -74,3 +74,12 @@ CONFIG_I2C_SKIP_LEGACY_CONFLICT_CHECK=y # subset so a less common CA in the chain can't surprise us on the bench. CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=y + +# mbedTLS allocations go to PSRAM. The default (internal-only) needs ~33 KB of +# contiguous internal RAM per TLS connection (two ~17 KB I/O buffers + contexts) +# at the moment `:sync` pushes — with Wi-Fi, USB host, the editor and libgit2 +# all resident, mbedtls_ssl_setup failed exactly there on the first real-repo +# push (2026-07-13; the failure then tripped the vendored stream double-free — +# see components/libgit2/esp_mbedtls_stream.c). TLS buffers are CPU-only data, +# so PSRAM is safe; the handshake is network-bound, not memory-bandwidth-bound. +CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC=y