Ignore RC channel values sent by receiver in failsafe #3482
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A few releases ago we had a piece of code processing RX data and only populating
rcData
if receiver was sending trusted values (not failsafe, within limits).Roughly after we removed this piece of code we started getting reports about spontaneous disarms in near-failsafe conditions. Most likely suspect - RC filtering (default enabled by co-incidental mistake).
What probably happened - RC receiver was set to send a "disarmed" value in "ARM" channel when in link loss state. By itself this is harmless, but combined with RC filtering that introduced delay to channel values we might have hit a race condition between signal recovery and channel values getting back to normal state. This explains why we see normal "switch disarm" in logs - from firmware's point of view this IS a valid switch disarm followed by attempt to re-arm (failing due to non-zero throttle).
This PR re-introduces the check for valid channel values and valid link before populating
rcData
. Raw receiver values (rxrange
-d but unfiltered) are sent to Configurator to keep user experience the same.