Add missing braces to comply with MISRA C:2012 Rule 15.6 and
also following Zephyr's style guideline.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
- Made CCC_STORE_MAX configurable under the BT_SETTINGS
- Added a buffer overflow check on ccc_save
Fixes: #76838
Signed-off-by: Yago Fontoura do Rosario <yafo@demant.com>
Utilize a code spell-checking tool to scan for and correct spelling errors
in all files within the subsys/bluetooth/host directory.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
By enabling CONFIG_BT_USE_PSA_API the user can specify to use
PSA APIs instead of TinyCrypt for crypto operations in bluetooth
host module.
This commit also extends tests/bluetooth/gatt in order to
add a PSA test.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This check is repeated many times in `gatt.c`, with various comments.
This patch refactors these occurrences into a named function.
Resolves: https://github.com/zephyrproject-rtos/zephyr/issues/41789
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
The following warning is issued by clang:
warning: field within 'struct gatt_chrc' is less aligned than 'union
gatt_chrc::(anonymous at subsys/bluetooth/host/gatt.c:1859:2)' and
is usually due to 'struct gatt_chrc' being packed, which can lead
to unaligned accesses [-Wunaligned-access]
This is due to the fact that the uint16_t uuid field requires 2-byte
alignment but it is not marked as packed. Since the enclosing struct is
indeed packed, the required alignment is not guaranteed and so clang
complains. Fix it by ensuring that the union is marked as packed too.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Add length checks local to the parsing function. This removes the need
for a separate data validation step.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
The LE Secure connection (LESC) mask also require encryption,
and some users have been using e.g. BT_GATT_PERM_READ_LESC
without BT_GATT_PERM_READ_ENCRYPT, and then the encryption
check in bt_gatt_check_perm was never properly applied.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When using the auto discover CCC, and the function is called
more than once with the same parameters before the previous
discovery has completed, then that may cause issues when we
reset the parameters when we get the response.
This commit adds a small check for the callback function
which is only set to the specified function when the
discovery is in progress. This way we can return an error
if the application calls bt_gatt_subscribe multiple times
before the previous discovery has completed, rather
than asserting.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
A bad peer responding to read-by-uuid can return handles outside the
requested range. This confuses the stack. In particular, the "continue"
and "end" logic in the same function relies on this assumption.
This bad peer was a real issue at UPF, and it caused an infinite loop
during discovery.
Fixes: https://github.com/zephyrproject-rtos/zephyr/issues/50686
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
This fixes CCC subscriptions that were removed if the automatic
resubscription was aborted by ACL disconnection.
As the client renews subscriptions, there is no point of removing those
if the link is disconnected unexpectedly.
The API user won't be notified about the failure, as the automatic
resubscriptions are implicit, and after reconnection the subscriptions
will be still valid.
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
Add const prefix for service uuid and char uuid.
Since Service UUID and Char UUID should not change in the service
definition, they are most reasonably defined as rodata, also for
save some ram footprint.
The field `attr->user_data` type is `void *`, as this PR change
all Service UUID to rodata, so there must add (void *) to avoid warning.
Signed-off-by: Lingao Meng <menglingao@xiaomi.com>
Instead, `sc_indicate` is defined as a no-op when if would previously
not be defined.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Statically initialise the callback list so that subscriptions can be
registered before the call to `bt_enable`.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
When EATT is established, the value returned from `bt_att_get_mtu` is
not useful to determine the ATT_MTU that applies to a ATT response. This
is because `bt_att_get_mtu` may return the value for a different bearer
than the request is serviced on.
To fix this, the params struct for the GATT read operation is given a
new field that will record the ATT_MTU that applies to this ATT
operation. This value is then used to determine if the GATT long read
operation is concluded.
Fixes: https://github.com/zephyrproject-rtos/zephyr/issues/61741
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
In `gatt_write_ccc_rsp`, the third field of
`SYS_SLIST_FOR_EACH_NODE_SAFE` was use as the `prev` sys_node when
calling `gatt_sub_remove`. This was wrong because the third field of
`SYS_SLIST_FOR_EACH_NODE_SAFE` is actually the next node.
Fix the issue by adding a pointer to the previous node and passing it to
`gatt_sub_remove`.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
This fixes return error from notify_cb function that was never set up.
As the result, the functions like bt_gatt_notify_cb and bt_gatt_indicate
returned invalid error when failed to send notification.
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
If connection reference is acquired from `bt_conn_lookup_addr_le` but
`bt_gatt_ccc_cfg_is_matching_conn` return false the connection was not
unreferenced properly. This commit fix the issue by unreferencing the
connection if the condition is false.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
In `gatt.c`, the function `bt_gatt_ccc_cfg_conn_lookup()` was not
checking that `conn` was not NULL. That leaded to a NULL pointer
dereferences later in `bt_conn_is_peer_addr_le`.
Fix by checking that `conn` is not NULL.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
This commit wrap the `settings_set_one` and `settings_delete` functions
in `bt_settings_store_one` and `bt_settings_delete`. By doing that the
Bluetooth settings can be managed in a single place.
This commit also introduce a new API to manage Bluetooth storage with
`bt_settings_store_*` and `bt_settings_delete_*` functions. Each
Bluetooth settings key have their own store and delete functions. Doing
that so custom behavior for key can be done if necessary.
This change is motivated by a need of keeping track of different
persistently stored settings inside the Bluetooth subsystem. This will
allow a better management of the settings that the Bluetooth subsystem
is responsible of.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
GATT server was not doing enough check before udpating the CCC.
For example, a non-bonded client could update the CCC of a bonded client
by spoofing his address.
This fix the issue by dissociating the CCC configuration of a bonded and
a non-bonded peer. To do that, a new field is added to the CCC config:
`link_encrypted`.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
When CCC or CF store on write is disabled and the other one is enabled,
leading to the delayed store being enabled. This cause the value of the
corresponding `n` selected option to not be stored at all.
To fix this, the checks to know if we need to store the CCC or the CF,
happening at the disconnection, are now ensuring that the CCC or the CF
are stored even if the one of them does not enable store on write.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
When `CONFIG_BT_SETTINGS_DELAYED_STORE` is enabled (by default it is),
the local GATT server will delay the write to flash of the CCC and CF
values. The delay is defined by `CONFIG_BT_SETTINGS_DELAYED_STORE_MS`.
If a disconnection happen before that delay, the `bt_gatt_disconnected`
will reschedule the delayed store operation. But that operation will not
happen before `bt_gatt_disconnected` is complete, at this moment, the
CCC and CF values will have already been cleared.
To fix this issue, the delayed store operation is now done during the
`bt_gatt_disconnected` function.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
Until now iterable sections APIs have been part of the toolchain
(common) headers. They are not strictly related to a toolchain, they
just rely on linker providing support for sections. Most files relied on
indirect includes to access the API, now, it is included as needed.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The bt_gatt_indicate() expects its parameters to remain valid while the
indicate procedure is active. But the `sc_range` variable was local to
the function. It is assigned to the `data` field and passed on to
bt_gatt_indicate(). The memory associated with `sc_range` goes out of
scope as soon as the function returns thereby breaking the contract of
the API. This dangling reference will lead to undefined behavior.
This is now fixed by making the `sc_range` array static and further
making it an array of arrays, as the sc_range may have different values
for each connection.
Found as violation of MISRA C:2012 and CERT DCL30-C by sonarcloud.
Signed-off-by: Balaji Srinivasan <balaji.srinivasan@nordicsemi.no>
This is a refactor. There is no behavioral change because
`BT_LOCAL_ATT_MTU_UATT` is `BT_LOCAL_ATT_MTU_EATT + 2` is
`BT_ATT_BUF_SIZE` is the old `BT_ATT_MTU`.
The old `BT_ATT_MTU` was wrong for EATT bearers. EATT MTU is two bytes
less because of ECRED overhead.
Instead of the old `BT_ATT_MTU`, we define one for each bearer type. We
also define the max of them to use as a convenience for allocating
buffers that fit either.
To avoid confusion, 'LOCAL' has been added to the name. This is to
differentiate it from what the spec calls 'ATT MTU', which is a
negotiated property. (It is the minimum of the two side's local ATT
MTU.)
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Both L2CAP and GATT have same requirements with regards to error code
on no encryption when LTK is or isn't present.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
“Insufficient Encryption” shall be returned only if link is not
encrypted and proper LTK is present, otherwise “Insufficient
Authentication” shall be used.
Core Specification 5.4 Vol. 3 Part C 10.3.1
"If neither an LTK nor an STK is available, the service
request shall be rejected with the error code
“Insufficient Authentication”.
Note: When the link is not encrypted, the error code
“Insufficient Authentication” does not indicate that
MITM protection is required.
If an LTK or an STK is available and encryption is
required (LE security mode 1) but encryption is not
enabled, the service request shall be rejected with
the error code “Insufficient Encryption”."
This was affecting GAP/SEC/AUT/BV-11-C qualification test case.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
A subscription check was still being done in the
gatt_notify_multiple_verify_params() fn, regardless of the value of
CONFIG_BT_GATT_ENFORCE_SUBSCRIPTION.
This could lead to getting this warning if BT_GATT_NOTIFY_MULTIPLE is
enabled, and the notifications not being sent to unsubscribed peers.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
When `CONFIG_BT_SETTINGS_DELAYED_STORE` is enabled, reschedule the storage
work immediately instead of processing it in the current context.
When that config is not enabled, process the storage in the current
context.
Processing this work (i.e. using the settings API and its likely
FLASH-based backend) in the current context (cooperative prio) may mess
with the real-time constraints of the application threads.
Fixes#55067.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
There is a touchy spot where registering a service might result in sending
service changed indications that are not necessary. This is due to a race
condition between the SC work and the GATT DB hash being calculated.
Only allow users to call this API when we know it is safe:
- either before BT is initialized
- or after settings have been loaded (and hash calculated)
Fixes#54047
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Prevent race condtions between the stack and the low-priority thread by
calculating the hash (and acting on it, e.g. for marking peers
change-aware, sending SC indications, etc) in the settings_load() context.
Fixes#54773
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
The SC indication can be sent only if the GATT Service Changed is
enabled in the configuration. Change fixes build issues related to
implicit sc_indicate declaration when Service Changed is disabled.
Fixes: #54813
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Change removes GATT Client dependency for storing CCC and CF on pairing
complete and identity resolved. These features are needed also if GATT
Client role is disabled.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
On bond establishment: save the CF and CCC data that have been written
before the peer was bonded.
On identity resolved: update the CF data to use the peer's identity address
instead of its private address (same as is currently done for the CCC).
Fixes#54770.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Fixes a bug introduced in the previous refactoring: we would always mark
all peers as change-unaware. Now we only do so when the hash has been
recalculated.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Previously, if the app registered a bunch of services at boot before
calling `settings_load()`, then the hash would be silently overwritten.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
The spec says we have to persist the change-aware status of bonded peers
between resets.
This stores it at the end of the CF storage that we currently have.
Fixes#54173
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Store the Client supported features value when it is written to, instead of
only on disconnection/identity resolved.
Works around the situation where a user bonds, CF is written and the device
is abruptly powered off, discarding the CF value, but keeping the bond.
Fixes#54172.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Wait until encrypt change to trigger the re-subscription quirk.
Otherwise it could fail with insufficient security.
Also gate it behind a kconfig to make apparent its dependencies:
If `add_subscriptions()` is executed in the first place, that means that
the device was bonded and thus that it has to encrypt the link eventually.
`BT_GATT_AUTO_SEC_REQ` should take care of that.
Also add a new flag to `bt_gatt_subscribe_params` to not send the same CCC
write multiple times in some cases.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Co-authored-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
The `bluetooth/common/log.h` and `bluetooth/common/log.c` files have been
removed. Files that were using them have been updated to use
`zephyr/logging/log.h` instead.
Those replacement have been done consequently:
- `/BT_DBG/LOG_DBG/`
- `/BT_ERR/LOG_ERR/`
- `/BT_WARN/LOG_WRN/`
- `/BT_INFO/LOG_INF/`
- `/BT_HEXDUMP_DBG/LOG_HEXDUMP_DBG/`
- `/BT_DBG_OBJ_ID/LOG_DBG_OBJ_ID/`
Also, some files were relying on the `common/log.h` include to include
`zephyr/bluetooth/hci.h`, in those cases the include of `hci.h` has
been added.
For files that were including `common/log.h` but not using any logs,
the include has been removed and not replaced.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
