Coverity (CID 516253) reported that the return value of
initialize_tx_with_sid_disabled() was set but not used, leading to
potential silent failures.
Check if the return value is negative and propagate the error through the
existing cleanup path.
Fixes: CID 516253
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Offloaded socket implementations need to create the socket operations
vtable, therefore need access to struct socket_op_vtable. So far this
has been defined in a private header, so implementations needed to add
the header location to the include path in CMake.
Therefore, move struct socket_op_vtable definition to the internal part
of the public socket header, so it's no longer needed to include a
private header. This is also more consistent with the rest of the public
header content, as for example macros needed to register a socket
implementation are already there.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
for DEVICE_PM and DEVICE_PM_RUNTIME, ztest need
hold status like CONFIG_PM, otherwise the following
flash will be blocked for some SOC
Signed-off-by: Hake Huang <hake.huang@nxp.com>
Both bt_le_adv_stop() and bt_le_adv_resume() were logging same
error message. Add aditional context to it so that logs are
distinguishable.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Correct not resetting compression extension,
when checking for an uncompressed file,
in case if compression is enabled, but no compressed file found.
Signed-off-by: Andrey Dodonov <Andrey.Dodonov@endress.com>
According to CoAP RFC (7252, ch. 4.2), Reset cannot be sent in a
response for an ACK reply, rejected ACKs should be silently ignored
instead. Therefore, in case an unrecognized response is received, verify
the response type before sending Reset.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The ieee802154_radio_send() function does not decrease reference counter
of the net_pkt, it's instead done one layer above in ieee802154_send().
This commit updates the mgmt functions using ieee802154_radio_send() to
always free the used net_pkt afterward.
Signed-off-by: Simon Piriou <spiriou31@gmail.com>
When received the valid S frame, the retransmission timer should not
be restarted if unacknowledged I-frames have been sent but the
retransmission timer has not elapsed.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Fix Tx Ack FIFO's first index being advanced beyond a
recorded ack_last value in a node_rx when under race
between ll_rx_get() being pre-empted while executing the
`tx_cmplt_get()` and a call to `ll_rx_put()` in an
interrupt service routine.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Bump the argc check from 3 to 4 as the shell scan command has 3 required
parameters, the last being the scan duration:
- argv[0]
- passive|active
- channels
- per-channel duration in ms
Signed-off-by: Simon Piriou <spiriou31@gmail.com>
Based on a discussion around P4WQ limitations for our application, it
was determined that the RTIO workqueue required the ability to use
additional threads from the pool in spite of work items blocked.
Since this is not covered, nor desired for the P4WQ, then remove this
dependency and re-implement it in a way that covers also this use-case.
Signed-off-by: Luis Ubieda <luisf@croxel.com>
When the returned buffer is a `NULL` of the pull function, it means
there is not any data needs to be sent. However maybe there is any
frame pending on other L2CAP channel needs to be sent over the same
ACL connection.
Re-trigger the TX processor. It will call the pull function again
and the pending buffer will be pulled from following L2CAP.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The current logic will result in rsp always being accept because LOSC
added is 0. and according to the spec, LOSC should not be added to the
Set Configuration Reject response.
Signed-off-by: Cheng Chang <cheng.chang@nxp.com>
It wasn't taken into account that bt_le_scan_set_enable()
has a return value. It's not likely that the controller
rejects the command when BT_DEV_SCANNING is set, however.
Signed-off-by: Olivier Lesage <olivier.lesage@nordicsemi.no>
Attempting this would fail (assuming the controller is implemented
correctly) because when using legacy commands it is not allowed to
change the device address while scanning.
It also did not make sense. If we have configured the scanner to use
the identity address as own_addr, because the advertiser and scanner
addresses are shared when using legacy commands, setting the adv NRPA
here would overwrite the identity address used by the scanner, which
I assume is not the intention.
Signed-off-by: Olivier Lesage <olivier.lesage@nordicsemi.no>
In 25c993e5b7 a new case was introduced
where own_addr_type is not set by bt_id_set_scan_own_addr properly.
This led to issues for users where increasing their zephyr version
led to failures to start scanning after advertising in the case where
CONFIG_BT_SCAN_WITH_IDENTITY=n and legacy advertising commands are used.
Signed-off-by: Olivier Lesage <olivier.lesage@nordicsemi.no>
When peer monitor and retransmission timeout are zero, set them to the
default values. This ensures that the monitor timeout is always a valid
value to avoid the L2CAP BR timer work queue hang.
Signed-off-by: Make Shi <make.shi@nxp.com>
HTTP 1.1 server has two ways of indicating the message body length -
either by providing the Content Length header, or by closing the
connection when the entire body has been transmitted.
The second method didn't work with Zephyr's HTTP client implementation,
as EOF on a socket was treated as an error condition. Therefore, if no
Content Length was provided by the server, such transfers would always
end up with ECONNRESET error.
In order to fix this, we need to notify the parser about the EOF on a
socket when connection is closed. It is the parser role to determine
whether the EOF was expected in current state (by marking end of message
flag) or not (by setting an error).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Remove duplicated check for 'ep->stream == NULL' to clean up conditionals
and avoid unnecessary repeated evaluations.
This cleans up the code and avoids unnecessary repeated condition
evaluation.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Update the socket_service_thread function signature to match the expected
k_thread_entry_t type:
typedef void (*k_thread_entry_t)(void *p1, void *p2, void *p3);
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
Fix a bug in zbus_chan_rm_obs() where removing the first observer in a
channel's observer list would cause undefined behavior due to accessing
a member of a NULL pointer.
The issue occurred when prev_obs_nd was NULL (indicating the first node
in the list) and the code attempted to pass &prev_obs_nd->node to
sys_slist_remove(). This resulted in accessing the 'node' member of a
NULL pointer, which is undefined behavior even when taking its address.
The sys_slist_remove() function is designed to handle a NULL prev_node
parameter correctly for removing the first element in a list. The fix
ensures we pass NULL directly instead of attempting to compute the
address of a member within a NULL pointer.
This was detected by Undefined Behavior Sanitizer as "member access
within null pointer".
Signed-off-by: Jan Tore Guggedal <jantore.guggedal@nordicsemi.no>
In coap_well_known_core_get(), move the null check for 'resource' before
applying pointer arithmetic ('resource + 1') to avoid undefined behavior
when 'resource == NULL'.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Socket dispatcher (and offloaded implementations in tests) register
fd as ZVFS_MODE_IFSOCK therefore they should register a close2(
function instead of close().
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
socketpair fd regsiters ZVFS_MODE_IFSOCK therefore it should register a
close2() function instead of close().
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case address mode in a packet is none, the address pointer within mhr
struct will not be set. Therefore, the pointer should not be used before
address mode is verified inside ieee802154_check_dst_addr().
This was reported by UBSAN:
subsys/net/l2/ieee802154ieee802154.c:296:41: runtime error: member
access within null pointer of type 'struct ieee802154_address_field'
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Cast uint8_t variable to uint32_t explicitly to avoid implicit cast to
int, and thus potentially undefined behavior, reported by UBSAN:
net_pkt.c:1946:17: runtime error: left shift of 239 by 24 places
cannot be represented in type 'int'
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In order to avoid alignment issues when casting void pointers to
in(6)_addr structures, create a properly aligned copy of the ip(v6)
address on stack.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In order to prevent an overflow warning from UBSAN when bitshifting,
cast to uint64_t first before shifting, and then back to uint32_t.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
As struct sockaddr have now alignment of 4 bytes, net_ipaddr_copy()
gives the following error if used for sockaddr:
error: alignment 1 of ‘struct <anonymous>’ is less than 4
[-Werror=packed-not-aligned]
Just use memcpy() instead, net_ipaddr_copy() was intended to use with IP
addresses, not socket related structs.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Rework the IPv4-related code to avoid casting. Use raw variants of
IPv4-related functions whenever possible (especially on the critical
data path).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
To address the misaligned access issues reported by UBSAN, introduce raw
variant of certain IPv4 functions used in the critical data path of the
network stack, operating on plain uint8_t buffers in stead of IPv4
address struct.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Rework the rest of the IPv6-related code to avoid casting. Use raw
variants of IPv6-related functions whenever possible (especially on the
critical data path). For the routing case, use a copy of the address to
avoid massive rework of the routing module.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
IPv6 Neighbor Discovery interfaces modules like neighbor or routing
tables - converting them to raw variants seems futile. Therefore, for
IPv6 ND case, copy the raw IP address from the packet into the in6_addr
structure, and then pass it to respective functions. Performance
overhead should not be a big problem in such case as those actions are
only performed if a respective ND packet is received.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Refactor local functions to work with byte buffers instead of struct
in6_addr and use switch to use raw variants of functions operating on
IPv6 addresses.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
To address the misaligned access issues reported by UBSAN, introduce raw
variant of certain IPv6 functions used in the critical data path of the
network stack, operating on plain uint8_t buffers in stead of IPv6
address struct.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The peer uses the RPA address.
A BR connection is created firstly, a subsequent BLE connection is
created secondly, the BR SMP CTKD occur thirdly (The BLE LTK is
derived from BR and the BR SMP distribute peer's IRK and identity address
here), but the BLE LTK is saved to key pool that is not
matched with the previous BLE connection because the derived LTK is saved
with identity address and BLE connection uses RPA. Fix it by: Resolve the
BLE connections' RPA with the derived IRK to find the previous BLE
connections and match the connections with derived LTK key.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
According to RFC 793, ch 3.9 Event Processing,
after the connection is sync-ed with seqnum of both sides then,
1. drop any received segment if the ACK bit is off.
2. validate the acknum like this:
SND.UNA =< SEG.ACK =< SND.NXT
The ACK validation is done before entering the state-machine, so
remove the flags <ACK> check in the state-machine processing.
Signed-off-by: Shrek Wang <inet_eman@outlook.com>
Channel tx_queue purging on disconnect was inconsistently handled
by the different channels: iso, l2cap, l2cap_br.
iso channels handled purging in the tx_data_pull hook.
l2cap and l2cap_br did the purging in channel delete functions
and did not expect tx_data_pull to be called for a disconnected
channel. Their data_pull functions could return a ptr to a
net_buf that was still on the tx_queue, which is problematic
when the conn tx_processor unrefs the returned buffer resulting
in multiple calls to the buf destroy function.
To make things consistent and correct, remove the code that tries
to purge tx_queues in the tx_processor and only do purging in
the channels themselves when they are deleted/disconnected.
Also refactor and clarify referencing of the net_buf returned
by tx_data_pull. It was confusing who had a reference and
when, which could vary depending on the length of the original
buffer. There are three cases: the buffer length is less
than the tx.mps, greater the mps but less than the mtu so
requiring segementation but not fragmentation, or greater than
both mps and mtu so requiring both segmentation and fragmentation.
The conn layer would increase the refcnt if the length was
greater than the mtu, but not have any awareness of whether
the net_buf was still on the tx_queue or not.
Now it is the tx_data_pull callbacks responsibitity to increment
the reference count if it is returning a pointer to a net_buf
that it is still keeping on the tx_queue for segmentation purposes.
The conn layer will now always transfer that reference into a
fragment view and not conditional it on the length relative to
the mtu, and always decrement the reference to the parent when
the fragment is destroyed.
So there is no risk of decrementing a reference to a net buf
that might still be on a tx_queue, which simplifies error
handling in particular.
Also add error handling paths for when asserts are not enabled.
Signed-off-by: Mike J. Chen <mjchen@google.com>
Fix peripheral role assertion during connection update and
simultaneous flash operations.
prepare_cb: Actual EVENT_OVERHEAD_START_US = 6149
This happens due to instant latency at connection update
where the ticks_at_expire was in the past.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Write operations are not constant time on nRF54Lx SoCs and
depend on the previous value present versus new value to be
written. Hence, perform no more than one iteration.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
In HFP PTS, cases run fail with the log 'Bluetooth Profile Descriptor
List UUID (0x111E) is missing'.
With this patch, the affected cases can pass correctly.
Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
This commit fixes the content of the log messages that appear when an
error occurs while applying the pinctrl.
Signed-off-by: Jun Lin <CHLin56@nuvoton.com>
htons() takes uint16_t as argument. Add the 'u' suffix to the
TTL constants to ensure the correct unsigned type is used and to avoid
undefined behavior if these functions are implemented as macros using
bit shifts.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
