In the function `sdp_client_ss_search()` and
`sdp_client_ssa_search()`, the allocated buf is not released if the
required UUID is invalid.
Un-reference the allocated net buffer if the UUID is invalid.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The `session->param` should be updated to date whatever the function
`sdp_client_ssa_search()`, `sdp_client_sa_search()` or
`sdp_client_ss_search()` can be executed properly.
Update the `session->param` to the new `param` when executing the
function.
Fixes#91156
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
There is a potential issue that the index of ACL may out of the
bounds of the array `bt_hfp_hf_pool` if the array size is not aligned
with the array size of `acl_conns`.
To avoid the potential issue, check if the ACL conn index is less than
the array size of `bt_hfp_hf_pool` before accessing the array
`bt_hfp_hf_pool` with ACL conn index.
Fixes#91172
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
- Remove memset on bt_l2cap_br_chan during SDP
disconnect to prevent overwriting resources
(e.g., rtx_work) still in use by L2CAP,
which handles channel cleanup itself.
- Delete unused partial_resp_queue to clean up code.
Signed-off-by: ZhongYao Luo <LuoZhongYao@gmail.com>
If the received data length is less than 2 in none basic mode, the
L2CAP channel connection will be dropped.
Only check the received data length if the `SAR` is
`BT_L2CAP_CONTROL_SAR_START`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Support zero-length SDU sending if the L2CAP channel connection is not
in basic mode.
Flag the zero-length SDU buffer and clear it if it has been processed.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Handle the ECHO request/response of classic L2CAP signaling packets.
Add the functions `bt_l2cap_br_echo_cb_register()` and
`bt_l2cap_br_echo_cb_unregister()` to register/unregister the ECHO
callbacks to monitor the ECHO REQ and RSP.
Add the function `bt_l2cap_br_echo_req()` to send the ECHO REQ through
classic L2CAP signaling channel.
Add the function `bt_l2cap_br_echo_rsp()` to reply the ECHO REQ
through the classic L2CAP signaling channel.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Disconnect the L2CAP channel connection if the proposed MTU is less
than min MTU or more than local supported MTU.
The main scenes are as follows.
If the proposed MTU is less than MIN MTU.
1. The channel connection of client and server is established,
2. Client/server sends channel config REQ (MTU=50),
3. Peer replies channel config RQP (Unaccepted/success with MTU=30),
4. The client/server will repeat step 3~4 if the RSP is unacceptable.
With the change applied, the local will disconnect the L2CAP channel
connection in step 3.
If the proposed MTU is more than local supported MTU.
1. The channel connection of client and server is established,
2. Client/server sends channel config REQ (MTU=50),
3. Peer replies channel config RQP (Unaccepted/success with MTU=80),
4. The client/server will repeat step 3~4 if the RSP is unacceptable.
With the change applied, the local will disconnect the L2CAP channel
connection in step 3.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Change the callback `get_ongoing_call()` of the AG from synchronous to
asynchronous mode. It will help to avoid the Bluetooth host stack be
blocked in the context of callback `get_ongoing_call()`.
Add a function `bt_hfp_ag_ongoing_calls()` to set the ongoing calls and
reply the AT command `AT+CIND?` after the callback `get_ongoing_call()`
has been notified.
Add a delayable worker to avoid the AT command `AT+CIND?` never being
replied. After the time exceeds
@kconfig{CONFIG_BT_HFP_AG_GET_ONGOING_CALL_TIMEOUT}, the response of
the AT command `AT+CIND?` will be replied.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
If the any value of Call, Call Setup, and Held Call indicators is not
zero in the response of `AT+CIND?`, get all calls via `AT+CLCC`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
For read-only access to fields, `lock/unlock` is unnecessary.
Remove unnecessary `lock/unlock` protection for read-only access
fields of AG.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Support the case that there are some calls existed before SLC
established.
Add a callback to get the ongoing calls one by one from upper layer
when the response of the AT command `AT+CIND=?` from HF has been sent.
And set the Call, Call Setup, and Held Call indicators and report the
values int the response of AT command `AT+CIND?`. Then report all
ongoing calls in the `+CLCC` response.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The CR bit in DISC frames should be set as a command rather than a
response.
This patch fixes the rfcomm_send_disc function to correctly use
BT_RFCOMM_CMD_CR instead of BT_RFCOMM_RESP_CR when setting the CR bit in
the address field of DISC frames.
Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
In current implementation, if the MITM flag of both sides is disabled,
the pairing method is incorrect.
Such as, the IOCAP of both sides is `display_yesorno`, the pairing
method is `PASSKEY_CONFIRM`. But actually, it should be `JUST_WORKS`
in this case.
Fix the issue by setting the pairing method to `JUST_WORKS` if the
MITM flag of both sides is false.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
After https://github.com/zephyrproject-rtos/zephyr/pull/72090,
`conn_tx_alloc` no longer blocks, and each buffer always has a
corresponding `bt_conn_tx` object. This eliminates the need to configure
the number of `bt_conn_tx` objects via `CONFIG_BT_CONN_TX_MAX`, since
every buffer now carries its own context even when no callback is used.
This commit deprecates `CONFIG_BT_CONN_TX_MAX` as it is no longer
necessary. Instead, `CONFIG_BT_BUF_ACL_TX_COUNT` is used to allocate
`bt_conn_tx` objects for outgoing ACL data. ZLL already uses
`CONFIG_BT_BUF_ACL_TX_COUNT` to configure the number of outgoing ACL
packets. With this change, modifying the packet count will automatically
adjust the number of corresponding contexts, preventing both context
starvatoin and underutilization.
This approach also aligns with ISO, where the number of `bt_conn_tx`
objects for outgoing ISOdata matches `CONFIG_BT_ISO_TX_BUF_COUNT`.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
When the L2CAP channel connection is in none basic mode, the
`seg_recv` cannot work properly if the configuration
`CONFIG_BT_L2CAP_SEG_RECV` is enabled. And the L2CAP channel
connection will be broken incorrectly.
Check whether the received data len exceeds the SDU length if the
`SAR` is `BT_L2CAP_CONTROL_SAR_END` or `BT_L2CAP_CONTROL_SAR_CONTI`.
And check whether the SDU length is valid if the `SAR` is
`BT_L2CAP_CONTROL_SAR_UNSEG` or `BT_L2CAP_CONTROL_SAR_START`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The response L2CAP_COMMAND_REJECT_RSP(BT_L2CAP_REJ_NOT_UNDERSTOOD)
should be replied if the received L2CAP command is a invalid L2CAP
signaling command packets with extra data in the Information Payload.
Send L2CAP_COMMAND_REJECT_RSP(BT_L2CAP_REJ_NOT_UNDERSTOOD) if it a
small L2CAP signaling PDU or it has short length.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add support for Remote Port Negotiation (RPN) commands in the RFCOMM.
This allows applications to configure the serial port parameters
over RFCOMM connections, such as baud rate, data bits, stop bits, parity
and flow control.
Changes include:
- Add enumerations for RPN parameters (baud rate, data bits, stop bits,
parity)
- Add a public API function bt_rfcomm_send_rpn_cmd() to send RPN
commands
- Add shell command to test RPN with default parameters
This functionality is required by certain Bluetooth profiles that use
RFCOMM and need to configure serial port parameters.
Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
In retransmission mode and flow control mode, the TxWindow size should
be same on both sides.
When one side is updated, also update the other side.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
A bonding issue is found with following conditions,
a. Local is a SSP initiator and it is in non-bondable mode,
b. Peer is in bondable mode,
c. The bonding flag in Authentication_Requirements of local IOCAP is
`No Bonding`,
d. the bonding flag in Authentication_Requirements of peer IOCAP is
`Bonding`.
The bonding information will be exchanged and stored. It is incorrect
behavior.
Fix the issue by reporting a pairing failure and disconnecting the ACL
connection with error `BT_HCI_ERR_AUTH_FAIL`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The FCS flag of TX direction is not set correctly if the FCS flag of
RX direction is set. The issue could be found with following steps,
Step 1, Local sends configuration request with ERET mode and FCS
omitted.
Step 2, Peer replies the configuration response without any errors.
Step 3, Peer sends configuration request with ERET mode and NO FCS.
Step 4, Local replies the configuration response without any errors.
The FCS flag of TX is cleared incorrectly.
The FCS should be enabled if any one side enables the FCS.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, if the HCI ACL data length exceeds on L2CAP
packet, the HCI ACL data will be discarded.
Support the case if the transport is classic.
Add a function `bt_br_acl_recv()` to handle the multi L2CAP packets
one by one.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When the connection status is "PENDING", need reset the br channel
identifier to the correct value before resend the connection response,
otherwise these is in an "ident mismatch" error being reported.
Signed-off-by: Make Shi <make.shi@nxp.com>
The local device shall only set the MITM protection required flag if
the local device itself requires MITM protection.
Only set MITM flag when the required security level is more than 2 and
pairing method is not `JUST_WORKS`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
If the SLC is broken, all saved calls should be cleared.
Clear all calls in the callback `hf_disconnected()` and
`ag_disconnected()`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, the active/hold call will be terminated
and notify the upper layer the status change of calls when the SLC
is broken. But the calls should not be terminated in this case.
Do not terminate the calls and only clear the status of all calls.
And disconnect the SCO connection if it is established.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Rewrote places in the bluetooth code that converts objects
larger than one byte by taking the address of an unaligned struct
member and changed it to a function that takes the value directly
and converts it to big endian.
Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
In bt_sco_disconnected, chan->sco is set as NULL before callback. Then
hfp disconnection callback use it to callback to application in
hfp_hf_sco_disconnected.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
gcc 11.4.0, seems to believe this variable may be used uninitialized,
and warns about it (causing a test build failure due to warnings
being treated as errors).
Let's just initialize the variable to 0 to avoid the issue, as the
cost is trivial.
subsys/bluetooth/host/classic/hfp_ag.c: In function
‘bt_hfp_ag_vts_handler’:
1095
subsys/bluetooth/host/classic/hfp_ag.c:3091:17: error: ‘code’ may be
used uninitialized in this function [-Werror=maybe-uninitialized]
1096
3091 | bt_ag->transmit_dtmf_code(ag, code);
1097
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1098
The issue can be reproduced for ex. with:
$ mkdir build ; cd build
$ cmake -GNinja -DBOARD=native_sim/native/64 ../tests/bluetooth/shell \
-DCONF_FILE="prj_br.conf"
$ ninja
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
The error occur when discoverying br devices and need to send request_name
for many found devices.
In system work queue task, bt_hci_inquiry_complete->
report_discovery_results is called, then request_name is called for all
the found devices. The controller gives HCI_Remote_Name_Request_Complete
event for every name request result and one buf is allocated from
hci_rx_pool to save HCI_Remote_Name_Request_Complete. When system work
queue task is blocked to call request_name for every device, many
HCI_Remote_Name_Request_Complete are received for the already sent
request_name, it uses up all the buf of hci_rx_pool, then the bt_rx_thread
task is blocked to get buf from hci_rx_pool when next
HCI_Remote_Name_Request_Complete is received, meanwhile the next
request_name send hci cmd and wait the result, but the hci status/complete
event can't be received because the bt_rx_thread is blocked and
bt_uart_isr is kept in the state to receive last
HCI_Remote_Name_Request_Complete, then bt_dev.ncmd_sem is not released,
then the next request_name send hci cmd again, but the bt_dev.ncmd_sem is
invalid, then bt_hci_cmd_send_sync fail and assert.
resolve it by requesting name one by one.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
If the AG works as Data Channel Acceptor, the ACL conn cannot be known
by the application of AG. Similar with HF, add ACL conn as the first
parameter to the `connected` callback of AG.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add `BOTH_SUPT_FEAT(ag, _hf_feature, _ag_feature)` to check if the
feature is supported by both side.
Add `HF_SUPT_FEAT(ag, _feature)` to check if the feature is supported
by HF.
Add `AG_SUPT_FEAT(ag, _feature)` to check if the feature is supported
by AG.
Use `BOTH_SUPT_FEAT/HF_SUPT_FEAT/AG_SUPT_FEAT` to optimize code that
checks whether a feature is supported.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The lock/unlock for AG/HF feature read access is unnecessary.
For AG feature, it only be changed when creating new AG object.
For HF feature, it only be changed when exchanging feature in SLC
establishment.
Remove the hfp_ag_lock/hfp_ag_unlock for AG/HF feature read access.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
There is an error reported in platform `native_sim` that the value of
`EOPNOTSUPP` is same as `ENOTSUP`.
It cause the building error `duplicate case value '-95'` reported.
Use `ENOEXEC` to replace `EOPNOTSUPP` to fix the building issue.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Divide hfp_internal.h into two parts, HFP HF part hfp_hf_internal.h and
HFP common part hfp_internal.h.
Includes "hfp_internal.h" in file "hfp_ag_internal.h".
Includes "hfp_ag_internal.h" in file "hfp_ag.c".
Includes "hfp_internal.h" in file "hfp_hf_internal.h".
Includes "hfp_hf_internal.h" in file "hfp_hf.c".
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add a option `HFPHF` to find HFP HF SDP records from HFP AG side.
Add a SDP records discovery parameter `discov_hfphf` for this option.
Add a function `sdp_hfp_hf_user` to handle the discovery result.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
