There was a semaphore in hci_core which was given to early when
receiving the BT_HCI_EVT_NUM_COMPLETED_PACKETS message from the
controller. This would sometimes cause an assert to happen in
function hci_num_completed_packets, where there would arise a
mismatch in the bookkept count, and actually stored nodes. More
concretely, due to premature semaphore giveing, the tx_pending node
would be have been removed in another context before it could be
fetched and moved to complete list in this function.
Signed-off-by: Fredrik Danebjer <frdn@demant.com>
When the L2CAP channel connection is in none basic mode, the
`seg_recv` cannot work properly if the configuration
`CONFIG_BT_L2CAP_SEG_RECV` is enabled. And the L2CAP channel
connection will be broken incorrectly.
Check whether the received data len exceeds the SDU length if the
`SAR` is `BT_L2CAP_CONTROL_SAR_END` or `BT_L2CAP_CONTROL_SAR_CONTI`.
And check whether the SDU length is valid if the `SAR` is
`BT_L2CAP_CONTROL_SAR_UNSEG` or `BT_L2CAP_CONTROL_SAR_START`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The response L2CAP_COMMAND_REJECT_RSP(BT_L2CAP_REJ_NOT_UNDERSTOOD)
should be replied if the received L2CAP command is a invalid L2CAP
signaling command packets with extra data in the Information Payload.
Send L2CAP_COMMAND_REJECT_RSP(BT_L2CAP_REJ_NOT_UNDERSTOOD) if it a
small L2CAP signaling PDU or it has short length.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The bt_recv() and bt_recv_prio() APIs don't exist anymore, so remove any
references to them from the Kconfig help texts.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
The parameter length for this command was missing the additional
length from the arrayed parameters.
Signed-off-by: Olivier Lesage <olivier.lesage@nordicsemi.no>
Encode the packet type as a H:4 payload prefix for buffers passing to &
from HCI drivers. The existing bt_buf_set/get_type functions are
deprecated, but kept compatible with the change, except that they can only
be called once, since they modify the buffer payload.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Add support for Remote Port Negotiation (RPN) commands in the RFCOMM.
This allows applications to configure the serial port parameters
over RFCOMM connections, such as baud rate, data bits, stop bits, parity
and flow control.
Changes include:
- Add enumerations for RPN parameters (baud rate, data bits, stop bits,
parity)
- Add a public API function bt_rfcomm_send_rpn_cmd() to send RPN
commands
- Add shell command to test RPN with default parameters
This functionality is required by certain Bluetooth profiles that use
RFCOMM and need to configure serial port parameters.
Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
In retransmission mode and flow control mode, the TxWindow size should
be same on both sides.
When one side is updated, also update the other side.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
A bonding issue is found with following conditions,
a. Local is a SSP initiator and it is in non-bondable mode,
b. Peer is in bondable mode,
c. The bonding flag in Authentication_Requirements of local IOCAP is
`No Bonding`,
d. the bonding flag in Authentication_Requirements of peer IOCAP is
`Bonding`.
The bonding information will be exchanged and stored. It is incorrect
behavior.
Fix the issue by reporting a pairing failure and disconnecting the ACL
connection with error `BT_HCI_ERR_AUTH_FAIL`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The FCS flag of TX direction is not set correctly if the FCS flag of
RX direction is set. The issue could be found with following steps,
Step 1, Local sends configuration request with ERET mode and FCS
omitted.
Step 2, Peer replies the configuration response without any errors.
Step 3, Peer sends configuration request with ERET mode and NO FCS.
Step 4, Local replies the configuration response without any errors.
The FCS flag of TX is cleared incorrectly.
The FCS should be enabled if any one side enables the FCS.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, if the HCI ACL data length exceeds on L2CAP
packet, the HCI ACL data will be discarded.
Support the case if the transport is classic.
Add a function `bt_br_acl_recv()` to handle the multi L2CAP packets
one by one.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
BR_SEND_KEYS_SC should be used to determine the value of
Responder Key Distribution when sending pairing_response to
reply smp br pairing_request.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
When the connection status is "PENDING", need reset the br channel
identifier to the correct value before resend the connection response,
otherwise these is in an "ident mismatch" error being reported.
Signed-off-by: Make Shi <make.shi@nxp.com>
The local device shall only set the MITM protection required flag if
the local device itself requires MITM protection.
Only set MITM flag when the required security level is more than 2 and
pairing method is not `JUST_WORKS`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Bluetooth had two public types with similar name _bt_gatt_ccc and
bt_gatt_ccc, but for absolutely different purposes.
That caused misunderstanding of relationship of them and cases
where to use which one.
Commit changes name of _bt_gatt_ccc to more suitable by usage and
improves documentation of it.
Additionally, it changes name of BT_GATT_CCC_INITIALIZER
to correspond the type name.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
The start_simple_cs_test and stop_cs_test depends on
CONFIG_BT_CHANNEL_SOUNDING_TEST and could cause build errors if that
is disabled while CONFIG_BT_CHANNEL_SOUNDING=y in the shell.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Update `bt_irk_eq` to use `util_memeq` instead of `memcmp` and the
"disconnect" BabbleSim test to use `util_eq` instead of a first
assertion on the size followed by a `memcmp`.
This is done as an example usage of the two new functions.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
If the SLC is broken, all saved calls should be cleared.
Clear all calls in the callback `hf_disconnected()` and
`ag_disconnected()`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, the active/hold call will be terminated
and notify the upper layer the status change of calls when the SLC
is broken. But the calls should not be terminated in this case.
Do not terminate the calls and only clear the status of all calls.
And disconnect the SCO connection if it is established.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Rewrote places in the bluetooth code that converts objects
larger than one byte by taking the address of an unaligned struct
member and changed it to a function that takes the value directly
and converts it to big endian.
Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
`>= 0` was used when EATT support was implemented (#23199) because
`bt_l2cap_chan_send` could return number of bytes sent. After PR #67528,
`bt_l2cap_chan_send` doesn't return amount of bytes sent or any positive
value, but either 0 or negative value. Thus `>= 0` is not needed. It
also confusing when reading code, especially when the same check is not
implemented in other cases where underlying function `chan_send` is
used.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
`att_sent` is removed as it does not provide any value. All checks are
already performed in `att_on_sent_cb`, and keeping it only increases
readability complexity.
`att_sent` is removed as doesn't give any value. All checks are done
already in `att_on_sent_cb`. It just increases readness complexity.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
The extra `bt_att_chan_req_send` does nothing but increases readability
complexity. All checks are already performed by the caller.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
In bt_sco_disconnected, chan->sco is set as NULL before callback. Then
hfp disconnection callback use it to callback to application in
hfp_hf_sco_disconnected.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
gcc 11.4.0, seems to believe this variable may be used uninitialized,
and warns about it (causing a test build failure due to warnings
being treated as errors).
Let's just initialize the variable to 0 to avoid the issue, as the
cost is trivial.
subsys/bluetooth/host/classic/hfp_ag.c: In function
‘bt_hfp_ag_vts_handler’:
1095
subsys/bluetooth/host/classic/hfp_ag.c:3091:17: error: ‘code’ may be
used uninitialized in this function [-Werror=maybe-uninitialized]
1096
3091 | bt_ag->transmit_dtmf_code(ag, code);
1097
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1098
The issue can be reproduced for ex. with:
$ mkdir build ; cd build
$ cmake -GNinja -DBOARD=native_sim/native/64 ../tests/bluetooth/shell \
-DCONF_FILE="prj_br.conf"
$ ninja
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
While linking with the IAR linker using generated linker scripts,
and with errors if unhandled sections are encountered, many of the
bluetooth tests failed because CONFIG_SETTINGS was not set.
The section that was not handled was
'._settings_handler_static.static.settings_handler_bt_ccc_'
Now it's only set if CONFIG_SETTINGS is set.
Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
The error occur when discoverying br devices and need to send request_name
for many found devices.
In system work queue task, bt_hci_inquiry_complete->
report_discovery_results is called, then request_name is called for all
the found devices. The controller gives HCI_Remote_Name_Request_Complete
event for every name request result and one buf is allocated from
hci_rx_pool to save HCI_Remote_Name_Request_Complete. When system work
queue task is blocked to call request_name for every device, many
HCI_Remote_Name_Request_Complete are received for the already sent
request_name, it uses up all the buf of hci_rx_pool, then the bt_rx_thread
task is blocked to get buf from hci_rx_pool when next
HCI_Remote_Name_Request_Complete is received, meanwhile the next
request_name send hci cmd and wait the result, but the hci status/complete
event can't be received because the bt_rx_thread is blocked and
bt_uart_isr is kept in the state to receive last
HCI_Remote_Name_Request_Complete, then bt_dev.ncmd_sem is not released,
then the next request_name send hci cmd again, but the bt_dev.ncmd_sem is
invalid, then bt_hci_cmd_send_sync fail and assert.
resolve it by requesting name one by one.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
If the AG works as Data Channel Acceptor, the ACL conn cannot be known
by the application of AG. Similar with HF, add ACL conn as the first
parameter to the `connected` callback of AG.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add `BOTH_SUPT_FEAT(ag, _hf_feature, _ag_feature)` to check if the
feature is supported by both side.
Add `HF_SUPT_FEAT(ag, _feature)` to check if the feature is supported
by HF.
Add `AG_SUPT_FEAT(ag, _feature)` to check if the feature is supported
by AG.
Use `BOTH_SUPT_FEAT/HF_SUPT_FEAT/AG_SUPT_FEAT` to optimize code that
checks whether a feature is supported.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The lock/unlock for AG/HF feature read access is unnecessary.
For AG feature, it only be changed when creating new AG object.
For HF feature, it only be changed when exchanging feature in SLC
establishment.
Remove the hfp_ag_lock/hfp_ag_unlock for AG/HF feature read access.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
There is an error reported in platform `native_sim` that the value of
`EOPNOTSUPP` is same as `ENOTSUP`.
It cause the building error `duplicate case value '-95'` reported.
Use `ENOEXEC` to replace `EOPNOTSUPP` to fix the building issue.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Divide hfp_internal.h into two parts, HFP HF part hfp_hf_internal.h and
HFP common part hfp_internal.h.
Includes "hfp_internal.h" in file "hfp_ag_internal.h".
Includes "hfp_ag_internal.h" in file "hfp_ag.c".
Includes "hfp_internal.h" in file "hfp_hf_internal.h".
Includes "hfp_hf_internal.h" in file "hfp_hf.c".
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add a option `HFPHF` to find HFP HF SDP records from HFP AG side.
Add a SDP records discovery parameter `discov_hfphf` for this option.
Add a function `sdp_hfp_hf_user` to handle the discovery result.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Define SDP records for HFP AG. Register HFP AG SDP service records in
AG initialization.
Register HFP AG RFCOMM server in AG initialization.
Register HFP AG SCO server in AG initialization.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
