For a busy wait needed only for simulation we can use the Z_SPIN_DELAY
macro which is more compact and does nothing in real targets.
For the ecb test, we do not need to treat simulated HW differently than
real HW.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
When a client subscribes to Service Changed CCC before bonding
and privacy is enabled, the SC config is initially stored under
the peer's RPA. On reconnection with a new RPA, sc_restore()
looks up the config by identity address and fails to find it,
so the SC indication is never delivered.
Re-key the SC config entry from the RPA to the resolved identity
address in bt_gatt_identity_resolved(), matching the existing
re-keying logic for CCC and CF configs in the same callback.
If a separate entry already exists under the identity address,
merge the attribute handle ranges and remove the duplicate.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
Co-authored-by: Einar Thorsrud <einar.thorsrud@nordicsemi.no>
Adds an assert to the `update_range` function in gatt.c to verify
that the start handle is not larger than the end handle.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
Modify the behavior of update_recv_state_big_cleared to follow
what the current BASS test specification and PTS expects to pass
test cases related to bad broadcast codes. There are open
errata for this behavior to properly define it, but until then
we should follow what the qualification tests expect.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Add validation to ensure the indicator index is within the valid range
of the ind_table array before accessing it in cind_handle_values().
Without this check, an out-of-bounds index could lead to buffer overrun
when the index is used to access hf->ind_table array elements later in
the function.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
To ensure correctness and to avoid any race conditions,
atomic_test_and_set_bit should be use instead of a atomic_test_bit
followed by an atomic_set_bit.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
add_bonded_addr_to_client_list returned after adding the address of
`info->addr` once, which mean that only the first svc_inst got updated
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Before config flags were introduced to `bt_keys`, the `keys_set`
allowed loading previously stored keys after disabling support for
Bluetooth LE legacy pairing or signing during DFU (only beginning of the
settings record was used after the DFU).
Introducing version field prevents from loading keys in this scenario.
Settings records that contain extra data are not migrated to the new
format during the settings load operation and eventually are cleared.
Change allows to automatically migrate `bt_keys` stored with extra data
to the new format in the most common scenario where both legacy pairing
and signing support are disabled. This allows to still properly load and
use the keys.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Improve error handling for L2CAP BR/EDR signaling buffer allocation
failures by introducing a fallback mechanism and proper cleanup paths.
Add l2cap_br_create_pdu() helper function that attempts to allocate
from the specified pool with a timeout, and falls back to the default
pool if allocation fails. This prevents system hangs when the BR/EDR
signaling buffer pool is exhausted.
Update all bt_l2cap_create_pdu() call sites to use the new helper with
appropriate timeouts (K_FOREVER for requests, specific timeouts for
responses). Add error handling to properly disconnect channels or clean
up resources when buffer allocation fails.
Introduce l2cap_br_chan_disconn() helper to centralize channel
disconnection logic, ensuring proper cleanup when disconnect requests
cannot be sent.
Change br_sig_pool user data size from hardcoded 8 bytes to
CONFIG_BT_CONN_TX_USER_DATA_SIZE for consistency with other buffer
pools.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When an ISO channel is established, we now log all the
information we receive from the controller for that
specific channel.
This can be useful in debugging and determining certain
behaviors.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The HAL has now a function to set the each GRTC group interrupt mask
Let's use it, fixing this old FIXME.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Fixed issue where an aborted CAP commander procedure would
never get past bt_cap_common_proc_all_handled and thus never
call the callback with an error, e.g. if the remote CAP
Acceptor rejects a request.
The fix required a significant refactor of the broadcast
part of the CAP commander, as it was fundamentally flawed.
The biggest change is that the implementation now uses both
the receive state notification as well as the write responses
to determine completeneess. Additionally, it also handles
notifications not initiated from our write requests, i.e.
it is now more similar to an event based procedure rather
than a linear one. This also means that when the callbacks
for the start and stop procedures are now called, we have
receive the events (notifications) from the remote CAP
acceptors that they are actually synced (or not synced) to
the broadcasts.
Since the broadcast reception start and stop now waits
for the receive state to be updated, a change in the
Handover implementation was also done.
To test the solution 2 new test cases were added,
and the existing tests were modified to allow for the
new expected behavior.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
If a Remove Source request is received while the IUT is in PA sync
states INFO_REQ or SYNCED, the request is rejected and the source
is not removed.
Signed-off-by: Alex Ciascai <alexandru.ciascai@nordicsemi.no>
Comparisons only triggered on comma, leaving the last entry unchecked,
and start_idx was never advanced after each delimiter, making all
subsequent length calculations wrong.
Fix by updating start_idx and uri_scheme_cand on each comma, then
adding a post-loop check for the final entry.
Fixes#105073
Signed-off-by: Hanliang Xu <leonxu2004@outlook.com>
When credit-based flow control (CFC) is supported, reduce the MTU by
one byte to account for the credits field in RFCOMM frames. This
prevents the SDU length from exceeding the maximum frame size when
the credits field is included in the frame.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Replace custom RFCOMM CRC table and calculation with the generic CRC8
implementation from zephyr/sys/crc.h. This reduces code duplication and
improves maintainability. Also, it will reduce the flash footprint by
about 300 bytes.
The RFCOMM FCS calculation uses CRC-8 with polynomial 0x07, reflected
input/output, and initial value 0xff, which matches the definition of
the specification GSM 07.10.
Also simplify rfcomm_check_fcs() to reuse rfcomm_calc_fcs() and compare
the calculated FCS with the received value directly. It is consistent
with the following logic:
o Calculate the CRC,
o CRC = crctable[CRC^"received FCS"],
o if the CRC equals to 0xcf.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Use atomic_set_bit() instead of atomic_test_bit() in
set_call_incoming_flag().
atomic_test_bit() is read-only, so the previous code did not update
INCOMING_3WAY/OUTGOING_3WAY flags when call_count > 1.
Signed-off-by: Yuheng Li <liyuheng@xiaomi.com>
Convert the RFCOMM DLC (Data Link Connection) management from a manual
linked list implementation using _next pointers to use Zephyr's
sys_slist API. This change improves code maintainability and safety by
using the standard list handling primitives.
Key changes:
- Replace bt_rfcomm_dlc._next with sys_snode_t _node for list handling
- Convert bt_rfcomm_session.dlcs from pointer to sys_slist_t
- Update rfcomm_dlcs_lookup_dlci() to use
SYS_SLIST_FOR_EACH_CONTAINER_SAFE
- Update rfcomm_dlcs_remove_dlci() to use
sys_slist_find_and_remove()
- Replace manual list traversal with sys_slist iterators throughout
- Initialize session DLC list with sys_slist_init() in
rfcomm_session_new()
- Use sys_slist_is_empty() instead of NULL pointer checks
- Use sys_slist_prepend() for adding DLCs to session
The conversion eliminates manual pointer manipulation and reduces the
risk of list corruption while maintaining the same functional behavior.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When address type was not provided calling bt_do_connect_le
leads to crash due to reading argv[2].
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
One of the branches in the Enhanced Connection Complete HCI event handler
was only partly setting the responder address, i.e. setting the address
value but not the address type. The comment above indicates that the code
expected the Advertising Set Terminated event handler to take care of the
rest, but it's still not ideal that in the intermediate state this field
doesn't contain a valid address (it would indicate a public address type
but with the RPA value).
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Take advantage of the new inline address to string conversion helper,
since it eliminates the need to explicitly declare a buffer variable on
the stack.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Take advantage of the new string conversion helpers to avoid having to
declare explicit on-stack variables.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Take advantage of the new string conversion helpers to avoid having to
declare explicit on-stack variables.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Add a helper API to convert inline (on the stack) the peer address of a
connection to a string.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
The Bluetooth stack has until now had private helpers to return an inline
pointer to a string - something which can be useful e.g. as part of
printk()/printf() call parameters. The reason these were never made public
is that they are not safe when a format string contains more than one
invocation of these.
This commit introduces replacement APIs which allocate an on-stack buffer,
thereby allowing arbitrary number of calls within the parameters of an
output formatting call. The new APIs are defines, since the solution uses
an encapsulating struct to force an on-stack copy, which then requires a
translation to access the struct-internal string member variable.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
The usage of CHECKIF has been replaced with a regular
if. The reason for this is that higher layer may depend
on some of the checks defined by the API, and the higher
layers cannot do that properly if the checks can be
removed via a Kconfig option.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Add a new bt write-eir-name shell command to set the Extended
Inquiry Response (EIR) name for BR/EDR connections.
Signed-off-by: Kai Cheng <chengkai@xiaomi.com>
Add bt_br_write_eir() API to set the extended inquiry response (EIR)
data for BR/EDR device discovery. EIR allows remote devices to
obtain more information during the inquiry process without needing
to establish a connection.
Signed-off-by: Kai Cheng <chengkai@xiaomi.com>
Add an initial assign and check for subgroup == NULL before
calling SYS_SLIST_PEEK_NEXT_CONTAINER as some compilers
consider subgroup otherwise considers it uninitialized:
In function ‘z_snode_next_peek’,
inlined from ‘sys_slist_peek_next_no_check’ at
/__w/zephyr/zephyr/include/zephyr/sys/slist.h:281:1,
inlined from ‘sys_slist_peek_next’ at
/__w/zephyr/zephyr/include/zephyr/sys/slist.h:292:1,
inlined from ‘bt_bap_broadcast_source_reconfig’ at
/__w/zephyr/zephyr/subsys/bluetooth/audio/bap_broadcast_source.c:1008:15:
/__w/zephyr/zephyr/include/zephyr/sys/slist.h:213:20: error:
‘subgroup’ may be used uninitialized [-Werror=maybe-uninitialized]
213 | return node->next;
| ~~~~^~~~~~
/__w/zephyr/zephyr/subsys/bluetooth/audio/bap_broadcast_source.c:
In function ‘bt_bap_broadcast_source_reconfig’:
/__w/zephyr/zephyr/subsys/bluetooth/audio/bap_broadcast_source.c:975:43:
note: ‘subgroup’ was declared here
975 | struct bt_bap_broadcast_subgroup *subgroup;
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Make the codec_cfg parameter of the BAP can CAP APIs const,
as they are now only used as one-time parameters, and not stored.
This also means that any uses of this can place the codec_cfg
parameter in the stack, rather than static memory.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The pointer represent the codec configuration
for a stream based on the ASE or broadcast configuration,
and serves as a read-only value. Changing it to `const` makes
this more clear.
Some minor changes were done to existing code to help
support this change.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
In some cases the codec_cfg pointer pointed to the
codec_cfg argument, and sometimes it pointed to the ep->codec_cfg.
Now all codec_cfg arguments are copied to ep->codec_cfg, and
stream->codec_cfg always points to stream->ep.codec_cfg.
This also fixes a bug where metadata updates initiated
by the server was not properly stored by the client.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The function name `avdtp_tx_signal` is misleading as it is used to
transmit single-fragment packets, not specifically signal packets.
Rename it to `avdtp_tx_single` to better reflect its actual purpose
and improve code clarity. Rename `avdtp_tx_frags` as `avdtp_tx_multi`
because AVDTP spec use `multi`.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Some resources in MCS were accessed (both read and write) by
multiple threads without any thread protection.
This commit adds a mutex to ensure thread safety.
Since the flags were previously using atomic to
prevent race condition between threads, and since there is
now a mutex, those flags have been modified to be simple
boolean values instead.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Add bt_conn_br_set_supervision_timeout() API to configure the
link supervision timeout for a BR/EDR connection via the HCI
Write Link Supervision Timeout command.
Signed-off-by: Kai Cheng <chengkai@xiaomi.com>
Add bt_conn_br_get_supervision_timeout() API to read the current
link supervision timeout value for a BR/EDR connection via the
HCI Read Link Supervision Timeout command.
Signed-off-by: Kai Cheng <chengkai@xiaomi.com>
NRPA should be rotated every TGAP(private_addr_int)
according to spec, which is also checked in PTS.
Signed-off-by: Artur Dobrynin <artur.dobrynin@nordicsemi.no>
Stop scheduling bt_id_add() as workqueue work during settings load.
Mark keys BT_KEYS_ID_PENDING_ADD only, then flush them synchronously
in start_scan(), adv_start_legacy()/bt_le_ext_adv_start(),
bt_conn_le_create and bt_conn_le_create_auto when
BT_DEV_ID_PENDING is set.
We don't necessarily need to update resolving list in controller
unless actively start using it, also eliminates a race where a
workqueue-issued bt_id_add() blocks on HCI while bt_keys_clear()
concurrently zeroes the same key slot.
Signed-off-by: alperen sener <alperen.sener@nordicsemi.no>
validate the assumptions about buffers returned by alloc_buf() in the
LE CoC receive path.
if the returned buffer does not provide enough user_data space for the
internal segment counter, disconnect and drop the buffer instead of
reading or writing past the metadata area.
also document that alloc_buf() must return a buffer with at least
sizeof(uint16_t) bytes of user_data.
Signed-off-by: Oleh Konko <security@1seal.org>
If `attr` or `attr->user_data` is NULL, then the include
characteristic is invalid. However the function,
bt_gatt_attr_read_included, should not return an errno value, but
a GATT error. The reason why errno cannot be used, is that the
return value is parsed through err_to_att which would make
-EINVAL become 0x16 (depending on the libc implementation),
which is an invalid ATT error code.
This was incorrectly introduced by commit
5a8189bf2a.
Changed the return value from errno to a proper GATT/ATT error.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Update the HW models module to:
63ccab2988bf4c144b3cd324a0277e03206fa413
Including the following:
63ccab2 RADIO: Adjust Tx rampup timings
72d7680 RADIO: Correct note
AND
Adjust Bluetooth controller radio hal timings to match this new timings.
AND
Change the random seed in a very long test which is relatively sensitive
to timing, and fails due to this rampup timing change.
Repeat of note from 63ccab2:
--
IMPORTANT!: This commit changes the timing of the radio model, and
therefore requires controller SW to adjust its constants accordingly.
Even after such an adjustment it is likely some tests timing will change
marginally (if for example some advertisement event anchoring is done
as soon as possible by the controller or the like), and therefore that
some tests execution will change, and that too time sensitive test may
fail.
--
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
The supported contexts were read but never provided to the
upper layers. Additionally if the supported contexts are
notifible we also subscribe to it.
This commit also fixed some other various things related
to the change to supported contexts.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
If we get a remote request to originate a call via a control
point write, we lookup a TBS instance based on the URI.
However for the local API function bt_tbs_originate we did
not, so the same operation, if the target bearer was GTBS,
had different behavior depending on whether it was locally or
remotely invoked.
This commit makes the two behave the same.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
This allows to tune L2CAP RTX timer value for L2CAP connection
requests. Allowed range is 1-60 seconds while defaults to 40.
Since this is mainly useful for BI (behavior invalid) qualification
tests allows to tune it only if BT_TESTING is selected.
This is required for running L2CAP/COS/CED/BI-29-C qualification
test in reasonable time since it requires 255 iterations of
failed (timed out) connection requests.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Add missing notification clearing for the GTBS instance
in the disconnected callback.
Fixes#104568
Signed-off-by: Maximilian Zimmermann <gitmz@posteo.de>
