Commit graph

9523 commits

Author SHA1 Message Date
Rubin Gerritsen
b63b993491 Bluetooth: Decode Bluetooth 6.1 version number
Bluetooth 6.1 has version number 0x0F and was released in May 2025.
This commit ensures this version number is properly decoded.

Going forward we may consider removing printing the version
number as a string because the feature set is more important
than the version number.

Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
2025-06-18 10:56:34 +02:00
Emil Gydesen
6885a368d4 Bluetooth: Host: Add advertising state to bt_le_ext_adv_info
The bt_le_ext_adv_info struct has been extended to also
contain the advertising and periodic advertising states.

Additionally, the function verifies the input to avoid
NULL pointer access, and the addr field is more
properly documented.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-06-17 16:04:42 +02:00
Emil Gydesen
2ab5882e0b Bluetooth: CAP: Add cap_unicast_group API
Adds a new abstract struct for unicast group that is
specific for CAP. The difference between this and the BAP
unicast group, is that the parameters are CAP streams and
thus ensuring that the streams in the group adhere to the
additional requirements that CAP has on top of BAP.

This also adds foreach functions for both CAP and BAP
to allow users to iterate on the streams in the
abstract groups.

Various samples, modules and tests have been updated
to use the CAP struct and API.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-06-17 08:20:25 +02:00
Szymon Janc
9b27a472f4 Bluetooth: Host: Fix SMP Pairing failed code on invalid Public Key
Core Specification 6.1 clarified exptected erro code in case peer
sending invalid Public Key. In case pairing is aborted during or
immediately after Public Key Exchange phase has completed (which is
the case here) expected reason code is set to "DHKey Check Failed".

This was affecting SM/CEN/KDU/BI-04-C and SM/PER/KDU/BI-04-C
qualification test cases.

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2025-06-13 10:21:42 -07:00
Vinayak Kariappa Chettimada
d011dd11da Bluetooth: Controller: nRF53x: Fix up ISO Rx Buffer size
Fix up the bus fault by not violating the MAXPACKETSIZE
value range of NRF_CCM h/w peripheral.

Fix up relates to commit 920117922b ("Bluetooth:
Controller: nRF53x: Fix NRF_CCM MAXPACKETSIZE value").

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2025-06-13 10:39:09 -04:00
Vinayak Kariappa Chettimada
01c9c6716a Bluetooth: Controller: Fix incorrect elapsed events value
Fix incorrect elapsed events value when LLL event prepare_cb
was invoked but was aborted before anchor point sync. This
caused premature supervision timeouts under applications
configured with CONFIG_BT_CTLR_EVENT_OVERHEAD_RESERVE_MAX=n
and CONFIG_BT_CTLR_PERIPHERAL_RESERVE_MAX=n.

Fixes commit 247037bd3e ("Bluetooth: Controller: Fix
incorrect elapsed events value").

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2025-06-13 10:34:31 -04:00
Marco Widmer
09691484eb Bluetooth: Controller: Deinit ticker
ticker_is_initialized() should only return true when the ticker is
running (triggered regularly). Users like nrf_flash_sync_is_required()
depend on this behavior.

When the bluetooth controller driver is closed, ll_deinit() calls
lll_deinit(), which stops the ticker from being triggered. Also
deinitialize the ticker to ensure that ticker_is_initialized() returns
false.

Signed-off-by: Marco Widmer <marco.widmer@bytesatwork.ch>
2025-06-13 10:33:01 -04:00
Lyle Zhu
672d367642 Bluetooth: Remove useless sys_cpu_to_le16 for uint8_t type
The target variable is a `uint8_t`. It is not reasonable to pass a
value with `uint16_t` in little-endian format.

Remove `sys_cpu_to_le16`, and pass the value directly.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-06-13 10:10:04 +02:00
Vinayak Kariappa Chettimada
c8fd14ecab Bluetooth: Controller: No ISR_DIRECT_PM and no reschedule for ZLI
When using Zero Latency IRQs do not invoke ISR_DIRECT_PM and
do not return to reschedule in the kernel.

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2025-06-13 07:36:27 +02:00
Håvard Reierstad
2a8118c945 Bluetooth: Host: Update LE legacy pairing check
Updates the LE legacy pairing procedure as a result of errata ES-24491.
New part:
If the initiating device receives an LP_CONFIRM_R value that is equal to
the LP_CONFIRM_I value, the pairing process shall be aborted and fail
with "Confirm Value Failed" as reason.

Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
2025-06-11 16:26:23 -07:00
Lyle Zhu
6231b43435 Bluetooth: Classic: SDP: Fix buf leak issue
In the function `sdp_client_ss_search()` and
`sdp_client_ssa_search()`, the allocated buf is not released if the
required UUID is invalid.

Un-reference the allocated net buffer if the UUID is invalid.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-06-11 16:12:31 -07:00
Emil Gydesen
9b4bebbdf3 Bluetooth: ASCS: Sonarcloud fixes
Made a few complex functions simpler
Added missing default cases in switches
Fixes a bad cast that removed const
Moved loop iterators to inner loop

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-06-11 08:58:09 -04:00
Emil Gydesen
314678c48d Bluetooth: AICS Client: Fix sonarcloud issues
Fixes a few bad casts that ignored const
Add a few missing final else statement
Refactored aics_discover_func to be less complex by
moving some parts of it into a new function.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-06-11 08:57:26 -04:00
Emil Gydesen
bf8570256f Bluetooth: AICS: Fix sonarcloud issues
Add missing else and refactored write_aics_control to
be less complex.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-06-11 08:57:26 -04:00
Lyle Zhu
55c0f00f23 Bluetooth: Classic: SDP: Avoid invalid session->param be accessed
The `session->param` should be updated to date whatever the function
`sdp_client_ssa_search()`, `sdp_client_sa_search()` or
`sdp_client_ss_search()` can be executed properly.

Update the `session->param` to the new `param` when executing the
function.

Fixes #91156

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-06-11 08:17:57 +02:00
Lyle Zhu
f924af1df5 Bluetooth: Classic: HFP_HF: Fix out of bounds potential issue
There is a potential issue that the index of ACL may out of the
bounds of the array `bt_hfp_hf_pool` if the array size is not aligned
with the array size of `acl_conns`.

To avoid the potential issue, check if the ACL conn index is less than
the array size of `bt_hfp_hf_pool` before accessing the array
`bt_hfp_hf_pool` with ACL conn index.

Fixes #91172

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-06-10 13:29:17 +02:00
Mark Wang
d166d53238 bluetooth: keys: addr is null and assert in bt_keys_find_addr
When there are br connections connected, find_key_in_use call
bt_conn_get_dst to get br connection's dst and bt_conn_get_dst return NULL,
then bt_keys_find_addr aseert because addr is NULL.

Signed-off-by: Mark Wang <yichang.wang@nxp.com>
2025-06-10 13:28:55 +02:00
ZhongYao Luo
821e9f3c6a Bluetooth: SDP: Don't clear l2cap chan on disconnect
- Remove memset on bt_l2cap_br_chan during SDP
  disconnect to prevent overwriting resources
  (e.g., rtx_work) still in use by L2CAP,
  which handles channel cleanup itself.
- Delete unused partial_resp_queue to clean up code.

Signed-off-by: ZhongYao Luo <LuoZhongYao@gmail.com>
2025-06-10 13:28:24 +02:00
Lu Jia
634b72a76c Bluetooth: Add API to obtain ACL connection corresponding to a2dp
When connecting two devices with an application, it
is necessary to differentiate which is the remote device.

Signed-off-by: Lu Jia <jialu@xiaomi.com>
2025-06-10 13:28:16 +02:00
Lyle Zhu
2a1bcc2919 Bluetooth: Classic: L2CAP: Fix issue is received data len less than 2
If the received data length is less than 2 in none basic mode, the
L2CAP channel connection will be dropped.

Only check the received data length if the `SAR` is
`BT_L2CAP_CONTROL_SAR_START`.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-06-10 12:25:55 +02:00
Lyle Zhu
63dbc4c7f9 Bluetooth: Classic: L2CAP: Support zero-length SDU in none basic mode
Support zero-length SDU sending if the L2CAP channel connection is not
in basic mode.

Flag the zero-length SDU buffer and clear it if it has been processed.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-06-10 12:25:55 +02:00
Aleksandr Khromykh
2411238196 bluetooth: mesh: clarify mesh dfu fwid max length
Commit changes BT_MESH_DFU_FWID_MAXLEN option to be
compliant with BLE Mesh specification.

Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
2025-06-05 15:14:35 -05:00
Mark Wang
2d4e05afc2 bluetooth: improve the controller address resolution enablement
If the controller resolving list is cleared by HCI_LE_Clear_Resolving_List,
don't need to enable the controller address resolution.

Signed-off-by: Mark Wang <yichang.wang@nxp.com>
2025-06-03 17:09:02 +02:00
Lyle Zhu
f34d7766af Bluetooth: Classic: L2CAP: Add echo command set
Add echo test shell commands, `register`, `unregister`, `req`, and
`rsp`.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 20:19:38 -04:00
Lyle Zhu
6f2b8f8a97 Bluetooth: Classic: L2CAP: implement ECHO REQ/RSP
Handle the ECHO request/response of classic L2CAP signaling packets.

Add the functions `bt_l2cap_br_echo_cb_register()` and
`bt_l2cap_br_echo_cb_unregister()` to register/unregister the ECHO
callbacks to monitor the ECHO REQ and RSP.

Add the function `bt_l2cap_br_echo_req()` to send the ECHO REQ through
classic L2CAP signaling channel.

Add the function `bt_l2cap_br_echo_rsp()` to reply the ECHO REQ
through the classic L2CAP signaling channel.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 20:19:38 -04:00
Lyle Zhu
d1deb20b95 Bluetooth: Classic: L2CAP: Disconn channel if proposed MTU is invalid
Disconnect the L2CAP channel connection if the proposed MTU is less
than min MTU or more than local supported MTU.

The main scenes are as follows.
If the proposed MTU is less than MIN MTU.
1. The channel connection of client and server is established,
2. Client/server sends channel config REQ (MTU=50),
3. Peer replies channel config RQP (Unaccepted/success with MTU=30),
4. The client/server will repeat step 3~4 if the RSP is unacceptable.

With the change applied, the local will disconnect the L2CAP channel
connection in step 3.

If the proposed MTU is more than local supported MTU.
1. The channel connection of client and server is established,
2. Client/server sends channel config REQ (MTU=50),
3. Peer replies channel config RQP (Unaccepted/success with MTU=80),
4. The client/server will repeat step 3~4 if the RSP is unacceptable.

With the change applied, the local will disconnect the L2CAP channel
connection in step 3.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 10:46:26 +02:00
Lyle Zhu
858e64cded Bluetooth: Shell: Classic: Add command select to select BR connect
Add a shell command `select` to select a specific BR connect according
to the given BR address.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 10:46:12 +02:00
Lyle Zhu
1572277a2e Bluetooth: Shell: Classic: Add command info to get conn info
Add shell command `info` to get the BR connect info.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 10:46:12 +02:00
Lyle Zhu
ff41c71737 Bluetooth: Class: Shell: HFP_HF: Add auto_select_codec command
Add shell command `auto_select_codec` to select codec automatically
when codec negotiation callback is notified.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 06:31:32 +02:00
Lyle Zhu
aaef7eb658 Bluetooth: Classic: HGP_AG: change get_ongoing_call() to async mode
Change the callback `get_ongoing_call()` of the AG from synchronous to
asynchronous mode. It will help to avoid the Bluetooth host stack be
blocked in the context of callback `get_ongoing_call()`.

Add a function `bt_hfp_ag_ongoing_calls()` to set the ongoing calls and
reply the AT command `AT+CIND?` after the callback `get_ongoing_call()`
has been notified.

Add a delayable worker to avoid the AT command `AT+CIND?` never being
replied. After the time exceeds
@kconfig{CONFIG_BT_HFP_AG_GET_ONGOING_CALL_TIMEOUT}, the response of
the AT command `AT+CIND?` will be replied.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 06:31:32 +02:00
Lyle Zhu
d6dc7fbd66 Bluetooth: Classic: Shell: Add command ongoing_calls
Add shell command `ongoing_calls` to set the ongoing calls.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 06:31:32 +02:00
Lyle Zhu
488d577910 Bluetooth: Classic: HFP_HF: Support ongoing calls before SLC
If the any value of Call, Call Setup, and Held Call indicators is not
zero in the response of `AT+CIND?`, get all calls via `AT+CLCC`.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 06:31:32 +02:00
Lyle Zhu
09f3c31818 Bluetooth: Classic: HFP_AG: Remove unnecessary lock/unlock
For read-only access to fields, `lock/unlock` is unnecessary.

Remove unnecessary `lock/unlock` protection for read-only access
fields of AG.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 06:31:32 +02:00
Lyle Zhu
2b4de08c7c Bluetooth: Classic: HFP_AG: Support ongoing calls before SLC
Support the case that there are some calls existed before SLC
established.

Add a callback to get the ongoing calls one by one from upper layer
when the response of the AT command `AT+CIND=?` from HF has been sent.

And set the Call, Call Setup, and Held Call indicators and report the
values int the response of AT command `AT+CIND?`. Then report all
ongoing calls in the `+CLCC` response.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-29 06:31:32 +02:00
Lyle Zhu
5f7fbb6c1d Bluetooth: Classic: Fix LTK cannot be derived issue
The LTK cannot be derived by LK when LK is not weaker than the old LTK.

Improve the function `smp_br_pairing_allowed()` to avoid the LTK be
overwrote when old LTK has MITM protection but new LK has not MITM
protection.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-28 11:13:40 +02:00
Can Wang
a95f900bfa Bluetooth: Shell: Fix issue that BR connection is not selected.
LE and BR connection have already been established, after that, LE
disconnection occurs, BR connection will not be selected as the next
default connection.

Fix this issue by searching for both BR and LE after disconnection
occurs.

Signed-off-by: Can Wang <can.wang@nxp.com>
2025-05-28 11:09:44 +02:00
Can Wang
361f8e2795 Bluetooth: Shell: Fix issue that BR security level cannot be set to 4.
Host stack supports to set BR security level to 4 but the security level
cannot be set to 4 by the shell command.

Update the code to support BR security level 4.

Signed-off-by: Can Wang <can.wang@nxp.com>
2025-05-28 11:09:44 +02:00
Can Wang
c24594a7bb Bluetooth: Shell: Remove redundant spaces in string.
This string contains two consecutive spaces. Remove one of them.

Signed-off-by: Can Wang <can.wang@nxp.com>
2025-05-28 11:09:44 +02:00
Vinayak Kariappa Chettimada
ff26592272 Bluetooth: Controller: Remove conn context NULL check
Remove conn variable NULL check before calling
ull_cp_release_tx() to support conditional compilation of
LLCP_TX_CTRL_BUF_QUEUE_ENABLE variant.

Relates to commit 1ff458ec87 ("Bluetooth: controller:
llcp: fixing tx buffer queue handling").

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2025-05-28 11:09:01 +02:00
Vinayak Kariappa Chettimada
c3f107596a Bluetooth: Controller: Add ll_conn_get() return value check
Add ll_conn_get() return value check for valid connection
context.

Build command:
cmake -GNinja -DBOARD=nrf52833dk/nrf52833
 -DEXTRA_CONF_FILE=overlay-all-bt_ll_sw_split.conf
 -DDTC_OVERLAY_FILE=boards/nrf52833dk_nrf52833_df.overlay
 -DSNIPPET="bt-ll-sw-split" ../../samples/bluetooth/hci_uart
ninja

Before:
Memory region         Used Size  Region Size  %age Used
           FLASH:      283716 B       512 KB     54.11%
             RAM:      109752 B       128 KB     83.73%
        IDT_LIST:          0 GB        32 KB      0.00%

After:
Memory region         Used Size  Region Size  %age Used
           FLASH:      284992 B       512 KB     54.36%
             RAM:      109752 B       128 KB     83.73%
        IDT_LIST:          0 GB        32 KB      0.00%

After (use of `conn != NULL`):
Memory region         Used Size  Region Size  %age Used
           FLASH:      285044 B       512 KB     54.37%
             RAM:      109752 B       128 KB     83.73%
        IDT_LIST:          0 GB        32 KB      0.00%

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2025-05-28 11:09:01 +02:00
Vinayak Kariappa Chettimada
a396bdd30a Bluetooth: Controller: Fix missing connection handle invalidate
Fix missing connection handle invalidate on Controller
power up.

The connection context are zero-initialized on startup and
calls to `ll_connected_get()` would incorrectly return a
valid connection context pointer for connection handle 0.

Relates to commit fa02dc4d02 ("Bluetooth: Controller: Fix
missing reset of connection handle").

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2025-05-28 11:09:01 +02:00
Mark Wang
18c18c6905 bluetooth: shell: pairing_accept callback access NULL pointer
pairing_accept callback is called with feat as NULL in
the bt_hci_io_capa_req.

Signed-off-by: Mark Wang <yichang.wang@nxp.com>
2025-05-27 16:44:28 +02:00
Szymon Janc
5e0d3cce8b Bluetooth: Host: L2CAP: Fix checking signaling packets size
Recent test specification added additional test for validating
invalid packet sizes on L2CAP signaling channel. IUT is allowed
to either disconnect link, ignore packet, reject packet or
issue a warning to upper tester if other action is taken.

To keep things in line with previous check for too small size
simply ignore fixed size packets of invalid length.

This was affecting L2CAP/COS/CED/BI-11-C qualification test.

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2025-05-27 16:44:17 +02:00
Emil Gydesen
52f089af23 Bluetooth: CSIP: Set member: Fix issue with re-registration
The bt_csip_set_member_register kept a counter that was not
decreased when bt_csip_set_member_unregister was called.
This meant that we could register and unregister CSIS,
but we could not re-register once it had been unregistered.

This commit fixes this by removing the counter and instead
rely on the service instance state, which also requires restoring
the original service definition, as well as adding a test that would
have failed with the previous version.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-05-27 14:45:15 +02:00
Emil Gydesen
f24ba75aba Bluetooth: BAP: BA: Add check for mixing NO_PREF with specific BIS
Based on a dicussion on the Bluetooth SIG GAWG reflector, it is
not allowed for a broadcast assistant to request specific BIS
indexes as well as BT_BAP_BIS_SYNC_NO_PREF in the same
request.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-05-27 12:02:16 +01:00
Emil Gydesen
de4752c393 Bluetooth: BAP: SD: Add check for mixing NO_PREF with specific BIS
Based on a dicussion on the Bluetooth SIG GAWG reflector, it is
not allowed for a broadcast assistant to request specific BIS
indexes as well as BT_BAP_BIS_SYNC_NO_PREF in the same
request.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-05-27 12:02:16 +01:00
Lyle Zhu
81141b1618 Bluetooth: Shell: Improve command bt connections to support BR conn
When execute `bt connections`, only the peer device address of selected
LE connection is flagged with `*`.

Improve the command `bt connections` to support BR connections.
Regardless of the connection type, `*` will be shown to indicate the
peer address of the current connection if the peer device address is
the peer address of selected connection.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-05-27 11:50:58 +02:00
Jiawei Yang
623479cc3c Bluetooth: RFCOMM: Fix CR bit in DISC frame
The CR bit in DISC frames should be set as a command rather than a
response.
This patch fixes the rfcomm_send_disc function to correctly use
BT_RFCOMM_CMD_CR instead of BT_RFCOMM_RESP_CR when setting the CR bit in
the address field of DISC frames.

Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
2025-05-26 09:19:35 +02:00
Aleksandr Khromykh
9e0c6d5d96 bluetooth: mesh: fix buffer leakage if mesh was suspended
Commit fixes bug when advertisements were disabled and stopped
during suspending without unreferencing allocated advertisements.

Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
2025-05-20 15:25:06 +02:00
Babak Arisian
021c96dcad Bluetooth: controller: Correct validation for CONNECT_IND interval
Previously, the interval was only checked for non-zero. Now it is
validated to be within the allowed range (BT_HCI_LE_INTERVAL_MIN
to BT_HCI_LE_INTERVAL_MAX) to avoid invalid values.

Signed-off-by: Babak Arisian <bbaa@demant.com>
2025-05-20 09:17:07 +02:00