Trigger the TX processor on connection teardown.
When a disconnection happens before the controller has acknowledged some
ACL fragments the host has sent, we run `process_unack_tx()` to free
those unacknowledged buffers and their associated TX contexts.
The problem is that the TX processor still holds a reference to the conn
object. That reference is not released until the TX processor is
triggered again and figures out that the connection is invalid.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Fix missing invalid aux offset check that was being caught
in a development assertion check. If aux offset where less
than the PDU time of the primary channel PDU, radio was
redundantly being setup delayed for reception that was
being caught in an assertion check.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
This test create a setup where an ISO broadcaster will send fragmented
data and get stopped after sending the first fragment and repeating that
operation multiple time to verify that buffers are not leaked.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
When sending data using ISO and the data is fragmented, if the
connection is cut before all the fragments are sent, the data buffer
will be leaked.
Fix the issue by unref'ing the buffer when ISO is not in a connected
state.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
When disconnected while sending data, if ISO doesn't get the number of
completed packets it will not call `process_unack_tx` and thus will leak
TX context.
Fix that by setting the connection state in ISO disconnection which will
trigger a call to `process_unack_tx`.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
Convert users of net_buf_put() and net_buf_get() functions to use
non-wrapped putters and getters k_fifo_put() and k_fifo_get().
Special handling of net_bufs in k_fifos is no longer needed after commit
3d306c181f, since these actions are now
atomic regardless of any net_buf fragments.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Introduce Controller dependent EVENT_MAFS_MIN_US value to
use as the value when populating the aux offset between
Extended Advertising primary and auxiliary channel PDUs.
This can be used as workaround for peers having difficulty
receiving Extended Advertising PDUs with near 300 us MAFS
values used in aux offset calculations.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Relax the radio packet pointer assignment deadline assertion
until access address being transmitted. The PDU buffer is
probably only needed just after access address is being
transmitted or received by the radio. This will give some
more breathing room for slow CPUs like in nRF51x SoCs.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix regression using speed optimization introduced in
commit 1b7fe792e0 ("Bluetooth: Controller: Support Link
Time Optimizations (LTO)").
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix regression in encrypted connection introduced in
commit f3deccda91 ("Bluetooth: Controller: CCM read data
to early when DF enabled on PHY 1M").
Due to this nRF51x SoC hang waiting to encrypt and/or
check MIC.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
In case of ISR latencies, if packet pointer has not been
set on time then we do not want to check uninitialized
length in rx buffer that did not get used by Radio DMA.
This would help us in detecting radio ready event being
set? We can not detect radio ready if it happens twice
before Radio ISR executes after latency.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Only 3 bytes (PDU_EM_LL_SIZE_MAX) is required for empty PDU
transmission, but in case of Radio ISR latency if rx packet
pointer is not setup then Radio DMA will use previously
assigned buffer which can be this empty PDU buffer. Radio
DMA will overrun this buffer and cause memory corruption.
Any detection of ISR latency will not happen if the ISR
function pointer in RAM is corrupted by this overrun.
Increasing ISR latencies in OS and CPU usage in the
ULL_HIGH priority if it is same as LLL priority in
Controller implementation then it is making it tight to
execute Controller code in the tIFS between Tx-Rx PDU's
Radio ISRs.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix ISR profiling when using single timer for tIFS radio
switching wherein in the timer is cleared on every radio
end. Hence, the captured timer value is the latency and
does not required the radio end timestamp to be subtracted.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use uint16_t to store ISR profiling value to avoid overflow
in case of higher latencies.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix in-system ISR profiling for advertiser and connection
role for the missing implementation when there is CRC error.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The interval and latency for a CIG are set for each direction now,
allowing applications to use e.g. 10ms for sink ASEs and 7.5ms for
source ASEs.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
gcc 13 thinks max_adv_duration may be used unitialized
and warns accordingly (see below)
It seems the reason is the goto, which confuses it.
In any case, pacifying this warning is trivial,
so let's just do so.
The warning:
```
In function ‘gatt_proxy_advertise’,
inlined from ‘bt_mesh_proxy_adv_start’ at
subsys/bluetooth/mesh/proxy_srv.c:1214:9:
subsys/bluetooth/mesh/proxy_srv.c:842:44: error: ‘max_adv_duration’ may
be used uninitialized [-Werror=maybe-uninitialized]
subsys/bluetooth/mesh/proxy_srv.c: In function ‘bt_mesh_proxy_adv_start’
zephyr/subsys/bluetooth/mesh/proxy_srv.c:786:17: note:
‘max_adv_duration’ was declared here
786 | int32_t max_adv_duration;
| ^~~~~~~~~~~~~~~~
```
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
- Made CCC_STORE_MAX configurable under the BT_SETTINGS
- Added a buffer overflow check on ccc_save
Fixes: #76838
Signed-off-by: Yago Fontoura do Rosario <yafo@demant.com>
This function call frees the buffer kept by the host for reassembling L2CAP
PDUs into.
Without this call, the current buffer will eventually be
leaked, leading to a non-functional host due to lack of RX buffers.
The effect is worse when host flow control is not enabled, as the RX
buffer pool is shared with events, which means communication with the
controller is essentially dead.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
`net_buf_alloc(K_FOREVER)` can now return NULL if running in the system
workqueue. `bt_hci_evt_create()` is called in that context in a few cases.
Since we can't really do anything about it, add a (default-on) assert.
This should ideally never fail. I saw it fail because of a leak in the ACL
buffer pool, which is also shared with events when host flow control is not
enabled.
In that particular case, the host is rendered non-functional, so trying to
recover using error handling is futile.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Don't push the TS flag on `buf` itself.
This messes up the MTU calculations: a packet that would exactly fit the
MTU and has a timestamp would be unnecessarily fragmented.
The MTU check is done on `buf` as a whole. At the point where the
fragmentation length is decided, `buf` includes one extra byte to pass the
TS bit around. That byte shouldn't count towards the MTU.
Instead, infer the presence of the timestamp by inspecting the amount of
headroom that the buffer has. This works because we always reserve
enough memory to push the timestamp, but not always push a timestamp on
the buffer. #tightlycoupled
This method is slightly uglier IMO, but eases MTU confusion and doesn't
rely on user_data.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
When periodic scanning reaches timeout and BIGinfo has not yet been
received, notify with BT_HCI_ERR_CONN_FAIL_TO_ESTAB for sync receiver.
Signed-off-by: Morten Priess <mtpr@oticon.com>
When an ISO stream fails to sync to a broadcaster within the first 6
events, the establishment fails (as expected). However, it did not stop
the ticker, and subsequently it was impossible to establish a new sync
after this.
Make asynchronous call to ticker_stop when establishment fails, and exit
done handling. Cleanup is handled via ll_rx_dequeue().
Signed-off-by: Morten Priess <mtpr@oticon.com>
When the ISO sync receiver has been disabled (terminted), ULL now calls
lll_sync_iso_flush in lower link layer, to allow cleanup and releasing
of resources.
Make sure ISO sync LLL flush is also called when terminating a stream
from local side (app). Add blocking mayfly call to lll_sync_iso_flush in
ll_big_sync_terminate.
Signed-off-by: Morten Priess <mtpr@oticon.com>
If a race condition occurs between stopping CIS stream and tearing down
data path, releasing TX PDUs was not possible for vendor data path, as
the DP configuration is gone.
In that case, call a new vendor specific function for cleaning up and
returning PDUs to correct pool.
Signed-off-by: Morten Priess <mtpr@oticon.com>
The MFIFO holding TX nodes on the ack path back to the host was only
sized to hold the possible number of ACL TX nodes. However, additional
TX nodes are allocated for LLCP and use the same FIFO.
By adding LLCP_TX_CTRL_BUF_COUNT to the size, the FIFO will be able to
hold the worst-case number of TX nodes.
Signed-off-by: Morten Priess <mtpr@oticon.com>
Rename to BT_TICKER_START_REMAINDER better reflect what it
means in terms of providing remainder parameter to ticker
start interface.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Score was never increased for scan_aux events since they are
one-shot events; Fixed by keeping the scan_aux score as part
of the scan structure
Signed-off-by: Troels Nilsson <trnn@demant.com>
Support for separate SDU interval for C_to_P and P_to_C
directions when setting CIG parameters.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Add commands to allow requesting a subrate change via the BT shell.
A new build configuration has been added to ensure this is tested in CI.
Signed-off-by: Aleksandar Stanoev <aleksandar.stanoev@nordicsemi.no>
Adds support for LE Connection Subrating as defined in Core 5.4
Vol 6, Part B, Section 5.1.19.
As this is primarily a controller feature, the host support is mostly
a wrapper around the relevant HCI commands.
Note that subrating provides a new method to update the connection's
peripheral latency and supervision timeout alongside subrating parameters.
Signed-off-by: Aleksandar Stanoev <aleksandar.stanoev@nordicsemi.no>
With e.g. a 216MHz core clock, the 32-bit cycle counter overflows after
just 20 seconds. The 32-bit monitor timestamp (100us resolution) overflows
after around five days regardless of what we do, but we should try our best
to reach that.
Signed-off-by: Armin Brauns <armin.brauns@embedded-solutions.at>
It was not being set, and thus if the user_data contained garbage from
before, then conn.c would attempt to call that garbage.
Static channels don't have this issue, as every "SDU" fits into one PDU.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Co-authored-by: Huajiang Zheng <nxf88597@lsv051208.swis.nl-cdc01.nxp.com>
Storing stuff in user_data? That's a paddlin'
We have been debugging issue after issue because ownership of this
"user" data is not clearly defined. Now it is. L2CAP owns the user_data
field entirely, as soon as `send()` is called.
Also add a warning and retval using CHECKIF.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Declare __stdout_hook_install in libc-hooks.h and use it in the console
drivers rather than redeclare it every time.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
