Commit graph

9523 commits

Author SHA1 Message Date
Lyle Zhu
597d76ce7d Bluetooth: Classic: HFP_HF: Fix out of bounds issue
Check whether the conn index is out of bounds.

CID 520290

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-29 08:17:28 +01:00
Lyle Zhu
be11f6fb0b Bluetooth: Classic: HFP_AG: Fix out of bounds issue
Check whether the conn index is out of bounds.

CID 520297
CID 520296

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-29 08:17:28 +01:00
Lyle Zhu
a1dce20e04 Bluetooth: Classic: L2CAP: Make TxWindow size on both sides the same
In retransmission mode and flow control mode, the TxWindow size should
be same on both sides.

When one side is updated, also update the other side.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-29 08:17:06 +01:00
Emil Gydesen
68652a6682 Bluetooth: CAP: Broadcast: Add check for memory allocation for create
When creating a broadcast source with
bt_cap_initiator_broadcast_audio_create there was no check if
all broadcast sources were already allocated, which could cause
a NULL pointer dereference.

Add a check, a test and documentation about possibly
error codes of the function.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-28 16:41:06 +02:00
Lyle Zhu
6661952dd4 Bluetooth: Classic: SSP: Fix bonding flag mismatch issue
A bonding issue is found with following conditions,
a. Local is a SSP initiator and it is in non-bondable mode,
b. Peer is in bondable mode,
c. The bonding flag in Authentication_Requirements of local IOCAP is
`No Bonding`,
d. the bonding flag in Authentication_Requirements of peer IOCAP is
`Bonding`.

The bonding information will be exchanged and stored. It is incorrect
behavior.

Fix the issue by reporting a pairing failure and disconnecting the ACL
connection with error `BT_HCI_ERR_AUTH_FAIL`.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-28 13:41:25 +01:00
Lyle Zhu
76c072549d Bluetooth: Classic: L2CAP: Fix the FCS incorrect issue
The FCS flag of TX direction is not set correctly if the FCS flag of
RX direction is set. The issue could be found with following steps,
Step 1, Local sends configuration request with ERET mode and FCS
omitted.
Step 2, Peer replies the configuration response without any errors.
Step 3, Peer sends configuration request with ERET mode and NO FCS.
Step 4, Local replies the configuration response without any errors.

The FCS flag of TX is cleared incorrectly.

The FCS should be enabled if any one side enables the FCS.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-28 08:36:13 +02:00
Lyle Zhu
b3581fe1d4 Bluetooth: Classic: L2CAP: Handle multi L2CAP packets of a HCI ACL
In current implementation, if the HCI ACL data length exceeds on L2CAP
packet, the HCI ACL data will be discarded.

Support the case if the transport is classic.

Add a function `bt_br_acl_recv()` to handle the multi L2CAP packets
one by one.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-28 08:36:02 +02:00
Troels Nilsson
4aad818ec2 Bluetooth: Controller: Fix window widening for parameter update
When applying the connection parameter update, the window widening
for the previous connection interval was not applied since that is
normally done in LLL

Fixed by applying the window widening in ull_conn_update_parameters()
instead in this case

Fixes EBQ test failure in LL/CON/PER/BV-10-C

Signed-off-by: Troels Nilsson <trnn@demant.com>
2025-04-25 15:56:04 +02:00
Aleksandr Khromykh
855639a3db bluetooth: mesh: keep scanner enabled if lpn has been disabled
Commit fixes the issue when scanner is disabled when
lpn is disabled.

Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
2025-04-25 14:05:27 +02:00
Nithin Ramesh Myliattil
a94cdafdb7 Bluetooth: CSIP: Fix ntf issue to clients on reboot
On reboot, client list to notify is not updated properly.
Fix is to check and add the reconnected clients on
security changed cb.

Subscription check is added before notify to clients.
BT Enable check is added in the register function before adding
bonded devices to client list.

Also typo is corrected in add_bonded_addr_to_client_list in the
second loop.

Signed-off-by: Nithin Ramesh Myliattil <niym@demant.com>
2025-04-25 14:04:37 +02:00
Jens Rehhoff Thomsen
73000a6154 Bluetooth: host: Ensure BASS notifications are sent
Update bit array (number of connections) added for each receive state.
Notifications are attempted to be sent in the system workqueue and
retried if failing.

Issue #85487

Signed-off-by: Jens Rehhoff Thomsen <jthm@demant.com>
2025-04-25 14:04:12 +02:00
Max Emde
e04d828219 Bluetooth: BAP: Update encrypt_state when BIG synced after bad code
- When encrypt_state in a receive state of the scan delegator is
  BT_BAP_BIG_ENC_STATE_BAD_CODE, make sure that on synchronization
  encrypt_state is updated to BT_BAP_BIG_ENC_STATE_DEC, as this
  implies that a correct code was provided, so that the broadcast
  assistant is not asked for a correct code any longer.

Signed-off-by: Max Emde <mxem@demant.com>
2025-04-24 11:57:25 +02:00
Emil Gydesen
c8742a3cec Bluetooth: Mesh: Add missing includes to va.h
The va.h file used both uintX and bool without including
the appropriate header files, which can cause a compile issue
if the file is included in the wrong order.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-24 10:39:21 +02:00
Mark Wang
5c4dece721 bluetooth: classic: smp: fix the wrong Responder Key Distribution
BR_SEND_KEYS_SC should be used to determine the value of
Responder Key Distribution when sending pairing_response to
reply smp br pairing_request.

Signed-off-by: Mark Wang <yichang.wang@nxp.com>
2025-04-23 10:04:23 +02:00
Emil Gydesen
11c3ee12a8 Bluetooth: BAP: Sink: Move mod_src_param to RAM
The mod_src_param was several places stored on the stack.
However this is a complex paramater struct that has
2 Kconfig options that can significantly increase the size,
and the maximum size of the parameter is nearly 8 KiB, and
was always place the in the BT RX thread's stack.

For this reason, the param is now stored in a single
static variable in RAM instead, so that the BT RX thread's stack
does not need to be increased based on the Kconfig options,
as that is quite difficult for users to be aware of.

The add_src_param has been left as is, as that stored in
the calling thread, and it is easier for an application
to determine if the calling thread needs additional stack
space.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-22 16:53:58 +02:00
Gudipudi Ramana Kumar
aafcd4f851 bluetooth: audio: Update bad code in BASS to be v1.0.1 compliant
Bad Broadcast Code in BASS/Scan Delegator if BIG_Encryption
field value = 0x03 (Bad_Code), Bad_Code shall be set to the
value 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF according to BASS v1.0.1

Signed-off-by: Gudipudi Ramana Kumar <gudipudiramanakumar@gmail.com>
2025-04-22 16:53:49 +02:00
Make Shi
d879e8482f Bluetooth: Classic: L2CAP: Set the BR chan identifier for PENDING Case
When the connection status is "PENDING", need reset the br channel
identifier to the correct value before resend the connection response,
otherwise these is in an "ident mismatch" error being reported.

Signed-off-by: Make Shi <make.shi@nxp.com>
2025-04-22 10:00:08 +02:00
Lyle Zhu
40b10ccf8d Bluetooth: Classic: SSP: Only set MITM when sec level is more than 2
The local device shall only set the MITM protection required flag if
the local device itself requires MITM protection.

Only set MITM flag when the required security level is more than 2 and
pairing method is not `JUST_WORKS`.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-21 12:43:42 +02:00
Emil Gydesen
efdca63c25 Bluetooth: Host: Add missing includes for all BT host files
Added missing includes and fixed typos in the files.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-17 21:17:29 +02:00
Emil Gydesen
1efd817dbd Bluetooth: Shell: Add missing includes for all BT host shell files
Added missing includes and fixed typos in the files.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-17 21:17:29 +02:00
Aleksandr Khromykh
b53b5e198a bluetooth: rename _bt_gatt_ccc and clarify usage
Bluetooth had two public types with similar name _bt_gatt_ccc and
bt_gatt_ccc, but for absolutely different purposes.
That caused misunderstanding of relationship of them and cases
where to use which one.

Commit changes name of _bt_gatt_ccc to more suitable by usage and
improves documentation of it.

Additionally, it changes name of BT_GATT_CCC_INITIALIZER
to correspond the type name.

Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
2025-04-17 17:24:19 +02:00
Toon Stegen
a4f89574b9 bluetooth: increase stack size for NO_OPTIMIZATIONS
when building without optimizations, the bt long thread needs more space
to not crash

Signed-off-by: Toon Stegen <toon@toostsolutions.be>
2025-04-16 17:08:02 +02:00
Emil Gydesen
da953b64c2 Bluetooth: Host: Shell: Add missing guard for CS test commands
The start_simple_cs_test and stop_cs_test depends on
CONFIG_BT_CHANNEL_SOUNDING_TEST and could cause build errors if that
is disabled while CONFIG_BT_CHANNEL_SOUNDING=y in the shell.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-16 08:04:53 +02:00
Théo Battrel
77bdc8a435 Bluetooth: Add usage of util_eq and util_memeq
Update `bt_irk_eq` to use `util_memeq` instead of `memcmp` and the
"disconnect" BabbleSim test to use `util_eq` instead of a first
assertion on the size followed by a `memcmp`.

This is done as an example usage of the two new functions.

Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
2025-04-14 16:06:38 +02:00
Mark Wang
6c9e478e49 Bluetooth: Classic: Fix assert when aborting initiating SCO connection
return an error instead of assert

Signed-off-by: Mark Wang <yichang.wang@nxp.com>
2025-04-14 13:06:20 +02:00
Lyle Zhu
918b91bc85 Bluetooth: Classic: Shell: HFP: Clear all calls if SLC is broken
If the SLC is broken, all saved calls should be cleared.

Clear all calls in the callback `hf_disconnected()` and
`ag_disconnected()`.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-14 09:47:48 +02:00
Lyle Zhu
03ca91fef4 Bluetooth: Classic: HFP_AG: Don't change call status if SLC broken
In current implementation, the active/hold call will be terminated
and notify the upper layer the status change of calls when the SLC
is broken. But the calls should not be terminated in this case.

Do not terminate the calls and only clear the status of all calls.
And disconnect the SCO connection if it is established.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-14 09:47:41 +02:00
Emil Gydesen
ff9a9fe031 Bluetooth: BAP: Release read_buf_sem in receive_state_updated earlier
The semaphore should be returned before calling the application
callbacks.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-11 22:06:44 +02:00
Troels Nilsson
c3df8fcd92 Bluetooth: Controller: Add validation of received LL_CIS_REQ
Validate that a received LL_CIS_REQ is valid and reject if it is not

Fixes EBQ test failure in LL/CIS/PER/BI-07-C

Signed-off-by: Troels Nilsson <trnn@demant.com>
2025-04-10 15:51:54 +02:00
Ying Zhang
ce771c57e6 bluetooth: host: fix hang issue caused by consecutive bt disable commands
- add BT_DEV_DISABLE flag to BT_DEV_PERSISTENT_FLAGS to
  protect consecutive bt disable from running

Signed-off-by: Ying Zhang <ying.zhang_2@nxp.com>
2025-04-10 13:02:41 +02:00
Emil Gydesen
a4f8744ccf Bluetooth: CCP: Client: Add get_bearers
Add bt_ccp_client_get_bearers that will return the bearers of
a client so that the application can always retrieve them if they
do not store them from the discovery callback.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-09 15:23:07 +02:00
alperen sener
5b8b94e664 Bluetooth: Mesh: Stop Private NID advs upon subnet removal
Private Node Identity advertisement on a subnet should stop as soon as
the network is removed.

Signed-off-by: alperen sener <alperen.sener@nordicsemi.no>
2025-04-09 11:43:29 +02:00
Lyle Zhu
979b088882 Bluetooth: Classic: Shell: Change acronyms to uppercase
Change `ag` of print message to `AG`.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-09 08:06:04 +02:00
Lyle Zhu
3f7224a926 Bluetooth: Classic: HFP_AG: Update the callback sco_disconnected()
Change the arguments of HFP AG callback `sco_disconnected()` to SCO
conn and disconnection reason.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-09 08:06:04 +02:00
Dereje Wassie
e1d2f09898 Bluetooth: pacs: Fixed pacs_get_available_context
Fixed the bt_pacs_get_available_context API to return values of type
bt_audio_context instead of an error type.

Signed-off-by: Dereje Wassie <deiw@demant.com>
2025-04-08 14:23:30 +02:00
Lars-Ove Karlsson
76969f82a4 bluetooth: host: Avoid warning for unaligned access
Rewrote places in the bluetooth code that converts objects
larger than one byte by taking the address of an unaligned struct
member and changed it to a function that takes the value directly
and converts it to big endian.

Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
2025-04-08 08:58:06 +02:00
Pavel Vasilyev
fd4cc0e031 bluetooth: host: att: Remove meaningless check
`>= 0` was used when EATT support was implemented (#23199) because
`bt_l2cap_chan_send` could return number of bytes sent. After PR #67528,
`bt_l2cap_chan_send` doesn't return amount of bytes sent or any positive
value, but either 0 or negative value. Thus `>= 0` is not needed. It
also confusing when reading code, especially when the same check is not
implemented in other cases where underlying function `chan_send` is
used.

Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
2025-04-07 09:59:29 +02:00
Pavel Vasilyev
e53e4cf0a2 bluetooth: host: att: Remove att_sent function
`att_sent` is removed as it does not provide any value. All checks are
already performed in `att_on_sent_cb`, and keeping it only increases
readability complexity.

`att_sent` is removed as doesn't give any value. All checks are done
already in `att_on_sent_cb`. It just increases readness complexity.

Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
2025-04-07 09:59:29 +02:00
Pavel Vasilyev
18b85290cd bluetooth: host: att: Remove chan_req_send
The extra `bt_att_chan_req_send` does nothing but increases readability
complexity. All checks are already performed by the caller.

Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
2025-04-07 09:59:29 +02:00
Emil Gydesen
707c518a92 Bluetooth: CAP: Add better active_proc checks
The existing checks were not thread safe at all.
Replace the checks by using atomic_test_and_set_bit
and then clearing the bit again on error.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-07 09:59:08 +02:00
Mark Wang
28ba838cda bluetooth: classic: hfp: sco_conn is null in hfp sco_disconnected callback
In bt_sco_disconnected, chan->sco is set as NULL before callback. Then
hfp disconnection callback use it to callback to application in
hfp_hf_sco_disconnected.

Signed-off-by: Mark Wang <yichang.wang@nxp.com>
2025-04-07 07:28:18 +02:00
Alberto Escolar Piedras
59b62243fa Bluetooth: HFP_AG: Initialize variable to avoid warning
gcc 11.4.0, seems to believe this variable may be used uninitialized,
and warns about it (causing a test build failure due to warnings
being treated as errors).
Let's just initialize the variable to 0 to avoid the issue, as the
cost is trivial.

subsys/bluetooth/host/classic/hfp_ag.c: In function
  ‘bt_hfp_ag_vts_handler’:
1095
subsys/bluetooth/host/classic/hfp_ag.c:3091:17: error: ‘code’ may be
  used uninitialized in this function [-Werror=maybe-uninitialized]
1096
 3091 |                 bt_ag->transmit_dtmf_code(ag, code);
1097
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1098

The issue can be reproduced for ex. with:
$ mkdir build ; cd build
$ cmake -GNinja -DBOARD=native_sim/native/64 ../tests/bluetooth/shell \
 -DCONF_FILE="prj_br.conf"
$ ninja

Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
2025-04-04 18:18:16 +02:00
Emil Gydesen
2dbc10ab6b Bluetooth: BAP: Fix bad cast to void * instead of void for memcpy
The result of memcpy should be cast to (void) and not (void *).

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-04 18:16:54 +02:00
Lars-Ove Karlsson
bf29b2a8d7 bluetooth: host: Fixed missing guard for BT_SETTINGS_DEFINE
While linking with the IAR linker using generated linker scripts,
and with errors if unhandled sections are encountered, many of the
bluetooth tests failed because CONFIG_SETTINGS was not set.

The section that was not handled was
'._settings_handler_static.static.settings_handler_bt_ccc_'

Now it's only set if CONFIG_SETTINGS is set.

Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
2025-04-04 14:56:10 +02:00
Emil Gydesen
acd7080350 Bluetooth: BAP: Call bis_sync_req for all BIS sync state changes
Previously bis_sync_req was only called when requested_bis_sync
was changed. However that meant that there were cases where the
requested_bis_sync was the same as the new request, but where
the actual BIS sync state were different. This was mostly
the case when the scan delegator had autonousmly
added or modified the receive state.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-04 12:06:19 +02:00
Emil Gydesen
f39feb8aa7 Bluetooth: BAP: Fix bad overwrite of requested_bis_sync
The scan_delegator_mod_src accidentally may have overwritten
the value of internal_state->requested_bis_sync before the
entire request had been verified, causing a mismatch between
what the application knows and what the stack stored.

Fixed by storing the request in a temporary value until
everything has been verified and accepted.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2025-04-04 12:06:19 +02:00
Vinayak Kariappa Chettimada
47c7918393 Bluetooth: Controller: Single recv thread for HCI-only builds
Updated implementation to use single receive thread to
enqueue HCI ISO data, ACL data and events towards Host when
building HCI-Only samples/applications, i.e. when building
hci_uart, hci_spi or hci_ipc samples (CONFIG_BT_HCI_RAW=y).

This implementation will serialize HCI events and data as
they occur corresponding to on-air timelines of their
occurrences which is how they are generated by the Link
Layer.

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2025-04-04 09:35:16 +02:00
Mark Wang
891e457873 bluetooth: classic: Fix remote name resolving with multiple devices
The error occur when discoverying br devices and need to send request_name
for many found devices.
In system work queue task, bt_hci_inquiry_complete->
report_discovery_results is called, then request_name is called for all
the found devices. The controller gives HCI_Remote_Name_Request_Complete
event for every name request result and one buf is allocated from
hci_rx_pool to save HCI_Remote_Name_Request_Complete. When system work
queue task is blocked to call request_name for every device, many
HCI_Remote_Name_Request_Complete are received for the already sent
request_name, it uses up all the buf of hci_rx_pool, then the bt_rx_thread
task is blocked to get buf from hci_rx_pool when next
HCI_Remote_Name_Request_Complete is received, meanwhile the next
request_name send hci cmd and wait the result, but the hci status/complete
event can't be received because the bt_rx_thread is blocked and
bt_uart_isr is kept in the state to receive last
HCI_Remote_Name_Request_Complete, then bt_dev.ncmd_sem is not released,
then the next request_name send hci cmd again, but the bt_dev.ncmd_sem is
invalid, then bt_hci_cmd_send_sync fail and assert.

resolve it by requesting name one by one.

Signed-off-by: Mark Wang <yichang.wang@nxp.com>
2025-04-03 17:48:04 +02:00
Troels Nilsson
c32bf58173 Bluetooth: Controller: Fix an error code in ll_adv_sync_ad_data_set
When an advertising set is not configured for periodic advertising,
the correct error to return is BT_HCI_ERR_CMD_DISALLOWED

Fixes EBQ test failure of HCI/DDI/BI-70-C

Signed-off-by: Troels Nilsson <trnn@demant.com>
2025-04-03 13:16:14 +02:00
Lyle Zhu
c09cf23844 Bluetooth: HFP_AG: Add ACL conn to the connected callback
If the AG works as Data Channel Acceptor, the ACL conn cannot be known
by the application of AG. Similar with HF, add ACL conn as the first
parameter to the `connected` callback of AG.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
2025-04-03 06:24:32 +02:00