We check for all other roles when checking whether
an endpoint can send or receive, except for the unicast server.
It is technically implied, but if the ep is not a valid pointer,
then we may access invalid memory.
Add check for bt_bap_ep_is_unicast_server (which uses the new
bt_ascs_has_ep function).
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Implement the broadcast to unicast handover procedure,
as per the Bluetooth CAP specificiation.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
If stream->ep is NULL, which is really shouldn't be,
then we should not attempt to dereference it.
Add simple NULL check to ensure behavior, and make
Sonarcloud happy.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Change 4c86a5cc8d moved a select
from Kconfig.asc to Kconfig.bap (amongst some other changes
from select to depends), but inverted the PAC_{SRC,SNK} from
ASCS_ASE_{SRC,SNK} condition.
Signed-off-by: Mike J. Chen <mjchen@google.com>
Fix inter-operability, when BT_PHY_UPDATE=n the feature bits
contained 2M and Coded PHY when Advertising Extensions where
enabled, and Central devices did not progress with any data
packet transfers when PHY_REQ was rejected as unknown PDU.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
In HFP PTS, cases run fail with the log 'unsupported unsolicited
format: +BSIR=0' and 'FAIL: Expected to receive +BSIR: 0'.
Fixed issue by changing +BSIR=0 to +BSIR: 0.
Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
Handle the `bt_le_create_conn_cancel` call in the deferred worker
failing due to insufficient command buffers.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Fix some "All if ... else if constructs shall be terminated
with an else clause" (c:M23_112) issues reported by SonarQube.
Signed-off-by: Christophe Dufaza <chris@openmarl.org>
An assertion in bt_conn_unref() accesses the connection's state
after decrementing its reference count.
This is not consistent since, if we removed the last reference,
the Bluetooth Host stack may reuse the connection object
before the assertion is checked.
Instead, retrieve the connection property tested by the assertion
before decrementing the counter, as we do for other properties.
Simplify the code path by returning early when we did not remove
the last reference.
Remind that automatic advertiser resumption is deprecated.
Signed-off-by: Christophe Dufaza <chris@openmarl.org>
In bt_conn_unref(), a local variable is used as atomic target:
atomic_val_t old = atomic_dec(&conn->ref);
/* Prevent from accessing connection object */
bool deallocated = (atomic_get(&old) == 1);
Using atomic_get() to access a non-shared local variable
cannot prevent any data race on that variable,
and only causes confusion.
Moreover, this call to atomic_get() is incorrect: the API expects
an atomic_t* argument (target), not an atomic_val_t* (value).
This compiles and /works/ only because Zephyr defines both to be
the same integer type, and thus: atomic_get(&old) == old.
The equivalent C11 code, where _Atomic(T) and T are different types,
wouldn't compile.
Signed-off-by: Christophe Dufaza <chris@openmarl.org>
The only reason to keep these would be to enable conditional compilation
of some parts of the code. However, we can't see enough benefit in doing
this, particularly since the flash driver itself will conditionally
handle certain paths depending on erase caps, so the options are
deprecated to reduce complexity.
Signed-off-by: Ludvig Jordet <ludvig.jordet@nordicsemi.no>
This fully decouples blob_io_flash from specific flash device details,
by not reading the write block size from a hard-coded device tree node,
instead pulling this from the actual flash device used.
The block write routine has been updated to be more generic and fix a
few bugs:
* The write buffer is now sized based on a KConfig option instead of
basing it off the device tree - this makes the module usable with
any flash device, not just the internal memory. The configured value
is checked during initialization, to ensure that the configured size
will fit the write block size required by the device passed to the
init function.
* The erase value used to fill the buffer when using a device with
explicit erase is now pulled from the flash parameters instead of
being hard-coded to `0xff`.
* An additional write block sized piece of buffer is allocated - the
previous buffer sizing with rounding up only worked if
`BLOB_RX_CHUNK_SIZE % WRITE_BLOCK_SIZE` was 0 or 1 (which
coincidentally worked in all testing because the chunk size defaults
to 161, and for internal flash w/write block size of 4,
`161 % 4 == 1`).
* The choice of whether to just write the chunk as-is or to
write-block align it is now based on the erase cap pulled from the
flash parameters, instead of checking the type of memory in the SOC.
This means the module dos _not_ currently support the case where
memory has to be written write-block aligned, but the memory does
_not_ use explicit erase. It uses a trick of filling the write
buffer with the erase value to avoid overwriting existing chunks,
which will not work in this case. This trick is required to support
random ordered chunks while still writing write-block aligned.
* The code has been cleaned up a bit in general.
Signed-off-by: Ludvig Jordet <ludvig.jordet@nordicsemi.no>
Only erase a page when starting the first block on that page.
This fixes a bug where, if the block size is smaller than the page size,
the entire page would be erased upon start of each block when writing,
meaning only the final block on each page would be retained. This works
because blocks are always received in order.
Signed-off-by: Ludvig Jordet <ludvig.jordet@nordicsemi.no>
This adds a Kconfig dependency on FLASH_PAGE_LAYOUT when using flash
with explicit erase, removing all code dependencies on flash
configuration from the erasure logic. This module already requires
FLASH_PAGE_LAYOUT to be set when using it with flash with explicit
erase, as a silent requirement. The current code does not work without
this option enabled except for the case where a BLOB has a size which is
a multiple of the page size (since, without it, trying to erase flash
space for the final block, which is of variable size, will fail). Also
cleans up the code a bit.
Signed-off-by: Ludvig Jordet <ludvig.jordet@nordicsemi.no>
Some headsets reply conf_rsp with flush timeout (0xFFFF) even conf_req
don't configure the flush timeout, stack should accept it.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
add one Kconfig `BT_L2CAP_RX_FLUSH_TO` to configure the minimum L2CAP RX
flush timeout accepted during processing peer's l2cap flush timeout
configuration.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
when role is server and try to get chan by psm in application, it
works fail because chan do not store psm.
Signed-off-by: Cheng Chang <cheng.chang@nxp.com>
In partial resolved notification case, there is a case that the tail
room of new allocated buffer is not bigger than the tail room of the
current receiving buffer. Since, the new allocated buffer has the same
size with the current receiving buffer, it means a complete SDP record
cannot fit into the allocated buffer. In this way, the following SDP
discovery should be stopped.
In partial resolved notification case, if the tail room of the new
allocated buffer is not more the tail room of the current receiving
buffer, reports the error `-ENOMEM` and stop the following SDP
discovery.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The minimum receiving buffer size is 0x0007. The following SDP
discovery should not be started if the space of the receiving buffer
is less than 0x0007.
If there is no more space of the receiving buffer for the next SDP SSA
discovery, try to notify the upper layer with the partial resolved.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In the SDP specification, the `MaximumAttributeByteCount` of SA and
SSA should be in range 0x0007-0xffff. But in the current
implementation, this value is not checked both SDP server and client
sides.
Check the `MaximumAttributeByteCount` when receiving the SA or SSA
request on SDP server side.
Check the tail room of the receiving buffer before sending the SA or
SSA request on SDP client side.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Remove lookups in the Scan Delegator that relates to
the advertiser address. The reason for this, is that the
address is not considered a unique value for receive states,
since the address may change over time in the case of (N)RPAs.
Instead we shall rely exclusively on the address type, the sid
and the broadcast ID.
The implementation of the Scan Delegator and Broadcast Sink
has been updated to not use addresses for lookups anymore,
and there has been a minor API modification to set the
PA sync state as part of bt_bap_scan_delegator_add_src
as the higher layers are better suited to handle the
PA Sync state.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
use bt_a2dp_stream_create_pdu to create the stream pdu net buf, then
application can use the buf->len to check whether the buf's size exceeds
the l2cap mtu.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Disconnect the L2CAP connection when fails on sending an error response
(unit info, subunit info, or passthrough).
Signed-off-by: Make Shi <make.shi@nxp.com>
Add a new callback to support the situation when a Pass Through command
is received, and add an API to respond to the Pass Through command.
Signed-off-by: Make Shi <make.shi@nxp.com>
Add a new callback to support the situation when a subunit info command
is received, and add an API to respond to the subunit info command.
Signed-off-by: Make Shi <make.shi@nxp.com>
- Implemented fragmented packet handling for AVCTP protocol
- Refactored AVCTP header structure to support multiple packet types
- Enhanced AVCTP send logic with packet segmentation support
- Updated AVRCP integration to support new AVCTP fragmented flow
Signed-off-by: Make Shi <make.shi@nxp.com>
When we reconnect to a bonded device we always attempted to
send the changed PACS notifications, regardless of
whether the remote device has subscribed to them or not.
This resulted in a lot of failed attempts to send
notifications when
CONFIG_BT_GATT_ENFORCE_SUBSCRIPTION is enabled (which it is
by default).
Ideally we would not set the flags for devices that have not
subscribed, but since we cannot call bt_gatt_is_subscribed for
non-connected devices, we need to do this when the notify_cb
is called.
It would be possible to use BT_GATT_CCC_MANAGED instead
of BT_AUDIO_CCC to keep track of the writes for each client,
but that would be a minor optimization which would require
significant rework and additions to PACS. The current
solution is inspired by the implementation used in has.c
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Define BT_AVDTP_SIGNAL_SDU_MAX Kconfig item to limit the max avdtp signal
SDU size, then use avdtp self defined net buf pool to prepare data. Use
default acl_tx_pool pool do to the fragmentation.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
In USB "in" refers to data going from device to host,
and "out" refers to data going from host to device.
From a BT perspective "usb_out" then refers to the data
we receive from the host, to be sent over BT, so the "out"
terminology still works for that, and vice versa for
incoming BT data.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Commit removes `Wrong state` warning from some DFU API.
This information has value only for debugging.
No any value for application to generate warning
on the regular basis.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
The bt_bap_unicast_client_qos function was recently
modified to check for presentation delay, however it did
not consider that a unicast group may contain streams that
are not configured, and thus do not have endpoints.
Add a stream->ep != NULL check to only consider configured
streams.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
There is an issue found that the L2CAP BR channel attempts to send
signaling commands through fixed channel when the ACL connect is
broken. At this time, the ACL connect of fixed channel is invalid.
Then the `__assert` occurs in function `bt_conn_ref()`.
Fixed the issue by checking the ACL conn of the L2CAP channel before
sending the data.
Here is a referred fault case for this changes,
There are two connected L2CAP Channels. The first one is primary
connection of the profile. And the second one is secondary connection
of the profile. When the primary connection is broken, the secondary
connection should also be disconnected.
In normal case, if the primary connection is disconnected by calling
L2CAP channel disconnection function, the secondary connection will
be disconnected by calling L2CAP channel disconnection in the
disconnected callback of primary connection.
But there is a corner case is that, the ACL connection is broken.
When the disconnected callback of primary connection is called, the
function call of L2CAP channel disconnection for secondary connection
will be asserted. Because the signaling channel (fixed channel ID
0x01) is disconnected and the `chan->conn` of the fixed channel is
NULL in this time.
The call stack is,
o bt_conn_ref() -> Asserted in this function.
o bt_conn_data_ready() -> The parameter is `br_chan->chan.conn`.
It is the NULL.
o raise_data_ready() -> The parameter `br_chan` is fixed channel.
o bt_l2cap_br_send_cb() -> The parameter is ACL conn and CID of fixed
channel (cid = 0x01). The channel can be found, but `chan->conn` is
NULL.
o l2cap_br_chan_send_req()
o bt_l2cap_br_chan_disconnect()
o bt_l2cap_chan_disconnect() -> The parameter is the channel of
secondary connection. The state of secondary channel is connected,
because the stack is handling the primary channel disconnecting.
And the function is called in disconnected callback of primary
channel.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, the ATTR ID list is set with fixed value
(0x0000, 0xffff). For the case that responding a lot of SDP record
data, the responded data cannot be processed properly due to the
receiving buffer size limitation. In this case, the ATTR ID list can
be used to reduce the length of the responding data. In this way, it
will help reduce the SDP's requirement for receiving data buffer size.
Add the attribute ID list configuration to the SDP discovery request
structure `struct bt_sdp_discover_params`.
If the `struct bt_sdp_discover_params::ids` is NULL, or
`struct bt_sdp_discover_params::ids::count` is 0, the default range
(0x0000, 0xffff) is used.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, if the response total data length is more
than the receiving buffer size, the request cannot be completed
properly.
Improve the SDP client with the following changes,
o Notify the received completed SDP records if the case occurs, and
then start the continuing SDP discovery,
o Stop the SDP discovery if the hold SDP record cannot be saved to the
receiving buffer,
o Stop the SDP discovery if the `BT_SDP_DISCOVER_UUID_STOP` is
returned by upper layer.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, after parsing the received service search
pattern and all matched SDP records are saved in the local variable
`matching_recs`. The max count of SDP records within its SDP
database that match the given service search pattern is
BT_SDP_MAX_SERVICES when parsing the received Service Search Pattern.
And it causes the max count registered SDP records is limited to
BT_SDP_MAX_SERVICES.
Refactor the parsing of service search pattern to remove the
limitation with the following steps.
1. Save the service search pattern to a simple buffer by calling
the function `parse_service_search_pattern()`.
2. Traverse all registered SDP record and check for each SDP record
if it is matched with given service search pattern by calling
function `service_search_pattern_matched()`.
3. Use the matched SDP records to response the SDP request.
And also remove the limitation of the max count of registered SDP
records.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Use slist instead of custom singly linked list to manage SDP records.
Check if the SDP record has been registered in the function
`bt_sdp_register_service()`.
Append the new SDP record to the tail of the SDP record list.
Check if the index of SDP record is overflow in the function
`bt_sdp_register_service()`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Fix incorrect LLL scheduling of subsequent subevents when
using single timer implementation, due to missing call to
accumulate the last PDU end timestamp which is essential to
setup next radio start and to setup header complete timeout.
Relates to commit 373dc0db71 ("Bluetooth: Controller:
Single timer use Extended Advertising nRF54L support").
Relates to commit 6e8f081385 ("Bluetooth: Controller: Fix
peripheral assert under single timer use").
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The bt_csip_set_member_unregister function unregisters
a CSIS instance and restores the attributes to the original
state (the attributes may change during registration).
The previously solution had some issues with a check when
using picolib (‘__ssp_bos_check3’ undeclared), and this
fixes that by using a proper variable for the memcpy.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Instead of re-implementing or assuming that POPCOUNT is available
we now use the generic function from Zephyr.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Modify the big_disconnect function to do cleanup_big before
calling the `stopped` callback. This will allow the ISO channels,
as well as the BIG itself, to be reused for other purposes directly
in the stopped callback, without having to offload such actions
to a separate thread.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
