Add check for ACL connection before submitting recycled.
Since ISO and SCO connections do not trigger the disconnected
callback, nor affects e.g. advertising, they should not
trigger the recycled callback.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Failure to clear ct->ct_notify[event_id] when avrcp_prepare_vendor_pdu
fails, leading to an error return if ct->ct_notify[event_id].cb != NULL
during the next notification registration.
Signed-off-by: Lu Jia <jialu@xiaomi.com>
Use the same HAL header for the simulated 54LM20 as for the 54L15,
just like we do for real targets.
Note this ifdef is the last one, and therefore the real targets
have already been caught before.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Fix address resolution wait to not be infinite loop and
instead exit with a reasonable count down value.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
for example:
l2cap_br_encrypt_change() calls l2cap_br_conn_pend(chan, hci_status) first,
which may trigger l2cap_br_chan_cleanup(chan). This clears chan->conn and
makes the channel invalid. The subsequent callback to
chan->ops->encrypt_change(chan, hci_status) then dereferences a NULL conn
in rfcomm_encrypt_change, causing a crash.
Signed-off-by: Zhijie Zhong <zhongzhijie1@xiaomi.com>
Fix L2CAP configuration negotiation failure when peer device sends
MPS value larger than its own TX MTU in the configuration request.
This issue occurs when connecting to certain devices (e.g., iPhone)
using enhanced retransmission mode with MAP or PBAP profiles. The
peer may send an MPS that exceeds the TX MTU specified in the same
L2CAP_CONFIGURATION_REQ packet.
Instead of rejecting the configuration, adjust the MPS to match the
peer's TX MTU and include the corrected value in the
L2CAP_CONFIGURATION_RSP packet. This allows the connection to proceed
while ensuring MPS stays within valid bounds.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Since we have already supported sniff mode,
the corresponding link mode change event should be received.
Signed-off-by: Zhijie Zhong <zhongzhijie1@xiaomi.com>
Change the `pdu_len` parameter type from `uint8_t` to `uint16_t` in
function `bt_l2cap_br_pack_i_frame_header()`.
This fixes a potential overflow issue as PDU length can exceed 255
bytes, which is the maximum value that can be stored in a uint8_t.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add shell commands to test the BR/EDR connection request callback
functionality introduced in the previous commit.
Add a `br_conn_req_cb()` callback function that demonstrates how
applications can handle incoming connection requests. The callback
supports:
- Accepting connections with a specified role (central/peripheral)
- Rejecting connections when auto-reject is enabled
Update the `pscan` (connectable) command to accept an optional
"central/peripheral" parameter. When provided, the connection request
callback is registered and configured to accept incoming connections
as the central/peripheral role. Without the parameter, the default
behavior is used.
Add `auto_reject_conn` shell command to enable/disable automatic
rejection of incoming connection requests for testing purposes.
This setting only takes effect if the `connectable` command has the
optional parameter `central/peripheral` set.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add a callback mechanism to allow applications to handle incoming
BR/EDR connection requests and decide whether to accept or reject
them, as well as specify the desired role (central/peripheral).
Update bt_br_set_connectable() to accept an optional callback function
parameter. When provided, callback is invoked on incoming connection
requests, allowing the application to inspect the remote device address
and Class of Device before accepting or rejecting the connection.
If no callback is provided, the connection request is accepted
internally with the default behavior based on the
`CONFIG_BT_ACCEPT_CONN_AS_CENTRAL` configuration option.
The accept_conn() function is updated to:
- Call the registered callback if available
- Pass the remote device address and Class of Device to the callback
- Accept the connection if the callback returns BT_BR_CONN_REQ_ACCEPT_*
- If the returned value is BT_BR_CONN_REQ_ACCEPT_CENTRAL, the role
switch will be requested.
- Reject the connection if the callback returns BT_BR_CONN_REQ_REJECT_*
- Add error handling and logging for failed connection acceptance
Update all existing callers of bt_br_set_connectable() to pass NULL
for the callback parameter to maintain backward compatibility.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add a new Kconfig option BT_ACCEPT_CONN_AS_CENTRAL to allow accepting
incoming ACL connection requests as the central role instead of the
default peripheral role.
When enabled, the accept_conn() function sets the role to central in
the HCI accept connection request command when handling the connection
request event.
The actual role will be updated in Role Change event.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Correct the minimum MTU calculation for GOEP over L2CAP to account
for the L2CAP I-frame overhead.
- Update BT_BUF_ACL_RX_SIZE default from 264 to 265 bytes for GOEP
- Update BT_GOEP_L2CAP_MTU minimum range from 259 to 265 bytes
- Add detailed comment explaining L2CAP I-frame field length (6 bytes):
* 4 bytes for extended control field
* 2 bytes for FCS field
The previous calculation only accounted for the L2CAP header (4 bytes)
but missed the 6-byte L2CAP I-frame overhead (extended control field
and FCS), resulting in an incorrect minimum of 264 bytes instead
of the correct 265 bytes. And it causes the minimum MTU of L2CAP
to be incorrectly set to 254. The MTU cannot meet the minimum
requirement of GOEP MOPL.
The correct calculation for GOEP over L2CAP is:
255 bytes (GOEP minimum MTU) + 4 bytes (L2CAP header) + 6 bytes
(L2CAP I-frame) = 265 bytes total.
Set the default value of CONFIG_BT_BUF_ACL_RX_SIZE to 265 if GOEP is
enabled.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add early len check, remove use of strcpy, strncpy and
strncmp.
Co-authored-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix truncation detection after strncpy, as strlen cannot be
used if the src was truncated due to insufficient size of
dst.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Rework settings implementation for not reusing the OS
snprintk implementation with CONFIG_PRINTK=n and to return
error if path buffer is insufficient.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Rework settings implementation for not reusing the OS
snprintk implementation with CONFIG_PRINTK=n.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Update settings implementation for not reusing the OS
snprintk implementation with CONFIG_PRINTK=n.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Introduce Kconfig option to enfore LLL prepare at margin
irrespective of whether there is an overlapping state/role.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use PPI/DPPI to start s/w switch timer to reduce current
consumption.
Explicitly starting the s/w switch timer at prepare meant
current being consumed in the prepare margin duration. Use
of PPI/DPPI ensure s/w switch timer is start when event
timer is started after the prepare margin.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix the missing use of remainder value in the sync_offset_us
calculations. Also, Periodic Sync reception is relative to
Peripheral event hence ticks_anchor does not require the
ticker margin and event jitter to be subtracted.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Add error code parameter to all A2DP shell error messages to provide
more detailed diagnostic information when operations fail. This applies
to configure, establish, release, start, suspend, delay report, and
abort response handlers.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Replace bt_shell_print() calls with bt_shell_error() for all error
conditions and failure cases in the A2DP shell implementation to
properly distinguish error messages from informational output.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Replace all shell_print() and shell_error() calls with bt_shell_print()
and bt_shell_error() respectively to use the common Bluetooth shell
printing functions throughout the A2DP shell implementation.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
add abort req and rsp callbacks, improve register_ep cmd to support delay
report, check buf tailroom for sending media, add get_conn cmd to test
bt_a2dp_get_conn.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
The original implementation used a single global parameter structure for
GATT operations, preventing concurrent operations on different bearers. By
introducing a per-bearer context pool, each bearer can maintain its own
operation state, enabling simultaneous GATT operations.
Signed-off-by: Evgenii Kosenko <Evgenii.Kosenko@silabs.com>
When building the bluetooth.general.tester_le_audio test with clang and
-Winitializer-overrides, it warns:
subsys/bluetooth/audio/mpl.c:318:2: error: initializer overrides prior
initialization of this subobject [-Werror,-Winitializer-overrides]
318 | .add_group = NULL,
| ^~~~~~~~~~~~~~~~~
subsys/bluetooth/audio/mpl.c:317:15: note: previous initialization is here
317 | .add_track = NULL,
| ^~~~
Remove redundant initializer for add_group which overlaps with add_track
in an anonymous union.
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Fix issue with re-registering CSIS where it relied on
a stack allocated value during the service unregistering
and reset. To fix this properly, and to allow for further
optimization, the register function was refactored to dynamically
create the service, rather than relying on a static allocation
and dynamically remove unwanted characteristics.
Additionally this new approach also allow us to rely on
IS_ENABLED and remove some #if defined, as well as reducing
both ROM and RAM memory usage.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
In current implementation, the Classic L2CAP server list will be
cleared when the function `bt_enable()` called. It causes the
registered Classic L2CAP servers are unregistered. However, the
higher-ups were completely unaware of this behavior. It causes the
Classic L2CAP server cannot work after executing the sequence
`bt_enable()`, `bt_disable()`, and `bt_enable()`. Also this behavior
is inconsistent with LE L2CAP server.
Remove the initialization of Classic L2CAP server list from function
`bt_l2cap_br_init()` to fix the issue.
Make Bluetooth Classic profile initialization functions idempotent
by adding static initialized flags to prevent re-initialization.
Change return type from int to void since errors are now logged
but not propagated.
Changes include:
- Add initialized flag to prevent multiple initialization
- Change return type to void for init functions
- Mark err variables as __maybe_unused where appropriate
- Improve error logging with error codes
- Handle -EEXIST and -EALREADY errors for re-registration
- Initialize connection pools before checking initialized flag
in AVRCP to support re-initialization scenarios
- Remove unnecessary sys_slist_init in bt_l2cap_br_init
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Fix incorrect error code formatting in Bluetooth BR/EDR shell commands.
Error codes are already negative values, so remove the redundant negation
when printing error messages. Also update PSM registration message to
print the PSM value in hexadecimal format for consistency.
Changes:
- Remove negation of error codes in shell_error() calls
- Change PSM format specifier from %u to %04x for hex display
- Affects l2cap_disconnect, l2cap_send, l2cap_credits, l2cap_echo_reg,
l2cap_echo_unreg, l2cap_echo_req, and l2cap_echo_rsp commands
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Adds a flag `cfg_flags` to the `bt_keys` struct and a version field
`cfg_version` in order to be able to detect configuration changes
between firmware updates. This is needed because the `bt_keys` struct
has fields which are compiled in depending on which Kconfig options are
enabled, enabling the possibility of stored data being intepreted
wrongly if the struct changes.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
While the tx processor thread is needed to prevent deadlocks and is as
such always enabled, its stack size may be adjusted based on need.
What is needed is dependent on which features are enabled in the
zephyr host as well as other project configurations impacting the
zephyr host.
Signed-off-by: Kyra Lengfeld <kyra.lengfeld@nordicsemi.no>
Add a dependency for UTF8 for LE Audio. Since (nearly?) all
string in LE Audio are UTF8 and that the stack wants to be
able to check and validate strings coming both from remove
deviecs and from the application, it will depend on the utf8
API that is guarded by CONFIG_UTF8.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
It is not recommended to disable the tx processor thread as otherwise
deadlocks may occur, but it has been observed that some boards and
configurations may have too little RAM to accommodate the TX processor
thread stack.
As such BT_TX_PROCESSOR_THREAD gets a prompt.
Signed-off-by: Kyra Lengfeld <kyra.lengfeld@nordicsemi.no>
Commit removes selection secure storage for tfm
crypto provider. The secure storage is under
the secure image management. Non-secure image
is not required in the secure storage subsystem.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
The function obex_transport_disconn() was always returning -EINVAL
regardless of the actual error code returned by the transport
disconnect operation.
Fix this by returning the actual error code from the transport
disconnect call instead of the hardcoded -EINVAL value.
Signed-off-by: Can Wang <can.wang@nxp.com>
According to OBEX Version 1.5, section 2.2.9, it is legal to send a
zero-length End-of-Body header when object body data is generated on
the fly and the end cannot be anticipated.
Update parameter validation in bt_obex_add_header_body_or_end_body()
and bt_obex_add_header_end_body() to allow NULL body pointer when
length is zero, while still rejecting NULL body with non-zero length.
This enables proper support for zero-length End-of-Body headers as
specified in the OBEX specification.
Signed-off-by: Can Wang <can.wang@nxp.com>
Add a new helper function bt_obex_has_app_param() to check whether
a specific application parameter tag exists in the OBEX buffer.
The function uses the existing bt_obex_get_header_app_param() to
retrieve the application parameters, then parses them using
bt_obex_tlv_parse() with a callback to search for the specified tag ID.
This simplifies checking for the presence of application parameters
without needing to manually parse the TLV structure.
Signed-off-by: Can Wang <can.wang@nxp.com>
Introduce bt_le_per_adv_sync_cb_unregister to allow
unregistering of the periodic sync callbacks.
Signed-off-by: Antoni Duda <antoni.duda@programmer.net>
When MOPL exceeds MTU, adjust it to match MTU instead of sending the
error code. This handles the common case where mainstream mobile
operating systems (iPhone and Android) negotiate
MOPL values greater than the RFCOMM or L2CAP MTU.
Signed-off-by: Can Wang <can.wang@nxp.com>
Avoid calling vcp_vol_ctlr_discover_complete() with a NULL
controller pointer when lookup fails during AICS discovery.
The vcp_vol_ctlr_discover_complete() helper dereferences the
controller unconditionally, which could otherwise lead to a NULL
pointer dereference.
Fix by returning early if the controller lookup fails.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Avoid calling micp_mic_ctlr_discover_complete() with a NULL
controller pointer when lookup fails during AICS discovery.
The micp_mic_ctlr_discover_complete() helper dereferences the
controller unconditionally, which could otherwise lead to a NULL
pointer dereference.
Fix by returning early if the controller lookup fails.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Change at_get_raw_string() return type from 'char *' to 'const char *'
to match at_get_string() and improve const-correctness. This function
returns read-only AT command response data that should not be modified.
- Update at_get_raw_string() signature in at.h and at.c
- Update return statement cast from 'char *' to 'const char *'
- Update local variables in hfp_hf.c to use 'const char *':
* bvra_handle: 'id' variable
* chld_handle: 'value' variable
* cnum_handle: 'alpha' and 'speed' variables
- Mark unused 'alpha' and 'speed' in cnum_handle with __maybe_unused
- Change NULL check style from '!id' to 'id == NULL' for consistency
This completes the const-correctness improvements started in the
previous commit for HFP HF AT command string handling.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add Espressif platform and variant IDs to hci_vs.h for ESP32 family
SoCs (ESP32, ESP32-S3, ESP32-C2, ESP32-C3, ESP32-C6, ESP32-H2).
Add Espressif Systems to vs_hw_platform() and vs_hw_variant()
functions in hci_core.c for proper vendor identification.
Use CONFIG_SOC_FAMILY guards in vs_hw_variant() to reduce flash
usage by only compiling variant strings for the active SoC family.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
Fix validation of AD length handling in the Bluetooth shell.
Reject zero-length AD fields before subtracting the AD type size.
The previous implementation compared an unsigned length
against zero after subtraction, making the error path
unreachable.
Signed-off-by: Om Srivastava <srivastavaom97714@gmail.com>
