The LTK should not be generated from BR link key if there is a LTK
exists and BR LK is weaker.
Do not drive LTK from BR LK in the case.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
This commit changes log level for already registered callback from
warning to debug as this is cause unnecessary noise and doesn't indicate
actual issue. Caller gets a certain error code for this case which can
be handled properly.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
There is a corner case that the channel is in disconnecting status,
due to there is a disconnect request sent from peer.
At this time, the channel is status is `BT_L2CAP_CONNECTED`. But it
has been removed from `conn->channels` by calling the function
`l2cap_br_remove_tx_cid`.
And the disconnect event is notified upper layer via the callback
`ops->disconnected`. The thread of the callback context is blocked
due to the the calling of `printk` in the callback function.
Then the pending lower priority thread, sending the data in this
l2cap channel, is activated. Then in the function
`bt_l2cap_br_send_cb`, a NULL pointer will be got according to the
given CID. And unexpected behavior happens when accessing a NULL
pointer, since the invalid channel pointer is not checked in
function `bt_l2cap_br_send_cb`.
Check the channel pointer after function `bt_l2cap_br_lookup_tx_cid`
called. If the channel pointer is invalid, return error code
`-ESHUTDOWN` directly.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Renamed BT_CSIP_SET_MEMBER_NOTIFIABLE to
BT_CSIP_SET_MEMBER_SIRK_NOTIFIABLE to be more specific.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When the link key of BR is upgraded, the encrypt key refresh event
will be notified. The link key is upgraded from weak to strong.
The LTK of LE should be derived from strong link key.
Start SMP pairing procedure to try to derive LTK from LK.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
This fixes an issue where a subsequent Config Model Subscription Add
message with the same virtual address UUID would result in a Config
Model Subscription Status message with the Address field incorrectly set
to 0.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
Some GATT services and profiles define specific behavior
based on whether the remote device is bonded or not.
The internal function, bt_addr_le_is_bonded, is the
only function to do this, but it was kept internal,
and could thus not be used for those services
without including hci_core.h.
The function has been moved to the public API
so that application can determine if a remote
address is bonded or not, and has been renamed
to not use the bt_addr namespace, but rather the
bt_le.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The existing implemented only attempted to send all notifications,
but if host was out of ATT TX buffers the notifications would fail
and the client may miss out on important information, and would be
a spec violation.
This commit refactors notificatios in TBS so that they are always
sent.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
There is an issue that the L2CAP connect response function
`l2cap_br_conn_req_reply()` is called first. And then the ACL
disconnect function `bt_conn_disconnect()` is called following. But
the packet of `bt_conn_disconnect()` appears on the HCI bus first.
Add a flag `L2CAP_FLAG_DISCONNECT_ACL` to flag whether it is needed to
disconnect ACL connection.
Set the flag `L2CAP_FLAG_DISCONNECT_ACL` when result of the L2CAP
channel conn rsp is `BT_L2CAP_BR_ERR_SEC_BLOCK`.
Add a l2cap packet sent out callback `l2cap_br_conn_rsp_sent_cb()`.
When the callback triggered, disconnect the ACL connect with
`BT_HCI_ERR_AUTH_FAIL` if the flag `L2CAP_FLAG_DISCONNECT_ACL` has
been set.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
- added HCI command to send hci-reset in bt_disable() func, and
remove its call from the driver close() call.
- remove rsp buf pass to 'hci_reset_complete()' func as status is
already checked under 'bt_hci_cmd_send_sync()'.
Signed-off-by: Nirav Agrawal <nirav.agrawal@nxp.com>
There is a case that if the local is a peripheral and a L2CAP server
with the security level 3,the mitm should be set to make sure the
security level can reach level 3.
But in current implementation, the MITM is not set because the MITM
of `Authentication_Requirements` parameter of remote is not set. And
the security level will be level 2 after the security pairing
procedure complete.
Add a function `bt_l2cap_br_get_max_sec_level` to
get the max level of the registered servers.
`
Force set the MITM bit if the max level is bigger than level 2 and
pairing method is not `just works`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Remove a kconfig dependency on BOARD_NATIVE_POSIX which
does not really exist anymore.
Replace a comment mention of native_posix with native_posix.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
If the ACL link has been encrypted and it has a authenticated link key,
it means the pairing procedure has been done. And the security level of
the link key can not be upgraded. In this case, if `conn->sec_level` is
less than the required security level of the L2CAP channel, reject the
L2CAP conn request.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Improves readability by removing the need to check the table
to figure out how many antennas devices A and B are using.
Signed-off-by: Olivier Lesage <olivier.lesage@nordicsemi.no>
Add a selection of interval values that are suitable for BAP,
which will allow better coexistence between ISO and ACL,
for both broadcast and unicast. Some of these are defined
by the BAP spec, and some are defined by Zephyr, since they
do have a suggested value from BAP.
Samples and tests have been updated to use these new values.
Peripheral samples have also been updated with
CONFIG_BT_GAP_AUTO_UPDATE_CONN_PARAMS so that the connection
parameters from the centrals aren't updated to something else
shortly after.
The shell has also been updated to use the LE Audio (BAP) values
if audio is enabled, and the audio.conf file has disabled automatic
updating of the connection parameters as the peripheral, as we rarely
(if ever) want to do that.
Due to the connection interval change, CI hit an issue
with test_bass_broadcast_code in test_main_client_sync, where
the reading of the long receive state did not finish before we
attempted to do another procedure, so the function was updated to have
a retry.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
In current implementation, the SDP discovery complete event is not
notified when the response data length is 0.
Notify the discovery complete event if the response length is 0.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Fix mistake in host implementation of Advertising Coding Selection.
The host should only try set the BT_LE_FEAT_BIT_ADV_CODING_SEL_HOST
when the observer role is enabled. If a broadcaster enables the
CONFIG_BT_EXT_ADV_CODING_SELECTION Kconfig option bluetooth will
fail to initialise.
Signed-off-by: Thomas Deppe <thomas.deppe@nordicsemi.no>
The pending discovery request will not be handled in some cases.
The cases include,
- The received data length is not aligned with frame length
- The continuation status length is more than maximum value
- Total length of the response is less than the frame length
- Unknown operation code is received
There is also a case where the current discovery result was not
notified when processing the pending discovery request.
The cases include,
- Fail to send SDP request
- No tail room of received buffer to save the response data
Fix the issue by using the following steps,
- Notify the application that the discovery is done
- Process the pending discovery request
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
If the remote is in bondable mode, but the local is in non-bondable
mode, the local host shall respond to an IO capability request with
a negative response.
In current implementation, it does not check the bonding flags of the
both sides are consistent.
Fix the issue by checking the consistency of bonding flags of the both
sides. If they are not consistent, send a negative IO capability
response with the reason pairing not allowed.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The `conn` is found by using function `bt_conn_lookup_addr_br()`, it
should be released by calling `bt_conn_unref()`. But `bt_conn_unref()`
is missing in the case that the pairing is not accepted.
Release the `conn` by calling `bt_conn_unref()` before exiting the
function `bt_hci_io_capa_req`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add fields `total_len` and `recv_len` to `struct bt_sdp_client`.
Save the total length of the response to `total_len`.
Save the received data length of the response to the `recv_len`.
Check the consistency between `total_len` and `recv_len` after all of
the response packets are received.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The ISO configs set defaults based upon BT_ISO_MAX_CHAN and other
configs defined in `bluetooth/Kconfig.iso`.
By adding these dependencies the error messages resulting from
adding `CONFIG_BT_CTLR_PERIPHERAL_ISO=y` to a project configuration
file will become less confusing.
Now the build will output:
```
warning: BT_CTLR_PERIPHERAL_ISO (
defined at subsys/bluetooth/controller/Kconfig:976,
subsys/bluetooth/controller/Kconfig:984) was assigned the value 'y' but
got the value 'n'. See ...
```
Previously we would get:
```
warning: default value 0 on BT_CTLR_CONN_ISO_STREAMS
(defined at subsys/bluetooth/controller/Kconfig:993)
clamped to 1 due to being outside the active range ([1, 64])
```
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
The response should not be handled if there is not a request has been
sent.
Ignore the response if the `session->param` is `NULL`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, if the UUID of request is unknown, the
local variable `u` will not be updated, and the unknown UUID `u`
is used as the target to search it in the SDP record list. It may
result in irrelevant record being replied to the requester.
Ignore the unsupported UUID to fix the issue.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When the continuation length is not 0, there is a reported error.
In current implementation, the total length is only valid only when
the frame is the first block of the SDP response. For following
continuous frame, the total length is 0.
So, change the condition to `(total != 0 && frame_len > total)`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Update Kconfig to not select BT_TICKER_REMAINDER_SUPPORT for nrf54L
Add BSim tests to cover using a ticker without BT_TICKER_REMAINDER_SUPPORT
and expire info enabled
Signed-off-by: Troels Nilsson <trnn@demant.com>
A few things were not flagged by CONFIG_BT_TICKER_REMAINDER_SUPPORT
that should have been; This caused building without it to fail
Initialize remainder to 0 where used with ticker_next_slot_get_ext(),
since it may not get set if remainder support is off
Signed-off-by: Troels Nilsson <trnn@demant.com>
In `db_hash_setup()` the state object for MAC operations was initialized
using `psa_mac_operation_init()`. This function was not always optimized
or inlined.
A way to reduce stack usage is to use `memset()` and set the object to
0. This is one of the option documented to initialize
`psa_mac_operation_t` object.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
Use the recently added bt_le_get_local_features function as well
as bt_conn_get_remote_info to avoid using internal APIs to
check for PAST supported.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The connection object is, and should not, be modified by the function.
Making it const makes it possible to do this simple operation
in functions that also won't change the conn object (i.e.
that uses `const`).
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The function supports reading multiple controller-based values.
It is effectively a copy of struct bt_dev_le but in a more
application-oriented definition.
It was chosen to keep the features as an array rather than a
64-bit value, as the comparison macros work on arrays and that
there already exists new bits > 64 in the core spec which is not
yet supported by Zephyr.
It is being smoke tested in a generic GATT client test,
as the individual values may depend on several Kconfig options.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Add a Kconfig BT_LIMITED_DISCOVERABLE_DURATION to set the timeout for
limited discoverable mode.
Add a argument `limited` to function `bt_br_set_discoverable()` to
support the limited discoverable mode.
When enabling discoverable mode with `limited` is true, both write
LIAC and GIAC to controller and set the bit 13 of COD in function
`bt_br_set_discoverable()`. And start a delay worker with the timeout
CONFIG_BT_LIMITED_DISCOVERABLE_DURATION to disable the discoverable
mode.
When disabling discoverable mode, only set GIAC to controller and
clear bit 13 of COD.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
if saving buf to another variable, usually the ref/unref
needs to be used. change to pass the buf as one parameter
of callback
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
memset already clean the `buf`, don't need to set as NULL.
`avdtp_set_status` already set `req->status` based on `msg_type`,
don't need to check `msg_type` again.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
bt_a2dp_ep_info is used in bt_a2dp_discover, and the max
discovered endpoints' info are already given in seps_info
of bt_a2dp_discover_param, so use pointer to point to the
seps_info of bt_a2dp_discover_param.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
use two handler array to process cmd and response separately,
make the functions shorter and codes more readable.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Fix end time capture be on radio event end irrespective of
direction finding support. Let the timer clear use radio
end or radio phy end, for no direction finding or direction
finding support, respectively.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix single timer use end time capture from being disabled
as end time and timer clear use the same PPI.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix active mode extended scanning assert raised when calling
radio_tmr_start_us() due to stale radio_tmr_end_get() value.
Active mode extended scanning did not drop reception of
ADV_EXT_IND PDU when setup to receive ADV_SCAN_RSP PDUs.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix BT_CTLR_LOW_LAT_ULL dependency after changes in
commit 5119896c7d ("Bluetooth: Controller: Fix
BT_CTLR_LOW_LAT_ULL conditional code").
BT_CTLR_LOW_LAT_ULL is independent of BT_CTLR_LOW_LAT, where
the later prevents any ULL execution inside a radio event.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
This commit alignes the timeout value for allocating buffers within att
on the BT RX thread, making it consistent within att.c, see
bt_att_req_alloc.
We are inferring in many bt_gatt_* functions that if called from a BT RX
thread (which is inherently the case if called from a callback when
running a Bluetooth application), we don't block and instead return
-ENOMEM when the ATT request queue is full, avoiding a deadlock.
This promise is fulfilled within bt_att_req_alloc, where the timeout for
allocation of the request slab is set to K_NO_WAIT if we are on the BT
RX thread. Unfortunately, we break this promise in
bt_att_chan_create_pdu, where the timeout for allocation of the att pool
is still K_FOREVER and deadlocks can (and do) occur when too many
requests are sent yet the pool is depleted.
Note: Both req_slab and att_pool sizes are defined by
CONFIG_BT_ATT_TX_COUNT. If applications start getting -ENOMEM with this
change, they were at risk of such a deadlock, and may increase
CONFIG_BT_ATT_TX_COUNT to allocate the att pool for their requests.
Note: This possible deadlock has been flying under the radar, as
att_pools are freed when the HCI driver has sent it to the controller
(instead of when receiving the response, as it happens with req_slabs)
and due to the att_pool and the req_slab being both sized by
CONFIG_BT_ATT_TX_COUNT, and req_slab being allocated before and
returning -ENOMEM already if there is no space, it takes a more specific
situation to deplete the att_pool but not the req_slab pool at this
point.
Note: Ideally, we don't want functions to behave differently depending
on which thread they are running, and while this commit makes it more
consistent, it should be considered a workaround solution.
Signed-off-by: Kyra Lengfeld <kyra.lengfeld@nordicsemi.no>
The buffer allocation in conn.c will trigger warnings if we try to use
anything else than K_NO_WAIT for the timeout when called from within the
system workqueue.
The calls in l2cap.c and att.c which may pass non-zero timeouts already
have proper handling for failed allocations, so make sure we use K_NO_WAIT
to avoid unnecessary warnings from conn.c.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>