Fixes an issue which would cause a fault if someone attempted
to write to the (non-writable) blinfo keys
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fix hung Controller when establishing CIS on an encrypted
ACL connection with Controller built with direction finding
support enabled.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
When the bt_bap_broadcast_source_reconfig was supplied with a subset
of the streams, it would only update the codec cfg and qos for the
streams provided in the parameters.
This commit changes that, so all streams are properly updated,
as they share some common values.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When calling bt_bap_broadcast_sink_delete, the broadcast sink
should not attempt to terminate the PA Sync. The PA sync can live
on without the broadcast sink, just as the broadcast sink can live
on without the PA sync (which is why the PA sync check was completely
removed).
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When updating the Scan Delegator receive state, we shall only
set the BIS indexes in bis_sync that we are actually synced to.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
This commit increases the buffer used for commands
in the control channel within an instance of the
modem_cmux module. The buffer was not large enough to
store an MSC command if the optional break signals
where included. This commit fixes the issue and
updates the test suite to use the max size MSC message.
Signed-off-by: Bjarki Arge Andreasen <baa@trackunit.com>
If the previous upload was in-band and it didn't complete, the slot will
stay reserved. By design we release slot not at the end of the upload
phase, but at the start of a new upload phase.
This fixes DFU/SR/FD/BV-13-C.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
If a Fw Distribution Client sends the Upload OOB Start message, but the
application layer didn't call bt_mesh_dfd_srv_oob_check_complete yet,
we have no other option other than ignore the message. The next phase
in this case could be Transfer Active, Transfer Success or Failed and it
will be set only after Check Firmware OOB procedure completes.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
This message _at least_ 2 bytes long, but can be longer, thus
BT_MESH_LEN_MIN should be used.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
In OOB upload, when Check Firmware OOB procedure completes successfully
and the firmware is already received, we send Firmware Distribution
Upload Status message with update Phase set to Transfer Success. In this
case, we must set Upload Progress to 100%. This can't be done through
the callback as the application layer doesn't yet know that the firmware
is already received. This will happen by the exist from
bt_mesh_dfd_srv_oob_check_complete function, which will return error
code -EEXIST.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
According to the ASCS_v1.0 the ASE in Streaming state shall transit to
QoS Configured state when link loss happen.
Relates: ES-24215 (errata)
Fixes: BAP/USR/SCC/BV-168-C
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
rand32.h does not make much sense, since the random subsystem
provides more APIs than just getting a random 32 bits value.
Rename it to random.h and get consistently with other
subsystems.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The list of receives in the Firmware Distribution Server model and
and the Firmware Update Client model are 2 different lists.
In the Firmware Update Client model it is called the Update Receives
state and the Active Update Receivers state which is a subset of
receivers from the Update Receivers State. In the Firmware Distribution
Server model it is called the Distribution Receivers List state.
When Distribute Firmware procedure starts, in the Initiate step, the
Receivers List input (which is the input for the Update Receivers
state), is composed of the Distribution Receives List state. During DFU,
the Update Receivers state becomes the Active Update Receivers state
which keeps only active nodes. Timed out or failed nodes dropped out
from this list. The Distribution Receivers List state stays unchanged
and thus don't need to be populated again after every successfull and
failed DFU.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
The task_wdt_add function changes the reload_period of the channel to a
non-null value, which indicates that the channel is used. If the
function is interrupted by a task_wdt_trigger running in ISR context
before adding of the new channel has finished, the next timeout will be
scheduled based on inconsistent channel data.
Using a spinlock avoids such data races.
Fixes#61004
Signed-off-by: Martin Jäger <martin@libre.solar>
Added offset to the model relation register for vendor
models to find correct model index
for Composition Data Page 1. The previous implementation used the
'mod_idx' from the 'bt_mesh_model' struct, which led to issues in the
model relation register due to SIG and vender models having the same
model index.
Modified existing functions related to the model relation
register to take in the offset.
Modified macros for determining if a model is a base- or
extending model.
Added check in 'add_items_to_page' to check whether the model relation
is an extension.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
Changed buffer length check in bt_mesh_comp_p1_elem_pull.
The previous threshold would result in the
method not detecting the final element when it consisted of just one
model.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
Fixing kernel crash caused by memory release
while having a scheduled work item pending.
Signed-off-by: Jeroen van Dooren <jeroen.van.dooren@nobleo.nl>
When compiling conn.c using arm-none-eabi-gcc version 11.3.1 20220712
with the -Wmaybe-uninitialized flag a warning is emitted due to
pending_no_cb not being initialized. I'm not sure if initializing it to
NULL is the "correct" fix, but it's certainly not any worse then it being
uninitialized, and it fixes the warning.
Signed-off-by: Dennis Grijalva <dennisgrijalva@meta.com>
Connection states are non-trivial to understand based on their names
only, so add short descriptions in the header file explaining what they
do.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Fix errenous return value in pacs_gatt_notify function. The function
would always return zero, and not forward the error correctly.
Signed-off-by: Fredrik Danebjer <frdn@demant.com>
Don't reset values set in init callback as it is called only once by
bt_mesh_init call. The reset callback is called on every node reset.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
A few of the length checks that deal with HCI packets coming from the
controller were using assert statements. But the recommended practice is
to drop invalid packets and continue execution whenever a malformed
packet arrives from an external source, so replace those assert
statements with branches that will drop the packet and return.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Fixed issue when reprovisioning is done on a device with
both RPR client and server on the same device.
Signed-off-by: Ingar Kulbrandstad <ingar.kulbrandstad@nordicsemi.no>
The existing formula for the amount of data that can be filled
in in the current PDU is correct but confusing. Replace it with
a simpler formula.
Signed-off-by: Andries Kruithof <andries.kruithof@nordicsemi.no>
Updates the chaining for advertising.
Instead of unconditionally adding a new PDU when new data
is added we now instead fill the last PDU in the chain with
the incoming data, only adding a new PDU when there is
not enough room.
This reduces the nr. of PDUs used for advertising, and also
fixes some qualification failures
Signed-off-by: Andries Kruithof <andries.kruithof@nordicsemi.no>
The indexes were reset to 0 for each subgroup, which meant
that if we had a broadcast source with 2 subgroups and
1 BIS in each, both of them would use index 0x01.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
A race condition between ATT RX and the connection teardown can happen, as
the teardown is executed from a workqueue.
For example:
- connection is established
- `connected` cb is called (in BT RX context)
- user calls `bt_conn_disconnect` in that cb
- connection is marked as disconnecting
- ATT teardown & general conn cleanup is scheduled
- BT RX gets an ATT request, tries to handle it
- ATT bearer is still not GC'd, so it tries and fails to send it
-> results in error message "not connected" on log
- ATT teardown & general conn cleanup runs
To avoid that, we not only check the bearer state, but also its ACL conn
state.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Fix leak in scheduled ticker node when rescheduling ticker
nodes.
Applications having active Extended Advertising or Observer
role with the use of ticker reschedule in window feature
would experience assertion check failure due to delayed
radio event preparation or stalled controller with no active
roles.
Fix updating of the ticker linked list when handling
rescheduled tickers.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use UTC time by default, and add the option to use local time.
Also, change the default formats to comply with ISO-8601.
Signed-off-by: Yonatan Schachter <yonatan.schachter@gmail.com>
When the legacy LLCP implementation was removed this Kconfig option was
mistakenly left over. Remove it now with all its users.
Fixes#63212.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This module calls `log_output_*` functions so it should enable
the `LOG_OUTPUT` Kconfig option explicitly.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
This commit sets the C/R (command/response) bit when UIH
CMUX frames are sent from the modem_cmux module. This bit
is ignored by some modems like the Quectel BG95, as there
is no defined response to this specific CMUX frame type.
However, other modems, like the TELIT ME910, require the
bit to be set (command). If the bit is not set, the modem
will simply ignore the frame completely.
Signed-off-by: Bjarki Arge Andreasen <bjarkix123@gmail.com>
Make the aa argument const to solve a Coverity issue
that assumes that any value that is being byteswapped
is tainted. Making the argument const should avoid
this assumption from Coverity.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fix the coverity issue CWE570, comparison of unsigned int to 0
in the definition of IS_SYNC_ISO_HANDLE
There is a potentially the same issue for IS_ADV_ISO_HANDLE,
fixed that as well
Signed-off-by: Andries Kruithof <andries.kruithof@nordicsemi.no>
`smp_send_pos` is 16 bits wide but it was being
passed as uint8_t, thus truncating.
This made it impossible to receive packets
larger than 256 bytes.
Signed-off-by: Stasys Aužbikas <stasysau@gmail.com>
If RPR server is used then Mesh settings work queue
requires more size during provisioning procedure.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
The check for number of streams in a subgroup was reversed, so
it would never allow for correct values.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Currently context->local is not set for offloaded interface.
This change move net_offload_bind call after set of context->local.
Signed-off-by: Wojciech Slenska <wsl@trackunit.com>
Added run-time BT_CENTRAL role check for the path that was
central specific and did not have such check.
When multi-role BT device tried to pair without bonding (peripheral role)
while already previously bonded with the same device on another
Bluetooth identity, pairing failed.
It executed central-specific code, which should not be executed in case
when the device acts as peripheral (as it is even opt-out from code when
CONFIG_BT_CENTRAL is not enabled).
Signed-off-by: Mateusz Kapala <mateusz.kapala@nordicsemi.no>
In ll_setup_iso_path cis is only ever set if CONFIG_BT_CTLR_CONN_ISO
is enabled, and similarly adv_stream is only ever set if
CONFIG_BT_CTLR_ADV_ISO is enabled.
The two assignments were reported as dead code by Coverity due
to this, which has been fixed by guarding the code with
the respective Kconfigs.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
BT_SECURITY_FORCE_PAIR option gets overridden when CONFIG_BT_SMP_SC_ONLY
or CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY is defined. Cache the bit value
before overrides.
Add explicit forced pair handling to existing security level check.
Functionality did not change as this was done implicitly due to integer
comparison for enums.
Add extra clarification to the method doc.
Signed-off-by: Rait Rääk <raitraak@gmail.com>
Only confirmable messages need pending tracking. Non-confirmable
messages are released after sending.
Match incoming packets with token, not message ID.
Ignore responses with non-matching tokens.
Remove unused function send_reset().
Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>
