Commit graph

21541 commits

Author SHA1 Message Date
Vinayak Kariappa Chettimada
accd35fe62 Bluetooth: controller: Remove commented code
Remove commented out code.

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2020-09-28 15:23:21 +02:00
Jukka Rissanen
3b64d57943 net: ethernet: Make sure Ethernet header is in the recv pkt
Check that Ethernet header is in the first net_buf fragment.
This is very unlikely to happen as device driver is expected
to only deliver proper Ethernet frames to upper stack.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-28 14:25:13 +03:00
Jukka Rissanen
6fcd945f1f net: conn: Check that TCP pointer is valid
Saw this crash with heavily loaded system in nucleo_f767zi:

<err> os: ***** MPU FAULT *****
<err> os:   Data Access Violation
<err> os:   MMFAR Address: 0x0
<err> os: r0/a1:  0x800f6d30  r1/a2:  0x80005d84  r2/a3:  0x00000006
<err> os: r3/a4:  0x00000000 r12/ip:  0x00000001 r14/lr:  0x60013f69
<err> os:  xpsr:  0x61000000
<err> os: Faulting instruction address (r15/pc): 0x60014304
<err> os: >>> ZEPHYR FATAL ERROR 0: CPU exception on CPU 0
<err> os: Current thread: 0x80001a18 (rx_workq)
<err> os: Halting system

Where the fault at 0x60014304 points to net_conn_input()

   } else if (IS_ENABLED(CONFIG_NET_TCP) && proto == IPPROTO_TCP) {
	src_port = proto_hdr->tcp->src_port;
60014300:	f8d9 3000 	ldr.w	r3, [r9]
60014304:	881a      	ldrh	r2, [r3, #0]

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-28 14:25:13 +03:00
Jukka Rissanen
be072b1255 net: ethernet: Check that header is valid
Saw this crash with heavily loaded system in mimxrt1050_evk:

<err> os: ***** MPU FAULT *****
<err> os:   Data Access Violation
<err> os:   MMFAR Address: 0xc
<err> os: r0/a1:  0x80000ab0  r1/a2:  0x800f6a60  r2/a3:  0x00000000
<err> os: r3/a4:  0x800f72a0 r12/ip:  0x00000000 r14/lr:  0x6000eb43
<err> os:  xpsr:  0x41000000
<err> os: Faulting instruction address (r15/pc): 0x6000dc82
<err> os: >>> ZEPHYR FATAL ERROR 0: CPU exception on CPU 0
<err> os: Current thread: 0x80001a18 (rx_workq)
<err> os: Halting system

Where the fault at 0x6000dc82 points to ethernet_recv()

	uint16_t type = ntohs(hdr->type);
6000dc82:	89ab      	ldrh	r3, [r5, #12]

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-28 14:25:13 +03:00
Jukka Rissanen
baf83c2faf net: tcp2: Lock connection when running from work queue
We run various TCP function from work queue. Make sure the
connection lock is taken before accessing the connection.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-28 14:25:13 +03:00
Pascal Brogle
e3e465a29c net: lwm2m: make max client endpoint name configurable
support longer name like urn:dev:ops:{OUI}-{ProductClass}-{SerialNumber}
or urn:imei-msisdn:###############-###############

Signed-off-by: Pascal Brogle <pascal.brogle@husqvarnagroup.com>
2020-09-28 14:24:14 +03:00
Marek Porwisz
4ad1e0cfd1 net: openthread: Fix stack overflow for joiner
Fixed stack being to small for joiner operations.
Enabled auto joining even in case of manual start.
Fixed attachement of SED on norfic radios.

Signed-off-by: Marek Porwisz <marek.porwisz@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
2020-09-24 15:55:30 -05:00
Trond Einar Snekvik
fc4fe09966 Bluetooth: Mesh: Provisioning: Reject identical random
Adds check for provisioning random values that are identical to our own,
and terminates the provisioning procedure.

Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
2020-09-24 13:45:15 -05:00
Ilya Averyanov
e363decf1c Bluetooth: fix strncpy call in bt_set_name
In bt_set_name we already get name length so let's use it in strncpy
Also fix warning with enable -Wstringop-truncation

Signed-off-by: Ilya Averyanov <a1ien.n3t@gmail.com>
2020-09-24 13:41:57 -05:00
Emil Gydesen
8825ce0ce6 Bluetooth: Shell: Fix PA shell command parameter cnt
The sync create and sync delete dit not have the correct
amount of mandatory and optional parameters set in the
SHELL_CMD_ARG declarations.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2020-09-24 21:29:47 +03:00
Emil Gydesen
68a357e66d Bluetooth: Shell: PA sync terminate callback clears entry
The sync terminate callback did not set any entries in the
PA sync array to NULL, thus not allowing the shell to
reuse them in case that the sync was lost unexpectectly.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2020-09-24 21:29:47 +03:00
Emil Gydesen
27f6bf19e8 Bluetooth: Host: Change PA sync scan to fast scan
Instead of doing slow (non-fast) scan when syncing to
a PA, it will now do a fast scan, which drastically reduces the
time it takes to create the sync. The application may
still do explicit slow scan if wanted.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2020-09-24 21:29:47 +03:00
Emil Gydesen
b78245db60 Bluetooth: Host: Fix PA sync cancel scan update
When the application cancels the PA sync, it would update
the scan before clearing the BT_PER_ADV_SYNC_SYNCING flag
which cause the scan to always start again.

Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
2020-09-24 21:29:47 +03:00
Jukka Rissanen
a95ae6712f net: tcp2: Access k_work in k_delayed_work using field name
Instead of casting k_delayed_work directly to k_work, use the
k_work field name. This avoids warnings from Coverity and
allows the code to work even if the k_delayed_work fields are
re-ordered in the future.

Coverity-CID: 214346
Fixes #28659

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-24 13:29:13 -05:00
Vinayak Kariappa Chettimada
222dca5598 Bluetooth: controller: Fix redundant PDU transmission
Fix the redundant PDU transmission when the new Tx PDU
buffer is enqueued after MD bit value of zero was
transmitted previously in a connection event.

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2020-09-24 17:27:00 +02:00
Vinayak Kariappa Chettimada
1c3659519f Bluetooth: controller: nRF53x: Fix missing sw_switch clear DPPI config
Fix missing sw_switch timer clear DPPI config when
re-enabling Tx or Rx after radio_disable() or
radio_switch_complete_and_disable() call in LLL state/role
contexts.

Fixes #28471.

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2020-09-24 17:05:14 +02:00
Jukka Rissanen
66cdcb0b48 net: DHCPv4 needs UDP to work properly
Add dependency to UDP in DHCPv4 Kconfig option as UDP is needed
in DHPCv4 to work properly.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-23 13:28:38 -05:00
Peter Bigot
b7a897ebd3 logging: avoid null pointer dereference in loop
An execution path could reach a loop that dereferences a pointer in
conditions where the pointer is null.  Add a check to the loop
condition.

Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
2020-09-23 13:08:18 -05:00
David Komel
c067463791 net: tcp2: fix sysworkq corruption in tcp_conn_unref()
Bug description:
When in tcp_conn_unref(), in case one of the delayed works is already
submitted to sysworkq (after delay period), e.g. send_timer, the check
of k_delayed_work_remaining_get() prevents calling
k_delayed_work_cancel().
This leads to corrupting sysworkq when zeroing struct tcp* conn.
Note that the "next" pointer for the work queue is part of the struct
work (in _reserved field). Which is, in this case, a member of struct
tcp.

Scenario leading to the bug:
(1) net_tcp_connect() is called from a work in sysworkq
(2) net_tcp_connect() submits conn->send_timer to sysworkq
(3) while net_tcp_connect() is waiting on connect_sem, delay period
    passes (z_timeout) and send_timer enters sysworkq work slist
(4) also, some other code (app) submits more works to queue, now pointed
    by conn->send_timer in sysworkq work list
(5) connection fails (no answer to SYN), causing a call to
    tcp_conn_unref()
(6) tcp_conn_unref() is calling tcp_send_queue_flush()
(7) checking k_delayed_work_remaining_get(&conn->send_timer) returns 0
    due to delay period end, but send_timer is still in sysworkq work
    slist (sysworkq thread still hasn't handled the work)
(8) BUG!: no call to k_delayed_work_cancel(&conn->send_timer)
(9) back in tcp_conn_unref(), a call to memset(conn, 0, sizeof(*conn))
    zeroes conn->send_timer
(10) conn->send_timer is pointed to in sysworkq work slist, but is
     zeroed, clearing pointer to following works submitted in stage (4)
(11) EFFECT! the works in stage (4) are never executed!!

NOTES:
* k_delayed_work_cancel(), handles both states:
  (1) delayed work pends on timeout and
  (2) work already in queue.
  So there is no need to check k_delayed_work_remaining_get()
* This is also relevant for conn->send_data_timer

Solution:
removing checks of k_delayed_work_remaining_get(), always calling
k_delayed_work_cancel() for work in struct tcp, in unref, before memset

Signed-off-by: David Komel <a8961713@gmail.com>
2020-09-23 08:37:44 -05:00
Jukka Rissanen
d312c6e7e6 net: gptp: Print priority1 and priority2 vars in net-shell
Print the default values of BMCA priority1 and priority2
variables in net-shell.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-22 16:45:45 -05:00
Jukka Rissanen
e3fd17072e net: gptp: Allow user to tweak priority1 and priority2 values
Instead of hardcoding the priority1 and priority2 values used
in BMCA, let the user tweak the values via Kconfig.

Fixes #28151

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-22 16:45:45 -05:00
Joakim Andersson
407411f1af Bluetooth: host: Fix stuck OOB get local functions SC is not supported
Fix bt_le_oob_get_local and bt_le_ext_adv_oob_get_local stuck forever
waiting for the sc_local_pkey_ready semaphore when SC HCI commands
are not supported in the controller.

By using the le_sc_supported helper function the runtime check of HCI
commands and the feature check of CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
is combined to be handled int the same way.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2020-09-22 19:37:31 +02:00
Joakim Andersson
214175483b Bluetooth: SMP: Move le_sc_supported helper function up
Move the le_sc_supported helper function up in the source file so that
it can be re-used in other places without a forward declaration.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2020-09-22 19:37:31 +02:00
Kumar Gala
fe7dd725f0 net: tcp2: Fix build failures on 64-bit platforms
Since conn->send_data_total is of time size_t we need to use %zu or
we'll get build errors in sanitycheck on 64-bit platforms

Fixes #28605

Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
2020-09-22 12:08:37 -05:00
Jukka Rissanen
c54a511d26 net: Drop incoming packet if there is no data in it
If the network driver for some reason did not set the data in
the network packet properly, then just drop it as we cannot do
anything with just plain net_pkt.

Fixes #28131

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-22 11:22:43 +02:00
Luiz Augusto von Dentz
d8fd5bab04 Bluetooth: L2CAP: Truncate RX MTU if segmentation is not supported
If hannel don't have alloc_buf and the RX MTU is configured to require
segmentation this warn the user and truncate the RX MTU.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2020-09-22 10:56:27 +03:00
Erik Brockhoff
9bbbf17cf2 bluetooth: controller: fix mark/unmark error in ull_adv::disable
In case where ull_adv::disable() is disallowed, disable_mark is
erroneously re-mark instead of un-marked

Signed-off-by: Erik Brockhoff <erbr@oticon.com>
2020-09-21 17:05:19 -05:00
Dominik Ermel
b75616733b storage: flash_map: Unify partition processing macros name
Rename *_PART and *_PARTION identifiers to *_PARTITION.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2020-09-21 16:42:29 -05:00
Jukka Rissanen
8afaadd223 net: conn: Ignore unhandled IPv4 broadcast packets
If there is no handler for IPv4 broadcast packet, then ignore it
instead of trying to send an ARP message to resolve the senders
address.

Fixes #21016

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-21 10:04:57 -05:00
Luiz Augusto von Dentz
25fda14702 Bluetooth: GATT: Fix assuming CCC position
Accourding to the spec the CCC descriptor may occur in any position
within the characteristic definition after the Characteristic Value.

Fixes #28324

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2020-09-21 17:15:19 +03:00
Vinayak Kariappa Chettimada
a8ffc03f6e Bluetooth: controller: Fix REJECT_IND PDU handling
Fix for handling REJECT_IND PDU received for PHY Update,
Connection Parameter Request and Data Length Update control
procedures.

If a link layer control procedure collision occurs, example
with local initiated PHY Update Procedure, and peer sends a
REJECT_IND PDU, then the PHY Update Procedure is stalled.

Fixes #28282.

Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
2020-09-21 14:52:41 +02:00
Ievgenii Meshcheriakov
d27c32efc3 drivers/flash/soc_flash_nrf: Rename config option SOC_FLASH_NRF_RADIO_SYNC
Call it SOC_FLASH_NRF_RADIO_SYNC_TICKER so it is not too generic.

Signed-off-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@nordicsemi.no>
2020-09-21 13:06:16 +02:00
Lingao Meng
4cc8cb1c15 Bluetooth: Mesh: Fix send input_complete before public key
According Mesh Profile Spec 5.4.2.4 Authentication, if device
use Input OOB Authentication method, should send input complete
pub after local public key has been acked.

`bt_mesh_input_string` or `bt_mesh_input_number` directly send
`input_complete`, however does not check whether the pub key has
been sent.

Mesh Provisioning timeout set to `60` seconds, so even this
probability is extremely low, it does not mean that there is no
such probability.

Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
2020-09-21 13:07:18 +03:00
Anas Nashif
e01a4df3fb tracing: handle null thread names with systemview
Default to autogenerated thread name in case no name was assigned.

Fixes #27592

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2020-09-20 21:27:55 -04:00
Anas Nashif
53cc54516d tracing: fix empty thread name
Report thread names as 'unknown' when we can't determine thread name
from kernel.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2020-09-20 21:27:55 -04:00
Joakim Andersson
0fe62c6392 Bluetooth: host: Fix bug in device name shortening handling
Fix bug in device name shortening handling leading to memory
corruption.
This is triggered by an underflow in the length field of the shortened
name when set_data_len + 2 > set_data_len_max.

Fixes: #27693

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2020-09-19 10:25:49 +02:00
Joakim Andersson
f332d51d60 Bluetooth: host: Ignore failure to set passive scanner address
Ignore error when failing to set the passive scanner private address.
This can happen because in between the time we checked if the
advertiser was enabled and the time we execute the set random address
command the state of the advertiser could have changed in the
controller, and we only set the state once the command has completed
in the controller.

Fixes: #25672

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2020-09-19 10:19:03 +02:00
Joakim Andersson
2cb4548a42 Bluetooth: host: Fix not setting NRPA before starting scanner
Fix not setting NRPA before starting scanner.
Occurs with BT_PRIVACY=n and BT_EXT_ADV=y

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2020-09-19 10:19:03 +02:00
Jukka Rissanen
0e49f5570c net: tcp2: Check that connection exists in net_tcp_put()
Unit test tests/net/tcp2/net.tcp2.simple might have conn set to
null so check it here.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
ac7866c663 net: tcp2: Fix connection termination
We need to have timer that closes the connection for good if
we do not get the FIN and ACK reponse from the peer.

If there is any pending data when application does close(),
send them before sending FIN.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
13a7baf1e4 net: tcp2: Bail out if new connection cannot be created
If there is some error during connection creation, just bail
out in order to avoid null pointer access.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
4e3060a26b net: tcp2: Retrigger resend if sending window is full
If we try to send data but the sending window is full, then
try to kick the resend of the pending data.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
69459507b6 net: tcp2: Fix connection state debugging
The log buffer was too short and debug messages were truncated.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
bd9f707098 net: tcp2: Print context state when closing connection
Useful in debugging.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
9cccf0ea55 net: tcp2: If the send window is full, do not try to send
If there is no space in the sending window, then return -EAGAIN
so that the caller may try later.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
29f0895b93 net: tcp2: Adjust the send window according to avail bufs
We should have a max value for sending window so that application
is not able to use all our net_bufs for queueing packets.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
b00adf6965 net: tcp2: Re-order connection struct fields
Order the fields in connection struct so that they use minimal amount
of memory.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
ff2aff3a32 net: tcp2: Make sure the pkt if not null
If the send_queue pkt is null, then do not try to access it.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
037037cdaa net: context: Return -ENOBUFS to caller if we run out of bufs
The socket layer expects to receive -ENOBUFS if we do not have
any network buffers so cannot build a network message to be sent.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00
Jukka Rissanen
3db319fbc3 net: tcp2: Avoid double free message
If there is an error, the net_context.c:context_sendto() will
free the net_pkt, so we must not do it here.

This commit fixes this error message:

<err> net_pkt: *** ERROR *** pkt 0x20421908 is freed already
                                     (context_sendto():1672)

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2020-09-18 22:07:53 -04:00