The third argument in memmove can possible be greater than remaining
buffer size. Just ensuring that memmove will changes bytes only inside
the string buffer and nothing else.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Fix possible NULL dereference in BT_DBG statement when
bt_mesh_friend_get is called before a successful cfg_srv init
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The page buffer can overflow if dCBWDataTransferLength
is multiple of the BLOCK_SIZE but the host uses
OUT packets smaller than MPS durng transfer.
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
opts_len renamed to total_opts_len in previous changes.
But it's not replaced at one place.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
During DFU_UPLOAD, the host could requests more data
as stated in wTransferSize. Limit upload length to the
size of the request buffer (USB_REQUEST_BUFFER_SIZE).
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
Fix conditional compilation error when enabling
BT_CTLR_FAST_ENC for central only application builds.
Also added additional compilation to code exclusive to
central or peripheral role.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
When building the tests/bluetooth/shell application without
the BT_CENTRAL feature, compilation fails:
subsys/bluetooth/shell/bt.c:1642: undefined reference to
`bt_conn_create_auto_le'
Signed-off-by: Vinayak Kariappa Chettimada <vinayak.kariappa@gmail.com>
If IPv4 header options has wrong options length
(e.g. options length is more that actual data),
then parser decrements opts_len without checking
actual data length. Which crashes the network stack.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Fix problem of not checking if the remote device key is actually our
own. This bug was intruduced in
46a95f12ad and causes failure of models
that use app_idx BT_MESH_KEY_DEV_REMOTE. Since this is used by cfg_cli,
it was not possible to do self-configuration.
Signed-off-by: Tobias Svehagen <tobias.svehagen@gmail.com>
Add Kconfig option to support building the controller
optimized for speed.
Fixes#21601.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix local initiated Data Length Update procedure from being
stalled when a remote initiates a procedure with instant.
Fixes#23069.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix Tx pool from being corrupted when rough central device
uses invalid packet sequence numbers, causing NULL pointer
to be released into free data Tx pool.
Fixes#22968.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
zephyr_smp_write_at is supposed to write len bytes of data at
the offset of a given net_buf, overwriting existing data and extending
beyond current buffer length, if needed. Unfortunately condition
checking if written data would fit within the buffer size has been
incorrectly implemented, making write impossible, when there has been
less bytes of space left within buffer tailroom than required to write
len bytes of data, even if len bytes written starting at given offset
would not cross the buffer boundary.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
If the client is change-unware and disconnects the spec requires that
the stack still sends the error out of sync for the next request:
'The ATT_ERROR_RSP PDU is sent only once after the client becomes
change-unaware, unless the client _disconnects_ or the database changes
again before the client becomes change-aware in which case the
ATT_ERROR_RSP PDU shall be sent again'
Fixes#23110
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Resend transport segments for groups on the advertiser interface, even
if a connected proxy node holds the group.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Update help text of `bt init` command which says address could be
provided. This feature was removed by:
d22b7c9f2d
As a replacement the `bt id-create` command can be used instead.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
When tracing_cpu_stats.h is included by C++ file it will not compile
and link correctly due to missing #ifdef __cplusplus directives
in the header file.
Fixes#23072
Signed-off-by: Dariusz Lisik <dariusz.lisik@hidglobal.com>
When a must-expire ticker callback is executed, it is important not to
call the LLCP state machine, as the lazy state is unavailable. The code
must rely on the next proper event to call ull_conn_llcp with an updated
non-zero lazy count.
Signed-off-by: Morten Priess <mtpr@oticon.com>
Fix EBQ tests for the Max Tx Time and Max Rx Time parameter.
Signed-off-by: Andries Kruithof <Andries.Kruithof@nordicsemi.no>
Bluetooth: controller: split: fixed for endianness
Added conversion to correct endianness
Signed-off-by: Andries Kruithof <Andries.Kruithof@nordicsemi.no>
Fix local initiated Data Length Update procedure from being
stalled when a remote initiates a procedure with instant.
Fixes#23069.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Store the time difference value in u32_t variable than
abs() value in signed variable.
Fixes#22912
Coverity CID: 208406
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Fix issue where a new connection with the same peer would use the CCC
from from first connection, despite different local identity.
Since there is no CCC for the new connection yet this caused the
application to think that CCC was enabled but the remote device had not
yet subscribed.
Fix this issue by making the id as an input to the peer address check
function. This will force us to make the check every time. This commit
might also fix similar issues not yes discovered as the ID check was
missing in a few other places as well.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename the acl buf context id to index since to avoid confusing it with
the conn object ID parameter. Especially the bt_conn_lookup_id function
was creating confusion.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
net_pkt_clone() initializes the original packet cursor
and clone the packet. But it doesn't restore the cursor
back to original position.
Issue noticed when mDNS resolving fails when mdns responder
is also enabled.
net_conn_input(), in case of multicast packet, connection
handler clone the packet and deliver to matching handler.
Example case: dns_resolver and mdns_responder both register
handlers for 5353 port. After first clone original packet
cursor moved back to starting position. But first cloned
packet cursor is set properly. Second time cloning makes
cursor position to set to zero. Which makes second packet
handler header unpacking goes wrong.
Fixes#21970.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Fix ticker resolve collision implementation for incorrect
ticks accumulation and the calculation of next period.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix a race condition in radio abort requested by flash
driver. It is possible that during abort function execution,
PPI setup to start radio fires. Hence, check explicitly in
cleanup function for radio being in use and disable it.
Fixes#22945.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use the old ticker compatibility mode implementation as
default for nRF5x Series SoCs.
Fixes#22926.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Avoid the HCI-USB race condition where HCI data and HCI events can be
re-ordered, and pairing information appears to be sent unencrypted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix to remove assertion failure check on detecting invalid
packet sequence used by peer central and that no non-empty
packet was transmitted.
Fixes#22967.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
When the length of the transfer is an exact multiple of IN endpoint MPS
in the ring buffer, transfer one byte less to avoid zero-length packet.
Otherwise the application running on the host may conclude that there
is no more data to be received (i.e. the transaction has completed),
hence not triggering another I/O Request Packet (IRP).
Fixes#21713.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In case the ring buffer is empty, ring_buf_get_claim() returns a zero
length. Exit the function in that case as calling usb_transfer() with a
zero length will send a ZLP.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Currently the cdc_acm implementation pass the data to usb_transfer() by
a chunk of IN endpoint MPS. This has 2 drawbacks:
- at higher throughput, each transfer needs 2 packets due to the need of
an extra ZLP;
- a temporary buffer of size USB MPS is needed.
This patch improves the memory consumption and performances by passing
the ring buffer directly to usb_transfer(). It only has a small
performance degradation when the ring buffer wraps and less than a IN
endpoint MPS has to be sent.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix issue where an invalid (all zeroes) hash was written to settings
storage on reset. This caused the old value to written to zeroes, before
being written back to it's original value again immediately after.
This causes excessive flash wear.
This happens because the check if (k_delayed_work_remaining) returns the
amount of time until the work will execute. When that time has run out
the time is zero, but the work has not yet been executed.
We then write the invalid hash to flash, and then once the work-item
executes it will write the correct value.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
- avoid spourious radio interrupts by fixing ISR set,
waiting for idle, command configuration
- adjust counter to account for missing increment
- change preemption instant to avoid missing the deadline in LLL
- decrese EVENT_JITTER_US and
EVENT_TICKER_RES_MARGIN_US (same as Nordic)
Continuous scanning and connections are working fine now.
Signed-off-by: George Stefan <george.stefan@nxp.com>
Created unit tests for the encryption and decryption functions.
Tested with the peripheral and with central_hr samples.
Due to latency of CAUv3 when used as CCM inline accelerator
only one of the PDU can be encrypted/decrypted within an
bilateral exchange M->S + S->M in a connection event.
If the RXed PDU is encrypted, the TXed PDU must be empty
with More Data if there is data in the LLL queue.
The TXed PDU will be encrypted when an empty PDU is RXed.
Signed-off-by: Cristi Caciuloiu <cristian.caciuloiu@nxp.com>
Fix regression due to addition of conditional compilations
while porting the privacy feature from legacy to split
controller.
Fixes#22801.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Backport of https://github.com/apache/mynewt-nimble/pull/724
Mesh spec 1.0.1 changes proxy disabling behavior to only affect the
relaying from proxy nodes. Previously, disabling proxy would shut down
all proxy and node activity.
Tweaks from the original commit:
- Removed redundant call to bt_mesh_adv_update() in gatt_proxy_set()
- Removed invalid ref to 4.2.11.1 in node_identity_set()
---
According to Mesh Profile Spec 1.0.1, Section 4.2.11:
"If the Proxy feature is disabled, a GATT client device can connect
over GATT to that node for configuration and control. Messages from
the GATT bearer are not relayed to the advertising bearer."
Moreover some notes have been removed from the spec compared to
version 1.0:
Mesh Profile Spec 1.0, Section 4.2.11:
"Upon transition from GATT Proxy state 0x01 to GATT Proxy state 0x00
the GATT Bearer Server shall disconnect all GATT Bearer Clients."
"The Configuration Client should turn off the Proxy state as the last
step in the configuration process."
Mesh Profile Spec 1.0, Section 4.2.11.1:
"When the GATT Proxy state is set to 0x00, the Node Identity state
for all subnets shall be set to 0x00 and shall not be changed."
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
SC config data is no longer stored within the CCC config itself
therefore it must be cleared separately.
Fixes#22539
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
GATT data shall not be considered conditional to BT_SETTINGS since
the data is stored in RAM it must also be cleared when unpairing.
Fixes#22514
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
