Fix Tx pool from being corrupted when rough central device
uses invalid packet sequence numbers, causing NULL pointer
to be released into free data Tx pool.
Fixes#22968.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
zephyr_smp_write_at is supposed to write len bytes of data at
the offset of a given net_buf, overwriting existing data and extending
beyond current buffer length, if needed. Unfortunately condition
checking if written data would fit within the buffer size has been
incorrectly implemented, making write impossible, when there has been
less bytes of space left within buffer tailroom than required to write
len bytes of data, even if len bytes written starting at given offset
would not cross the buffer boundary.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
If the client is change-unware and disconnects the spec requires that
the stack still sends the error out of sync for the next request:
'The ATT_ERROR_RSP PDU is sent only once after the client becomes
change-unaware, unless the client _disconnects_ or the database changes
again before the client becomes change-aware in which case the
ATT_ERROR_RSP PDU shall be sent again'
Fixes#23110
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Resend transport segments for groups on the advertiser interface, even
if a connected proxy node holds the group.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Update help text of `bt init` command which says address could be
provided. This feature was removed by:
d22b7c9f2d
As a replacement the `bt id-create` command can be used instead.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
When tracing_cpu_stats.h is included by C++ file it will not compile
and link correctly due to missing #ifdef __cplusplus directives
in the header file.
Fixes#23072
Signed-off-by: Dariusz Lisik <dariusz.lisik@hidglobal.com>
When a must-expire ticker callback is executed, it is important not to
call the LLCP state machine, as the lazy state is unavailable. The code
must rely on the next proper event to call ull_conn_llcp with an updated
non-zero lazy count.
Signed-off-by: Morten Priess <mtpr@oticon.com>
Fix EBQ tests for the Max Tx Time and Max Rx Time parameter.
Signed-off-by: Andries Kruithof <Andries.Kruithof@nordicsemi.no>
Bluetooth: controller: split: fixed for endianness
Added conversion to correct endianness
Signed-off-by: Andries Kruithof <Andries.Kruithof@nordicsemi.no>
Fix local initiated Data Length Update procedure from being
stalled when a remote initiates a procedure with instant.
Fixes#23069.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Store the time difference value in u32_t variable than
abs() value in signed variable.
Fixes#22912
Coverity CID: 208406
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Fix issue where a new connection with the same peer would use the CCC
from from first connection, despite different local identity.
Since there is no CCC for the new connection yet this caused the
application to think that CCC was enabled but the remote device had not
yet subscribed.
Fix this issue by making the id as an input to the peer address check
function. This will force us to make the check every time. This commit
might also fix similar issues not yes discovered as the ID check was
missing in a few other places as well.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename the acl buf context id to index since to avoid confusing it with
the conn object ID parameter. Especially the bt_conn_lookup_id function
was creating confusion.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
net_pkt_clone() initializes the original packet cursor
and clone the packet. But it doesn't restore the cursor
back to original position.
Issue noticed when mDNS resolving fails when mdns responder
is also enabled.
net_conn_input(), in case of multicast packet, connection
handler clone the packet and deliver to matching handler.
Example case: dns_resolver and mdns_responder both register
handlers for 5353 port. After first clone original packet
cursor moved back to starting position. But first cloned
packet cursor is set properly. Second time cloning makes
cursor position to set to zero. Which makes second packet
handler header unpacking goes wrong.
Fixes#21970.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Fix ticker resolve collision implementation for incorrect
ticks accumulation and the calculation of next period.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix a race condition in radio abort requested by flash
driver. It is possible that during abort function execution,
PPI setup to start radio fires. Hence, check explicitly in
cleanup function for radio being in use and disable it.
Fixes#22945.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use the old ticker compatibility mode implementation as
default for nRF5x Series SoCs.
Fixes#22926.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Avoid the HCI-USB race condition where HCI data and HCI events can be
re-ordered, and pairing information appears to be sent unencrypted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix to remove assertion failure check on detecting invalid
packet sequence used by peer central and that no non-empty
packet was transmitted.
Fixes#22967.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
When the length of the transfer is an exact multiple of IN endpoint MPS
in the ring buffer, transfer one byte less to avoid zero-length packet.
Otherwise the application running on the host may conclude that there
is no more data to be received (i.e. the transaction has completed),
hence not triggering another I/O Request Packet (IRP).
Fixes#21713.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
In case the ring buffer is empty, ring_buf_get_claim() returns a zero
length. Exit the function in that case as calling usb_transfer() with a
zero length will send a ZLP.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Currently the cdc_acm implementation pass the data to usb_transfer() by
a chunk of IN endpoint MPS. This has 2 drawbacks:
- at higher throughput, each transfer needs 2 packets due to the need of
an extra ZLP;
- a temporary buffer of size USB MPS is needed.
This patch improves the memory consumption and performances by passing
the ring buffer directly to usb_transfer(). It only has a small
performance degradation when the ring buffer wraps and less than a IN
endpoint MPS has to be sent.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Fix issue where an invalid (all zeroes) hash was written to settings
storage on reset. This caused the old value to written to zeroes, before
being written back to it's original value again immediately after.
This causes excessive flash wear.
This happens because the check if (k_delayed_work_remaining) returns the
amount of time until the work will execute. When that time has run out
the time is zero, but the work has not yet been executed.
We then write the invalid hash to flash, and then once the work-item
executes it will write the correct value.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
- avoid spourious radio interrupts by fixing ISR set,
waiting for idle, command configuration
- adjust counter to account for missing increment
- change preemption instant to avoid missing the deadline in LLL
- decrese EVENT_JITTER_US and
EVENT_TICKER_RES_MARGIN_US (same as Nordic)
Continuous scanning and connections are working fine now.
Signed-off-by: George Stefan <george.stefan@nxp.com>
Created unit tests for the encryption and decryption functions.
Tested with the peripheral and with central_hr samples.
Due to latency of CAUv3 when used as CCM inline accelerator
only one of the PDU can be encrypted/decrypted within an
bilateral exchange M->S + S->M in a connection event.
If the RXed PDU is encrypted, the TXed PDU must be empty
with More Data if there is data in the LLL queue.
The TXed PDU will be encrypted when an empty PDU is RXed.
Signed-off-by: Cristi Caciuloiu <cristian.caciuloiu@nxp.com>
Fix regression due to addition of conditional compilations
while porting the privacy feature from legacy to split
controller.
Fixes#22801.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Backport of https://github.com/apache/mynewt-nimble/pull/724
Mesh spec 1.0.1 changes proxy disabling behavior to only affect the
relaying from proxy nodes. Previously, disabling proxy would shut down
all proxy and node activity.
Tweaks from the original commit:
- Removed redundant call to bt_mesh_adv_update() in gatt_proxy_set()
- Removed invalid ref to 4.2.11.1 in node_identity_set()
---
According to Mesh Profile Spec 1.0.1, Section 4.2.11:
"If the Proxy feature is disabled, a GATT client device can connect
over GATT to that node for configuration and control. Messages from
the GATT bearer are not relayed to the advertising bearer."
Moreover some notes have been removed from the spec compared to
version 1.0:
Mesh Profile Spec 1.0, Section 4.2.11:
"Upon transition from GATT Proxy state 0x01 to GATT Proxy state 0x00
the GATT Bearer Server shall disconnect all GATT Bearer Clients."
"The Configuration Client should turn off the Proxy state as the last
step in the configuration process."
Mesh Profile Spec 1.0, Section 4.2.11.1:
"When the GATT Proxy state is set to 0x00, the Node Identity state
for all subnets shall be set to 0x00 and shall not be changed."
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
SC config data is no longer stored within the CCC config itself
therefore it must be cleared separately.
Fixes#22539
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
GATT data shall not be considered conditional to BT_SETTINGS since
the data is stored in RAM it must also be cleared when unpairing.
Fixes#22514
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
smp_pairing_complete does actually clears flags so setting
SMP_FLAG_TIMEOUT must come after that.
Fixes#22786
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fix bt_gatt_indicate using the wrong attribute pointer when a uuid was
provided as input.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Same deal as in commit eddd98f811 ("kconfig: Replace some single-symbol
'if's with 'depends on'"), for the remaining cases outside defconfig
files. See that commit for an explanation.
Will do the defconfigs separately in case there are any complaints
there.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
If nack_idx > 0, then the count_rej must be > 0. This means that
the "code" variable will never be set to PPP_CONFIGURE_NACK.
Fixes#22436
Coverity-CID: 207975
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If CONFIG_NET_PKT_RXTIME_STATS is set, then update the received
packet RX time for packet sockets (SOCK_RAW). This was already
working for normal sockets but the statistics update was missing
from SOCK_RAW.
Fixes#22489
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
setting/resetting endpoints is required when switching to alternate
interfaces. This is a common operation for usb audio class.
When audio device is enumerated host invokes set_interface request
to alternate with 0 endpoints associated. That operation lead to
disable never enabled endpoints. With previous solution error message
will appear.
This commit limits error messages to be present only if endpoint
was configured/enabled before and there was a problem when trying
to configure/enable it for the first time.
* Kinetis driver was updated with return error value when ep was
already configured/enabled.
* nxp driver updated with return error value when ep was already
enabled
* sam0 driver updated with return codes instead of magic numbers.
This is fix patch to #21741
Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no>
A `k_timer` callback is called from the ISR context on certain devices
(nRF), which resulted in an assert in the kernel, as `telnet_send`, and
thus `net_context_send` used a mutex.
Fix the issue by replacing a timer used by the `shell_telnet` module
with a delayed work, which will execute it's callback in a system
workqueue context.
Fixes#22697
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Rename the scan recv callback info struct so that it reflects that it
is part of the scan recv callback. This will make it consistent with
future plans for advertising callbacks.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix the scanner using the advertiser identity instead of the scanners
identity, scanner always use BT_ID_DEFAULT.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
