This commit adds basic userspace support to the logging subsystem.
With this change, the following API could be called from user mode:
- LOG_*()
- LOG_INST_*(),
- LOG_HEXDUMP_*(),
- LOG_HEXDUMP_INST_*(),
- LOG_PANIC(), LOG_PROCESS(),
- log_printk(), log_generic(), log_buffrered_cnt(),
- log_filter_set(NULL, ...)
With userspace disabled, the logger behavior and performance
is not affected. With userspace enabled, the calls from kernel
space have an additional overhead introduced by _is_user_context().
The logger behavior changes when it is called from the user context.
All strings logged using LOG_*() and LOG_INST_*() API from userspace
are rendered in place for security reasons and then placed in
log_strdup() memory pool, which should be large enough to hold bursts
of log messages.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
if base64_decode function returns error, function can't continue
otherwise a fatal error will cause the thread to spin, putting the
system into an unrecoverable state
Signed-off-by: Faisal Saleem <faisal.saleem@setec.com.au>
Do not try to memcpy() the same buffer to itself.
This one also reverts commit 112ecb7290
("net: gptp: Fix for coverity CIDs 203471 and 203464") as that
did not fully fix the issue.
Coverity-CID: 203464
Coverity-CID: 203471
Fixes#18394
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Fix the controller implementation to handle data packet
enqueue being pause on Encryption Request be done early in
the ULL when enqueueing packets towards LLL.
Fixes#18645.
Signed-off-by: Vinayak Kariappa Chettimada <vinayak.chettimada@gmail.com>
Rename AUTHENTICATION, to AUTH, since this is a well established short
form of the word.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename bt_conn_security to bt_conn_set_security, this makes the API
naming more consistent.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename security level enum, using level and number instead of low,
medium, high and fips.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Make sure that the extension, like HBHO, sub-option length is
not too large.
Fixes#16323
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
A security vulnerability in the Bluetooth BR/EDR Bluetooth Core
specification versions 1.0 through 5.1 has been identified as
CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation
protocol is vulnerable to packet injection that could allow an
unauthenticated user to decrease the size of the entropy of the
encryption key, potentially causing information disclosure and/or
escalation of privileges via adjacent access. There is not currently
any knowledge of this being exploited.
From Core spec erratum 11838:
A device shall enforce an encryption key with at least 128-bit
equivalent strength for all services that require Security Mode 4,
Level 4. For all other services that require encryption, a device
should enforce an encryption key with at least 56-bit equivalent
strength, irrespective of whether the remote device supports Secure
Simple Pairing.
After encryption has been enabled, the Host should check the
encryption key size using either the HCI_Read_Encryption_Key_Size
command (see [Vol 2] Part E, Section 7.5.7) or a vendor-specific
method.
Fixes#18658
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
In case sufficient security level wasn't reached the error propagation
was missing, which could lead to incorrect state transitions when
update_sec_level_br() returns. Return true/false and make sure to
abort any further operations in case the update fails.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The storage for the public key is pub_key in hci_core.c.
When the public key event is generated the public key is copied into
this buffer, but the pointer to the event storage of the key is given
in the public key ready callback (bt_smp_pkey_ready).
SMP expects that it is safe to assign a global pointer to this variable.
In smp_init bt_pub_key_get is used to get the pointer to the public key.
In both cases SMP assigns the le_sc_pub_key to the pointer given.
This creates an issue when bt_smp_pkey_ready callback occurs after
smp_init during pairing procedure, SMP will then have a pointer to an
event buffer that has been released and contains invalid data.
Fixes: #18580
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Increase temporary buffer size to 8 bytes in fcb_append to prevent
stack overflow in case flash alignment is bigger then 2 bytes.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
The size of the request buffer (USB_REQUEST_BUFFER_SIZE)
is configurable and depends on the needs of an application.
Check if the request buffer is not too small.
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
Give the security changed callback when the peripheral initiated
security request and peer attempted to encrypt the connection but no LTK
match was found.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Make sure that a new pairing procedure with an existing bond does not
result in a security with weaker security properties.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add security error to security_changed callback. Call this callback when
security has failed and provide current security level and error.
Reason for failure can be.
- Pairing procedure failed, pairing aborted before link encryption.
- Link encrypt procedure failed
- Link key refresh procedure failed.
Fix missing bt_conn_unref on encryption key refresh with error status.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Stop the pairing procedure in the request phase if no storage is
available for the keys. This avoids the pairing procedure from failing
during the key distribution phase.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Proved the Authentication callback for pairing failed and pairing
complete when BR/EDR SSP is complete.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Allow SMP debug keys to behave in the same way as normal keys, in order
to debug with encryption and Bluetooth sniffer the exact way it behaves
when not using debug keys.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
When the bootstrap support was added, it looks like I somehow missed
the handling block in the engine.
Let's add it now to fix boostrap support.
Fixes: https://github.com/zephyrproject-rtos/zephyr/issues/18080
Signed-off-by: Michael Scott <mike@foundries.io>
- LWM2M_SECURITY_INSTANCE_COUNT wasn't following the standard of
having the unconditional default in the last position
- LWM2M_SERVER_INSTANCE_COUNT needs another instance when
bootstrap is enabled.
Signed-off-by: Michael Scott <mike@foundries.io>
LwM2M boostrap support is enabled via the config option:
LWM2M_RD_CLIENT_SUPPORT_BOOTSTRAP. If enabled, this config sets
the default # of server and security instances. However, this is
not working correctly because LWM2M_RD_CLIENT_SUPPORT_BOOTSTRAP
is defined below it's uses in the Kconfig file.
Let's move the RD_CLIENT configs higher in the Kconfig to fix this
behavior.
Signed-off-by: Michael Scott <mike@foundries.io>
Update state after RESUME event.
Use LOG_INF for important events and log a
warning if the data is discarded.
Fixes#17488
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
If no challenger went to replace the best port/vector, then the best
port is still the global_ds and thus point to the same memory: no need
to update the global_ds then.
Coverity-CID: 203471
Coverity-CID: 203464
Fixes#18395
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Looks like the logic to count rejection is missing. Removing count_rej
variable, and set a comment about initializing the code to the right
value once this logic will be in.
Coverity-CID: 203514
Fixes#18398
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Fix reset of Encryption Procedure state on reception of
REJECT_IND and REJECT_EXT_IND.
This is a regression in commit 79cb615770 ("Bluetooth:
controller: split: Port Enc setup to be queueable")
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The period_start timestamp wasn't getting properly initialized in the
case that retransmission was not being used. In the case of
retransmission the timestamp was getting updated in the mod_publish()
delayed work callback. Add a send_start callback and do the
initialization there, since this covers both the retransmission as
well as the no-retransmission cases.
Fixes#17820
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Post Tx pool corruption fix, clean up code and add comments
explaining the use of Tx node next field used to indicate
the Tx node's allocation from Control or Data pool.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix the Tx FIFO, queue and pool corruption due to missing
release of link object to Tx link pool and hence missing
reset of the per connection initially allocated Tx link
free pointer.
The bug caused Tx PDUs and associated memory to be lost
leading to missing L2CAP segment transmissions. With lost
control PDU buffers, ULL would stall processing Done events
also leading to controller asserts.
Fixes#18546.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Check if usb_cfg_data pointer was initialized
before endpoint descriptor section is processed.
Coverity-CID: 203473
Fixes: #18423
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
This removes the necessity of registering the storage for CCC and make
it part of the declaration itself.
Fixes#18547
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds support to provide an UUID to bt_gatt_indicate so API user
don't need to hardcode the attribute offset by hand.
Fixes#18572
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
The code for checking space in the Friend queue was faulty in the case
that we receive a message with more segments than the configured Friend
Queue size. This is not an issue for the default configuration but
still a possible one. Move the check for exceeding Friend Queue Size
to the per-LPN function, so that bt_mesh_friend_queue_has_space()
iterates all LPNs before delivering its verdict. This allows us to
return success in case no LPN matched (which is how the code was
intended to work).
Fixes#18522
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Simplify algorithm to skip (aka calculate length) of encoded domain
name in a DNS answer. Now it's fully compliant to RFC 1035 regarding
handling of compressed FQDNs. Additionally, bounds checking is now
performed by the parsing code.
Fixes: #18334
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Fix for Zephyr bug #17415
For settings_line_val_read function with following .conf setting:
CONFIG_SETTINGS_USE_BASE64=y
Signed-off-by: Declan Traill <declan.traill@setec.com.au>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
According to Mesh Profile Specification 1.0.1 Figure 5.17, the
unprovisioned device should send its confirmation value after the
provisioner sends theirs. Previously, the confirmation value would be
sent immediately after OOB input complete. Now it first waits for the
input data, then from confirmation from the provisioner before sending
the confirmation.
Fixes: #18178.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Let's use IS_ENABLED() instead of the #ifdef to get clearer code. ret
variable is used only at one place, no need for the ARG_UNUSED()
Coverity-CID: 203397
Fixes#18419
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
