The print specifier for `atomic_t` should be updated
to `%ld`, `%lu`, or `%lx` to account for the type
change of `atomic_t` to `long`.
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
make sure channel request reference is cleared if send fails. without
this change this could happen when att_handle_rsp was called:
1. reqs before call:
head: 0x2000f8e8, tail: 0x2000f8c0, elements:
- addr 0x2000f8e8, function pointer NULL
- addr 0x2000f8c0, function pointer 0x35c1d
2. att_handle_rsp called, calling bt_att_req_free with address
0x2000f8e8
3. reqs after call:
head: 0x2000f8e8, tail: 0x2000f8c0, elements:
- addr 0x2000f8e8, function pointer NULL
- addr 0x2000f8d4, function pointer NULL
- addr 0x2000f8ac, function pointer NULL
- addr 0x2000f898, function pointer NULL
- addr 0x2000f884, function pointer NULL
- addr 0x2000f870, function pointer 0xd92b7e7c
- addr 0x2000f85c, function pointer 0x462a03a9
- addr 0x2000f848, function pointer 0xf77b2f4b
- addr 0x2000f834, function pointer 0x33714775
- addr 0x2000f820, function pointer 0x31ba37f8
- addr 0x2000f80c, function pointer 0x5fda8494
- addr 0x2000f7f8, function pointer 0xbcff174e
- addr 0x2000f7e4, function pointer 0x341393f
- addr 0x2000f7d0, function pointer 0xbcfee8b8
- addr 0x2000f7bc, function pointer 0x1e73d9e5
which obviously is broken.
closes#39506.
Signed-off-by: Jacob Siverskog <jacob@teenage.engineering>
Core Specification 5.3 Vol 3. Part G. 4.2:
The Signed Write Without Response sub-procedure shall only be supported
on the LE Fixed Channel Unenhanced ATT bearer.
This was affecting GATT/SR/GAW/BI-38-C qualification test.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
To test fallback to remaining bearers PTS might request IUT to
disconnect one of the connected EATT channels, while the others remain
intact. Test function must be added, because we cannot create L2CAP
server on EATT PSM and manage this server as normal and have EATT
enabled at same time.
This is affecting GATT/SR/GAW/BV-14-C
Signed-off-by: Krzysztof Kopyściński <krzysztof.kopyscinski@codecoup.pl>
This check is present in att_read_rsp(), but att_read_mult_req and
att_read_mult_vl_req do not use it. Add this check to these functions.
This was affecting GATT/SR/GAS/BV-08-C
Signed-off-by: Krzysztof Kopyściński <krzysztof.kopyscinski@codecoup.pl>
Adds a new callback structure to `<gatt.h>` for receiving notifications
of ATT MTU updates. This callback is called regardless of whether the
MTU update was initiated locally or remotely.
Fixes#32035.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
This aligns the error handling of send function to never unref the
buffer in place so the caller retain the ownership of the buffer
whenever there is an error.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
chan_send does restore buffer state in case of an error which is
different than how bt_l2cap_send_cb works as it does always unref in
case of an error.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This fixes a regression introduced by
10841b9a14 as it did remove a call to
net_buf_ref which was used not only to keep a reference for resending
but also to prevent bt_l2cap_send_cb to unref the buffer in case it
fails.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fix packet reordering in ATT when putting the host under high load.
In certain conditions a packet can be transmitted while there is
elements in the TX queue in bt_att_send. This means that the packet will
skip ahead in the TX queue leading to packet re-ordering.
Fix by always appending to the queue, and then initiate sending of the
HEAD of the queue.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The ATT request buffers are held until the ATT response has been
received. This means that the ATT request buffers are released by the
RX thread, instead of the from the RX priority context of
num_complete.
This can cause a deadlock in the RX thread when we allocate buffers
and all the available buffers are ATT requests, since the RX thread is
the only thread that can release buffers.
Release the ATT request buffers once they have been sent and instead
handle ATT request resending by reconstructing the buffer from the
GATT parameters.
Also re-order the order of resource allocation by allocating the
request context before the buffer. This ensures that we cannot
allocate more buffers for ATT requests than there are ATT requests.
Fixed a buf reference leak that could occur when the ATT request buffer
has been allocated, but GATT returns an error before handing the
responsebility of the buffer to ATT, for example when bt_att_req_alloc
fails.
This is fixed by moving the functionality of att_req_destroy to
bt_att_req_free.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Remove the ATT request destroy callback which is never assigned
by any of the ATT requests.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
ATT channels do support queueing buffer so it no longer need to block
waiting the tx_sem besides the buffer allocation already serves the
same purpose as the application will not be able to have more requests
than there are buffers available.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
When ATT resends an ATT request it is sent as a "response" instead of
as a request. This causes the ATT request buffer to be released and
the ATT request cannot be resent one more time.
This causes a problem when the ATT request requires authentication
but the elevation of security is not enforcing MITM protection.
In this case the ATT will first require security level 2 and then resend
the request once this has been reached.
This will lead to a new ATT error response and ATT will require security
level L3.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Remove ATT modifying the L2CAP channel state by unassigning the
the connection pointer on timeout.
Unassigning this pointer does not prevent the ATT channel from receiving
since bt_l2cap_recv does not inspect this pointer before calling the
channel receive function.
This prevented the disconnected callback from being called on the
channel after the channel had timed out, but since the disconnected
callback now handles this case this workaroun is no longer needed.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Handle ATT timeout on disconnected ATT channel.
When the ATT channel is disconnected with a pending request the ATT
timeout is canceled and the response processed with an error code.
However canceling of delayed work is not guaranted to succeed, e.g:
"Work queue thread has removed the work item from the queue but has not
called its handler"
This could lead to timeout handler being invoked after the disconnected
handler.
Fixes: #29098
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix crash in ATT when the response for a request is received after
the ATT timeout has fired and the ATT channel has been detached.
Add similar handling for all ATT channel operations.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix issue where the encrypt change has an error code, but the
encrypt change request was unrelated to the current ATT request.
This lead to the current ATT transaction being interpreted as finished
an the ATT client would proceed with the next ATT request, which would
fail since the ATT client is now violating the ATT single transaction
rule.
Updated similar if statement checking for the opposite to improve
readability.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Don't use the ATT structs that has contains only a flexible array
member. This is not supported by C99 standard, only through GNU C
extension with zero length array.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Make it actually give the original pointer to the attribute and its
resolved handle so static attributes don't need an extra lookup.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Since bt_l2cap_send_cb can fail returning its error is not enough as
the buffer has been modified to add the headers, so this save the state
before calling bt_conn_send_cb and takes a reference so it can be
restored its original state in case of error.
Fixes#27434
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Avoid warning in att_handle_rsp, only call this when there is a
pending ATT request. This avoids a warning happens when elevating
security fails but higher security had not been requested by an
ATT request.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
squash! Bluetooth: ATT: Remove warning when no ATT process pending
EATT channels use bt_l2cap_chan_send which does return the number of
bytes sent on success not 0 as bt_l2cap_send.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
These functions don't work with buffers that do have fragments, instead
this replaces their usage with net_buf_{put,get}.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
ATT_PENDING_SENT does severely impact the throughput since multiple
packets no longer can be scheduled at same time, so instead of always
setting it regardless of the bearer/channel it is now only used for
EATT since that cannot set its own callbacks.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
bt_l2cap_send_cb may fail if there are no context available which means
that the request would not be sent, also due to the use of custom
callback it cannot be queued either so the only option is to return the
error and let the application handle it.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Since the TX semaphore is used for all types of PDUs a request may have
to be put on the request list while there is no pending request pending
which means no response will be generated to trigger att_process,
previously this condition was handled by setting the request as
currently pending and append its buffer to tx_queue but this is no
longer efficient since there could be more than one channel active the
code should try all of them before queueing back to request list.
To fix this the request list will now be processed each time a PDU has
been sent.
Fixes#26070
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
ATT channel sent callback shall not be overwritting until the
operation completes as it can result in breaking flow control when
CONFIG_BT_ATT_ENFORCE_FLOW is enabled.
Fixes#25964Fixes#26071
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds support for ATT_MULTIPLE_HANDLE_VALUE_NTF,
ATT_READ_MULTIPLE_VARIABLE_REQ and ATT_READ_MULTIPLE_VARIABLE_RSP.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds support for EATT bearer which was introduced in 5.2, they work
as extra channels to have GATT traffic, at the moment it is completely
transparent to application when they are in use since the allocation
happens automatically.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Convert bluetooth host to using k_timeout_struct for the timeout values.
This is mostly replacing s32_t with k_timeout_t.
In l2cap the handling of no timeout in send channel request was removed
since the timeout is both documented as minimum of 1 second and never
given any no timeout value.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
When disconnecting att_reset is called and all requests are notified
but instead of passing req->user_data like it should it pass the req
itself which nowdays comes from a k_mem_slab, rather than being a
contiguous memory that would contain the request and its user data,
which would likely cause invalid access.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fix ATT releasing the att structure back to the memory slab allocator
before the structure is actually ready to be released. The memory slab
allocator will write context data inside the freed slab which is
currently being overwritten by l2cap during channel teardown.
This manifests as an "Unable to allocate ATT context for conn" when
reconnecting with multiple connections.
Since the l2cap channel is embedded inside of the ATT context and l2cap
still has a valid referenc to the l2cap channel we need to release the
ATT context at a later time.
This should be fixed by implementing the channel destroy function and
releasing the channel there.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add the option to provide the destroy callback to the fixed channels.
This can be used to free the memory for the L2CAP channel context which
is provided by the fixed channel in the accept callback.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The callback function may modify the att->req and it has to be
called after the att_process. The att_process does not re-check
if att->req is still NULL.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Fix assert in net_buf triggered on att encrypt change event.
ASSERTION FAIL [net_buf_simple_headroom(buf) >= len] @
ZEPHYR_BASE/subsys/net/buf.c:881
This happens because when the att request was allocated, it was not
properly initialized and req->retrying was left as true.
This caused the att encrypt change handling to assume an att request
needed to be resent, starting resending with an invalid request and
request buffer.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The path to include/drivers should not be in the compiler include path
list, only include/. In order to make this possible, always explictly
refer to hci_driver.h via the drivers/bluetooth/ path and not only
bluetooth/.
Fixes#21974.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This should reduce the footprint on applications that do a lot of
requests i.e have a lot of subscriptions.
Fixes#21103
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Make the channel ops struct const since there really isn't anything
there that needs to change at runtime. The only exception is the L2CAP
shell which was playing with the recv callback, however that can be
fixed by introducing a simple bool variable.
With tests/bluetooth/shell this reduces RAM consumption by 112 bytes
while adding only 16 bytes to flash consumption.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Fix ATT MTU size of length variables resulting in wrong length values
reported to the user. Communicating with an Android device using an MTU
of 517 resulted in write commands reported as length 2 instead.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Since bt_conn_send_cb can fail to send buffer causing it to unref this
may cause buffer leaks as the caller is not aware of the error assuming
the buffer could be sent.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fix bug in ATT reset handling, not releasing queued notification
buffers when the connection is terminated.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
