A check for valid_chan_io_qos in big_init_bis was missing
a negation when checking for invalid parameters.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fix assert at line 1085 in ull_adv_aux.c due to auxiliary
offset calculation scheduling on ticker timeout under must
expire which can happen for overlapping multiple advertising
sets without previous calculation not complete, a single
mayfly instance is used hence the assertion.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
cte_info_clear function is responsible for remove of CTE from
periodic advertising PDUs, including remove from optional chained
PDUs. The function uses subortinate function rem_cte_info_from_per_-
adv_chain to remove CTE from chained PDUs.
The rem_cte_info_from_per_adv_chain had pdu_prev and pdu as arguments.
After return from the function the pdu_prev should point to last
PDU from previously used periodic advertising data and pdu should
point to last new periodic advertising data.
The rem_cte_info_from_per_adv_chain function removes CTEInfo from
all but last one PDU. Last PDU must have removed AuxPtr field also.
Remove of CTEInfo and AuxPtr from last PDU is done explicitly in
the cte_info_clear function.
Unfortunately rem_cte_info_from_per_adv_chain had wrong type of
parameters for pdu_prev and pdu. These parameters were pointers
instead od double pointers.
That caused cte_info_clear function to remove CTEInfo and AuxPtr
from first PDU in a chain, which is AUX_SYNC_IND.
Changed parameters pdu_prev and pdu in the rem_cte_info_from_per_adv_-
chain to be double pointers.
Added small corrections in comments.
Signed-off-by: Piotr Pryga <piotr.pryga@nordicsemi.no>
Co-authored-by: Emil Gydesen <Thalley@users.noreply.github.com>
Zephyr Bluetooth Mesh move adv send cb to buf destructor
callback, There are two net_buf_pool define, one to adv.c
and ore to friend.c, we are missing destructor in friend.c.
Signed-off-by: Lingao Meng <menglingao@xiaomi.com>
Two checks reported wrong value if the value was invalid.
CIS parameter check would always fail on correct values
due to missing negation of valid_chan_qos.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When Public Key field is set to RFU value then we should send
Provisioning Fail with Invalid Format error.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
Fix MPU fault due to incorrect EV_COUNT, `conn_change`
signal was not accounted for in the array used by k_poll.
Relates to commit 7854088116 ("Bluetooth: ISO: Fixes
missing handling of broadcast ISO TX").
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Instead of disconnecting ISO channels on ACL,
we put them in a non-connected state, and wait for
the ISO disconnect events.
This ensure that the controller has free'd the
ISO channels when the iso disconnect callbacks
are received. It will thus be possible to e.g.
terminate the CIG on the ISO disconnect callback.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When an ISO channel is disconnect on the central, it is
not deallocated, but merely disconnected. This is because,
as per the HCI spec, the CIS handle lives on in the CIG.
Instead of unref'ing the bt_conn to 0, we simply put the
channel and connection in the disconnected state.
This also fixes a few missing returns for
terminating a CIG.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Add a sent callback to bt_iso_chan_ops so that the application
can be notified when an SDU has been sent. This can help the
application decide whether to queue up multiple, or only
have a single ISO PDU enqueue for reduced latency.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
On native_posix_64 we get the following compile error in CI:
error: format %u expects argument of type unsigned int
Fix by using %zu instead of %u as type is of size_t.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The HCI spec defines the BIS index range as starting from
index 0x01. We had previously implemented it such that it
starts from 0x00, and then simply adding 1 to the index
when sending over HCI. However, this may cause issue with
other HCI, or other SIG defined specification, commands
and events, and thus it is probably simpler if we just
use the HCI defined range.
This commit disallows BIT(0) (representing the BIS
index 0x00) to be set, and removes the addition
of 1 when sending over HCI.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fix null pointer deferencing in Periodic Synchronization
when ULL execution context could not assign an auxiliary
context when in LLL scheduling to receive chain PDUs.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix null pointer dereferencing in Extended Scanning when
there are more peer devices than the allocated auxiliary
contexts.
When LLL scheduling does not get an auxiliary context
assigned in the ULL execution context, then further chain
reception is aborted, access to `lll->lll_aux` which is
NULL causes null pointer dereferencing in
`ull_scan_aux_release`.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
When Extended Initiating a connection, release auxiliary
context memory referenced by the lll_aux pointer.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Update Periodic Advertising Synchronization's drift
compensation to save radio ready and address capture on
AUX_SYNC_IND reception, restore and apply at the end of
reception of all AUX_CHAIN_IND PDUs.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Instead of checking `if (iso == NULL)` it simply checked
`if (iso)` which is the opposite of what it should have done.
This completely blocks iso from connecting channels.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Timeout cancel should only be done for connections established in
peripheral role.
Enhanced connection complete event could still be delivered without
extended advertising support (i.e no advertising set terminated event)
so this handling should be moved to the common conn complete function.
Fixes#37467
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
PR #35774 introduced a uuid field in the bt_mesh_cfg_mod_pub structure.
The shell does not initialize this pointer before passing it to the
access layer. Add a line to initialize this pointer.
Fixes#38016.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
param can never be NULL here, so the check is redundant. Coverity is
complaining because param is accessed before the NULL check.
Fixes#37949.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
param can never be NULL, so this check is redundant. Coverity complains
about this, as the param variable is accessed before the check, which
would be wrong if param could be NULL.
Fixes#37948.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
When Extended Scan Response data of length zero is set, the
Scan Response do not have the Common Extended Payload Format
and hence no ADI field. Fix uninitialized pointer to Scan
Response Data's ADI to avoid copy of ADI from primary
channel PDU.
Fixes#38015.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
When call bt_gatt_indicate with param->attr set to null.
and attr->uuid set to given uuid, the internal notify will
search uuid, but not assigned to param->attr, which cauce
null point reference when:
notify --> gatt_indicate --> bt_gatt_check_perm
Signed-off-by: Lingao Meng <menglingao@xiaomi.com>
When call `bt_gatt_notify_cb` with param->attr set to null.
and attr->uuid set to given uuid, the internal notify will
search uuid, but not assigned to param->attr, which cauce
null point reference when:
notify --> gatt_notify --> bt_gatt_check_perm
Signed-off-by: Lingao Meng <menglingao@xiaomi.com>
Advertising might stop when:
- it was stopped by application
- device connected to a peer
- extended advertising reached stop condition
defined in BT_LE_EXT_ADV_START_PARAM - this is handled in ll
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
Call bt_le_adv_stop() if adv == bt_dev.adv (Meaning it is the legacy
advertiser and was started with bt_le_adv_start()), otherwise use
bt_le_ext_adv_stop(), because it was started with bt_le_ext_adv_start().
Failing to stop advertising shouldn't result in assert.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
'err' is already defined in parent scope, we can use. Just need to set
it back to 0 before returning from function.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
This was changes when sync chain handling was done in lll_scan_aux, we
can now revert to original code.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
We need more RX nodes when scanning either extended/periodic advertising
trains and CTE samples so pudate those values based on observer and DF
features enabled.
The number of nodes for non-DF allows to scan complete chain for each
aux scan set (assuming max data length and optimal fragmentation by
advertiser), for DF it allows to scan max possible PDUs and CTE samples.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Periodic advertising train scanner implemented in lll_scan_aux adds lots
of branches that cannot be compiled out with periodic advertising sync
disabled.
This commit moves sync parts of the code from lll_scan_aux to lll_sync.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Periodic advertising PDUs are now dispatched immediately one by one
(i.e. without list of PDUs as when flushed from aux context) so we
do not need to iterate such a list.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
AdvA, TargetA, ADI and SyncInfo are RFU in periodic advertising PDUs so
we should ignore them when present in PDU.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Periodic advertising reports can be reated directly from single PDU
as they do not require any information from superior PDU, so we can
dispatch them immediately instead of buffering in aux context and
flushing at the end of chain.
This also resolves proper order of Periodic advertising and IQ reports.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
We use 1st node enqueued in aux context to retrieve lll scan/sync
struct, but that only works if we buffer PDUs in aux context. It's
better to store parent lll struct as explicit member in aux context
as this also works if we skip buffering.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
This adds complete support for scanning for periodic advertising trains.
AUX_SYNC_IND is always scheduled from ULL as usual, then code for aux
scanning is reused to allow for AUX_CHAIN_IND scanning scheduled from
both ULL and LLL, depending on AuxPtr.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
aux->rx_last cannot be NULL since it's always set after acquire to a
valid node so the flow in flush() can be simplified.
rx parameter is only used to update PDU chain, then it's overwritten,
so we can instead update PDU chain in caller since there's only one
place when this should happen.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
We should decide on flush immediately vs. from disabled_cb based on
ull_hdr reference count instead of last rxd node - if ull_hdr has
non-zero ref, then done event is still pending and we should flush
from there.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Periodic advertising reports can have 255 bytes of payload so need to
use that value by default if periodic advertising is enabled.
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Update the name of the bt_conn pointers to make it clear
whether the connection pointers are ACL or ISO connections.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Make the name of the internal bt_conn pointers explicit as to
whether they point to an ACL or ISO bt_conn.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Ignore received Extended Advertising PDU with RFU field set
in the Common Extended Advertising Payload Format of the
PDU.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use defines to access hdr_data fields used by interfaces to
populate the Common Extended Advertising Payload Format in
the PDUs.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
