If the CONFIG_NET_SOCKETS_POLL_MAX is smaller than what is needed
for the socket service API to work properly, then we should not
start the service thread as the service API cannot work and might
cause memory overwrite in ctx.events[] array.
Fixes#69233
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This is obviously a copy & paste error. It was introduced by
107cb86bb3 (ztest: Add initial zexpect API
for delayed failing).
Signed-off-by: Reto Schneider <reto.schneider@husqvarnagroup.com>
The LE Secure connection (LESC) mask also require encryption,
and some users have been using e.g. BT_GATT_PERM_READ_LESC
without BT_GATT_PERM_READ_ENCRYPT, and then the encryption
check in bt_gatt_check_perm was never properly applied.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
There's not much to be done in case waking up the server thread with
socketpair send() fails, but at least we can log an error on such event
(to please coverity).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The shift is currently necessary due to a mismatch of the
specs and the API, but the shift should not be done when
the value is BT_BAP_BIS_SYNC_NO_PREF as that is a special value.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
In the unicast_client_ep_notify we would always call
bt_gatt_get_mtu, regardless of whether data == NULL.
When there is a disconnection, the notify callbacks are
called with data == NULL to indicate a unsubscription.
In the case of the unicast client, this would also trigger
calls to bt_gatt_get_mtu when there is a disconnect, which
in turn would trigger a warning that ATT is not connected.
Postponing the call to bt_gatt_get_mtu fixes this.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
This served no purpose for responces. The minimum MTU is sufficient for
all ATT headers.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
When EATT is enabled, bt_att_create_rsp_pdu used to reserve headroom for
the SDU header even when responding on the UATT bearer.
That subtracted from the room for the ATT payload in the buffers. The
remaining buffer size was insufficient to create a PDU of ATT MTU size,
since the exchanged local MTU is calculated the with the assumption that
the SDU header is not present.
This broke the ATT MTU promise, and e.g. our read response will have two
bytes fewer than promised. This caused a failure in PTS.
The new bt_att_create_rsp_pdu pays attention to the bearer type and only
allocates the SDU header on EATT bearers.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
The unicast_stop command takes either "all" or one or more
stream pointers as argument, but the argument handler did
not allow this.
The documentation for the command was also out of date.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The context had a bug where if GMAP was enabled, the context
was only BT_AUDIO_CONTEXT_TYPE_GAME.
The context should also (per BAP spec requirement) contain the
BT_AUDIO_CONTEXT_TYPE_UNSPECIFIED context.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fix LLL ISO stream get by group to return stream context
sorted by CIS offset in ascending order.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The Broadcast Assistant API should be fully independent of the scan
delegator. Therefore the new struct bt_bap_bass_subgroup has been
defined to avoid a dependency.
Fixes: #68338
Signed-off-by: Ping Wang <pinw@demant.com>
Settings NVS adds entry into Settings NVS cache after writing it
into flash. Previously, the entry was added into cache only
on the second writing attempt that caused very huge timing
despite cache was enabled since it was still empty.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
The warning should only apply for configurations where the
device may actually send ISO data (e.g. not the ISO sync receiver).
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The Imax_abs value should be printed using %u instead of %d
as it can be large and should be printed as positive value.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add COAP_RESPONSE_CODE_TOO_MANY_REQUESTS to coap_header_get_code(). CoAP
4.29 response code for "Too many requests" is defined in coap.h but was
missing from the list of cases, resulting in a 0 being returned instead
of the proper code.
Signed-off-by: Mike Szczys <mike@golioth.io>
The bt_iso_chan_send function could take an optional
timestamp by using 0 as an indicator. The issue with
this approach was that a timestamp value of 0 is valid,
and could cause potential issue with syncing streams
in a group.
To fully support transmitting with and without timestamp,
bt_iso_chan_send_ts has been introduced, which is the only
function of the two (bt_iso_chan_send being the other) that
supports timestamps.
A new function, rather than adding a boolean to the existing,
was chosen as it simplifies the individual functions as well
as making it more explicit what the function does.
Since the bt_iso_chan_send function is used by LE audio, both
the BAP and CAP send functions have similarly been updated.
Likewise, all tests and samples have been updated to use the
updated function(s), and BT_ISO_TIMESTAMP_NONE has been
removed.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The calculation for BASE_SUBGROUP_MAX_COUNT was off by one.
The macro did not consider the non-subgroup parameters of
the BASE that take up space. This effectively modifies
BASE_SUBGROUP_MAX_COUNT to be 24 instead of 25.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
By default variable context.sh is set to NULL. If any net_mgmt
event will be called when the variable has default value, there
will be a system exception.
Signed-off-by: Wojciech Slenska <wsl@trackunit.com>
Currently, the only thread-safe part of the IPv6 Neighbor processing
implementation are stale_counter related operation.
Fix this, by extending the mutex protection over all of the module, so
that message handlers, timers and API functions do not interfere with
each other.
As IPv6 Neighbor cache is tightly coupled with the Routing module, use
the same mutex to protect both, neighbor and routing tables, to prevent
deadlocks.
Also, replace the semaphore used with a mutex, as it seems more fit for
this particular job.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Disable randomization at the access layer in the Remote Provisioning
server when sending Link Stauts message as a responce on Link Close
message and then sending Link Report message right after it. Because of
the randomization, the report message is sent before the status message
which makes MESH/SR/RPR/PDU/BV-03-C test to fail.
This fixes MESH/SR/RPR/PDU/BV-03-C test.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
Disable randomization in the access layer when cancelling update in the
distribution server model. This is needed because the server sends 2
messages in a row and the gets reordered by the access layer
randomization feature making DFU/SR/FD/BV-43-C test to fail.
This fixes DFU/SR/FD/BV-43-C test.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
It is unclear from a cursory glance at the code what the caller of
`send_buf(buf)` should do with `buf` based on the returned error codes.
Document when ownership is and isn't transferred to `send_buf()`.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Verify the connection is active before popping the buffer from the TX
queue.
The current behavior enables a race condition between `create_frag` and
the connection being torn down, as `buf` can be popped from the TX queue
but not destroyed by `bt_conn_process_tx`.
In that case, `buf` will be leaked.
Original analysis and fix proposal by @watsug.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Reported-by: Adam Augustyn<watsug@gmail.com>
This commit implements simple rate-limiting for Neighbor Reachability
Hints in TCP module to prevent the potentially costly process of
frequent neighbor searches in the table, enhancing system performance.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
Multiple CDC ACM instances can block each other because there are only
buffers for a single instance. Fix this by configuring the number of
buffers in the pool based on the number of CDC ACM instances.
Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no>
Changed poll to perform incoming data check with connected
DTLS connections. This allows the CONFIG_NET_SOCKETS_DTLS_TIMEOUT
to timeout the connections to server socket if there is no
incoming data.
Previously, if the remote client closed the DTLS connection without
close notify, the timeout of the ongoing connection only happened
when next connection was taken to the server socket. Depending on
the timeouts, this could prevent the next connection from succeeding.
Signed-off-by: Markus Lassila <markus.lassila@nordicsemi.no>
Once an ISO channel has connected, the sequence number
always starts at 0. This reset was missing in the implementation,
and the _prev_seq_num from a previous connection may have
been kept.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Before a LL_FEATURE_REQ is sent, verify that the Data Length Update
procedure is still supported as it could have been unmasked as the result
of a previously completed Feature Exchange procedure.
Add unit test to verify the case of enqueuing both a
Feature Exchange procedure and Data Length Update procedure, where the
Feature Exchange procedure would result in the unmasking of the Data
Length Update procedure.
Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
Resume the TX Data Q when a LL_UNKNOWN_RSP is recieved instead of a
LL_PHY_RSP.
Update PHY Update unit test with more coverage of the TX Data Q pause
state.
Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
This will warn if any of the mesh module will try to send anything while
the stack is suspended. Not clear what to do here as both advertisers
(legacy and ext) behaves differently. The legacy advertiser has a
thread which is stopped after the `bt_mesh_adv_disable` call and any
sent advs after suspending the stack will stay in the pool until the
advertiser is resumed. The extended advertiser will schedule its work,
but then fail because `ext_adv->instance` value is NULL, but will call
`bt_mesh_send_cb.start` with error `-ENODEV`. What to do with these 2
behaviors is unclear at the moment. Ideally none of the mesh stack
modules should call `bt_mesh_adv_send` after the stack was suspended, so
if this warning appears, the faulty module wasn't stopped properly and
this should be fixed. If not to add the adv to the pool, then it kind
of gets lost as the implementation probably expects one
of `bt_mesh_send_cb` callbacks which will never be called. Leaving the
warning until clear customer request comes.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
WIFI scan result shows junk character in SSID because of
the length of ssid is maximum(32 character) which leads
to buffer overflow. It required one character for null
terminator ‘\0’.
Signed-off-by: Kapil Bhatt <kapil.bhatt@nordicsemi.no>
During local testing with UBSAN enabled, warning was reported:
bluetooth/host/l2cap.c:980:25: runtime error: member access
within null pointer of type 'struct k_work_q'
It turned out that le_chan->rtx_work.queue can be NULL.
Since null-pointer dereference is a UB, additional check
was added to ensure we don't access
`le_chan->rtx_work.queue->thread` when
`le_chan->rtx_work.queue == NULL`
The same changes applied to l2cap_br.c
Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no>
During local testing with UBSAN enabled, warning was reported:
bluetooth/host/iso.c:237:2: runtime error: null pointer passed
as argument 2, which is declared to never be null
It turned out that when datapath doesn't contain
codec information, cc_len is 0 and cc is NULL
In order to avoid UB,
now we call memcpy only when cp->codec_config_len > 0
Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no>
during local testling, UBSAN reported the following warnings:
- bluetooth/host/adv.c:2067:19: runtime error: shift exponent
255 is too large for 32-bit type 'long unsigned int'
- bluetooth/host/scan.c:828:18: runtime error: shift exponent
255 is too large for 32-bit type 'long unsigned int'
It turned out that we can't use BIT() macro directly on
bt_hci_evt_le_per_advertising_report::cte_type field.
According to Core Spec, `cte_type = 0xFF` corresponds
to `No contstant tone extension`.
Added separate function to convert CTE bit field from
HCI format to bt_df_cte_type
Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no>
If `CONFIG_BT_MESH_GATT_SERVER` is disabled or the advertising set
doesn't support proxy adv, the solicitation PDU will not be sent.
However, solicitation PDU transmission doesn't depend on the proxy
feature of the device it sends. Therefore, solicatation PDU should be
sent regradless of `CONFIG_BT_MESH_GATT_SERVER` option and advertiser
tag.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
Removed the "operation" infix from the bt_gatt_authorization_cb
callback structure in the Bluetooth GATT header.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
Trigger erasing solicitation settings before calling
`bt_mesh_settings_store_pending` and `bt_mesh_prov.reset` callback.
The `bt_mesh_settings_store_pending` flushes every settings that is
pending to be erased. The `bt_mesh_prov.reset` callback must be called
as the last step because a user is free to do anything from this
callback including rebooting or reprovisioning the device.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
Add warning that file opened without R/W flags will have no read/write
access.
Remove suggestion for using fs_open to check if file exists.
Clarify -ENOENT return reason.
Fixes#64030
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Previously the boot_write_img_confirmed() function used the MCUboot
public API function boot_set_confirmed(), but this function is hardcoded
to set the confirmed flag of slot 0. This works for MCUboot swap modes
but not for Direct XIP, where applications can execute out of secondary
slots.
This commit changes boot_write_img_confirmed() to instead use
boot_set_next() which sets the confirmed flag for a given flash area
and works with Direct XIP.
DT_CHOSEN(zephyr_code_partition) is used to get the current partition.
The zephyr,code-partition chosen node must be defined.
This commit also adds the zephyr,code-partition chosen node to the
native_sim devicetree to allow the tests under tests/subsys/dfu to
build for this target.
Signed-off-by: Ben Marsh <ben.marsh@helvar.com>
This patch modifies the way SHELL_BACKEND_SERIAL_API_ASYNC is selected.
The current logic causes conflicts (no console output) when the user tries
to use one of the UARTs in async mode, by setting CONFIG_SHELL_ASYNC_API,
while using Shell with a different UART (typically the Console's one).
Signed-off-by: Abderrahmane Jarmouni <abderrahmane.jarmouni-ext@st.com>
