| 18b780ea |
gatt: Fix possible crashes when disconnecting
If there are pending AcquireWrite or AcquireNotify when disconnecting
the attribute object may be freed (e.g. device is temporary) leading to
the following backtrace:
bluetoothd[369928]: src/gatt-database.c:gatt_db_service_removed() Local GATT service removed
bluetoothd[369928]: src/adapter.c:adapter_service_remove() /org/bluez/hci1
bluetoothd[369928]: src/adapter.c:remove_uuid() sending remove uuid command for index 1
bluetoothd[369928]: src/sdpd-service.c:remove_record_from_server() Removing record with handle 0x1002e
bluetoothd[369928]: src/gatt-database.c:send_notification_to_device() GATT server sending indication
bluetoothd[369928]: src/device.c:gatt_debug() Write Complete: err -125
bluetoothd[369928]: src/gatt-database.c:client_disconnect_cb() Client disconnected
bluetoothd[369928]: src/advertising.c:client_disconnect_cb() Client disconnected
bluetoothd[369928]: Failed to acquire write: org.freedesktop.DBus.Error.NoReply
Program received signal SIGSEGV, Segmentation fault.
0x0000555555631450 in acquire_write_reply (message=0x55555583dec0, user_data=0x555555843e40) at src/gatt-database.c:2437
2437 send_write(op->device, op->attrib, chrc->proxy, NULL, op->id, |
Luiz Augusto von Dentz |
5 years ago |
1 file, +10, -0 |
| 4661c1bc |
tools/mesh-cfgclient: Fix SIGSEGV
This patch addresses the following crash:
[mesh-cfgclient]#
Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106 ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
0 strlen () at ../sysdeps/x86_64/strlen.S:106
1 0x00000000004235d6 in l_dbus_interface_method (interface=interface@entry=0x66d900, name=name@entry=0x42bbad "ScanResult", flags=flags@entry=0,
cb=cb@entry=0x404940 <scan_result_call>, return_sig=return_sig@entry=0x42f7ca "", param_sig=param_sig@entry=0x42bba4 "naya{sv}") at ell/dbus-service.c:320
2 0x000000000040433d in setup_prov_iface (iface=0x66d900) at tools/mesh-cfgclient.c:1695
3 0x00000000004249b1 in _dbus_object_tree_register_interface (tree=0x65b770, interface=interface@entry=0x42baa8 "org.bluez.mesh.Provisioner1",
setup_func=setup_func@entry=0x404310 <setup_prov_iface>, destroy=destroy@entry=0x0, old_style_properties=old_style_properties@entry=false)
at ell/dbus-service.c:1385
4 0x000000000041cffa in l_dbus_register_interface (dbus=<optimized out>, interface=interface@entry=0x42baa8 "org.bluez.mesh.Provisioner1",
setup_func=setup_func@entry=0x404310 <setup_prov_iface>, destroy=destroy@entry=0x0, handle_old_style_properties=handle_old_style_properties@entry=false)
at ell/dbus.c:1455
5 0x0000000000403f4e in register_app () at tools/mesh-cfgclient.c:1770
6 client_ready (client=<optimized out>, user_data=<optimized out>) at tools/mesh-cfgclient.c:1815
7 0x0000000000425ed2 in get_managed_objects_reply (message=<optimized out>, user_data=0x66ab50) at ell/dbus-client.c:572
8 0x000000000041bc25 in handle_error (message=0x66c0c0, dbus=<optimized out>) at ell/dbus.c:236
9 0x000000000041cdcc in message_read_handler (io=<optimized out>, user_data=0x6653f0) at ell/dbus.c:276
10 0x0000000000418763 in io_callback (fd=<optimized out>, events=1, user_data=0x6664e0) at ell/io.c:126
11 0x000000000041957a in l_main_iterate (timeout=<optimized out>) at ell/main.c:473
12 0x000000000041964c in l_main_run () at ell/main.c:520
13 0x000000000041986b in l_main_run_with_signal (callback=callback@entry=0x4153a0 <l_sig_func>, user_data=user_data@entry=0x0) at ell/main.c:642
14 0x0000000000415471 in mainloop_run_with_signal (func=func@entry=0x4139a0 <signal_callback>, user_data=user_data@entry=0x0) at src/shared/mainloop-ell.c:87
15 0x0000000000414b6f in bt_shell_run () at src/shared/shell.c:1177
16 0x00000000004039ed in main (argc=<optimized out>, argv=<optimized out>) at tools/mesh-cfgclient.c:1999 |
Anupam Roy |
5 years ago |
1 file, +1, -1 |
| 84a9b6ce |
mesh: Add net key index to sar structure
This patch adds net key index to struct mesh_sar. This fixes problem with
using invalid network key to encrypt application messages. |
Przemysław Fierek |
5 years ago |
3 files, +35, -26 |
| d676c4dd |
shared/gatt: Fix NULL pointer dereference
bluetoothd[363094]: src/device.c:device_connect_le() Connection attempt to: 00:AA:01:00:00:23
Program received signal SIGSEGV, Segmentation fault.
write_complete_cb (attr=0x55555580aa30, err=-110, user_data=0x55555585f7c0) at src/shared/gatt-server.c:793
793 util_debug(server->debug_callback, server->debug_data,
(gdb) bt
#0 write_complete_cb (attr=0x55555580aa30, err=-110, user_data=0x55555585f7c0) at src/shared/gatt-server.c:793
#1 0x00005555556a5852 in pending_write_result (p=0x555555866030, err=<optimized out>) at src/shared/gatt-db.c:162
#2 0x00005555556a5ac7 in write_timeout (user_data=0x555555866030) at src/shared/gatt-db.c:1879
#3 0x00005555556a9b15 in timeout_callback (user_data=user_data@entry=0x555555864b20) at src/shared/timeout-glib.c:34
#4 0x00007ffff7e1f081 in g_timeout_dispatch (source=source@entry=0x555555864f00, callback=0x5555556a9b00 <timeout_callback>, user_data=0x555555864b20) at ../glib/gmain.c:4705
#5 0x00007ffff7e1e570 in g_main_dispatch (context=0x5555557d9630) at ../glib/gmain.c:3216
#6 g_main_context_dispatch (context=context@entry=0x5555557d9630) at ../glib/gmain.c:3881
#7 0x00007ffff7e1e900 in g_main_context_iterate (context=0x5555557d9630, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3954
#8 0x00007ffff7e1ebf3 in g_main_loop_run (loop=0x5555557d75d0) at ../glib/gmain.c:4148
#9 0x00005555556a9dbd in mainloop_run () at src/shared/mainloop-glib.c:79
#10 0x00005555556aa36a in mainloop_run_with_signal (func=<optimized out>, user_data=0x0) at src/shared/mainloop-notify.c:201
#11 0x00005555555bb9e3 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:770 |
Szymon Janc |
5 years ago |
1 file, +6, -6 |
| 066e9c4f |
main: Fix GATT option parsing
Key name is Channels. |
Szymon Janc |
5 years ago |
1 file, +1, -1 |
| c55b358d |
mesh: Remove unused functions: 'mesh_net_sub_list_add' and 'mesh_net_sub_list_del' |
Przemysław Fierek |
5 years ago |
2 files, +0, -29 |
| 1813d813 |
mesh: Remove unused argument from 'mesh_net_transport_send' function |
Przemysław Fierek |
5 years ago |
3 files, +16, -16 |
| baafe60d |
core/device: Handle Just-Works auto-accept
The kernel starts to always request confirmation to BlueZ daemon for
Just-Works pairing. In this patch the daemon does auto-accept if the
client has clearly indicated a pairing intent by calling the Pair()
D-Bus API. |
Sonny Sasaka |
5 years ago |
1 file, +13, -2 |
| 7daf0d60 |
gatt: Enable connecting to EATT channel using Ext-Flowctl mode
This makes use of BT_IO_MODE_EXT_FLOWCTL to connect to EATT channels. |
Luiz Augusto von Dentz |
5 years ago |
1 file, +29, -5 |
| 781cdbe1 |
tools/l2cap-tester: Add test for Ext-Flowctl mode
This adds tests for Ext-Flowctl which uses ECRED PDUs. |
Luiz Augusto von Dentz |
5 years ago |
1 file, +144, -40 |
| f18851b5 |
emulator/bthost: Add support for ECRED Connection request/response
This adds support for ECRED Connection request/response which will be
used by l2cap-runner to test L2CAP_MODE_EXT_FLOWCTL mode. |
Luiz Augusto von Dentz |
5 years ago |
1 file, +72, -0 |
| 24ed9baf |
l2test: Add support for BT_MODE_EXT_FLOWCTL
This enables using l2test to connect or listen with
BT_MODE_EXT_FLOWCTL. |
Luiz Augusto von Dentz |
5 years ago |
1 file, +14, -6 |
| f2418bf9 |
btio: Add mode to for Enhanced Credit Mode
This adds BT_IO_MODE_EXT_FLOWCTL which directly maps to
BT_MODE_EXT_FLOWCTL. |
Luiz Augusto von Dentz |
5 years ago |
2 files, +56, -9 |
| cbb39474 |
lib: Add definitions for Enhanced Credits Based Mode |
Luiz Augusto von Dentz |
5 years ago |
1 file, +8, -0 |
| 6cd9832c |
tools/mesh-cfgclient: Update to match modified APIs
This handles updated parameter list in UnprovisionedScan(),
AddNode() and ScanResult() D-Bus methods |
Inga Stotland |
5 years ago |
1 file, +30, -6 |
| 08c9d5aa |
test/test-mesh: Update to match modified APIs
This handles updated parameter list in UnprovisionedScan(),
AddNode() and ScanResult() D-Bus methods |
Inga Stotland |
5 years ago |
1 file, +25, -14 |
| 4100dede |
mesh: Update UnprovisionedScan, AddNode & ScanResult
The following methods are modified to allow for future development:
Interface org.bluez.mesh.Management1:
Old: void UnprovisionedScan(uint16 seconds)
New: void UnprovisionedScan(dict options)
The options parameter is a dictionary with the following keys defined:
uint16 Seconds
Specifies number of seconds for scanning to be active.
If set to 0 or if this key is not present, then the
scanning will continue until UnprovisionedScanCancel()
or AddNode() methods are called.
other keys TBD
Old: void AddNode(array{byte}[16] uuid)
New: void AddNode(array{byte}[16] uuid, dict options)
The options parameter is currently an empty dictionary
Interface org.bluez.mesh.Provisioner1
Old: void ScanResult(int16 rssi, array{byte} data)
New: void ScanResult(int16 rssi, array{byte} data, dict options)
The options parameter is currently an empty dictionary |
Inga Stotland |
5 years ago |
1 file, +30, -9 |
| 5ab72c77 |
doc/mesh-api: Forward compatibility modifications
The following methods are modified to allow for future development:
Interface org.bluez.mesh.Management1:
Old: void UnprovisionedScan(uint16 seconds)
New: void UnprovisionedScan(dict options)
The options parameter is a dictionary with the following keys defined:
uint16 Seconds
Specifies number of seconds for scanning to be active.
If set to 0 or if this key is not present, then the
scanning will continue until UnprovisionedScanCancel()
or AddNode() methods are called.
other keys TBD
Old: void AddNode(array{byte}[16] uuid)
New: void AddNode(array{byte}[16] uuid, dict options)
The options parameter is currently an empty dictionary
Interface org.bluez.mesh.Provisioner1
Old: void ScanResult(int16 rssi, array{byte} data)
New: void ScanResult(int16 rssi, array{byte} data, dict options)
The options parameter is currently an empty dictionary |
Inga Stotland |
5 years ago |
1 file, +21, -7 |
| ac2878cd |
monitor: Fix decoding of LE Setup ISO Data Path command
LE Setup ISO Data Path command contains not only the transport but also
the codec along with its configuration. |
Luiz Augusto von Dentz |
5 years ago |
2 files, +37, -27 |
| 869b2c58 |
lib: Add identifier for VIRTIO devices |
Marcel Holtmann |
5 years ago |
2 files, +3, -0 |
| 1284446b |
monitor: Add support for Read Local Simple Pairing Options command |
Marcel Holtmann |
5 years ago |
2 files, +19, -0 |
| 1b9ee342 |
btmgmt: Rename version command to revision
version is already handled by btshell and always refer to BlueZ version
rather than MGMT version, so this renames the command to revision to
avoid having the clash of command names. |
Luiz Augusto von Dentz |
5 years ago |
1 file, +3, -3 |
| c95950e0 |
btmgmt: Fix irks command parsing
btshell does not allow use of nested parameter delimiters. |
Luiz Augusto von Dentz |
5 years ago |
1 file, +1, -1 |
| aa2a5814 |
monitor: Adding missing settings descriptions in btmon
This change adds the missing settings descriptions from btmon. |
Alain Michaud |
5 years ago |
1 file, +1, -1 |
| 2fd62cdb |
avdtp: fix delay report valid states
According to AVDTP specification section 6.19,
avdtp_delayreport_cmd could also be received when the state of SEP
is open.
Therefore, updating to accommodate such condition. |
Archie Pusaka |
5 years ago |
1 file, +1, -0 |
| c0529834 |
tools/btmgmt: Fix missing setting string in btmgmt
Both PHY configuration and wide band speech are not set in
btmgmt.c. |
Howard Chung |
5 years ago |
1 file, +2, -0 |
| 823821dc |
autopair: Fix compiler warning
With clang, comparing an array with NULL generates a warning because the
value is always non-NULL. With maintainer mode enabled, this becomes a
compilation error. |
Sonny Sasaka |
5 years ago |
1 file, +1, -1 |
| 5379e024 |
mesh: Fix model publication status after set
This patch fixes usage of send_pub_status() when handling publication
set message - mod_id was swapped with pub_addr, resulting in malformed
message being sent back to the Config Client. |
Michał Lowas-Rzechonek |
5 years ago |
1 file, +2, -2 |
| 424f88e7 |
mesh: Handle close for Acceptor
Provision complete callback is handled in provision failure case.
If link closed received abruptly with reason success, triggered
provision complete callback. Removed session timeout and session
free as they are handled in pb_adv_unreg. |
Prathyusha N |
5 years ago |
2 files, +13, -14 |
| 936122a2 |
mesh: Whitespace correction |
Brian Gix |
5 years ago |
1 file, +1, -2 |
| ac940a70 |
mesh: Send input complete for input OOB Authentication
Send input complete when user completes input operation. |
Prathyusha N |
5 years ago |
1 file, +6, -0 |
| 8ef71fca |
mesh: Handle invalid public keys
Check for invalid public keys received and send provision failed. |
Prathyusha N |
5 years ago |
1 file, +26, -12 |
| 9b4d8f1d |
mesh: Handle netkey delete when netkey is not in netkeylist
4.4.1.2.9 of Mesh Profile Bluetooth specification:
When an element receives a Config NetKey Delete message that
identifies a NetKey that is not in the NetKey List, it
responds with Success, because the result of deleting the
key that does not exist in the NetKey List will be the same
as if the key was deleted from the NetKey List. |
Prathyusha N |
5 years ago |
1 file, +1, -1 |
| 622d98af |
avdtp: Fix crashes in avdtp_abort
In avdtp_abort, if setup->stream is NULL, trying to access
stream->lsep will crash. |
Howard Chung |
5 years ago |
1 file, +1, -2 |
| 97e24f91 |
mesh: Fix Replay Protection Cache
There was a bug identified in the RPL storage, such that the real-time
queue was being filled by incorrect unicast addresses. (Thx ccsanden). |
Brian Gix |
5 years ago |
1 file, +1, -1 |
| e8c870c6 |
mesh: Allow short messages to be segmented
For added reliability, it is legal to send short messages as "single
segment" segmented messages, which require transport layer
acknowledgement. This feature is intended for heavy usage in the future
so I am adding it now.
Further, to support this functionality, an additional queue has been
added to allow multiple SAR messages to the same DST to be queued and
sent serially. |
Brian Gix |
5 years ago |
7 files, +86, -50 |
| 40339fed |
tools/mesh-cfgclient: Increase app's CRPL size
This increases the value of the CRPL supplied by the applicaiton
to 0x7fff: since the tool is intended to be a provisioner and config
client, it may have to keep track of communications with a significant
number of unique mesh nodes, each with its corresponding CRPL entry in
config client node storage. Therefore, a large CRPL size is necessary. |
Inga Stotland |
5 years ago |
1 file, +2, -1 |
| 5885eab5 |
mesh: Fix processing of Config Node Reset message
This fixes a condition when a node continues processing messages
after it has been reset by a remote configuration client.
Upon receiving Config Node Reset message, node removal happens after
a grace interval to allow sending of Config Node Reset Status reply. |
Inga Stotland |
5 years ago |
1 file, +6, -10 |
| fe43810b |
tools/mesh-cfgclient: Implement node-reset command
This implements one-pass removal oa a remote node from a mesh network
by issuing a node-reset command from config menu. The following actions
are performed:
- Config Node Reset message is sent to a remote node
- Upon either receiving Config Node Reset Status or response timeout,
node record is removed from configuration client's database and,
by calling DeleteRemoteNode() method on mesh.Management interface
node-delete command from the main menu is removed. |
Inga Stotland |
5 years ago |
6 files, +147, -54 |
| f2778f58 |
input: Add LEAutoSecurity setting to input.conf
LEAutoSecurity can be used to enable/disable automatic upgrades of
security for LE devices, by default it is enabled so existing devices
that did not require security and were not bonded will automatically
upgrade the security.
Note: Platforms disabling this setting would require users to manually
bond the device which may require changes to the user interface to
always force bonding for input devices as APIs such as Device.Connect
will no longer work which maybe perceived as a regression. |
Luiz Augusto von Dentz |
5 years ago |
4 files, +27, -3 |
| 35d8d895 |
input: hog: Attempt to set security level if not bonded
This attempts to set the security if the device is not bonded, the
kernel will block any communication on the ATT socket while bumping
the security and if that fails the device will be disconnected which
is better than having the device dangling around without being able to
communicate with it until it is properly bonded. |
Luiz Augusto von Dentz |
5 years ago |
1 file, +11, -2 |
| ab8a80b0 |
Release 5.54 |
Marcel Holtmann |
5 years ago |
2 files, +9, -1 |
| 209a689b |
build: Update library version |
Marcel Holtmann |
5 years ago |
1 file, +1, -1 |
| 787180f5 |
lib: Add version number for Bluetooth 5.2 |
Marcel Holtmann |
5 years ago |
1 file, +1, -0 |
| 031728b4 |
monitor: Fix for incorrect len in L2CAP Enhanced Reconfigure |
Łukasz Rymanowski |
5 years ago |
1 file, +2, -2 |
| 9541d862 |
a2dp: Fix race when connecting and being connected at the same time
There is a possibility where BlueZ initiate an A2DP connection just
around the same time as the peripheral also initiate it.
One scenario is the peripheral initiate the connection first, so
confirm_cb() on /profiles/audio/a2dp.c is called. However, while we
are waiting for the authentication step, BlueZ initiate a connection
to the peripheral, therefore a2dp_sink_connect() is called, which
from there a2dp_avdtp_get() is called.
If this happens: When calling confirm_cb(), chan for the
corresponding device is created.
Then when calling a2dp_avdtp_get(), chan will be found as it is
created in confirm_cb(), and the value of chan->io is not NULL.
However, a NULL is supplied instead to create a new session and
assigned to chan->session.
Then when calling connect_cb(), chan->session will NOT be NULL, as
it is assigned in a2dp_avdtp_get(). Nevertheless, chan->session is
always assigned a new value.
These cause failure in connection.
Therefore, fixing this by supplying the value of chan->io inside
a2dp_avdtp_get() (it's going to be NULL on the normal case so it is
fine), and check whether chan->session already assigned inside
connect_cb(). |
Archie Pusaka |
5 years ago |
1 file, +7, -4 |
| 14151f9b |
test/test-mesh: Add support for static OOB in the agent
This allows to display a 16-octet key to be entered on the remote
device during provisioning. |
Inga Stotland |
5 years ago |
1 file, +19, -0 |
| 65e38696 |
tools/mesh-cfgclient: Add support for Static OOB key
This fixes a bug that didn't allow 16 octet Static OOB strings during
provisioning. |
Brian Gix |
5 years ago |
2 files, +25, -14 |
| ad50deea |
README: Add Mesh required Kernel Configuration section
Not all distributions include all required mesh crypto support. This
adds a section with known kernel required options. |
Brian Gix |
5 years ago |
1 file, +25, -0 |
| 3cccdbab |
HID accepts bonded device connections only.
This change adds a configuration for platforms to choose a more secure
posture for the HID profile. While some older mice are known to not
support pairing or encryption, some platform may choose a more secure
posture by requiring the device to be bonded and require the
connection to be encrypted when bonding is required.
Reference:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html |
Alain Michaud |
5 years ago |
4 files, +43, -2 |