platform/upstream/bluez.git
17 months agobtproxy: Allow to select multiple BT controllers
Frédéric Danis [Fri, 3 Jun 2022 14:54:47 +0000 (16:54 +0200)]
btproxy: Allow to select multiple BT controllers

When running on a computer with a real Bluetooth controller (e.g. hci0) and
multiple emulators (e.g. hci1 and hci2) it isn't possible to use the
emulators with 2 test-runner vms.
If btproxy is started without index parameter the first test-runner will
use hci0, and btprox can't be started with multiple index parameters
(e.g. -i1 -i2).

This patch keeps the old beahvior when used without -i option, in this case
it will try to use the first controller available.
It also allows to select multiple controllers to be used by btproxy.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoa2dp: error return paths in a2dp_reconfig must free allocated setup
Pauli Virtanen [Sun, 5 Jun 2022 12:29:27 +0000 (15:29 +0300)]
a2dp: error return paths in a2dp_reconfig must free allocated setup

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoa2dp: disallow multiple SetConfiguration to same local SEP
Pauli Virtanen [Sun, 5 Jun 2022 12:29:26 +0000 (15:29 +0300)]
a2dp: disallow multiple SetConfiguration to same local SEP

Using the remote SEP SetConfiguration DBus API, it's possible to make
multiple remote endpoints use the same local SEP, if they are endpoints
from different connected devices. This is invalid: successful
configuration shall prevent a different device configuring the same SEP
(AVDTP v1.3 Sec. 5.3).  Moreover, this breaks the assumption in the
AVDTP code that each SEP has at most a single stream, and causes
misbehavior later on (subsequent transport acquires fail with EPERM).

Fix this by first checking the SEP is free before proceeding in the DBus
API call.  Also add a sanity check in avdtp_set_configuration, to reject
configuring an already configured SEP similarly as in avdtp_setconf_cmd.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Stop spamming logs when GATT db cannot be loaded
Luiz Augusto von Dentz [Thu, 2 Jun 2022 21:18:52 +0000 (14:18 -0700)]
monitor: Stop spamming logs when GATT db cannot be loaded

This stops calling hci_devba everytime the GATT db needs to be loaded
since that causes a raw socket to be open to read back the address
pointed by the index, instead this is done only once at assign_handle
and store in packet_conn_data.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomesh: Fix issue with snprintf return value check and format-truncation error
Marcel Holtmann [Fri, 10 Jun 2022 17:55:13 +0000 (19:55 +0200)]
mesh: Fix issue with snprintf return value check and format-truncation error

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodoc/coding-style: Update URL to kernel coding style
Michael Brudevold [Fri, 3 Jun 2022 21:26:04 +0000 (16:26 -0500)]
doc/coding-style: Update URL to kernel coding style

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodevice: Fix not deleting the folder after removing the device
Tedd Ho-Jeong An [Wed, 8 Jun 2022 05:14:18 +0000 (22:14 -0700)]
device: Fix not deleting the folder after removing the device

This patch fixes the issue not deleting the device folder when the
device is removed.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomgmt-tester: Fix build error
Luiz Augusto von Dentz [Thu, 2 Jun 2022 18:52:06 +0000 (11:52 -0700)]
mgmt-tester: Fix build error

This fixes the following build error:

CC    tools/mgmt-tester.o
tools/mgmt-tester.c: In function ‘setup_command_generic’:
tools/mgmt-tester.c:7503:16: error: the comparison will always evaluate
as ‘true’ for the pointer operand in
‘(const struct setup_mgmt_cmd *)test->setup_mgmt_cmd_arr +
(sizetype)(i * 24)’ must not be NULL [-Werror=address]
 7503 |     for (; test->setup_mgmt_cmd_arr + i; ++i) {
   |        ^~~~

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotest-runner: Enable BT_HCIUART and BT_HCIUART_H4
Luiz Augusto von Dentz [Wed, 1 Jun 2022 21:20:27 +0000 (14:20 -0700)]
test-runner: Enable BT_HCIUART and BT_HCIUART_H4

These options are required when running with -u option since that uses
H4 headers to serialize the communication of host and guest.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotest-runner: Fix not waiting for system_bus_socket
Luiz Augusto von Dentz [Wed, 1 Jun 2022 21:09:23 +0000 (14:09 -0700)]
test-runner: Fix not waiting for system_bus_socket

This makes test-runner wait for system_bus_socket to be available before
continuing otherwise the likes of bluetoothd would likely fail to start.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodoc: Introduce the quality report command and event
Joseph Hwang [Thu, 26 May 2022 11:24:49 +0000 (19:24 +0800)]
doc: Introduce the quality report command and event

Add the MGMT quality report command and event in doc/mgmt-api.txt.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomesh-gatt: Fix use_after_free
Gopal Tiwari [Tue, 31 May 2022 07:41:17 +0000 (13:11 +0530)]
mesh-gatt: Fix use_after_free

Following scenario happens when prov is false and we have double free as
mentioned in the below

bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees
"in_str".

bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free"
frees pointer "in_str" which has already been freed.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomeshctl: Fix possible use_after_free
Gopal Tiwari [Tue, 31 May 2022 07:41:16 +0000 (13:11 +0530)]
meshctl: Fix possible use_after_free

Reported by coverity tool as follows :

bluez-5.64/tools/meshctl.c:1968: freed_arg: "g_free" frees "mesh_dir".

bluez-5.64/tools/meshctl.c:2018: double_free: Calling "g_free" frees
pointer "mesh_dir" which has already been freed.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agopbap: Fix memory leak
Gopal Tiwari [Tue, 31 May 2022 07:41:15 +0000 (13:11 +0530)]
pbap: Fix memory leak

Reported by coverity tool as follows:

bluez-5.64/obexd/client/pbap.c:929: leaked_storage: Variable "apparam"
going out of scope leaks the storage it points to.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoobex-client: Fix leaked_handle
Gopal Tiwari [Tue, 31 May 2022 07:41:13 +0000 (13:11 +0530)]
obex-client: Fix leaked_handle

While performing static tool analysis using coverity found following
reports for resouse leak

bluez-5.64/tools/obex-client-tool.c:315: leaked_handle: Handle variable
"sk" going out of scope leaks the handle.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomesh/mesh-db: Fix resource leaks
Gopal Tiwari [Tue, 31 May 2022 07:41:12 +0000 (13:11 +0530)]
mesh/mesh-db: Fix resource leaks

While performing static tool analysis using coverity found following
reports for resouse leak

bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_handle: Handle variable
"fd" going out of scope leaks the handle.

bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_storage: Variable "str"
going out of scope leaks the storage it points to.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agol2cap-tester: Fix leaked_handle
Gopal Tiwari [Tue, 31 May 2022 07:41:11 +0000 (13:11 +0530)]
l2cap-tester: Fix leaked_handle

While performing static tool analysis using coverity found following
reports for resouse leak

bluez-5.64/tools/l2cap-tester.c:1712: leaked_handle: Handle variable
"new_sk" going out of scope leaks the handle.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agocreate-image: Fix leaked_handle
Gopal Tiwari [Tue, 31 May 2022 07:41:10 +0000 (13:11 +0530)]
create-image: Fix leaked_handle

While performing static tool analysis using coverity found following
reports for resouse leak

bluez-5.64/tools/create-image.c:124: leaked_storage: Variable "map"
going out of scope leaks the storage it points to.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agocltest: Fix leaked_handle
Gopal Tiwari [Tue, 31 May 2022 07:41:09 +0000 (13:11 +0530)]
cltest: Fix leaked_handle

While performing static tool analysis using coverity found
following reports for resouse leak

bluez-5.64/tools/cltest.c:75: leaked_handle: Handle variable "fd"
going out of scope leaks the handle.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agosixaxis: Fix memory leaks
Gopal Tiwari [Tue, 31 May 2022 07:41:08 +0000 (13:11 +0530)]
sixaxis: Fix memory leaks

While performing static tool analysis using coverity
found following reports for resouse leak

bluez-5.64/plugins/sixaxis.c:425: alloc_arg:
"get_pairing_type_for_device" allocates memory that is
stored into "sysfs_path".

bluez-5.64/plugins/sixaxis.c:428: leaked_storage: Variable "sysfs_path"
going out of scope leaks the storage it points to.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Fix memory leaks
Gopal Tiwari [Tue, 31 May 2022 07:41:07 +0000 (13:11 +0530)]
monitor: Fix memory leaks

While performing static tool analysis using coverity
found following reports for resouse leak

bluez-5.64/monitor/jlink.c:111: leaked_storage: Variable "so"
going out of scope leaks the storage it points to.

bluez-5.64/monitor/jlink.c:113: leaked_storage: Variable "so"
going out of scope leaks the storage it points to.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomesh/appkey: Fix memory leaks
Gopal Tiwari [Tue, 31 May 2022 07:41:06 +0000 (13:11 +0530)]
mesh/appkey: Fix memory leaks

While performing the static analysis using the coverity tool found
following memory leak reports

bluez-5.64/mesh/appkey.c:143: leaked_storage: Variable "key" going
out of scope leaks the storage it points to.

Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/mesh/appkey.c:146: leaked_storage: Variable "key" going
out of scope leaks the storage it points to.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoclient/gatt: Fix memory leak issues
Gopal Tiwari [Tue, 31 May 2022 07:41:05 +0000 (13:11 +0530)]
client/gatt: Fix memory leak issues

While performing the static tool analysis using coverity tool
found following reports

Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:1531: leaked_storage: Variable "service"
going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:2626: leaked_storage: Variable "chrc"
going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK (CWE-772):
bluez-5.64/client/gatt.c:2906: leaked_storage: Variable "desc"
going out of scope leaks the storage it points to.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Add decoding support for ASE Control Point
Luiz Augusto von Dentz [Tue, 24 May 2022 01:41:37 +0000 (18:41 -0700)]
monitor/att: Add decoding support for ASE Control Point

This adds decoding support for ASE Control Point attribute:

> ACL Data RX: Handle 42 flags 0x02 dlen 30
      Channel: 64 len 26 sdu 24 [PSM 39 mode Enhanced Credit (0x81)] {chan 1}
      ATT: Write Command (0x52) len 23
        Handle: 0x0030 Type: ASE Control Point (0x2bc6)
          Data: 010103020206000000000a02010302020103042800
            Opcode: Codec Configuration (0x01)
            Number of ASE(s): 1
            ASE: #0
            ASE ID: 0x03
            Target Latency: Balance Latency/Reliability (0x02)
            PHY: 0x02
            LE 2M PHY (0x02)
            Codec: LC3 (0x06)
            Codec Specific Configuration #0: len 0x02 type 0x01
            Codec Specific Configuration: 03
            Codec Specific Configuration #1: len 0x02 type 0x02
            Codec Specific Configuration: 01
            Codec Specific Configuration #2: len 0x03 type 0x04
            Codec Specific Configuration: 2800
< ACL Data TX: Handle 42 flags 0x00 dlen 55
      Channel: 64 len 51 sdu 49 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Handle Multiple Value Notification (0x23) len 48
        Length: 0x0005
        Handle: 0x0030 Type: ASE Control Point (0x2bc6)
          Data: 0101030000
            Opcode: Codec Configuration (0x01)
            Number of ASE(s): 1
            ASE: #0
            ASE ID: 0x03
            ASE Response Code: Success (0x00)
            ASE Response Reason: None (0x00)
> ACL Data RX: Handle 42 flags 0x02 dlen 27
      Channel: 64 len 23 sdu 21 [PSM 39 mode Enhanced Credit (0x81)] {chan 1}
      ATT: Write Command (0x52) len 20
        Handle: 0x0030 Type: ASE Control Point (0x2bc6)
          Data: 020103000010270000022800020a00409c00
            Opcode: QoS Configuration (0x02)
            Number of ASE(s): 1
            ASE: #0
            ASE ID: 0x03
            CIG ID: 0x00
            CIS ID: 0x00
            SDU Interval: 10000 usec
            Framing: Unframed (0x00)
            PHY: 0x02
            LE 2M PHY (0x02)
            Max SDU: 40
            RTN: 2
            Max Transport Latency: 10
            Presentation Delay: 40000 us
< ACL Data TX: Handle 42 flags 0x00 dlen 37
      Channel: 64 len 33 sdu 31 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Handle Multiple Value Notification (0x23) len 30
        Length: 0x0005
        Handle: 0x0030 Type: ASE Control Point (0x2bc6)
          Data: 0201030000
            Opcode: QoS Configuration (0x02)
            Number of ASE(s): 1
            ASE: #0
            ASE ID: 0x03
            ASE Response Code: Success (0x00)
            ASE Response Reason: None (0x00)
> ACL Data RX: Handle 42 flags 0x02 dlen 17
      Channel: 64 len 13 sdu 11 [PSM 39 mode Enhanced Credit (0x81)] {chan 1}
      ATT: Write Command (0x52) len 10
        Handle: 0x0030 Type: ASE Control Point (0x2bc6)
          Data: 0301030403020200
            Opcode: Enable (0x03)
            Number of ASE(s): 1
            ASE: #0
            ASE ID: 0x03
            Metadata #0: len 0x03 type 0x02
            Metadata: 0200
< ACL Data TX: Handle 42 flags 0x00 dlen 33
      Channel: 64 len 29 sdu 27 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Handle Multiple Value Notification (0x23) len 26
        Length: 0x0005
        Handle: 0x0030 Type: ASE Control Point (0x2bc6)
          Data: 0301030000
            Opcode: Enable (0x03)
            Number of ASE(s): 1
            ASE: #0
            ASE ID: 0x03
            ASE Response Code: Success (0x00)
            ASE Response Reason: None (0x00)
> ACL Data RX: Handle 42 flags 0x02 dlen 12
      Channel: 64 len 8 sdu 6 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Write Command (0x52) len 5
        Handle: 0x0030 Type: ASE Control Point (0x2bc6)
          Data: 050101
            Opcode: Disable (0x05)
            Number of ASE(s): 1

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Add decoding support for ASE Sink/Source
Luiz Augusto von Dentz [Mon, 23 May 2022 22:53:23 +0000 (15:53 -0700)]
monitor/att: Add decoding support for ASE Sink/Source

This adds decoding support for ASE Sink/Source attributes:

> ACL Data RX: Handle 42 flags 0x02 dlen 9
      Channel: 65 len 5 sdu 3 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Read Request (0x0a) len 2
        Handle: 0x002a Type: Sink ASE (0x2bc4)
< ACL Data TX: Handle 42 flags 0x00 dlen 9
      Channel: 64 len 5 sdu 3 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Read Response (0x0b) len 2
        Value: 0300
            ASE ID: 1
            State: Idle (0x00)
< ACL Data TX: Handle 42 flags 0x00 dlen 55
      Channel: 64 len 51 sdu 49 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Handle Multiple Value Notification (0x23) len 48
        Length: 0x0023
        Handle: 0x0024 Type: Sink ASE (0x2bc4)
          Data: 01010000000a00204e00409c00204e00409c0006000000000a02010302020103042800
            ASE ID: 1
            State: Codec Configured (0x01)
            Framing: Unframed PDUs supported (0x00)
            PHY: 0x00
            RTN: 0
            Max Transport Latency: 10
            Presentation Delay Min: 20000 us
            Presentation Delay Max: 40000 us
            Preferred Presentation Delay Min: 20000 us
            Preferred Presentation Delay Max: 40000 us
            Codec: LC3 (0x06)
            Codec Specific Configuration #0: len 0x02 type 0x01
            Codec Specific Configuration: 03
            Codec Specific Configuration #1: len 0x02 type 0x02
            Codec Specific Configuration: 01
            Codec Specific Configuration #2: len 0x03 type 0x04
            Codec Specific Configuration: 2800
< ACL Data TX: Handle 42 flags 0x00 dlen 37
      Channel: 64 len 33 sdu 31 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Handle Multiple Value Notification (0x23) len 30
        Length: 0x0011
        Handle: 0x0024 Type: Sink ASE (0x2bc4)
          Data: 0102000010270000022800020a00409c00
            ASE ID: 1
            State: QoS Configured (0x02)
            CIG ID: 0x00
            CIS ID: 0x00
            SDU Interval: 10000 usec
            Framing: Unframed (0x00)
            PHY: 0x02
            LE 2M PHY (0x02)
            Max SDU: 40
            RTN: 2
            Max Transport Latency: 10
            Presentation Delay: 40000 us
< ACL Data TX: Handle 42 flags 0x00 dlen 33
      Channel: 64 len 29 sdu 27 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Handle Multiple Value Notification (0x23) len 26
        Length: 0x000d
        Handle: 0x002a Type: Source ASE (0x2bc5)
          Data: 03030000060304030202000000
            ASE ID: 3
            State: Enabling (0x03)
            CIG ID: 0x00
            CIS ID: 0x00
            Metadata #0: len 0x03 type 0x04
            Metadata: 0302
            Metadata #1: len 0x02 type 0x00
< ACL Data TX: Handle 42 flags 0x00 dlen 39
      Channel: 64 len 35 sdu 33 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Handle Multiple Value Notification (0x23) len 32
        Length: 0x000d
        Handle: 0x002a Type: Source ASE (0x2bc5)
          Data: 03040000060304030202000000
            ASE ID: 3
            State: Streaming (0x04)
            CIG ID: 0x00
            CIS ID: 0x00
            Metadata #0: len 0x03 type 0x04
            Metadata: 0302
            Metadata #1: len 0x02 type 0x00
< ACL Data TX: Handle 42 flags 0x00 dlen 33
      Channel: 64 len 29 sdu 27 [PSM 39 mode Enhanced Credit (0x81)] {chan 0}
      ATT: Handle Multiple Value Notification (0x23) len 26
        Length: 0x000d
        Handle: 0x002a Type: Source ASE (0x2bc5)
          Data: 03050000060304030202000000
            ASE ID: 3
            State: Disabling (0x05)
            CIG ID: 0x00
            CIS ID: 0x00
            Metadata #0: len 0x03 type 0x04
            Metadata: 0302
            Metadata #1: len 0x02 type 0x00

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Add decoding support for PAC Sink/Source
Luiz Augusto von Dentz [Fri, 20 May 2022 22:51:42 +0000 (15:51 -0700)]
monitor/att: Add decoding support for PAC Sink/Source

This adds decoding support for PAC Sink/Source attributes:

 < ACL Data TX: Handle 42 flags 0x00 dlen 9
      Channel: 64 len 5 sdu 3 [PSM 39 mode Enhanced Credit (0x81)]
      {chan 0}
      ATT: Read Request (0x0a) len 2
        Handle: 0x0017 Type: Sink PAC (0x2bc9)
> ACL Data RX: Handle 42 flags 0x02 dlen 31
      Channel: 65 len 27 sdu 25 [PSM 39 mode Enhanced Credit (0x81)]
      {chan 0}
        Value: 010600000000100301ff0002020302030305041e00f00000
          Number of PAC(s): 1
          PAC #0:
            Codec: LC3 (0x06)
            Codec Specific Configuration #0: len 0x03 type 0x01
            Codec Specific Configuration: ff00
            Codec Specific Configuration #1: len 0x02 type 0x02
            Codec Specific Configuration: 03
            Codec Specific Configuration #2: len 0x02 type 0x03
            Codec Specific Configuration: 03
            Codec Specific Configuration #3: len 0x05 type 0x04
            Codec Specific Configuration: 1e00f000

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Simplify CCC decoders
Luiz Augusto von Dentz [Thu, 26 May 2022 20:47:13 +0000 (13:47 -0700)]
monitor/att: Simplify CCC decoders

This simplify callbacks moving the decoding of the value to
print_ccc_value.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Fix parsing of notifications
Luiz Augusto von Dentz [Wed, 25 May 2022 00:51:44 +0000 (17:51 -0700)]
monitor/att: Fix parsing of notifications

If there are multiple notifications in the same frame the callback may
alter it when using l2cap_frame_pull helpers, so instead this passes a
cloned frame with just the expected length so callbacks cannot alter
original frame.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Attempt to reload if database is empty
Luiz Augusto von Dentz [Wed, 25 May 2022 00:49:57 +0000 (17:49 -0700)]
monitor/att: Attempt to reload if database is empty

If database is empty attempt to reload since the daemon may have
updated its cache in the meantime.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoclient: Fix setting of advertisement interval
Inga Stotland [Fri, 20 May 2022 23:41:51 +0000 (16:41 -0700)]
client: Fix setting of advertisement interval

This fixes incorrect argument read when using "interval" command
in "advertisement" submenu

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Fix parsing of Notify Mutiple
Luiz Augusto von Dentz [Fri, 20 May 2022 23:51:38 +0000 (16:51 -0700)]
monitor/att: Fix parsing of Notify Mutiple

Notify Multiple was parsing handle multiple times causing the length to
be assumed to be a handle.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Fix not matching read frame direction
Luiz Augusto von Dentz [Fri, 20 May 2022 23:36:57 +0000 (16:36 -0700)]
monitor/att: Fix not matching read frame direction

There could be read frames pending on both direction so this ensures
the direction is matched properly.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Fix treating Notification/Indication as a request
Luiz Augusto von Dentz [Fri, 20 May 2022 23:18:46 +0000 (16:18 -0700)]
monitor/att: Fix treating Notification/Indication as a request

Notification/Indication shall be treated as response so the correct
database is used.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Fix not removing read from queue
Luiz Augusto von Dentz [Fri, 20 May 2022 23:17:11 +0000 (16:17 -0700)]
monitor/att: Fix not removing read from queue

The code was using queue_find instead of queue_remove_if so follow up
read wouldn't match the attribute properly.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agogatt-server: Fix crash while disconnecting
Luiz Augusto von Dentz [Thu, 19 May 2022 21:36:06 +0000 (14:36 -0700)]
gatt-server: Fix crash while disconnecting

If there is a pending notify multiple the code was not removing before
freeing the object causing the following crash:

Invalid read of size 8
   at 0x4A3D10: notify_multiple (gatt-server.c:1703)
   by 0x4D05F0: timeout_callback (timeout-glib.c:25)
   by 0x4956900: ??? (in /usr/lib64/libglib-2.0.so.0.7000.5)
   by 0x49560AE: g_main_context_dispatch
   (in /usr/lib64/libglib-2.0.so.0.7000.5)
   by 0x49AB307: ??? (in /usr/lib64/libglib-2.0.so.0.7000.5)
   by 0x49557C2: g_main_loop_run
   (in /usr/lib64/libglib-2.0.so.0.7000.5)
   by 0x4D0A34: mainloop_run (mainloop-glib.c:66)
   by 0x4D0F2B: mainloop_run_with_signal (mainloop-notify.c:188)
   by 0x2B0CD1: main (main.c:1276)
 Address 0x6ca35c8 is 136 bytes inside a block of size 144 free'd
   at 0x48470E4: free (vg_replace_malloc.c:872)
   by 0x415E73: gatt_server_cleanup (device.c:698)
   by 0x415E73: attio_cleanup (device.c:715)
   by 0x47745B: queue_foreach (queue.c:207)
   by 0x490C54: disconnect_cb (att.c:701)
   by 0x4CF4AF: watch_callback (io-glib.c:157)
   by 0x49560AE: g_main_context_dispatch
   (in /usr/lib64/libglib-2.0.so.0.7000.5)
   by 0x49AB307: ??? (in /usr/lib64/libglib-2.0.so.0.7000.5)
   by 0x49557C2: g_main_loop_run
   (in /usr/lib64/libglib-2.0.so.0.7000.5)
   by 0x4D0A34: mainloop_run (mainloop-glib.c:66)
   by 0x4D0F2B: mainloop_run_with_signal (mainloop-notify.c:188)
   by 0x2B0CD1: main (main.c:1276)

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Add decoding support for CCC
Luiz Augusto von Dentz [Fri, 20 May 2022 00:52:39 +0000 (17:52 -0700)]
monitor/att: Add decoding support for CCC

This adds decoding support for CCC so its value can be decoded:

< ACL Data TX: Handle 3585 flags 0x00 dlen 7
      ATT: Read Request (0x0a) len 2
        Handle: 0x002c Type: Client Characteristic Configuration (0x2902)
> ACL Data RX: Handle 3585 flags 0x02 dlen 6
      ATT: Read Response (0x0b) len 1
        Value: 01
            Notification (0x01)
< ACL Data TX: Handle 3585 flags 0x00 dlen 9
      ATT: Write Request (0x12) len 4
        Handle: 0x002c Type: Client Characteristic Configuration (0x2902)
          Data: 0100
            Notification (0x01)

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor/att: Decode attribute type
Luiz Augusto von Dentz [Wed, 18 May 2022 00:45:22 +0000 (17:45 -0700)]
monitor/att: Decode attribute type

This attempt to decode the attribute type if its gatt_db can be loaded:

< ACL Data TX: Handle 3585 flags 0x00 dlen 9
      ATT: Write Request (0x12) len 4
        Handle: 0x000b Type: Client Characteristic Configuration (0x2902)
          Data: 0200

Change-Id: I7c35c3e872237c82763a65b5f22a450684eb8cd7
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Cache connection information
Luiz Augusto von Dentz [Wed, 18 May 2022 01:22:01 +0000 (18:22 -0700)]
monitor: Cache connection information

This caches connection information including the device addres so it can
be printed alongside the handle:

> HCI Event: Disconnect Complete (0x05) plen 4
        Status: Success (0x00)
        Handle: 3585 Address: 68:79:12:XX:XX:XX (OUI 68-79-12)
        Reason: Connection Terminated By Local Host (0x16)

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Move ATT decoding function into its own file
Luiz Augusto von Dentz [Tue, 17 May 2022 00:50:38 +0000 (17:50 -0700)]
monitor: Move ATT decoding function into its own file

This moves ATT decoding function from l2cap.c to att.c.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Move print_hex_field to display.h
Luiz Augusto von Dentz [Tue, 17 May 2022 00:37:56 +0000 (17:37 -0700)]
monitor: Move print_hex_field to display.h

This moves print_hex_field to display.h and removes the duplicated code
from packet.c and l2cap.c.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agogatt: Store local GATT database
Luiz Augusto von Dentz [Wed, 18 May 2022 21:50:12 +0000 (14:50 -0700)]
gatt: Store local GATT database

This enables storing the local (adapter) GATT database which later will
be used by btmon to decode GATT handles.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agosettings: Add btd_settings_gatt_db_{store,load}
Luiz Augusto von Dentz [Wed, 11 May 2022 22:33:27 +0000 (15:33 -0700)]
settings: Add btd_settings_gatt_db_{store,load}

This adds helper functions to store and load from/to file so they can
get reused by the likes of gatt-database.c and btmon.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoinput/device: Notify failure if ctrl disconnect when waiting intr
Archie Pusaka [Wed, 18 May 2022 04:33:07 +0000 (12:33 +0800)]
input/device: Notify failure if ctrl disconnect when waiting intr

On some rare occasions, the peer HID device might disconnect the ctrl
channel when we are trying to connect the intr channel. If this
happens, interrupt_connect_cb() will not be called by btio, and we
will be stuck in "connecting" state. Any future connection attempt to
the peer device will fail because of "busy".

This patch prevents that by checking if we need to report connection
failure when the ctrl channel is disconnected.

Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agohog-lib: Fix not reading report_map of instances
Luiz Augusto von Dentz [Fri, 13 May 2022 01:01:03 +0000 (18:01 -0700)]
hog-lib: Fix not reading report_map of instances

If there is multiple instances the gatt_db of the instances was not
initialized causing the report_map_attr to be NULL which prevents the
report_map to be read and uhid device to be created.

Fixes: https://github.com/bluez/bluez/issues/298
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodevice: Fix enabling wake support without RPA Resolution
Luiz Augusto von Dentz [Thu, 12 May 2022 23:40:49 +0000 (16:40 -0700)]
device: Fix enabling wake support without RPA Resolution

If device uses RPA it shall only enable wakeup if RPA Resolution has
been enabled otherwise it cannot be programmed in the acceptlist which
can cause suspend to fail.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=215768
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agogatt-db: Allow passing Characteristic Value to gatt_db_attribute_get_char_data
Luiz Augusto von Dentz [Thu, 12 May 2022 00:55:14 +0000 (17:55 -0700)]
gatt-db: Allow passing Characteristic Value to gatt_db_attribute_get_char_data

This makes gatt_db_attribute_get_char_data work with Characteristic
Value rather than only with Characteristic Declaration.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoservice: Add initiator argument to service_accept
Luiz Augusto von Dentz [Thu, 12 May 2022 00:55:15 +0000 (17:55 -0700)]
service: Add initiator argument to service_accept

This adds initiator argument to service_accept so profiles accepting
the connection can use btd_service_is_initiator to determine if the
connection was initiated locally (central) or remotely (peripheral).

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodevice: Fix pairing has failed due to the error of Already Paired (0x13)
wangyouwan [Tue, 10 May 2022 01:27:35 +0000 (09:27 +0800)]
device: Fix pairing has failed due to the error of Already Paired (0x13)

After connect the Bluetooth mouse, open two Bluetoothctl at the same time,
when remove the mouse, quickly go to power off,
try to paired the mouse again when I was power on,
found that the error 0x13 was always reported.
try to connect directly,can connect successfully.
but use the info command to query the information of the mouse
and find that the pairing status of the mouse is No.
so I try to delete the paired information in the kernel
through the "* cancel_pairing()" interface.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodevice: Fix uninitialized value usage
Ildar Kamaletdinov [Sat, 7 May 2022 17:35:05 +0000 (20:35 +0300)]
device: Fix uninitialized value usage

Definitely `dbus_bool_t b;` must be initialized before comparing it
with current value.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotools: Fix handle leak in rfcomm
Ildar Kamaletdinov [Sat, 7 May 2022 17:35:04 +0000 (20:35 +0300)]
tools: Fix handle leak in rfcomm

Some branches of execution can make handle (socket) leakage.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotools: Fix memory leaks in btgatt-server/client
Ildar Kamaletdinov [Sat, 7 May 2022 17:35:03 +0000 (20:35 +0300)]
tools: Fix memory leaks in btgatt-server/client

According to man buffer allocated by getline() should be freed by
the user program even if getline() failed.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotools: Fix memory leak in hciconfig
Ildar Kamaletdinov [Sat, 7 May 2022 17:35:02 +0000 (20:35 +0300)]
tools: Fix memory leak in hciconfig

printf() was using function that return dynamic allocated memory as
a parameter.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoadvertising: Treat empty LocalName the same as omitting it
Luiz Augusto von Dentz [Fri, 6 May 2022 23:05:14 +0000 (16:05 -0700)]
advertising: Treat empty LocalName the same as omitting it

This treats empty LocalName ("") the same as omitting it so not name is
set in the advertising data since some D-Bus binding seems to have
problems to omit properties at runtime.

Fixes: https://github.com/bluez/bluez/issues/337
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodevice-api: Clarify Paired/Bonded documentation
Luiz Augusto von Dentz [Wed, 4 May 2022 23:39:30 +0000 (16:39 -0700)]
device-api: Clarify Paired/Bonded documentation

This attempt to clarify the distinction of Paired and Bonded
properties.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoclient: Add filter to devices and show Bonded in info
Zhengping Jiang [Wed, 4 May 2022 21:09:48 +0000 (14:09 -0700)]
client: Add filter to devices and show Bonded in info

Use the property name as optional filters to the command "devices" and
show the "Bonded" property for the command "info".

Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Reviewed-by: Yun-Hao Chung <howardchung@chromium.org>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodevice: Add "Bonded" flag to dbus property
Zhengping Jiang [Wed, 4 May 2022 21:09:46 +0000 (14:09 -0700)]
device: Add "Bonded" flag to dbus property

Add "Bonded" to dbus device property table. When setting the "Bonded
flag, check the status of the Bonded property first. If the Bonded
property is changed, send property changed signal.

Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Reviewed-by: Yun-Hao Chung <howardchung@chromium.org>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodoc: add "Bonded" flag to dbus property
Zhengping Jiang [Wed, 4 May 2022 21:09:47 +0000 (14:09 -0700)]
doc: add "Bonded" flag to dbus property

Bonded flag is used to indicate the link key or ltk of the remote
device has been stored.

Reviewed-by: Sonny Sasaka <sonnysasaka@chromium.org>
Reviewed-by: Yun-Hao Chung <howardchung@chromium.org>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Fix parsing of LE Terminate BIG Complete event
Luiz Augusto von Dentz [Mon, 2 May 2022 21:43:20 +0000 (14:43 -0700)]
monitor: Fix parsing of LE Terminate BIG Complete event

LE Terminate BIG Complete event format Subevent_Code, BIG_Handle and
Reason but the last two were swapped.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Decode LTV fields of Basic Audio Announcements
Luiz Augusto von Dentz [Mon, 2 May 2022 20:02:46 +0000 (13:02 -0700)]
monitor: Decode LTV fields of Basic Audio Announcements

This decodes the LTV fields of Basic Audio Announcements:

< HCI Command: LE Set Periodic Advertising Data (0x08|0x003f) plen 41
        Handle: 0
        Operation: Complete ext advertising data (0x03)
        Data length: 0x26
        Service Data: Basic Audio Announcement (0x1851)
          Presetation Delay: 40000
          Number of Subgroups: 1
            Subgroup #0:
            Number of BIS(s): 1
            Codec: LC3 (0x06)
            Codec Specific Configuration #0: len 0x02 type 0x01
            Codec Specific Configuration: 03
            Codec Specific Configuration #1: len 0x02 type 0x02
            Codec Specific Configuration: 01
            Codec Specific Configuration #2: len 0x05 type 0x03
            Codec Specific Configuration: 01000000
            Codec Specific Configuration #3: len 0x03 type 0x04
            Codec Specific Configuration: 2800
            Metadata #0: len 0x03 type 0x02
            Metadata: 0200
              BIS #0:
              Index: 1
              Codec Specific Configuration:

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtdev: Fix not removing connection and advertising set on reset
Luiz Augusto von Dentz [Mon, 2 May 2022 19:59:50 +0000 (12:59 -0700)]
btdev: Fix not removing connection and advertising set on reset

This makes sure that all connections and advertising sets are cleanup
on reset.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotransport: Fix not being able to initialize volume properly
Luiz Augusto von Dentz [Wed, 27 Apr 2022 20:14:19 +0000 (13:14 -0700)]
transport: Fix not being able to initialize volume properly

In case AVRCP is connected first and
media_transport_update_device_volume is called without any media_player
being available the volume setting would be lost and Transport.Volume
won't be available, so this introduces btd_device_{set,get}_volume
helpers which is used to store the volume temporarely so
media_player_get_device_volume is able to restore it when the transport
is created.

Fixes: https://github.com/bluez/bluez/issues/335
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtmon: Fix not decoding LC3 id
Luiz Augusto von Dentz [Tue, 26 Apr 2022 23:02:54 +0000 (16:02 -0700)]
btmon: Fix not decoding LC3 id

This enablind decoding LC3 codec id (0x06).

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtmon: Add support for decoding Basic Audio Annoucements
Luiz Augusto von Dentz [Tue, 26 Apr 2022 22:57:15 +0000 (15:57 -0700)]
btmon: Add support for decoding Basic Audio Annoucements

This adds support for decoding Basic Audio Announcements as shown
on:

Basic Audio Profile / Profile Specification
Page 36 of 146

Table 3.15: Format of BASE used in Basic Audio Announcements

< HCI Command: LE Set Periodic Advertising Data (0x08|0x003f) plen 36
        Handle: 0
        Operation: Complete ext advertising data (0x03)
        Data length: 0x21
        Service Data: Basic Audio Announcement (0x1851)
          Presetation Delay: 40000
          Number of Subgroups: 1
            Subgroup #0:
            Number of BIS(s): 1
            Codec: Reserved (0x06)
            Codec Specific Configuration: 010101020403010000020428
            Metadata: 020202
              BIS #0:
              Index: 1
              Codec Specific Configuration:

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtmon: Add support for decoding Broadcast Audio Annoucements
Luiz Augusto von Dentz [Tue, 26 Apr 2022 20:22:03 +0000 (13:22 -0700)]
btmon: Add support for decoding Broadcast Audio Annoucements

This adds support for decoding Broadcast Audio Announcements as shown
on:

Basic Audio Profile / Profile Specification
Page 34 of 146

Table 3.14: Broadcast Source AD format when transmitting Broadcast
Audio Announcements

< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 36
        Handle: 0x00
        Operation: Complete extended advertising data (0x03)
        Fragment preference: Minimize fragmentation (0x01)
        Data length: 0x20
        Service Data: Broadcast Audio Announcement (0x1852)
        Broadcast ID: 904177 (0x0dcbf1)
        Name (complete): Broadcast Audio Source

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtmon: Add proper decoding to Service Data UUID
Luiz Augusto von Dentz [Tue, 26 Apr 2022 18:39:14 +0000 (11:39 -0700)]
btmon: Add proper decoding to Service Data UUID

This adds proper decoding for Service Data UUID:

        Service Data: Apple, Inc. (0xfd6f)
          Data: e6b07e19815e902100b8b2f4a55255fd18f0c6be

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoclient/player: Add transport.receive command
Luiz Augusto von Dentz [Mon, 25 Apr 2022 23:58:54 +0000 (16:58 -0700)]
client/player: Add transport.receive command

This adds transport.receive command:

Get/Set file to receive
Usage:
 receive [filename]

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoclient/player: Add transport.volume command
Luiz Augusto von Dentz [Fri, 22 Apr 2022 23:01:29 +0000 (16:01 -0700)]
client/player: Add transport.volume command

This adds transport.volume command:

Get/Set transport volume
Usage:
 volume <transport> [value]

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtmon: Fix decoding of Enhanced Credit Connection Request
Luiz Augusto von Dentz [Wed, 20 Apr 2022 23:43:31 +0000 (16:43 -0700)]
btmon: Fix decoding of Enhanced Credit Connection Request

This fixes the decoding of Enhanced Credit Connection Request which was
not accounting the fields correctly causing 2 extra Source CID to be
printed.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agohog-lib: Check if Report ID is set before prepending it
Luiz Augusto von Dentz [Wed, 20 Apr 2022 20:08:59 +0000 (13:08 -0700)]
hog-lib: Check if Report ID is set before prepending it

Before prepending the Report ID check if it is non-zero:

BLUETOOTH SPECIFICATION Page 16 of 26
HID Service Specification

Report ID shall be nonzero in a Report Reference characteristic
descriptor where there is more than one instance of the Report
characteristic for any given Report Type.

Fixes: https://www.spinics.net/lists/linux-bluetooth/msg97262.html
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotest: changes for Python3
Diego Rondini [Tue, 19 Apr 2022 15:09:49 +0000 (17:09 +0200)]
test: changes for Python3

Remove some leftover usage of Python2 code. In particular replace
iteritems() with items() to fix the following error:

AttributeError: 'dbus.Dictionary' object has no attribute 'iteritems'
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agosettings-storage: Document use of StateDirectory
Luiz Augusto von Dentz [Tue, 19 Apr 2022 18:30:16 +0000 (11:30 -0700)]
settings-storage: Document use of StateDirectory

This documents the use of StateDirecory environment variable which
overwrites the default storage diretory when set.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoclient/player: Fix use of unsupported config_qos
Luiz Augusto von Dentz [Mon, 18 Apr 2022 23:56:48 +0000 (16:56 -0700)]
client/player: Fix use of unsupported config_qos

QoS is not yet supported by bluetoothd so remove them.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotest-runner: Add dedicated option to start D-Bus
Luiz Augusto von Dentz [Sat, 16 Apr 2022 00:17:04 +0000 (17:17 -0700)]
test-runner: Add dedicated option to start D-Bus

This adds a dedicated option to start D-Bus alone which can be useful
when testing the bluetoothd with the likes of valgrind.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomain: Add support for CONFIGURATION_DIRECTORY environment variable
Luiz Augusto von Dentz [Fri, 15 Apr 2022 21:18:09 +0000 (14:18 -0700)]
main: Add support for CONFIGURATION_DIRECTORY environment variable

When running as a systemd service the CONFIGURATION_DIRECTORY
environment variable maybe set:

https://www.freedesktop.org/software/systemd/man/systemd.exec.html
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agostorage: Add support for STATE_DIRECTORY environment variable
Luiz Augusto von Dentz [Fri, 15 Apr 2022 20:48:39 +0000 (13:48 -0700)]
storage: Add support for STATE_DIRECTORY environment variable

When running as a systemd service the STATE_DIRECTORY environment
variable maybe set:

https://www.freedesktop.org/software/systemd/man/systemd.exec.html
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agopolicy: Change AutoEnable default to true
Luiz Augusto von Dentz [Wed, 13 Apr 2022 22:21:00 +0000 (15:21 -0700)]
policy: Change AutoEnable default to true

This changes the default of AutoEnable to true so controllers are power
up by default.

Fixes: https://github.com/bluez/bluez/issues/328
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoclient/player: Add transport menu
Luiz Augusto von Dentz [Mon, 11 Apr 2022 23:53:56 +0000 (16:53 -0700)]
client/player: Add transport menu

This adds transport menu:

[bluetooth]# menu transport
Menu transport:
Available commands:
-------------------
list                                              List available transports
show <transport>                                  Transport information
acquire <transport>                               Acquire Transport
release <transport>                               Release Transport
send <filename>                                   Send contents of a file

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoclient/player: Add endpoint menu
Luiz Augusto von Dentz [Mon, 11 Apr 2022 23:51:12 +0000 (16:51 -0700)]
client/player: Add endpoint menu

This adds endpoint menu:

[bluetooth]# menu endpoint
Menu endpoint:
Available commands:
-------------------
list [local]                                      List available endpoints
show <endpoint>                                   Endpoint information
register <UUID> <codec> [capabilities...]         Register Endpoint
unregister <UUID/object>                          Register Endpoint
config <endpoint> <local endpoint> [preset]       Configure Endpoint
presets <UUID> [default]                          List available presets

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtdev: Fix CIS Established
Luiz Augusto von Dentz [Fri, 11 Mar 2022 21:12:33 +0000 (13:12 -0800)]
btdev: Fix CIS Established

CIS Established was using the ISO latency instead of SDU interval for
transport latency.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobthost: Fix not setting all parameters when using Create BIG cmd
Luiz Augusto von Dentz [Fri, 11 Mar 2022 21:10:33 +0000 (13:10 -0800)]
bthost: Fix not setting all parameters when using Create BIG cmd

Create BIG shall set proper values for interval, latency, rtn and phy.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobthost: Add support for Create CIS
Luiz Augusto von Dentz [Thu, 10 Mar 2022 23:20:49 +0000 (15:20 -0800)]
bthost: Add support for Create CIS

This introduces bthost_set_cig_params and bthost_create_cis.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtdev: Fix not cleanup ssp_status and ssp_auto_complete
Luiz Augusto von Dentz [Mon, 11 Apr 2022 21:50:23 +0000 (14:50 -0700)]
btdev: Fix not cleanup ssp_status and ssp_auto_complete

This resets ssp_status and ssp_auto_complete flags on auth_complete.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoadapter: Fix check of DISCOVERABLE setting
Jakob hilmer [Sat, 9 Apr 2022 10:01:30 +0000 (12:01 +0200)]
adapter: Fix check of DISCOVERABLE setting

The test for `DISCOVERABLE` should be done with
`MGMT_SETTING_DISCOVERABLE` instead of `MGMT_OP_SET_DISCOVERABLE`.
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoshell: Fix not able to auto complete commands with submenu prefix
Luiz Augusto von Dentz [Thu, 7 Apr 2022 23:41:34 +0000 (16:41 -0700)]
shell: Fix not able to auto complete commands with submenu prefix

If the command was given with submenu prefix the code wasn't able to
detect the command to be able to generate the auto complete for its
arguments.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoshell: Fix not being able to auto complete submenus
Luiz Augusto von Dentz [Thu, 7 Apr 2022 23:19:26 +0000 (16:19 -0700)]
shell: Fix not being able to auto complete submenus

submenus should be part of the list of possible auto completes just as
other commands.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtdev: Fix BIG Create Sync
Luiz Augusto von Dentz [Wed, 6 Apr 2022 20:01:03 +0000 (13:01 -0700)]
btdev: Fix BIG Create Sync

This fixes status return to BIG Create Sync command.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtdev: Add support for sending LE BIG Info Adv Reports
Luiz Augusto von Dentz [Tue, 5 Apr 2022 00:41:06 +0000 (17:41 -0700)]
btdev: Add support for sending LE BIG Info Adv Reports

This adds support for sending LE BIG Info Adv Reports if LE Create BIG
has been called.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Add support for LE BIG Info Adverting Report
Luiz Augusto von Dentz [Mon, 4 Apr 2022 23:20:33 +0000 (16:20 -0700)]
monitor: Add support for LE BIG Info Adverting Report

This adds support for LE BIG Info Advertising Report.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agogap: Don't attempt to read the appearance if already set
Luiz Augusto von Dentz [Mon, 4 Apr 2022 20:15:18 +0000 (13:15 -0700)]
gap: Don't attempt to read the appearance if already set

Devices are unlikely to change appearance over time which is the reason
why we cache then on the storage so this skips reading it on every
reconnection.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agogatt: Fix double free and freed memory dereference
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:47 +0000 (15:16 +0300)]
gatt: Fix double free and freed memory dereference

If device is no longer exists or not paired when notifications send it
is possible to get double free and dereference of already freed memory.

To avoid this we need to recheck the state of device after sending
notification.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agodevice: Limit width of fields in sscanf
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:46 +0000 (15:16 +0300)]
device: Limit width of fields in sscanf

In src/device.c few sscanf does not limit width of uuid field. This
could lead to static overflow and stack corruption.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotools: Limit width of fields in sscanf
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:45 +0000 (15:16 +0300)]
tools: Limit width of fields in sscanf

In tools/btmgmt.c and tools/hex2hcd.c few sscanf does not limit width
of fields. This could lead to static overflow and stack corruption.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotools: Fix signed integer overflow in btsnoop.c
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:44 +0000 (15:16 +0300)]
tools: Fix signed integer overflow in btsnoop.c

If malformed packet is proceed with zero 'size' field we will face with
wrong behaviour of write() call. Value 'toread - 1' gives wrong sign
for value 'written' (-1) in write() call. To prevent this we should
check that 'toread' is not equal to zero.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotools: Fix buffer overflow in hciattach_tialt.c
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:43 +0000 (15:16 +0300)]
tools: Fix buffer overflow in hciattach_tialt.c

Array 'c_brf_chip' of size 8 could be accessed by index > 7. We should
limit array access like in previous check at line 221.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomonitor: Fix out-of-bound read in print_le_states
Ildar Kamaletdinov [Fri, 1 Apr 2022 12:16:42 +0000 (15:16 +0300)]
monitor: Fix out-of-bound read in print_le_states

Accessing le_states_desc_table array with value 15 can cause
out-of-bound read because current size of array is 14.

Currently this cannot lead to any problems becase we do no have such
state in le_states_comb_table but this could be changed in future and
raise described problem.

Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agotools: Fix g_dbus_setup_private connection check in mpris-proxy
Frédéric Danis [Wed, 30 Mar 2022 09:47:40 +0000 (11:47 +0200)]
tools: Fix g_dbus_setup_private connection check in mpris-proxy

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoshared/gatt-db: Fix gatt_db_attribute_get_index
Luiz Augusto von Dentz [Fri, 1 Apr 2022 21:32:53 +0000 (14:32 -0700)]
shared/gatt-db: Fix gatt_db_attribute_get_index

gatt_db_attribute_get_index was calculating the index based on
attrib->handle - service->attributes[0]->handle which doesn't work when
there are gaps in between handles.

Fixes: https://github.com/bluez/bluez/issues/326
Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agobtdev: Check parameter for CIG related commands
Luiz Augusto von Dentz [Thu, 31 Mar 2022 22:25:10 +0000 (15:25 -0700)]
btdev: Check parameter for CIG related commands

This checks if the parameters given to Set CIG Parameters and Remove CIG
are in the valid range.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agomesh: use explicit uint32_t when bit shifting left
Inga Stotland [Wed, 30 Mar 2022 21:17:47 +0000 (14:17 -0700)]
mesh: use explicit uint32_t when bit shifting left

This addresses a situation when a boolean type is represented by
an integer and performing a left shift on a boolean causes
an integer overflow.

This fixes the following runtime error:
"left shift of 1 by 31 places cannot be represented in type 'int'"

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>
17 months agoa2dp: Fix crash when SEP codec has not been initialized
Frédéric Danis [Wed, 30 Mar 2022 09:28:44 +0000 (11:28 +0200)]
a2dp: Fix crash when SEP codec has not been initialized

If SEP has not been properly discovered avdtp_get_codec may return NULL
thus causing crashes such as when running AVRCP/TG/VLH/BI-01-C after
AVRCP/TG/RCR/BV-04-C.

Prevent remote endpoint registration if its codec is not available.

Remove queue_isempty check from store_remote_seps since that prevents
cleaning up if no seps could be registered.

Signed-off-by: Manika Shrivastava <manika.sh@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>