platform/upstream/bluez.git
9 months agoobexd: agent: Use if-elseif instead of multi-if to check error message
Guiting Shen [Fri, 21 Apr 2023 02:47:31 +0000 (10:47 +0800)]
obexd: agent: Use if-elseif instead of multi-if to check error message

The obex agent will return only one error message at the same time.So
we should use if-elseif instead of multi-if to check error message which
maybe DEBUG_ERROR_NO_REPLY or OBEX_ERROR_REJECT in agent_reply().

9 months agoobexd: AuthorizePush: Support to return folder name for file storage
Guiting Shen [Thu, 20 Apr 2023 09:55:57 +0000 (17:55 +0800)]
obexd: AuthorizePush: Support to return folder name for file storage

The obex agent usually returns the full path by getting the default
folder and filename from the Filename property of the transfer object
which is not convenient.

The patch helps that the obex agent can return the folder name suffixed
with '/' or new full path or even null which will use the default name
if new_name is NULL and the default folder if the new_folder is NULL in
opp_chkput().

9 months agotools/iso-tester: Add Broadcast tests for encrypted BIG
Iulia Tanasescu [Wed, 19 Apr 2023 13:43:54 +0000 (16:43 +0300)]
tools/iso-tester: Add Broadcast tests for encrypted BIG

This adds the following tests for encrypted broadcast:

ISO Broadcaster Encrypted - Success
ISO Broadcaster Receiver Encrypted - Success

9 months agotools/isotest: Add BIG encryption options
Iulia Tanasescu [Wed, 19 Apr 2023 13:43:53 +0000 (16:43 +0300)]
tools/isotest: Add BIG encryption options

Add command line options for BIG encryption and broadcast code.

9 months agomonitor/packet: Fix BIG encryption decoding
Iulia Tanasescu [Wed, 19 Apr 2023 13:43:52 +0000 (16:43 +0300)]
monitor/packet: Fix BIG encryption decoding

Fix incorrect decoding of the encryption parameter when logging
the LE BIG Create Sync command.

9 months agoiso-tester: Add BAP Audio Configuration tests
Luiz Augusto von Dentz [Thu, 13 Apr 2023 00:43:51 +0000 (17:43 -0700)]
iso-tester: Add BAP Audio Configuration tests

This adds the following tests based on BAP Audio Configurations:

ISO AC 1 & 4 - Success
ISO AC 2 & 10 - Success
ISO AC 3 & 5 - Success
ISO AC 6(i) - Success
ISO AC 6(ii) - Success
ISO AC 7(i) - Success
ISO AC 7(ii) - Success
ISO AC 8(i) - Success
ISO AC 8(ii) - Success
ISO AC 9(i) - Success
ISO AC 9(ii) - Success
ISO AC 11(i) - Success
ISO AC 11(ii) - Success

9 months agobtdev: Fix not setting CIS parameters properly
Luiz Augusto von Dentz [Thu, 13 Apr 2023 00:39:03 +0000 (17:39 -0700)]
btdev: Fix not setting CIS parameters properly

The code was assuming only index 0 was to be used which doesn't work
when there are multiple CIS being programmed with different parameters.

9 months agomgmt-tester: Fix Get/Set PHY tests
Luiz Augusto von Dentz [Wed, 7 Sep 2022 23:49:00 +0000 (16:49 -0700)]
mgmt-tester: Fix Get/Set PHY tests

This fixes the following tests now that all supported PHYs are enabled
by default:

Start Discovery LE - (Ext Scan Param)   Failed
Get PHY Success                         Failed
Set PHY 1m 2m coded Succcess            Timed out

9 months agoclient/advertising: Add support for advertise.rsi command
Luiz Augusto von Dentz [Wed, 5 Apr 2023 23:04:28 +0000 (16:04 -0700)]
client/advertising: Add support for advertise.rsi command

This adds support for advertise.rsi command which can be used to request
the generation of RSI and include it as part of advertising data:

[bluetooth]# advertise.rsi --help
Show/Enable/Disable RSI to be advertised
Usage:
 rsi [on/off]
[bluetooth]# advertise.rsi
RSI: on
[bluetooth]# advertise on
...
Advertising object registered
Tx Power: off
Name: off
Appearance: off
Discoverable: on
RSI: on
[bluetooth]#

9 months agoadvertising: Add support for rsi as Includes
Luiz Augusto von Dentz [Wed, 5 Apr 2023 22:59:47 +0000 (15:59 -0700)]
advertising: Add support for rsi as Includes

This adds support for "rsi" when a SIRK has been set on main.conf, the
clients can then enable it via Includes property which will make the
daemon to automatically generate an RSI (hash+random) and include it as
part of the advertising data:

< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 15
        Handle: 0x01
        Operation: Complete extended advertising data (0x03)
        Fragment preference: Minimize fragmentation (0x01)
        Data length: 0x0b
        Resolvable Set Identifier: E2-4E-AA-1B-2B-61
          Hash: 0x1b2b61
          Random: 0xe24eaa
        Flags: 0x06
          LE General Discoverable Mode
          BR/EDR Not Supported

9 months agoadvertising-api: Add rsi to SupportedIncludes
Luiz Augusto von Dentz [Wed, 5 Apr 2023 22:56:11 +0000 (15:56 -0700)]
advertising-api: Add rsi to SupportedIncludes

This adds "rsi" as possible value to SupportedIncludes so when it is
available it means client and set it on its Includes property so a
proper RSI is generated and included as part of the Advertising Data.

9 months agoshared/ad: Fix bt_ad_has_data not matching when only type is passed
Luiz Augusto von Dentz [Wed, 5 Apr 2023 22:53:12 +0000 (15:53 -0700)]
shared/ad: Fix bt_ad_has_data not matching when only type is passed

bt_ad_has_data attempts to match the data portion even when not set
which is useful the user is only interested in actually mataching the
type alone.

9 months agomain.conf: Fix parsing of CSIS group
Luiz Augusto von Dentz [Wed, 5 Apr 2023 22:51:37 +0000 (15:51 -0700)]
main.conf: Fix parsing of CSIS group

There was a typo in the group name using CSIP instead of CSIS.

9 months agomonitor/att: Add decoding support for BASS
Iulia Tanasescu [Wed, 5 Apr 2023 10:54:42 +0000 (13:54 +0300)]
monitor/att: Add decoding support for BASS

This adds decoding support for BASS attributes:

> ACL Data RX: Handle 0 flags 0x02 dlen 7
      ATT: Read Request (0x0a) len 2
        Handle: 0x003a Type: Broadcast Receive State (0x2bc8)

< ACL Data TX: Handle 0 flags 0x00 dlen 45
      ATT: Read Response (0x0b) len 40
        Handle: 0x003a Type: Broadcast Receive State (0x2bc8)
        Value: 0100f2698be807c0013a6501020101000000000403020400
          Source_ID: 1
          Source_Address_Type: 0
          Source_Address: C0:07:E8:8B:69:F2
          Source_Adv_SID: 1
          Broadcast_ID: 0x01653a
          PA_Sync_State: Synchronized to PA
          BIG_Encryption: Broadcast_Code required
          Num_Subgroups: 1
          Subgroup #0:
            BIS_Sync State: 0x00000000
            Metadata #0: len 0x03 type 0x02
            Metadata: 0400

> ACL Data RX: Handle 0 flags 0x02 dlen 7
      ATT: Read Request (0x0a) len 2
        Handle: 0x003d Type: Broadcast Receive State (0x2bc8)

< ACL Data TX: Handle 0 flags 0x00 dlen 5
      ATT: Read Response (0x0b) len 0
        Handle: 0x003d Type: Broadcast Receive State (0x2bc8)
        Value:
          Empty characteristic

> ACL Data RX: Handle 0 flags 0x02 dlen 8
      ATT: Write Request (0x12) len 3
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 00
            Opcode: Remote Scan Stopped (0x00)

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

> ACL Data RX: Handle 0 flags 0x02 dlen 8
      ATT: Write Request (0x12) len 3
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 01
            Opcode: Remote Scan Started (0x01)

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

> ACL Data RX: Handle 0 flags 0x01 dlen 5
      ATT: Write Request (0x12) len 27
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 0200f2698be807c0013a650100ffff01000000000403020400
            Opcode: Add Source (0x02)
            Source_Address_Type: 0
            Source_Address: C0:07:E8:8B:69:F2
            Source_Adv_SID: 1
            Broadcast_ID: 0x01653a
            PA_Sync_State: Do not synchronize to PA
            PA_Interval: 0xffff
            Num_Subgroups: 1
            Subgroup #0:
              BIS_Sync State: 0x00000000
              Metadata #0: len 0x03 type 0x02
              Metadata: 0400

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

> ACL Data RX: Handle 0 flags 0x02 dlen 22
      ATT: Write Request (0x12) len 17
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 030102780001000000000403040400
            Opcode: Modify Source (0x03)
            Source_ID: 1
            PA_Sync_State: Synchronize to PA - PAST not available
            PA_Interval: 0x0078
            Num_Subgroups: 1
            Subgroup #0:
              BIS_Sync State: 0x00000000
              Metadata #0: len 0x03 type 0x04
              Metadata: 0400

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

> ACL Data RX: Handle 0 flags 0x02 dlen 25
      ATT: Write Request (0x12) len 20
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 0401b803eac6afbb65a25a41f15305680201
            Opcode: Set Broadcast_Code (0x04)
            Source_ID: 1
            Broadcast_Code: b803eac6afbb65a25a41f15305680201

< ACL Data TX: Handle 0 flags 0x00 dlen 5
      ATT: Write Response (0x13) len 0

< ACL Data TX: Handle 0 flags 0x00 dlen 33
      ATT: Handle Multiple Value Notification (0x23) len 28
        Length: 0x0018
        Handle: 0x003a Type: Broadcast Receive State (0x2bc8)
          Data: 0100f2698be807c0013a6501020201000000000403020400
          Source_ID: 1
          Source_Address_Type: 0
          Source_Address: C0:07:E8:8B:69:F2
          Source_Adv_SID: 1
          Broadcast_ID: 0x01653a
          PA_Sync_State: Synchronized to PA
          BIG_Encryption: Decrypting
          Num_Subgroups: 1
          Subgroup #0:
            BIS_Sync State: 0x00000000
            Metadata #0: len 0x03 type 0x02
            Metadata: 0400

> ACL Data RX: Handle 0 flags 0x02 dlen 9
      ATT: Write Request (0x12) len 4
        Handle: 0x0040 Type: Broadcast Audio Scan Control Point (0x2bc7)
          Data: 0501
            Opcode: Remove Source (0x05)
            Source_ID: 1

< ACL Data TX: Handle 0 flags 0x00 dlen 9
      ATT: Error Response (0x01) len 4
        Write Request (0x12)
        Handle: 0x0040
        Error: Reserved (0x80)

9 months agoset: Fix not attempt to connect devices with RSI
Luiz Augusto von Dentz [Mon, 3 Apr 2023 18:50:36 +0000 (11:50 -0700)]
set: Fix not attempt to connect devices with RSI

If a device advertising with RSI is only found later after the set was
already create we shall still attempt to connect to it.

9 months agomesh: Tighten IO and fix out-of-bounds array access
Inga Stotland [Sat, 1 Apr 2023 00:16:02 +0000 (17:16 -0700)]
mesh: Tighten IO and fix out-of-bounds array access

This fixes the out-of-bounds array access in mesh-io-mgmt.c caught
by address sanitizer. Similar fixes were applied earlier to
generic and unit IOs. With this patch, the common code is factored
into a centralized location.

9 months agoadapter: Use regular discovery for filters which only have discoverable set
Hans de Goede [Fri, 31 Mar 2023 20:03:29 +0000 (22:03 +0200)]
adapter: Use regular discovery for filters which only have discoverable set

discovery_filter_to_mgmt_cp() does not add discovery_filter.discoverable
to the created mgmt_cp_start_service_discovery struct.

Instead update_discovery_filter() separately checks
client->discovery_filter->discoverable for all clients.

This means that for discovery-filters which only have the discoverable
flag set, to put the adapter in discoverable mode while discovering,
the created mgmt_cp_start_service_discovery struct is empty.

This empty mgmt_cp_start_service_discovery struct then gets sent
to the kernel as part of a MGMT_OP_START_SERVICE_DISCOVERY msg
by start_discovery_timeout().

This use of an empty filter with MGMT_OP_START_SERVICE_DISCOVERY
causes some bluetooth devices to not get seen with some (most?)
Broadcom bluetooth adapters. This problem has been observed with
the following Broadcom models: BCM4343A0, BCM43430A1, BCM43341B0 .

On these models the following 2 devices were not being discovered
when starting a scan with a filter with just discoverable set
in the filter (as gnome-bluetooth does):

Device 09:02:01:03:0F:87 (public)
        Name: Bluetooth 3.0 Keyboard
        Alias: Bluetooth 3.0 Keyboard
        Class: 0x00000540
        Icon: input-keyboard
        Paired: yes
        Bonded: yes
        Trusted: yes
        Blocked: no
        Connected: yes
        WakeAllowed: yes
        LegacyPairing: yes
        UUID: Service Discovery Serve.. (00001000-0000-1000-8000-00805f9b34fb)
        UUID: Human Interface Device... (00001124-0000-1000-8000-00805f9b34fb)
        UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
        Modalias: bluetooth:v05ACp022Cd011B

Device 00:60:D1:00:00:34 (public)
        Name: Bluetooth Mouse
        Alias: Bluetooth Mouse
        Class: 0x00002580
        Icon: input-mouse
        Paired: yes
        Bonded: yes
        Trusted: yes
        Blocked: no
        Connected: yes
        WakeAllowed: yes
        LegacyPairing: no
        UUID: Human Interface Device... (00001124-0000-1000-8000-00805f9b34fb)
        UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
        Modalias: usb:v0103p0204d001E

Since setting the discoverable flag on a filter only is a way to
automatically put the adapter in discoverable mode itself while
it is discovering; and since this does not any device filtering
at all; modify merge_discovery_filters() to treat discovery with
such filters as regular unfiltered discovery.

This results in start_discovery_timeout() starting regular
discovery through a MGMT_OP_START_DISCOVERY message and this
fixes these 2 example devices not getting discovered by the
mentioned Broadcom BT adapter models.

Link: https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/merge_requests/163
Reviewed-by: Bastien Nocera <hadess@hadess.net>
9 months agoSplit bt_iso_qos into dedicated structures
Iulia Tanasescu [Fri, 31 Mar 2023 15:39:27 +0000 (18:39 +0300)]
Split bt_iso_qos into dedicated structures

Split bt_iso_qos into dedicated unicast and broadcast
structures and add additional broadcast parameters.

9 months agoavrcp: Fix crash while handling unsupported events
Luiz Augusto von Dentz [Wed, 22 Mar 2023 18:34:24 +0000 (11:34 -0700)]
avrcp: Fix crash while handling unsupported events

The following crash can be observed if the remote peer send and
unsupported event:

ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000148f11
 at pc 0x559644552088 bp 0x7ffe28b3c7b0 sp 0x7ffe28b3c7a0
 WRITE of size 1 at 0x60b000148f11 thread T0
     #0 0x559644552087 in avrcp_handle_event profiles/audio/avrcp.c:3907
     #1 0x559644536c22 in control_response profiles/audio/avctp.c:939
     #2 0x5596445379ab in session_cb profiles/audio/avctp.c:1108
     #3 0x7fbcb3e51c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
     #4 0x7fbcb3ea66c7  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xaa6c7)
     #5 0x7fbcb3e512b2 in g_main_loop_run (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x552b2)
     #6 0x559644754ab6 in mainloop_run src/shared/mainloop-glib.c:66
     #7 0x559644755606 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
     #8 0x5596445bb963 in main src/main.c:1289
     #9 0x7fbcb3bafd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
     #10 0x7fbcb3bafe3f in __libc_start_main_impl ../csu/libc-start.c:392
     #11 0x5596444e8224 in _start (/usr/local/libexec/bluetooth/bluetoothd+0xf0224)

9 months agomgmt-tester: Add devcoredump tests
Manish Mandlik [Thu, 30 Mar 2023 06:08:03 +0000 (23:08 -0700)]
mgmt-tester: Add devcoredump tests

Add mgmt-tester tests for hci devcoredump. These testa trigger the
devcoredump with a test data and verifies the generated devcoredump
file for the test data and correct devcoredump header fields.

9 months agovhci: Add support to trigger devcoredump and read the dump file
Manish Mandlik [Thu, 30 Mar 2023 06:08:02 +0000 (23:08 -0700)]
vhci: Add support to trigger devcoredump and read the dump file

Add vhci support to trigger the hci devcoredump by writing to
force_devcoredump debugfs entry and read the generated devcoredump
file.

9 months agodevice: Fix not setting initiator flag when auto-connecting
Luiz Augusto von Dentz [Wed, 29 Mar 2023 20:27:05 +0000 (13:27 -0700)]
device: Fix not setting initiator flag when auto-connecting

If the device is marked as auto-connect the kernel may initiate the
connection spontaneously causing new connections to not have set the
state->initiator flag properly.

9 months agobap: Mark devices to auto-connect
Luiz Augusto von Dentz [Wed, 29 Mar 2023 19:55:16 +0000 (12:55 -0700)]
bap: Mark devices to auto-connect

This makes devices with BAP support to auto-connect once they start
advertising.

9 months agol2test: Fix setting mode for BR/EDR l2cap socket
Simon Mikuda [Tue, 28 Mar 2023 05:26:19 +0000 (07:26 +0200)]
l2test: Fix setting mode for BR/EDR l2cap socket

BT_MODE_* enums are used only for socket SOL_BLUETOOTH, option BT_MODE
Otherwise we should use L2CAP_MODE_* enums.

9 months agol2test: Enable hex input for PSM
Simon Mikuda [Tue, 28 Mar 2023 05:26:18 +0000 (07:26 +0200)]
l2test: Enable hex input for PSM

9 months agomonitor: Cache IRK being parsed
Luiz Augusto von Dentz [Fri, 24 Mar 2023 23:38:56 +0000 (16:38 -0700)]
monitor: Cache IRK being parsed

This caches any IRK being parsed so they can be used to resolve
addresses later which fixes the problem of only being able to resolve
addresses if the monitor happens to be active while SMP exchange the
keys.

9 months agomonitor/att: Fix not loading gatt_db for devices using RPA
Luiz Augusto von Dentz [Fri, 24 Mar 2023 23:38:55 +0000 (16:38 -0700)]
monitor/att: Fix not loading gatt_db for devices using RPA

Device using RPA have its storage using its identity address so this
uses keys_resolve_identity to attempt to resolve the destination
address instead of always using the connection address.

9 months agomonitor/att: Print value when printing descriptors
Luiz Augusto von Dentz [Fri, 24 Mar 2023 23:38:54 +0000 (16:38 -0700)]
monitor/att: Print value when printing descriptors

This prints the value attribute information when print attribute
descriptors:

< ACL Data TX: Handle 3585 flags 0x00 dlen 9
      ATT: Write Request (0x12) len 4
        Handle: 0x002c Type: Client Characteristic Configuration (0x2902)
        Value Handle: 0x002b Type: Battery Level (0x2a19)
          Data: 0100
            Notification (0x01)

9 months agoshared/gatt-db: Make gatt_db_attribute_get_value public
Luiz Augusto von Dentz [Fri, 24 Mar 2023 23:38:53 +0000 (16:38 -0700)]
shared/gatt-db: Make gatt_db_attribute_get_value public

This makes gatt_db_attribute_get_value public so it can be used by the
likes of btmon.

9 months agoclient: Add samples init scripts
Luiz Augusto von Dentz [Wed, 22 Mar 2023 01:13:49 +0000 (18:13 -0700)]
client: Add samples init scripts

This adds sample init scripts that can be passed to bluetoothctl for
testing.

9 months agoshared/shell: Add support for -i/--init-script
Luiz Augusto von Dentz [Wed, 22 Mar 2023 01:13:48 +0000 (18:13 -0700)]
shared/shell: Add support for -i/--init-script

This adds support for -i/--init-script which can be used to provide a
file with commands to be initialized, the commands are then run in
sequence after completing:

client/bluetoothctl -i client/power-on-off.bt
Agent registered
Changing power on succeeded
[CHG] Controller A8:7E:EA:56:87:D5 Pairable: yes
[CHG] Controller 98:8D:46:EE:6D:16 Pairable: yes
[CHG] Controller 98:8D:46:EE:6D:16 PowerState: on-disabling
AdvertisementMonitor path registered

9 months agobap: Fix not continue selecting if endpoint respond with an error
Luiz Augusto von Dentz [Fri, 17 Mar 2023 16:14:18 +0000 (09:14 -0700)]
bap: Fix not continue selecting if endpoint respond with an error

If the endpoint respond with an error we shall decrement selecting
counter and proceed to check if there is any stream that can be
configured.

9 months agomonitor: Fix printing Signed Write Command
Simon Mikuda [Thu, 23 Mar 2023 10:28:58 +0000 (11:28 +0100)]
monitor: Fix printing Signed Write Command

Data field were print twice (1 time incorrectly):
> ACL Data RX: Handle 64 flags 0x02 dlen 19
      ATT: Signed Write Command (0xd2) len 14
        Handle: 0x006f Type: Vendor specific (f7debc9a-7856-3412-7856-341278563412)
          Data: 0800000087f303c224516133
          Data:
          Signature: 0800000087f303c224516133

9 months agomonitor: Fix crash when there is no write handler
Simon Mikuda [Thu, 23 Mar 2023 10:28:57 +0000 (11:28 +0100)]
monitor: Fix crash when there is no write handler

9 months agoobexd: reject to accept file when replying reject message
Aaron_shen [Wed, 15 Mar 2023 10:04:35 +0000 (18:04 +0800)]
obexd: reject to accept file when replying reject message

It will accept file when obex agent replied any message
event though the message is org.bluez.obex.Error.Rejected.
The patch helps to reject a Bluetooth object push request if
user replied "org.bluez.obex.Error.Rejected" message according
to the doc/obex-agent-api.txt.

9 months agoaudio/transport: Propagate errors from avrcp_set_volume to DBus
Marijn Suijten [Sat, 11 Mar 2023 01:12:02 +0000 (02:12 +0100)]
audio/transport: Propagate errors from avrcp_set_volume to DBus

Any error while setting absolute volume on the peer, or notifying the
peer of changes was previously going completely unnoticed.  Propagate it
to the logs and back to the DBus "Volume" property setter so that they
aren't misled into thinking that the AVRCP command succeeded.

Note that an error is mostly harmless when the setter of the property is
an audio sink and the peer the audio source: in this case we're only
_notifying_ the peer of the change when it has already been applied on
the sink.

Also improve the other two error messages to more closely describe what
was "invalid" about the argument.

9 months agomesh: On exit free timer for filtering duplicates
Inga Stotland [Mon, 20 Mar 2023 05:06:18 +0000 (22:06 -0700)]
mesh: On exit free timer for filtering duplicates

This frees resources associated with duplicate filter timer
when destroying management IO.

9 months agotools/mesh-cfgclient: Auto request own composition data
Inga Stotland [Thu, 16 Mar 2023 21:33:12 +0000 (14:33 -0700)]
tools/mesh-cfgclient: Auto request own composition data

When attaching a local provisioner node, always request own
composition data to accommodate functional consolidation of
regular and remote provisioning mechanisms.
The knowledge of the own node composition is necessary for
provisioning initiation and self configuration.

9 months agotools/mesh-cfgclient: Prevent storing duplicate models
Inga Stotland [Thu, 16 Mar 2023 21:33:11 +0000 (14:33 -0700)]
tools/mesh-cfgclient: Prevent storing duplicate models

This fixes the situation when subsequent requests to get a node
composition result in appending element's model list with duplicate models.
This adds a check for a presence of a model on an element when attempting
to add a new model ID to a model list on this element.

9 months agodoc: describe new ISO Transport properties
Pauli Virtanen [Wed, 15 Mar 2023 22:16:39 +0000 (22:16 +0000)]
doc: describe new ISO Transport properties

Document the currently undocumented transport QoS properties.

9 months agotransport: add CIG/CIS/PHY properties, don't show unset QoS properties
Pauli Virtanen [Wed, 15 Mar 2023 22:16:38 +0000 (22:16 +0000)]
transport: add CIG/CIS/PHY properties, don't show unset QoS properties

Add CIG, CIS, and PHY properties to BAP transport.  The other QoS
properties are there, and these may also be useful to clients, e.g.  to
manage CIG/CIS allocation as client.

Hide transport QoS properties when they are not configured.

9 months agoshared/gatt-client: Fix not creating a request for notifications
Luiz Augusto von Dentz [Thu, 16 Mar 2023 19:32:58 +0000 (12:32 -0700)]
shared/gatt-client: Fix not creating a request for notifications

Notifications were using bt_att_send directly instead of
bt_gatt_client_write_value thus it wouldn't create a request which
causes the instance to not be able to track it which in turn may cause
the client to trigger its idle callback too early.

Fixes: https://github.com/bluez/bluez/issues/490

9 months agomesh: Don't send Prov Failed on non-existant links
Brian Gix [Wed, 15 Mar 2023 20:56:37 +0000 (13:56 -0700)]
mesh: Don't send Prov Failed on non-existant links

If remote device does not respond to a Prov Link Open request, then the
callbacks do not get established, and attempting to send Failure
messages on the non-existent link rersult in seg fault.

9 months agomesh: Make MGMT mesh-io less noisy
Brian Gix [Wed, 15 Mar 2023 17:24:52 +0000 (10:24 -0700)]
mesh: Make MGMT mesh-io less noisy

Remove excessive logging traffic

9 months agomesh: Filter originated Provisioning Data packets
Brian Gix [Wed, 15 Mar 2023 15:05:43 +0000 (08:05 -0700)]
mesh: Filter originated Provisioning Data packets

The mesh daemon can process incoming mesh packets on more than one
controller, but if a Provisioning data packet that originated from the
local daemon is received by a different controller, it must be filtered
and disregarded, or it will break the provisioning protocol.

9 months agomesh: Loopback unprovisioned beacons
Brian Gix [Thu, 9 Mar 2023 20:17:49 +0000 (12:17 -0800)]
mesh: Loopback unprovisioned beacons

Because the daemon explicitly supports multiple nodes, we need
local Config Clients to be able to see local unprovisioned devices.

This loops the unprovisioned beacon, so that local Provisioning servers
can see it.

Fixes Issue: https://github.com/bluez/bluez/issues/341

9 months agomesh: Fix uninitialized memory usage
Brian Gix [Mon, 13 Mar 2023 18:48:42 +0000 (11:48 -0700)]
mesh: Fix uninitialized memory usage

When attempting to cancel an unknown Scan request structure must be
NULL initialized.

9 months agoshared/gatt-client: Fix crash on bt_gatt_client_idle_unregister
Luiz Augusto von Dentz [Tue, 14 Mar 2023 19:23:25 +0000 (12:23 -0700)]
shared/gatt-client: Fix crash on bt_gatt_client_idle_unregister

This fixes the following crash:

Invalid read of size 8
   at 0x1E1E0B: bt_gatt_client_idle_unregister (gatt-client.c:3812)
   by 0x1EB6BD: bt_bap_detach (bap.c:3821)
   by 0x1EB6BD: bt_bap_detach (bap.c:3808)
   by 0x1D5631: queue_foreach (queue.c:207)
   by 0x1DCAA3: disconnect_cb (att.c:713)
   by 0x1F4404: watch_callback (io-glib.c:157)
   by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x1F4A54: mainloop_run (mainloop-glib.c:66)
   by 0x1F4E21: mainloop_run_with_signal (mainloop-notify.c:188)
   by 0x1304B4: main (main.c:1428)
 Address 0x28 is not stack'd, malloc'd or (recently) free'd

9 months agobtmon: Fix decoding truncated data
Łukasz Rymanowski [Sat, 11 Mar 2023 23:36:40 +0000 (00:36 +0100)]
btmon: Fix decoding truncated data

Some platforms use different filtering and for this purpose,
some of the ACL/SCO/ISO/SDP data is truncated.

In such a case, included length is smaller than the original size.
Without this fix, btmon stops working after first truncated packet.

9 months agoshared/bap: fix Locations, Context to be PACS not PAC properties
Pauli Virtanen [Tue, 14 Mar 2023 18:04:27 +0000 (18:04 +0000)]
shared/bap: fix Locations, Context to be PACS not PAC properties

Audio Locations and Contexts are properties of the PACS service, not of
individual PAC, as these are device-wide bitmaps and a single
characteristic may exist on PACS server (PACS v1.0 Sec 3).

Move the attributes out from bt_bap_pac to bt_bap_pacs, and actually
keep track of the values.

9 months agodevice: Fix crash attempting to read Sets property
Luiz Augusto von Dentz [Mon, 13 Mar 2023 18:31:21 +0000 (11:31 -0700)]
device: Fix crash attempting to read Sets property

The following set can be observed when a sirk is exists but it is
encrypted leading to info->set to not be set:

Invalid read of size 8
   at 0x1ACDF0: append_set (device.c:1662)
   by 0x1FFEFFF7DF: ???
   by 0x1D4461: queue_foreach (queue.c:207)
   by 0x1AC8DE: dev_property_get_set (device.c:1700)
   by 0x1CF3E2: append_property (object.c:498)
   by 0x1CFA91: append_properties (object.c:527)
   by 0x1CFAFD: append_interface (object.c:542)
   by 0x48D7CEF: g_slist_foreach (gslist.c:887)
   by 0x1CF5A7: append_interfaces (object.c:1104)
   by 0x1CF5A7: append_object (object.c:1119)
   by 0x48D7CEF: g_slist_foreach (gslist.c:887)
   by 0x1CF5D0: append_object (object.c:1122)
   by 0x48D7CEF: g_slist_foreach (gslist.c:887)
 Address 0x8 is not stack'd, malloc'd or (recently) free'd

9 months agoshared/csip: Fix crash on bt_csip_get_sirk
Luiz Augusto von Dentz [Mon, 13 Mar 2023 22:51:50 +0000 (15:51 -0700)]
shared/csip: Fix crash on bt_csip_get_sirk

This fixes the following trace:

Invalid read of size 1
   at 0x1F4282: bt_csip_get_sirk (csip.c:812)
   by 0x176B21: csip_ready (csip.c:259)
   by 0x1F3C74: csip_notify_ready (csip.c:578)
   by 0x1F3C74: csip_idle (csip.c:659)
   by 0x1DCDCC: idle_notify (gatt-client.c:171)
   by 0x1D579A: queue_remove_if (queue.c:279)
   by 0x1D584F: queue_remove_all (queue.c:321)
   by 0x1E036F: notify_client_idle (gatt-client.c:180)
   by 0x1E036F: request_unref (gatt-client.c:199)
   by 0x1DC60D: destroy_att_send_op (att.c:211)
   by 0x1DC60D: handle_rsp (att.c:874)
   by 0x1DC60D: can_read_data (att.c:1064)
   by 0x1F43F4: watch_callback (io-glib.c:157)
   by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
   by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
 Address 0x0 is not stack'd, malloc'd or (recently) free'd

9 months agoshared/gatt-client: Introduce bt_gatt_client_ref_safe
Luiz Augusto von Dentz [Mon, 13 Mar 2023 22:51:49 +0000 (15:51 -0700)]
shared/gatt-client: Introduce bt_gatt_client_ref_safe

This introduces bt_gatt_client_ref_save which ensures the instaces
which are being destroyed, e.g. ref_count = 0, do not attempt to reach
callbacks.

9 months agoshared/csip: Fix not unregistering idle callback on detach
Luiz Augusto von Dentz [Mon, 13 Mar 2023 22:51:48 +0000 (15:51 -0700)]
shared/csip: Fix not unregistering idle callback on detach

This make sure idle callback is unregistered before bt_gatt_client is
unref.

9 months agoshared/bap: Fix not unregistering idle callback on detach
Luiz Augusto von Dentz [Mon, 13 Mar 2023 22:51:47 +0000 (15:51 -0700)]
shared/bap: Fix not unregistering idle callback on detach

This make sure idle callback is unregistered before bt_gatt_client is
unref.

9 months agomesh: Fix node when loading from storage
Inga Stotland [Fri, 10 Mar 2023 01:35:12 +0000 (17:35 -0800)]
mesh: Fix node when loading from storage

This fixes adding mandatory models (config server, remote provisioner)
to a node whose configuration is being loaded from storage:
mesh_model_add() was called with a wrong argument.

Was:     mesh_model_add(..., PRIMARY_ELE_IDX, ...);
Correct: mesh_model_add(..., ele->models, ...);

9 months agoclient: Use AdvertisingFlags when available
Luiz Augusto von Dentz [Tue, 7 Mar 2023 00:48:43 +0000 (16:48 -0800)]
client: Use AdvertisingFlags when available

This prints devices not discoverable in grey so the user are able to
distict when for example set members are actually visible.

9 months agoclient: Add support for DeviceSet proxy
Luiz Augusto von Dentz [Fri, 3 Mar 2023 22:07:14 +0000 (14:07 -0800)]
client: Add support for DeviceSet proxy

9 months agotools: Add support to generate RSI using SIRK
Sathish Narasimman [Tue, 22 Nov 2022 10:12:32 +0000 (15:42 +0530)]
tools: Add support to generate RSI using SIRK

The patch helps to generate Resolvable set identifier adv data.
which can be used as ADV data during advertisement.
It will be used to identify the device as part of setmember for
Coordinated set identification profile.
Example:
$<path to advtest/>advtest -i "761FAE703ED681F0C50B34155B6434FB"
SIRK: 761FAE703ED681F0C50B34155B6434FB
  RSI:  0x71 0xcb 0xbc 0x7e 0x01 0x84
    Random: bccb71
    Hash:   84017e

9 months agoprofiles: Add initial code for csip plugin
Sathish Narasimman [Tue, 22 Nov 2022 10:12:30 +0000 (15:42 +0530)]
profiles: Add initial code for csip plugin

This adds initial code for csip plugin which handles Coordinated
set identification Profile and Coordinated Set Identification
Service.

9 months agoshared/csip: Add initial code for handling CSIP
Sathish Narasimman [Tue, 22 Nov 2022 10:12:29 +0000 (15:42 +0530)]
shared/csip: Add initial code for handling CSIP

This adds initial code for Coordinated Set Identification Profile.

9 months agomain.conf: Add CSIP profile configurable options
Sathish Narasimman [Tue, 22 Nov 2022 10:12:28 +0000 (15:42 +0530)]
main.conf: Add CSIP profile configurable options

This introduces option to configure main.conf that can be used to
configure co-ordinated set identification profile.

9 months agocore: Check if device has RSI
Luiz Augusto von Dentz [Wed, 22 Feb 2023 22:06:05 +0000 (14:06 -0800)]
core: Check if device has RSI

This checks if device is advertising an RSI and if so disregards if it
is not discoverable since other members can be.

9 months agocore: Add initial implementation of DeviceSet interface
Luiz Augusto von Dentz [Fri, 3 Mar 2023 01:10:07 +0000 (17:10 -0800)]
core: Add initial implementation of DeviceSet interface

This adds the initial implementation of DeviceSet interface as
documented in doc/set-api.rst.

9 months agodevice-api: Add Set property
Luiz Augusto von Dentz [Sat, 4 Mar 2023 00:04:26 +0000 (16:04 -0800)]
device-api: Add Set property

This adds Set property so clients are able to identify when a device
belongs to a set.

9 months agodoc: Add set-api
Luiz Augusto von Dentz [Fri, 3 Mar 2023 01:03:26 +0000 (17:03 -0800)]
doc: Add set-api

This adds set-api.rst which documents DeviceSet interface.

9 months agoshared/ad: Add RSI data type
Luiz Augusto von Dentz [Thu, 2 Mar 2023 22:16:07 +0000 (14:16 -0800)]
shared/ad: Add RSI data type

This adds BT_AD_CSIP_RSI advertising data type.

9 months agoshared/crypto: Add bt_crypto_sirk
Luiz Augusto von Dentz [Thu, 2 Mar 2023 21:47:44 +0000 (13:47 -0800)]
shared/crypto: Add bt_crypto_sirk

This adds bt_crypto_sirk which attempts to generate a unique SIRK using
the following steps:

 - Generate a hash (k) using the str as input
 - Generate a hash (sirk) using vendor, product, version and source as input
 - Encrypt sirk using k as LTK with sef function.

9 months agoclient/player: Update High Reliability presets
Luiz Augusto von Dentz [Fri, 10 Mar 2023 21:18:45 +0000 (13:18 -0800)]
client/player: Update High Reliability presets

This updates High Reliability presets as published in BAP 1.0.1:

https://www.bluetooth.com/specifications/bap-1-0-1/

9 months agoiso-tester: Update High Reliability presets
Luiz Augusto von Dentz [Fri, 10 Mar 2023 21:17:22 +0000 (13:17 -0800)]
iso-tester: Update High Reliability presets

This updates High Reliability presets as published in BAP 1.0.1:

https://www.bluetooth.com/specifications/bap-1-0-1/

9 months agol2cap-tester: Add server tests for Ext-Flowctl
Luiz Augusto von Dentz [Wed, 8 Mar 2023 23:30:46 +0000 (15:30 -0800)]
l2cap-tester: Add server tests for Ext-Flowctl

This adds the following tests:

L2CAP Ext-Flowctl Server - Success
L2CAP Ext-Flowctl Server - Nval SCID
L2CAP LE EATT Client - Success
L2CAP LE EATT Server - Success
L2CAP LE EATT Server - Reject

9 months agogatt: Use DEFER_SETUP for EATT channels
Luiz Augusto von Dentz [Thu, 9 Mar 2023 22:20:17 +0000 (14:20 -0800)]
gatt: Use DEFER_SETUP for EATT channels

This makes use of DEFER_SETUP mechanism to do the following checks
before accepting the connection:

 - Checks a valid device object exits
 - Checks if initiator/central as if the peripheral start connecting it
   may cause collisions.
 - Checks if the limit of allowed connections has been reached.

9 months agomain: Disable EATT by default
Luiz Augusto von Dentz [Thu, 9 Mar 2023 18:51:46 +0000 (10:51 -0800)]
main: Disable EATT by default

EATT is causing some problem with some platforms as they also attempt to
configure it may cause a connection collision which needs to be handled
by the kernel.

9 months agogatt: Fix creating duplicated objects
Luiz Augusto von Dentz [Wed, 8 Mar 2023 00:49:38 +0000 (16:49 -0800)]
gatt: Fix creating duplicated objects

This checks cid before attempting to create device, if the device is
using an RPA it could be that the MGMT event has not been processed yet
which would lead to create a second copy of the same device using its
identity address.

9 months agodevice: Fix not always storing device info
Luiz Augusto von Dentz [Wed, 8 Mar 2023 00:47:33 +0000 (16:47 -0800)]
device: Fix not always storing device info

When updating the device address check if the device is marked as
temporary before attempting to call store_device_info otherwise it will
have no effect and instead btd_device_set_temporary must be called.

9 months agoshared/att: Always queue BT_ATT_OP_MTU_REQ on the fixed channel
Luiz Augusto von Dentz [Tue, 7 Mar 2023 21:00:22 +0000 (13:00 -0800)]
shared/att: Always queue BT_ATT_OP_MTU_REQ on the fixed channel

BT_ATT_OP_MTU_REQ shall only be sent on the so called fixed channel
since EATT channels shall use L2CAP procedure to update its MTU.

9 months agobap: Fix crash on unexpected disconnect
Luiz Augusto von Dentz [Thu, 2 Mar 2023 19:56:36 +0000 (11:56 -0800)]
bap: Fix crash on unexpected disconnect

If an unexpected disconnect happens while bt_bap_config is pending the
following trace can be observed, to fix it bt_bap_config is reworked so
it no longer attempts to create and config the stream in place, instead
it just return the new stream and the function is renamed to
bt_bap_stream_new:

Invalid write of size 4
   at 0x3980D8: config_cb (bap.c:395)
   by 0x4DF5A3: bap_req_complete (bap.c:3471)
   by 0x4E9D33: bap_req_detach (bap.c:3807)
   by 0x4E9D33: bt_bap_detach (bap.c:3819)
   by 0x4E9D33: bt_bap_detach (bap.c:3810)
   by 0x397AA9: bap_disconnect (bap.c:1342)
   by 0x4223E0: btd_service_disconnect (service.c:305)
   by 0x4974D8F: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.7200.3)
   by 0x438FC3: att_disconnected_cb (device.c:5160)
   by 0x49A6C6: queue_foreach (queue.c:207)
   by 0x4B463B: disconnect_cb (att.c:701)
   by 0x5054DF: watch_callback (io-glib.c:157)
   by 0x495BFAE: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7200.3)
   by 0x49B12C7: ??? (in /usr/lib64/libglib-2.0.so.0.7200.3)
 Address 0x6576940 is 96 bytes inside a block of size 112 free'd
   at 0x48480E4: free (vg_replace_malloc.c:872)
   by 0x48F78D: remove_interface (object.c:660)
   by 0x490489: g_dbus_unregister_interface (object.c:1394)
   by 0x397BA8: ep_remove (bap.c:1330)
   by 0x49ACF4: queue_remove_if (queue.c:279)
   by 0x49B0AC: queue_remove_all (queue.c:321)
   by 0x397A7C: bap_disconnect (bap.c:1339)
   by 0x4223E0: btd_service_disconnect (service.c:305)
   by 0x4974D8F: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.7200.3)
   by 0x438FC3: att_disconnected_cb (device.c:5160)
   by 0x49A6C6: queue_foreach (queue.c:207)
   by 0x4B463B: disconnect_cb (att.c:701)
 Block was alloc'd at
   at 0x484586F: malloc (vg_replace_malloc.c:381)
   by 0x49B432: util_malloc (util.c:43)
   by 0x39A1D9: ep_register (bap.c:563)
   by 0x39A1D9: pac_found (bap.c:664)
   by 0x4E5FEA: bap_foreach_pac (bap.c:3980)
   by 0x4EA437: bap_notify_ready (bap.c:2736)
   by 0x4EA437: bap_idle (bap.c:3711)
   by 0x4B52F0: idle_notify (gatt-client.c:171)
   by 0x49ACF4: queue_remove_if (queue.c:279)
   by 0x49B0AC: queue_remove_all (queue.c:321)
   by 0x4C092C: notify_client_idle (gatt-client.c:180)
   by 0x4C092C: request_unref (gatt-client.c:199)
   by 0x4AACB5: destroy_att_send_op (att.c:209)
   by 0x4B2B88: handle_rsp (att.c:862)
   by 0x4B2B88: can_read_data (att.c:1052)
   by 0x5054DF: watch_callback (io-glib.c:157)

9 months agoshared/bap: Make use of bt_gatt_client_idle_register
Luiz Augusto von Dentz [Thu, 2 Mar 2023 00:23:15 +0000 (16:23 -0800)]
shared/bap: Make use of bt_gatt_client_idle_register

This uses bt_gatt_client_idle_register to track when instance is ready
instead of using a dedicated queue to track requests.

Fixes: https://github.com/bluez/bluez/issues/485

9 months agomedia: Fix not checking BREDR support for A2DP
Luiz Augusto von Dentz [Wed, 1 Mar 2023 01:33:27 +0000 (17:33 -0800)]
media: Fix not checking BREDR support for A2DP

A2DP shall depend on MGMT_SETTING_BREDR setting so the likes of
bluetoothctl -e don't attempt to register A2DP with controller that
are on LE only mode.

9 months agoshare/gatt-client: Introduce idle callback
Luiz Augusto von Dentz [Wed, 1 Mar 2023 00:05:47 +0000 (16:05 -0800)]
share/gatt-client: Introduce idle callback

This introduces the concept of idle callback which can be used to get
notified when there is no more pending requests by the client.

9 months agoshared/bap: Cleanup requests on detach
Luiz Augusto von Dentz [Tue, 28 Feb 2023 22:22:31 +0000 (14:22 -0800)]
shared/bap: Cleanup requests on detach

If session is being detached any ongoing/queue request shall be
cancelled as well otherwise when the session is attach again they would
be invalid.

9 months agoclient: Allow transport.send command to work with multiple transports
Luiz Augusto von Dentz [Tue, 28 Feb 2023 01:07:43 +0000 (17:07 -0800)]
client: Allow transport.send command to work with multiple transports

This enables transport.send to work with multiple transports instead of
sending one by one which can create synchronization problems.

9 months agodevice: Don't attempt to connect LE if ATT is already connected
Luiz Augusto von Dentz [Fri, 24 Feb 2023 00:31:19 +0000 (16:31 -0800)]
device: Don't attempt to connect LE if ATT is already connected

This checks if an att instance already exists before attempting to
connect it once again.

9 months agoiso-tester: Add test for central receiving timestamped ISO packet
Pauli Virtanen [Sat, 25 Feb 2023 21:42:51 +0000 (21:42 +0000)]
iso-tester: Add test for central receiving timestamped ISO packet

This attempts to receive a timestamped HCI ISO data packet on central.

With kernel 6.2 HCI ISO packet parsing this test fails with
Bluetooth: Frame malformed (len 40, expected len 0)

Link: https://lore.kernel.org/linux-bluetooth/1fd2d4523c139deda93aab2c31f1508d79c32472.1676921889.git.pav@iki.fi/
9 months agobthost: Allow sending ISO packets with sequence number and timestamp
Pauli Virtanen [Sat, 25 Feb 2023 21:42:50 +0000 (21:42 +0000)]
bthost: Allow sending ISO packets with sequence number and timestamp

Change bthost_send_iso to take packet sequence number and timestamp, and
allow it to send timestamped HCI ISO data packets.

Currently, btdev passes through ISO packets, so this can also be used to
test RX timestamping.

9 months agoshared/bap: fix crash unregistering media endpoint while streaming
Pauli Virtanen [Fri, 24 Feb 2023 18:09:46 +0000 (18:09 +0000)]
shared/bap: fix crash unregistering media endpoint while streaming

Always free BAP stream in bt_bap_stream_release if it is not attached to
a client session, simplifying the cleanup.

Fixes the following ASAN crash is observed when media endpoint is
unregistered (stopping sound server) while streaming from remote BAP
client:

ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0000474d8
READ of size 8 at 0x60b0000474d8 thread T0
    #0 0x7a27c6 in stream_set_state src/shared/bap.c:1227
    #1 0x7aff61 in remove_streams src/shared/bap.c:2483
    #2 0x71d2d0 in queue_foreach src/shared/queue.c:207
    #3 0x7b0152 in bt_bap_remove_pac src/shared/bap.c:2501
    #4 0x463cda in media_endpoint_destroy profiles/audio/media.c:179
    ...
0x60b0000474d8 is located 8 bytes inside of 112-byte region
freed by thread T0 here:
    #0 0x7f93b12b9388 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xb9388)
    #1 0x7a0504 in bap_stream_free src/shared/bap.c:972
    #2 0x7a0800 in bap_stream_detach src/shared/bap.c:989
    #3 0x7a26d1 in bap_stream_state_changed src/shared/bap.c:1208
    #4 0x7a2ab4 in stream_set_state src/shared/bap.c:1252
    #5 0x7ab18a in stream_release src/shared/bap.c:1985
    #6 0x7c6919 in bt_bap_stream_release src/shared/bap.c:4572
    #7 0x7aff50 in remove_streams src/shared/bap.c:2482
    ...
previously allocated by thread T0 here:
    #0 0x7f93b12ba6af in __interceptor_malloc (/lib64/libasan.so.8+0xba6af)
    #1 0x71e9ae in util_malloc src/shared/util.c:43
    #2 0x79c2f5 in bap_stream_new src/shared/bap.c:766
    #3 0x7a4863 in ep_config src/shared/bap.c:1446
    #4 0x7a4f22 in ascs_config src/shared/bap.c:1481
    ...

9 months agodevice: wait GATT client ready before service accept() if no cache
Pauli Virtanen [Thu, 23 Feb 2023 19:14:44 +0000 (19:14 +0000)]
device: wait GATT client ready before service accept() if no cache

On device ATT attach, do not immediately call accept() for profiles, if
there is no cached data in GATT database. Instead, wait for service
resolution to complete, as likely accept() cannot succeed before that.

Several profiles (bap, vcp, midi, deviceinfo) assume that GATT
attributes are available when their accept() is called, returning
success even if not.  In this case, the services never find the remote
attributes and are not operable.  Other profiles (hog, batt, ...) fail
their accept which prompts core to retry after discovery, and work
correctly also in this case.

Fix the failing services by waiting for service resolution as necessary,
so profiles can assume the GATT DB has some content.

9 months agoconfigure: Check ell path
Tedd Ho-Jeong An [Mon, 20 Feb 2023 18:12:05 +0000 (10:12 -0800)]
configure: Check ell path

If the 'enable-external-ell' is not specified in the configure parameter,
the build system assumes that the ELL source is located same level where
the bluez source is cloned. But the configure doens't check the folder
and user will get the build error while building the source.

This patch checks if the ELL source path if the 'enable-external-ell'
flag is not set and throws an error if the ELL doesn't exist.

9 months agoaudio/transport: update BAP transport QOS values when changed
Pauli Virtanen [Sun, 19 Feb 2023 18:02:03 +0000 (18:02 +0000)]
audio/transport: update BAP transport QOS values when changed

Currently, BAP transport publishes on DBus QOS values obtained at
transport creation time. For BAP server the transport creation usually
occurs before stream QOS is configured, and these values are then all
zero. bap->sdu is also never set.

Update transport QOS values in DBus when stream state changes.  Since
nearly all QOS values are exposed in the transport, use bt_bap_qos to
store them there for simplicity.

9 months agomedia: fix ASAN crash in pac_config_cb
Pauli Virtanen [Wed, 15 Feb 2023 22:26:02 +0000 (22:26 +0000)]
media: fix ASAN crash in pac_config_cb

Don't call configuration callback if stream's transport was cleared in
the meantime.  The clear callback is called just before the stream is
freed.

Fixes ASAN crash on disconnect while waiting for SetConfiguration DBus
reply:

ERROR: AddressSanitizer: heap-use-after-free on address 0x60b00002eb90
READ of size 8 at 0x60b00002eb90 thread T0
    #0 0x7a4892 in bap_stream_config_cfm_cb src/shared/bap.c:3201
    #1 0x4688fb in pac_config_cb profiles/audio/media.c:1010
    #2 0x462164 in media_endpoint_cancel profiles/audio/media.c:157
    #3 0x462243 in media_endpoint_cancel_all profiles/audio/media.c:165
    #4 0x46365b in clear_endpoint profiles/audio/media.c:297
    #5 0x463a21 in endpoint_reply profiles/audio/media.c:325
...
freed by thread T0 here:
    #0 0x7eff644b9388 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xb9388)
    #1 0x78d8cc in bap_stream_free src/shared/bap.c:974
    #2 0x78dbc8 in bap_stream_detach src/shared/bap.c:991
    #3 0x78fa43 in bap_stream_state_changed src/shared/bap.c:1210
    #4 0x78fe26 in stream_set_state src/shared/bap.c:1254
    #5 0x7ab5ce in stream_foreach_detach src/shared/bap.c:3820
    #6 0x70ce06 in queue_foreach src/shared/queue.c:207
    #7 0x7ab942 in bt_bap_detach src/shared/bap.c:3836
    #8 0x51da7a in bap_disconnect profiles/audio/bap.c:1342
    #9 0x626e57 in btd_service_disconnect src/service.c:305

9 months agomedia: look up BAP transports by their associated stream
Pauli Virtanen [Wed, 15 Feb 2023 22:26:01 +0000 (22:26 +0000)]
media: look up BAP transports by their associated stream

To look up transports, use BAP stream pointers associated with them, not
the path strings stored in the stream user data. This makes it clearer
that transports presented to the sound server correspond to the actual
streams.  The Acquire/etc. of BAP transports are already tied to the
associated stream.

This fixes use-after-free crashes in pac_clear.  They occur because the
lifetime of the path string was either that of media transport or media
endpoint, which may be shorter than that of the BAP stream.  In such
case, pac_clear is entered with invalid pointer in stream user data,
leading to crash.  There are a few code paths for this, e.g. making
sound server delay its SetConfiguration response (e.g. gdb breakpoint)
to get dbus timeout, then disconnecting:

ERROR: AddressSanitizer: heap-use-after-free on address XXXX
READ of size 3 at 0x606000031640 thread T0
...
    #4 0x559891 in btd_debug src/log.c:117
    #5 0x46abfd in pac_clear profiles/audio/media.c:1096
    #6 0x79fcaf in bap_stream_clear_cfm src/shared/bap.c:914
    #7 0x7a060d in bap_stream_detach src/shared/bap.c:987
    #8 0x7a25ea in bap_stream_state_changed src/shared/bap.c:1210
    #9 0x7a29cd in stream_set_state src/shared/bap.c:1254
    #10 0x7be824 in stream_foreach_detach src/shared/bap.c:3820
    #11 0x71d15d in queue_foreach src/shared/queue.c:207
    #12 0x7beb98 in bt_bap_detach src/shared/bap.c:3836
    #13 0x5228cb in bap_disconnect profiles/audio/bap.c:1342
    #14 0x63247c in btd_service_disconnect src/service.c:305
freed by thread T0 here:
    #0 0x7f16708b9388 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xb9388)
    #1 0x7f167071b8cc in g_free (/lib64/libglib-2.0.so.0+0x5b8cc)
    #2 0x7047b7 in remove_interface gdbus/object.c:660
    #3 0x70aef6 in g_dbus_unregister_interface gdbus/object.c:1394
    #4 0x47be30 in media_transport_destroy profiles/audio/transport.c:217
    #5 0x464ab9 in endpoint_remove_transport profiles/audio/media.c:270
    #6 0x464d26 in clear_configuration profiles/audio/media.c:292
    #7 0x464e69 in clear_endpoint profiles/audio/media.c:300
    #8 0x46516e in endpoint_reply profiles/audio/media.c:325
...

Fixes: 7b1b1a499cf3 ("media: clear the right transport when clearing BAP endpoint")

9 months agoaudio/transport: add media_transport_get_stream method for transports
Pauli Virtanen [Wed, 15 Feb 2023 22:26:00 +0000 (22:26 +0000)]
audio/transport: add media_transport_get_stream method for transports

Add a method for getting the audio stream associated with a media
transport.

9 months agomonitor/att: Fix ASE frequency values
Luiz Augusto von Dentz [Thu, 1 Dec 2022 22:10:16 +0000 (14:10 -0800)]
monitor/att: Fix ASE frequency values

This fixes the printed hex value of some of the frequencies.

9 months agogatttool: Use consistent spacing before brackets
Dave Nicolson [Sun, 12 Feb 2023 17:24:02 +0000 (18:24 +0100)]
gatttool: Use consistent spacing before brackets

9 months agomgmt: Use BIT macro when defining bitfields
Luiz Augusto von Dentz [Tue, 14 Feb 2023 02:15:31 +0000 (18:15 -0800)]
mgmt: Use BIT macro when defining bitfields

This makes use of BIT macro when defining bitfields which makes it
clearer what bit it is toggling.

9 months agomedia: Check adapter CIS support to add BAP in SupportedUUIDs
Pauli Virtanen [Sat, 11 Feb 2023 10:53:51 +0000 (10:53 +0000)]
media: Check adapter CIS support to add BAP in SupportedUUIDs

Don't indicate BAP support in SupportedUUIDs, if adapter supports
neither CIS Central nor Peripheral.

9 months agoadapter: Add function for checking adapter settings
Pauli Virtanen [Sat, 11 Feb 2023 10:53:50 +0000 (10:53 +0000)]
adapter: Add function for checking adapter settings

Add function for checking adapter current settings.

9 months agotools/btmgmt: add MGMT setting bit names for CIS feature support
Pauli Virtanen [Sat, 11 Feb 2023 10:53:49 +0000 (10:53 +0000)]
tools/btmgmt: add MGMT setting bit names for CIS feature support

Add names for CIS Central/Peripheral MGMT setting bits:

[mgmt]# info
Index list with 1 item
hci0: Primary controller
addr XX:XX:XX:XX:XX:XX version 12 manufacturer 2 class 0x7c0104
supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr le advertising secure-conn debug-keys privacy configuration static-addr phy-configuration wide-band-speech cis-central cis-peripheral
current settings: powered bondable ssp br/edr le secure-conn cis-central cis-peripheral
name xxx
short name
hci0: Configuration options
supported options: public-address
missing options:

9 months agomonitor: add MGMT setting bit names for CIS feature support
Pauli Virtanen [Sat, 11 Feb 2023 10:53:48 +0000 (10:53 +0000)]
monitor: add MGMT setting bit names for CIS feature support

Add names for CIS Central/Peripheral MGMT bits:

@ MGMT Event: Command Complete (0x0001) plen 283  {0x0002} [hci0] 3.745117
      Read Controller Information (0x0004) plen 280
        Status: Success (0x00)
        Address: XX:XX:XX:XX:XX:XX (Intel Corporate)
        Version: Bluetooth 5.3 (0x0c)
        Manufacturer: Intel Corp. (2)
        Supported settings: 0x000ffeff
          Powered
          Connectable
          Fast Connectable
          Discoverable
          Bondable
          Link Security
          Secure Simple Pairing
          BR/EDR
          Low Energy
          Advertising
          Secure Connections
          Debug Keys
          Privacy
          Controller Configuration
          Static Address
          PHY Configuration
          Wideband Speech
          CIS Central
          CIS Peripheral
        Current settings: 0x000c0ad1
          Powered
          Bondable
          Secure Simple Pairing
          BR/EDR
          Low Energy
          Secure Connections
          CIS Central
          CIS Peripheral
        Class: 0x7c0104
          Major class: Computer (desktop, notebook, PDA, organizers)
          Minor class: Desktop workstation
          Rendering (Printing, Speaker)
          Capturing (Scanner, Microphone)
          Object Transfer (v-Inbox, v-Folder)
          Audio (Speaker, Microphone, Headset)
          Telephony (Cordless telephony, Modem, Headset)
        Name: xxx
        Short name:

9 months agolib: Add defines for MGMT setting bits for CIS feature support
Pauli Virtanen [Sat, 11 Feb 2023 10:53:47 +0000 (10:53 +0000)]
lib: Add defines for MGMT setting bits for CIS feature support