The Battery Level characteristic was tested with a
Microsoft Arc Touch Mouse SE.
The Battery1 interface is now exported for Bluetooth LE devices which
support the Battery Level characteristic, providing a single
"Percentage" value to other integration points in the OS, such as UPower
for consumption on most free desktops.
See https://bugs.freedesktop.org/show_bug.cgi?id=92370
Since this glibc commit:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=37f802f86400684c8d13403958b2c598721d6360
glibc doesn't include declare ssize_t when fcntl.h is included (fcntl.h
included <bits/uio.h> which includes <sys/types.h>).
This fixes the following compile-time error:
In file included from obexd/plugins/mas.c:41:0:
./obexd/src/obex.h:37:1: error: unknown type name ‘ssize_t’; did you mean ‘size_t’?
ssize_t obex_get_size(struct obex_session *os);
^~~~~~~
This adds the following command which can be used to control the
advertisement intervals:
[bluetooth]# set-advertise-duration 4
[bluetooth]# set-advertise-timeout 4
[bluetooth]# advertise on
[CHG] Controller B8:8A:60:D8:17:D7 SupportedInstances: 0x04
[CHG] Controller B8:8A:60:D8:17:D7 ActiveInstances: 0x01
Advertising object registered
[CHG] Controller B8:8A:60:D8:17:D7 SupportedInstances: 0x05
[CHG] Controller B8:8A:60:D8:17:D7 ActiveInstances: 0x00
This adds implementation of Duration and Timeout property and properly
set them in Add Advertising:
@ MGMT Command: Add Advertising (0x003e) plen 11
Instance: 1
Flags: 0x00000003
Switch into Connectable mode
Advertise as Discoverable
Duration: 4
Timeout: 0
Advertising data length: 0
Scan response length: 0
When data is too much, the data may include values not making sense, so
this patch clears the advertising manufacturer/service data corresponding
to the running command.
Even if running set-advertise-manufacturer with data having an invalid
value, client does not clear the advertising service data and clears the
advertising manufacturer data.
Since get_ccc_state can be called from both read and write callbacks it
was causing the disconnect handler to be register twice causing the
following crash:
bluetoothd[31312]: src/gatt-database.c:att_disconnected()
bluetoothd[31312]: src/gatt-database.c:ccc_write_cb() External CCC write received with value: 0x0000
bluetoothd[31312]: src/gatt-database.c:att_disconnected()
Invalid read of size 8
at 0x475639: att_disconnected (gatt-database.c:301)
by 0x4D6C75: disconn_handler (att.c:538)
by 0x4D22EF: queue_foreach (queue.c:220)
by 0x4D8959: disconnect_cb (att.c:590)
by 0x4E559A: watch_callback (io-glib.c:170)
by 0x50CD246: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x50CD5E7: ??? (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x50CD901: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x40CD10: main (main.c:770)
Address 0x8e30250 is 0 bytes inside a block of size 32 free'd
at 0x4C2FD18: free (vg_replace_malloc.c:530)
by 0x4756D5: device_state_free (gatt-database.c:271)
by 0x4756D5: att_disconnected (gatt-database.c:313)
by 0x4D6C75: disconn_handler (att.c:538)
by 0x4D22EF: queue_foreach (queue.c:220)
by 0x4D8959: disconnect_cb (att.c:590)
by 0x4E559A: watch_callback (io-glib.c:170)
by 0x50CD246: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x50CD5E7: ??? (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x50CD901: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x40CD10: main (main.c:770)
This includes the link type into the options passed to ReadValue and
WriteValue, with this the implementation can pass tests such as
TP/GAR/CL/BI-34-I which requires specific errors to be reported
depending on the bearer.
The spec suggests to rely on the link supervision timeout to detect
when the remote is not responding but this ignores the fact that due
to a bug or bad implementation stacks may ignore the request causing
the whole request queue to stall.
If no callback is set that means the request don't care about the
response, so instead of putting such request into the pending queue
this proceeds to send them immediately.
This fixes the following problems:
plugins/sixaxis.c:443:7: error: ‘version’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (!setup_device(fd, sysfs_path, name, source, vid, pid, version, type, adapter))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
plugins/sixaxis.c:409:34: note: ‘version’ was declared here
uint16_t bus, vid, pid, source, version;
^~~~~~~
plugins/sixaxis.c:443:7: error: ‘source’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (!setup_device(fd, sysfs_path, name, source, vid, pid, version, type, adapter))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
plugins/sixaxis.c:409:26: note: ‘source’ was declared here
uint16_t bus, vid, pid, source, version;
^~~~~~
cc1: all warnings being treated as errors
And many instances of code going over 80 columns.
This patch adds support for "pairing" a Dualshock4 controller over USB
into the sixaxis plugin, similarly to what the Sixaxis/PS3 controller
supported.
Actual bonding happens on first connection, but the device will be
marked as trusted when the agent replies.
This patch is based on DS4 supprt for sixpair tool by t0xicCode:
975c38cb6c
Move the struct containing the Sixaxis-compatible devices to a
header shared with the input profiles code, so as to reduce device
declaration.
Adding support for new devices should be as easy as adding the device's
declaration in profiles/input/sixaxis.h
Previously, users doing cable configuration of Sixaxis PS3 controllers
would only get asked whether a device was allowed to connect to the
computer when switching it to Bluetooth mode: unplugging it, and
pressing the PS button.
Instead, we should ask the user straight away, through the agent,
whether the pad should be allowed to connect.
This makes it easier to setup those devices, while keeping security.
Add btd_request_authorization_cable_configured() function to allow
cable configured devices to ask the user straight away about whether the
device should be allowed to connect to the computer.
This allows us to ask the user at the time of the USB connection and
initial setup, rather than when the first Bluetooth connection is made.
The fact that the device might not be connected to the adapter when
this event is triggered is mentioned in the Agent API docs.
While testing advertisement, I encountered Seg fault in client, when bluetoothd
tries to fetch the Adv data set by client. It can happen either while fetching
Manufacturer specific data or Service data. Backtrace is provided below for reference
After fix is applied, advertisement works fine for me. I am sending the following patch
your review. Thank you.
Passing val instead of &val in dbus_message_iter_append_fixed_array
DBUS API causes segmentation fault while fecthing Manufacturer
data or service data set by client.
BT Before Fix:
[bluetooth]# set-advertise-name Test
[bluetooth]# set-advertise-uuids 0x1824
[bluetooth]# set-advertise-manufacturer 0x75 0x02 0x03 0x04
[bluetooth]# advertise on
Program received signal SIGSEGV, Segmentation fault.
in append_array_variant(iter=iter@entry=0x7fffffffd780,
val=val@entry=0x62485a <ad+90>, n_elements=n_elements@entry=3, type=121) at client/advertising.c:178
in dict_append_basic_array(type=121, n_elements=3,
val=0x62485a <ad+90>, key=0x624858 <ad+88>, key_type=113, dict=0x7fffffffd730) at client/advertising.c:205
get_manufacturer_data(property=<optimized out>, iter=0x7fffffffd840,
user_data=<optimized out>) at client/advertising.c:253
After Fix:
[bluetooth]# set-advertise-name Test
[bluetooth]# set-advertise-uuids 0x1824
[bluetooth]# set-advertise-manufacturer 0x75 0x02 0x03 0x04
[bluetooth]# advertise on
[CHG] Controller 00:19:0E:11:55:44 SupportedInstances: 0x04
[CHG] Controller 00:19:0E:11:55:44 ActiveInstances: 0x01
Advertising object registered
[bluetooth]#
Add the common function cmd_usage(), which displays the specified command
name and the argument text in all_cmd corresponded to it, replace each
command specific usage with this function.
Add the argument texts based on the usage of each command to the output of
the command help. So the command help can give overview easier than using
the option --help of each command.
The command remote-oob may process an invalid value and hit the following
segfault since getopt_long() returns the character 'h' for hash option
when passing the option --help to remote-oob.
(gdb) bt
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x0000000000415e25 in hex2bin (hexstr=0x0, buf=buf@entry=0x7ffd85c799f7 "", buflen=16) at tools/btmgmt.c:140
#2 0x0000000000416caf in cmd_remote_oob (mgmt=0x1cc2010, index=<optimized out>, argc=2, argv=0x1cdff10) at tools/btmgmt.c:3213
#3 0x000000000041465b in rl_handler (input=0x1cd6240 "remote-oob --help") at tools/btmgmt.c:4685
#4 0x00007fd627fd96f5 in rl_callback_read_char () from /lib/x86_64-linux-gnu/libreadline.so.6
#5 0x000000000040fc71 in prompt_read (io=<optimized out>, user_data=<optimized out>) at tools/btmgmt.c:4750
#6 0x0000000000430089 in io_callback (fd=<optimized out>, events=1, user_data=0x1cc2bc0) at src/shared/io-mainloop.c:123
#7 0x0000000000430d4b in mainloop_run () at src/shared/mainloop.c:157
#8 0x0000000000402caf in main (argc=0, argv=0x7ffd85c79d50) at tools/btmgmt.c:4847
In the interactive mode, if running a command, which is remote-oob/
conn-info/add-device/del-device/advsize/add-adv, with a option and
subsequently running any command, the following segfault may occur.
(gdb) bt
#0 0x00007f793a7dc4e2 in _getopt_internal_r (argc=argc@entry=1, argv=argv@entry=0x16bb260, optstring=0x434ac4 "t:r:R:h:H:", optstring@entry=0x434ac3 "+t:r:R:h:H:",
longopts=longopts@entry=0x6508e0 <remote_oob_opt>, longind=longind@entry=0x0, long_only=long_only@entry=0, d=0x7f793aab9ea0 <getopt_data>, posixly_correct=0) at getopt.c:462
#1 0x00007f793a7dd641 in _getopt_internal (argc=argc@entry=1, argv=argv@entry=0x16bb260, optstring=optstring@entry=0x434ac3 "+t:r:R:h:H:", longopts=longopts@entry=0x6508e0 <remote_oob_opt>,
longind=longind@entry=0x0, long_only=long_only@entry=0, posixly_correct=0) at getopt.c:1175
#2 0x00007f793a7dd6be in getopt_long (argc=argc@entry=1, argv=argv@entry=0x16bb260, options=options@entry=0x434ac3 "+t:r:R:h:H:", long_options=long_options@entry=0x6508e0 <remote_oob_opt>,
opt_index=opt_index@entry=0x0) at getopt1.c:65
#3 0x0000000000416c20 in cmd_remote_oob (mgmt=0x16a7010, index=<optimized out>, argc=1, argv=0x16bb260) at tools/btmgmt.c:3203
#4 0x000000000041465b in rl_handler (input=0x16c5160 "remote-oob") at tools/btmgmt.c:4684
#5 0x00007f793aae76f5 in rl_callback_read_char () from /lib/x86_64-linux-gnu/libreadline.so.6
#6 0x000000000040fc71 in prompt_read (io=<optimized out>, user_data=<optimized out>) at tools/btmgmt.c:4749
#7 0x0000000000430089 in io_callback (fd=<optimized out>, events=1, user_data=0x16a7bc0) at src/shared/io-mainloop.c:123
#8 0x0000000000430d4b in mainloop_run () at src/shared/mainloop.c:157
#9 0x0000000000402caf in main (argc=0, argv=0x7ffd7eae58f0) at tools/btmgmt.c:4846
svc_chngd_ccc don't actually set a callback thus when cleaning up in
clear_ccc_state has to check if there is any callback set:
invalid address stated on the next line
at 0x0: ???
by 0x475C7C: clear_ccc_state (gatt-database.c:287)
by 0x4D28CF: queue_foreach (queue.c:220)
by 0x475FE7: att_disconnected (gatt-database.c:310)
by 0x4D7255: disconn_handler (att.c:538)
by 0x4D28CF: queue_foreach (queue.c:220)
by 0x4D8F39: disconnect_cb (att.c:590)
by 0x4E6B3A: watch_callback (io-glib.c:170)
by 0x50CD246: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x50CD5E7: ??? (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x50CD901: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x40CD90: main (main.c:770)
Address 0x0 is not stack'd, malloc'd or (recently) free'd
If the device is no longer valid or is not considered bonded anymore
clear its CCC states before removing otherwise application may continue
to notify when there are no devices listening.
When calling disconnect handlers the callback itself may remove items
from the queue causing the following crash:
Invalid read of size 8
at 0x4D1D3C: queue_foreach (queue.c:219)
by 0x4D8369: disconnect_cb (att.c:590)
by 0x4E4FAA: watch_callback (io-glib.c:170)
by 0x50CD246: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x50CD5E7: ??? (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x50CD901: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.5200.3)
by 0x40CCC0: main (main.c:770)
Address 0x888a888 is 8 bytes inside a block of size 16 free'd
at 0x4C2FD18: free (vg_replace_malloc.c:530)
by 0x4D1F9B: queue_remove_if (queue.c:302)
by 0x4D763B: bt_att_unregister_disconnect (att.c:1206)
by 0x4DC11E: bt_gatt_client_free (gatt-client.c:1762)
by 0x4DC270: bt_gatt_client_unref (gatt-client.c:1903)
by 0x4A316F: gatt_client_cleanup (device.c:573)
by 0x4A326E: attio_cleanup (device.c:598)
by 0x4A5EB9: att_disconnected_cb (device.c:4679)
by 0x4D66D5: disconn_handler (att.c:538)
by 0x4D1D4F: queue_foreach (queue.c:220)
by 0x4D8369: disconnect_cb (att.c:590)
by 0x4E4FAA: watch_callback (io-glib.c:170)
We can't easily enter digits other than 1 through 4 (inclusive)
so leave it up to the agent to figure out a good passcode
for the iCade.
Note that we can not use the VID/PID of the device, as it is not
yet known at that point.
Remove the useless option AutoConnectTimeout since the commit dd3f4ca901
("plugins: remove unmaintained plugins") removed
btd_adapter_enable_auto_connect() for which this option was only intended.