This convert the use of UHID_CREATE to UHID_CREATE2 which gives back
the information of reports being numbered or not thus avoiding the need
to parse the report map in order to check if there are a report number
on them since UHID_START gives that information:
UHID_START:
This is sent when the HID device is started. Consider this as an
answer to UHID_CREATE2. This is always the first event that is sent.
Note that this event might not be available immediately after
write(UHID_CREATE2) returns.
Device drivers might require delayed setups.
This event contains a payload of type uhid_start_req. The "dev_flags"
field describes special behaviors of a device. The following flags
are defined:
- UHID_DEV_NUMBERED_FEATURE_REPORTS
- UHID_DEV_NUMBERED_OUTPUT_REPORTS
- UHID_DEV_NUMBERED_INPUT_REPORTS
Each of these flags defines whether a given report-type uses numbered
reports. If numbered reports are used for a type, all messages from
the kernel already have the report-number as prefix. Otherwise, no
prefix is added by the kernel. For messages sent by user-space to the
kernel, you must adjust the prefixes according to these flags
This fixes the access to struct media_attribute_header which needs to
be packed and it also replaces the use of ntohs/ntohl to byteorder
conversion helpers which are a lot more clear on what byteorder shall
be used.
AVRCP byte order is always big endian:
Audio/Video Remote Control / Profile Specification - Page 20:
'Transfer Octet Order; Packets shall transfer multiple-octet fields in
standard network octet order (Big Endian), with more significant
(high-order) octets being transferred before less-significant (low-order)
octets.'
After the patches which limit the attempts of doing remote name
resolving, there's an issue which prevents BlueZ to RNR new devices
for 5 minutes after reboot. It's caused by failed_time is init to 0,
and is then treated as the timestamp when the device failed RNR.
However, actually there is no failure yet.
This patch fixes it by always allowing RNR when failed_time = 0.
Since report map is only read after all reports it is possible to start
receiving notifications before uhid has been created, so this adds a
queue to store the events while the report map is pending and once uhid
has been created dequeue the events.
The Report Map must be read after all other attributes otherwise the
Kernel driver may start using UHID_SET_REPORT which requires the
report->id to be known in order to resolve the attribute to send to.
Fixes: https://github.com/bluez/bluez/issues/220
If endpoint responds to SetConfiguration the transport is being
destroyed without removing it from the list leading a crash.
Fixes: https://github.com/bluez/bluez/issues/269
Passing NULL to memcpy is considered undefined behavior which leads to
the following runtime errors:
profiles/audio/avdtp.c:2709:2: runtime error: null pointer passed as
argument 1, which is declared to never be null
profiles/audio/avdtp.c:2709:2: runtime error: null pointer passed as
argument 2, which is declared to never be null
profiles/audio/avdtp.c:3326:2: runtime error: null pointer passed as
argument 2, which is declared to never be null
profiles/audio/avdtp.c:500:3: runtime error: null pointer passed as
argument 2, which is declared to never be null
This replaces the uses of g_memdup with util_memdup since the former has
been deprecated:
warning: ‘g_memdup’ is deprecated: Use 'g_memdup2' instead
[-Wdeprecated-declarations]
g_memdup2 requires bumping glib version which would likely have its
own problems thus why util_memdup was introduced.
This adds support for vendor commands reserving a single opcode (0xfc10)
so it can be extended using subcommands, similar to how MSFT works.
The first subcommand (0x00) enables the emulator to generate arbitrary
events using the commands parameters:
> tools/hcitool cmd 3f 10 00 22 24 d0 d0 d0 d0 d0 d0 ff ff
< HCI Command: Vendor (0x3f|0x0010) plen 11
00 22 24 d0 d0 d0 d0 d0 d0 ff ff
."$........
Bluetooth: hci0: Malformed HCI Event: 0x22
> HCI Event: Inquiry Result with R.. (0x22) plen 9
Num responses: 36
Page scan repetition mode: Reserved (0xff)
Page period mode: Reserved (0xff)
Class: 0xffffd0
Major class: Uncategorized, specific device code not specified
Minor class: 0x34
Limited Discoverable Mode
invalid service class
Clock offset: 0x6368
RSSI: 105 dBm (0x69)
> HCI Event: Command Complete (0x0e) plen 4
Vendor (0x3f|0x0010) ncmd 1
Status: Success (0x00)
Build using Address Sanitizer (asan), Leak Sanitizer (lsan), or
Undefined Behavior Sanitizer (ubsan) by using one of these options for
the configure script:
--enable-asan
--enable-lsan
--enable-ubsan
For each of these to work, the compiler must support the requested
sanitizer and the requisite libraries must be installed (libasan,
liblsan, libubsan).
This adds monitor support so data can properly be decoded by the likes
of btmon:
= test-hog: /TP/HGRF/RH/BV-01-I - init
= test-hog: /TP/HGRF/RH/BV-01-I - setup
= test-hog: /TP/HGRF/RH/BV-01-I - setup complete
= test-hog: /TP/HGRF/RH/BV-01-I - run
> test-hog: User Data RX
ATT: Read By Group Type Request (0x10) len 6
Handle range: 0x0001-0xffff
Attribute group type: Primary Service (0x2800)
load_att_info would attempt to load attributes file from the storage but
in case it doesn't exists it would print an error instead of just
bailing out as attributes file is created on demand when there are
something to be stored.
InterfacesAdded signal for LEAdvertisingManager1 might be emitted
containing initial/default properties values and property changed is
not emitted after reading advertising features. This patch registers
the interface (LEAdvertisingManager1) after reading advertising features
from kernel.
Instead of failing if the included service cannot be resolved just
skip it so doesn't fail and the discovery is stop due to a possible
application error.
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
After the MTU dbus property patches in 5.62 we are seeing bluetoothd
terminate frequently with "Disconnected from D-Bus. Exiting." msgs.
Apparently this is because bluetoothd sent an invalid reply to a D-Bus
Property Get (for GattCharacteristic1's MTU).
Multiple issues in bluez Github.com project reported similar behavior;
at least #235 (see Fixes:), #219, and likely #238.
When the Characteristic1 object is still cached/alive, but the
underlying att connection is not (e.g. someone just called Disconnect),
the property getter (characteristic_get_mtu) right now returns false.
However, gdbus seems to ignore the return value and sends the empty reply
message anyway (rather than a dbus error?), and this seems to cause
the dbus connection to be terminated (due to the ill-formed reply?).
bluetoothd then aborts.
This patch makes the property value BT_ATT_DEFAULT_LE_MTU if the
underlying att object does not exist, rather than returning an invalid
message. This is consistent with the existing PropertyChanged signal
behavior (we will emit a PropertyChange only if a larger MTU is
exchanged), and fixes the issue on my machines.
An alternative could be to change gdbus behavior, but I'm not sure if we
are allowed to return an error here anyway without causing problems in
other dbus libraries/wrappers.
Fixes: aaa0c4996a ("gatt: Add implementation of GattCharacteristic1.MTU")
Fixes: https://github.com/bluez/bluez/issues/235
This specifies how long will the userspace ignore a peer with an
unknown name after a failed remote name resolving procedure.
The peer device can still be connected, this only prevents the remote
name resolving procedure retry.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
Since a peer device is potentially removed if not discovered for more
than 30 seconds, we would lost the remote name request activity when
the device is rediscovered. This could end up with a remote name
request much sooner than we intend it to be.
Therefore, put the RNR record into a cache file, so we can recover it
when the peer device is rediscovered.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
When Remote Name Resolve ends with failure, record this occurrence and
prevent remote name resolving for the same device for some time.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
Report failure when resolving remote name to userspace. This is useful
so the userspace can make an informed decision when to retry name
resolving procedure.
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
This makes configure to check the presence of linux/uinput.h and
linux/uhid.h kernel uapi headers since the code no longer contain copies
of them and otherwise the code cannot be build without them:
checking linux/uinput.h usability... yes
checking linux/uinput.h presence... yes
checking for linux/uinput.h... yes
checking linux/uhid.h usability... yes
checking linux/uhid.h presence... yes
checking for linux/uhid.h... yes
Update default Advertisemet Monitor Sampling_Period to 0xFF. It
indicates that controller will report only one advertisement per
monitoring period for a device. This will help reduce the power
consumption drastically.
Reviewed-by: Miao-chen Chou <mcchou@google.com>
In the Advertisement Monitor API, RSSISamplingPeriod is an unsigned
value. Change sampling_period variable to uint16_t in the code.
More info: doc/advertisement-monitor-api.txt
Reviewed-by: Archie Pusaka <apusaka@google.com>
Reviewed-by: Miao-chen Chou <mcchou@google.com>
This patch delivers DeviceFound/DeviceLost events to apps over D-Bus
whenever controller starts/stops tracking a device.
Tests performed:
- Add a monitor and verify that DeviceFound/DeviceLost events are
received whenever controller starts/stops monitoring.
- Verify from logs that only one Adv Report is received from the
controller when Sampling_Period is set to 0xFF and the
DeviceFound/DeviceLost functionality still works as intended.
- Verify that DeviceFound/DeviceLost is reported appropriately even
when the Active Scanning is in progress.
- Verify that the reconnection also works properly with and without
any active Advertisement Monitor.
Reviewed-by: Miao-chen Chou <mcchou@google.com>
