The spec says LE Set Random Address cannot be used when scan is enabled
or with legacy advertising:
BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E
page 2480
'If the Host issues this command when any of advertising (created
using legacy advertising commands), scanning, or initiating are
enabled, the Controller shall return the error code Command
Disallowed (0x0C).'
own_addr_type 0x01 and 0x03 shall check that a random address has
properly been set:
BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E
page 2496:
'If LE_Scan_Enable is set to 0x01, the scanning parameters'
Own_Address_Type parameter is set to 0x01 or 0x03, and the random
ddress for the device has not been initialized, the Controller shall
return the error code Invalid HCI Command Parameters (0x12).'
BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E
page 2614:
'If Enable is set to 0x01, the scanning parameters' Own_Address_Type
parameter is set to 0x01 or 0x03, and the random address for the
device has not been initialized, the Controller shall return the
error code Invalid HCI Command Parameters (0x12).'
own_addr_type 0x01 and 0x03 shall check that a random address has
properly been set and in case of 0x03 the resolving list actually
contains the irk of the identity address:
BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E
page 2596
'If the advertising set's Own_Address_Type parameter is set to 0x01
and the random address for the advertising set has not been
initialized, the Controller shall return the error code Invalid HCI
Command Parameters (0x12).'
BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E
page 2597
'If the advertising set's Own_Address_Type parameter is set to 0x03,
the controller's resolving list did not contain a matching entry, and
the random address for the advertising set has not been initialized,
the Controller shall return the error code Invalid HCI Command
Parameters (0x12).'
This patch clean up the queue for connection before closing the test to
prevent the potential memory leak.
==50== 32 bytes in 1 blocks are definitely lost in loss record 18 of 32
==50== at 0x483A809: malloc (vg_replace_malloc.c:307)
==50== by 0x14A37E: btd_malloc (util.c:33)
==50== by 0x149D9D: queue_new (queue.c:47)
==50== by 0x13B3C0: btdev_create (btdev.c:6042)
==50== by 0x13178E: create_vhci (hciemu.c:229)
==50== by 0x13178E: hciemu_new_num (hciemu.c:403)
==50== by 0x130E2C: read_index_list_callback (mgmt-tester.c:357)
==50== by 0x14AD91: request_complete (mgmt.c:264)
==50== by 0x14BD34: can_read_data (mgmt.c:356)
==50== by 0x14E794: watch_callback (io-glib.c:157)
==50== by 0x48B578E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6400.6)
==50== by 0x48B5B17: ??? (in /usr/lib64/libglib-2.0.so.0.6400.6)
==50== by 0x48B5E32: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.6400.6)
==50==
==50== 32 bytes in 1 blocks are definitely lost in loss record 19 of 32
==50== at 0x483A809: malloc (vg_replace_malloc.c:307)
==50== by 0x14A37E: btd_malloc (util.c:33)
==50== by 0x149D9D: queue_new (queue.c:47)
==50== by 0x13B3C0: btdev_create (btdev.c:6042)
==50== by 0x1318F7: hciemu_client_new (hciemu.c:332)
==50== by 0x1318F7: hciemu_new_num (hciemu.c:412)
==50== by 0x130E2C: read_index_list_callback (mgmt-tester.c:357)
==50== by 0x14AD91: request_complete (mgmt.c:264)
==50== by 0x14BD34: can_read_data (mgmt.c:356)
==50== by 0x14E794: watch_callback (io-glib.c:157)
==50== by 0x48B578E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6400.6)
==50== by 0x48B5B17: ??? (in /usr/lib64/libglib-2.0.so.0.6400.6)
==50== by 0x48B5E32: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.6400.6)
Based on the SPEC 5.2 Vol 4, Part E, Section 7.8.54, the
LE_Set_Extended_Advertising_Data_Command may be issued after an
advertising set identifed by the Advertising_Handle has been created
using the HCI_LE_Set_Extended_Advertising_Parameters command.
Resolving List cannot be changed when advertising/scanning:
• Advertising (other than periodic advertising) is enabled,
• Scanning is enabled, or
• an HCI_LE_Create_Connection, HCI_LE_Extended_Create_Connection, or
HCI_LE_Periodic_Advertising_Create_Sync command is outstanding.
White List cannot be changed when advertising/scanning:
• any advertising filter policy uses the White List and advertising is
enabled,
• the scanning filter policy uses the White List and scanning is
enabled, or
• the initiator filter policy uses the White List and an
HCI_LE_Create_Connection or HCI_LE_Extended_Create_Connection
command is outstanding.
le_cig.cis entries was not properly checked which could lead to
overwriting le_wl/le_rl field.
While at it this also makes changes so have proper struct/fields for
le_wl and le_rl so they easier to manage.
This adds support for Create BIG command HCI
command in emulator. These changes are needed for
making the emulator useful for testing
LE Audio broadcast feature.
This adds support for Periodic Advertising HCI
command in the emulator. These changes are the
first step in making the emulator useful for
testing the LE Audio Broadcast feature
SetCIGParameters is only used by the central while accept/reject CIS is
performed on in the peripheral so le_cis_estabilished shall use the
parameters set in the conn->link->dev.
Syscall param writev(vector[...]) points to uninitialised byte(s)
at 0x4A8A497: writev (in /usr/lib64/libc-2.31.so)
by 0x1365C1: send_packet (bthost.c:509)
by 0x1365C1: send_packet (bthost.c:492)
by 0x1365C1: next_cmd (bthost.c:737)
by 0x137578: evt_cmd_complete (bthost.c:882)
by 0x137578: process_evt (bthost.c:1343)
by 0x137578: bthost_receive_h4 (bthost.c:2414)
by 0x12DF49: receive_bthost.part.0 (hciemu.c:134)
by 0x48B978E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6400.6)
by 0x48B9B17: ??? (in /usr/lib64/libglib-2.0.so.0.6400.6)
by 0x48B9E32: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.6400.6)
by 0x14A664: mainloop_run (mainloop-glib.c:66)
by 0x14AA41: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x149A7B: tester_run (tester.c:871)
by 0x129C77: main (mgmt-tester.c:10219)
Address 0x4c48c05 is 21 bytes inside a block of size 280 alloc'd
at 0x483CAE9: calloc (vg_replace_malloc.c:760)
by 0x136487: queue_command (bthost.c:472)
by 0x136487: send_command (bthost.c:715)
by 0x13948A: bthost_set_ext_adv_enable (bthost.c:2581)
by 0x12CEBF: trigger_device_found (mgmt-tester.c:8513)
by 0x148C9A: wait_callback (tester.c:749)
by 0x48BA330: ??? (in /usr/lib64/libglib-2.0.so.0.6400.6)
by 0x48B978E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.6400.6)
by 0x48B9B17: ??? (in /usr/lib64/libglib-2.0.so.0.6400.6)
by 0x48B9E32: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.6400.6)
by 0x14A664: mainloop_run (mainloop-glib.c:66)
by 0x14AA41: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x149A7B: tester_run (tester.c:871)
If the tester_pre_setup_failed is called all timeout related to the
test must be cancelled as the test should have been freed by the
application and the next test is about to start.
Ident are only unique per request/response pair so if a remote request
is initiated we shall not attempt to run the callback even if the ident
matches.
