| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Error: STRING_NULL (CWE-170): [#def59] [important]
tools/mgmt-tester.c:12670:2: string_null_source: Function "vhci_read_devcd" does not terminate string "buf".
tools/mgmt-tester.c:12677:2: string_null: Passing unterminated string "buf" to "strtok_r", which expects a null-terminated string.
12675|
12676| /* Verify if all devcoredump header fields are present */
12677|-> line = strtok_r(buf, delim, &saveptr);
12678| while (strlen(test->expect_dump_data[i])) {
12679| if (!line || strcmp(line, test->expect_dump_data[i])) {
|
|
Verify that the peer is a valid bdaddr (and so has the correct length)
before using it.
Error: STRING_SIZE (CWE-120): [#def54] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1459:4: string_size: Passing string "argv[optind + i]" of unknown size to "send_mode", which expects a string of a particular size.
Error: STRING_SIZE (CWE-120): [#def55] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1476:4: var_assign_var: Assigning: "peer" = "argv[optind + i]". Both are now tainted.
tools/isotest.c:1484:5: string_size: Passing string "peer" of unknown size to "bcast_do_connect_mbis", which expects a string of a particular size.
Error: STRING_SIZE (CWE-120): [#def56] [important]
tools/isotest.c:1198:26: string_size_argv: "argv" contains strings with unknown size.
tools/isotest.c:1476:4: var_assign_var: Assigning: "peer" = "argv[optind + i]". Both are now tainted.
tools/isotest.c:1514:5: string_size: Passing string "argv[optind + i]" of unknown size to "do_connect", which expects a string of a particular size.
|
|
Error: RESOURCE_LEAK (CWE-772): [#def65] [important]
tools/test-runner.c:877:3: open_fn: Returning handle opened by "attach_proto".
tools/test-runner.c:877:3: var_assign: Assigning: "serial_fd" = handle returned from "attach_proto(node, 0U, basic_flags, extra_flags)".
tools/test-runner.c:955:3: leaked_handle: Handle variable "serial_fd" going out of scope leaks the handle.
953| if (pid < 0) {
954| perror("Failed to fork new process");
955|-> return;
956| }
957|
|
|
Error: BAD_FREE (CWE-763): [#def58] [important]
tools/isotest.c:1461:5: address: Taking offset from "strchr(filename, 44)".
tools/isotest.c:1461:5: assign: Assigning: "filename" = "strchr(filename, 44) + 1".
tools/isotest.c:1536:2: incorrect_free: "free" frees incorrect pointer "filename".
1534|
1535| done:
1536|-> free(filename);
1537|
1538| syslog(LOG_INFO, "Exit");
|
|
Error: UNINIT (CWE-457): [#def64] [important]
tools/test-runner.c:701:2: var_decl: Declaring variable "envp" without initializer.
tools/test-runner.c:739:3: uninit_use_in_call: Using uninitialized value "*envp" when calling "execve".
737|
738| if (pid == 0) {
739|-> execve(argv[0], argv, envp);
740| exit(EXIT_SUCCESS);
741| }
|
|
Error: UNINIT (CWE-457): [#def72] [important]
tools/test-runner.c:856:2: var_decl: Declaring variable "argv" without initializer.
tools/test-runner.c:945:2: uninit_use: Using uninitialized value "argv[0]".
943| envp[pos] = NULL;
944|
945|-> printf("Running command %s\n", cmdname ? cmdname : argv[0]);
946|
947| pid = fork();
|
|
Error: UNINIT (CWE-457): [#def70] [important]
tools/test-runner.c:644:2: var_decl: Declaring variable "envp" without initializer.
tools/test-runner.c:682:3: uninit_use_in_call: Using uninitialized value "*envp" when calling "execve".
680|
681| if (pid == 0) {
682|-> execve(argv[0], argv, envp);
683| exit(EXIT_SUCCESS);
684| }
Error: UNINIT (CWE-457): [#def71] [important]
tools/test-runner.c:701:2: var_decl: Declaring variable "envp" without initializer.
tools/test-runner.c:739:3: uninit_use_in_call: Using uninitialized value "*envp" when calling "execve".
737|
738| if (pid == 0) {
739|-> execve(argv[0], argv, envp);
740| exit(EXIT_SUCCESS);
741| }
|
|
Error: UNINIT (CWE-457): [#def64] [important]
tools/mesh-cfgclient.c:1992:2: var_decl: Declaring variable "result" without initializer.
tools/mesh-cfgclient.c:2041:3: uninit_use: Using uninitialized value "result". Field "result.last_seen" is uninitialized.
2039| l_queue_length(devices) + 1);
2040| dev = l_malloc(sizeof(struct unprov_device));
2041|-> *dev = result;
2042|
2043| } else if (dev->rssi < result.rssi)
Error: UNINIT (CWE-457): [#def65] [important]
tools/mesh-cfgclient.c:1992:2: var_decl: Declaring variable "result" without initializer.
tools/mesh-cfgclient.c:2044:3: uninit_use: Using uninitialized value "result". Field "result.last_seen" is uninitialized.
2042|
2043| } else if (dev->rssi < result.rssi)
2044|-> *dev = result;
2045|
2046| dev->last_seen = time(NULL);
|
|
This reverts commit c777c55ab662db4e9853bb08a6e1e6c77b319e09.
The kernel feature needs further work.
|
|
Disable the TX timestamping related tests for now, as the feature will
need some further work.
|
|
Fix compiler warning:
tools/test-runner.c:309:57: error: 'sprintf' may write a terminating nul
past the end of the destination [-Werror=format-overflow=]
|
|
Error: RESOURCE_LEAK (CWE-772): [#def63] [important]
tools/iso-tester.c:1796:2: open_fn: Returning handle opened by "socket".
tools/iso-tester.c:1796:2: var_assign: Assigning: "sk" = handle returned from "socket(31, 2053, 8)".
tools/iso-tester.c:1807:3: leaked_handle: Handle variable "sk" going out of scope leaks the handle.
1805| if (!master_bdaddr) {
1806| tester_warn("No master bdaddr");
1807|-> return -ENODEV;
1808| }
1809|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def65] [important]
tools/isotest.c:923:4: open_fn: Returning handle opened by "open_file".
tools/isotest.c:923:4: var_assign: Assigning: "fd" = handle returned from "open_file(altername)".
tools/isotest.c:953:3: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
951|
952| free(sk_arr);
953|-> return;
954| }
955|
|
|
Consider "0" to be a valid fd.
|
|
Error: RESOURCE_LEAK (CWE-772): [#def79] [important]
tools/isotest.c:923:4: open_fn: Returning handle opened by "open_file".
tools/isotest.c:923:4: var_assign: Assigning: "fd" = handle returned from "open_file(altername)".
tools/isotest.c:925:3: off_by_one: Testing whether handle "fd" is strictly greater than zero is suspicious. "fd" leaks when it is zero.
tools/isotest.c:925:3: remediation: Did you intend to include equality with zero?
tools/isotest.c:926:4: overwrite_var: Overwriting handle "fd" in "fd = open_file(filename)" leaks the handle.
924|
925| if (fd <= 0)
926|-> fd = open_file(filename);
927| }
928|
|
|
Also test BT_POLL_ERRQUEUE is experimental feature.
Add test:
ISO Send - TX No Poll Timestamping
|
|
Update Read Exp Feature - Success (Index None) for new experimental
feature Poll Errqueue.
|
|
Add tests:
L2CAP LE Client - Read Success
L2CAP LE Client - Write Success
L2CAP LE Client - TX Timestamping
|
|
Add test:
SCO CVSD Send - TX Timestamping
|
|
Add test
L2CAP BR/EDR Client - TX Timestamping
|
|
Add TX timestamping test utilities in new tools/tester.h, so that they
can be shared between testers.
Add tests:
ISO Send - TX Timestamping
ISO Send - TX Sched Timestamping
ISO Send - TX Msg Timestamping
|
|
The length is actually 16 (0x10) bytes not 17 (0x17).
|
|
This adds a new Broadcast Receiver test, to validate that a Broadcast
Sink is able to sync to the PA transmitted by a Source (when no BIG
is active) and is able to successfully detect the BASE:
ISO Broadcaster Receiver Defer Get BASE - Success
|
|
Coded PHY interval and window recommneded by the core specification are
3x of the 1M.
|
|
This separates the iso_defer_accept function into dedicated ones for
unicast/broadcast, since the flow is different for each scenario:
For unicast, POLLOUT is checked on socket before calling read and
adding a G_IO_OUT watch. Checking for POLLOUT is not necessary for
broadcast, since currently this event is never generated on the
child socket. Instead, G_IO_IN is generated after BIG sync is
established and a BIS socket is ready to be accepted.
|
|
According to Section 1.2 of Core Specification Supplement Part A the
complete or short name strings are defined as utf8s, which should not
include the trailing NULL for variable length array as defined in Core
Specification Vol1 Part E Section 2.9.3.
This patch remove the trailing NULL in expected packets, and update the
lengths accordingly, to be in sync with Kernel patch "Bluetooth: Fix eir
name length"
|
|
This defines BT_ISO_SYNC_TIMEOUT(20 sec) which shall be considered the
default sync_timeout and make all instance previously hardcoding a
value to use it.
|
|
With earlier commit, we've used exec_dir to reference the path of obexd
and bluetoothd within the service files.
At the same time, in my testing I was providing the complete path on the
configure command line. As result, things just worked.
In the default case, the variable contains relative references to ${}
variables, which as result end up literal in the services. Ultimately
the service files were broken.
Document are reuse the existing pattern of manually expanding the
variables.
Fixes: https://github.com/bluez/bluez/issues/736
|
|
When the exec fails, the child process must be terminated instead of
continuing as a second main process.
|
|
rfcomm sets SIGCHLD and SIGPIPE to SIG_IGN, which is inherited by child
processes and preserved across execvp(). Many applications do not expect
these signals to be ignored, causing all kinds of breakage (including the
standard C system() function misbehaving on glibc and probably other
libcs because waitpid() does not work when SIGCHLD is ignored).
|
|
This fixes to following trace caused by not initializing data->io:
AddressSanitizer:DEADLYSIGNAL
=================================================================
ERROR: AddressSanitizer: SEGV on unknown address
(pc 0x7f199c3a01c9 bp 0x7ffc26624a10 sp 0x7ffc26624a00 T0)
The signal is caused by a READ memory access.
Hint: this fault was caused by a dereference of a high value address
(see register values below). Disassemble the provided pc to learn .
#0 0x7f199c3a01c9 in g_io_channel_unref (/lib64/libglib-2.0.so.0+0x4d1c9)
#1 0x5565f82fcece in test_post_teardown tools/rfcomm-tester.c:205
#2 0x5565f83939b3 in teardown_callback src/shared/tester.c:434
|
|
|
|
High Speed is has been removed so these tests are not run anymore so
they can be safely removed.
|
|
This fixes Read Ext Controller Info now that BT_HS has been removed.
|
|
With the changes in the kernel to move to hci_sync for connecting ACL
devices (see kernel commit "Bluetooth: hci_conn: Only do ACL connections
sequentially"), the "ETIMEDOUT" error path for the "HCI Create
Connection" command was changed, sending a "HCI Create Connection
Cancel" command after the timeout.
This leads to the returned error in the "Pair Device - Power off 1"
test to change from NOT_POWERED to DISCONNECTED, so adjust for that.
|
|
In add_expect_hci_list() we iterate through the entries of the
expect_hci_list as long as there is an opcode, which means currently
this relies on overflowing the buffer to detect the end of the list.
This is not great and when running with address sanitizer, the
out-of-bounds read gets detected and mgmt-tester aborts. Fix it by
adding a trailing zero-entry to all those lists.
|
|
This is requested to pass PTS GATT/CL/GAD/BV-01-C test.
|
|
This is requested to pass PTS GATT/CL/GAD/BV-05-C test.
This search characteristics based on UUID, start and end handles.
|
|
This is requested to pass PTS GATT/CL/GAD/BV-02-C test.
|
|
Some PTS GATT tests like GATT/CL/GAR/BI-04-C request to be able to get the
security error and do not try to change the security level.
This commit adds the ability to prevent to change the security level.
|
|
Considering we do basic substitution, we don't need to manually sed,
track dependencies, dist nor clean. Just add the files to
AC_CONFIG_FILES() call it a day - it does everything for us.
|
|
It is in fact possible to receive 0 length packets since that probably
means their status is not sucess.
|
|
Some PTS tests like A2DP/SNK/AVP/BI-03-C, A2DP/SNK/AVP/BI-08-C , …
request some specific rejection code to pass.
This commit adds an option to specify the rejection code during
AVDTP_SET_CONFIGURATION rejection.
E.g. "avtest --reject setconf --reject-code 195" to reject setconf with
INVALID_SAMPLING_FREQUENCY code.
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
|
|
This changes the high-reliability QoS presets to be conformant to
BAP[1] specification:
Table 5.2: QoS configuration support setting requirements for the
Unicast Client and Unicast Server
[1] https://www.bluetooth.com/specifications/bap-1-0-1/
Fixes: https://github.com/bluez/bluez/issues/665
|
|
This adds the following tests:
ISO QoS 48_1_g - Success
ISO QoS 48_2_g - Success
ISO QoS 48_3_g - Success
ISO QoS 48_4_g - Success
|
|
This adds the following presets from GMAP:
16_1_gs
16_2_gs
32_1_gs
32_2_gs
48_1_gs
48_2_gs
32_1_gr
32_2_gr
48_1_gr
48_2_gr
48_3_gr
48_4_gr
|
|
This adds the following presets from GMAP:
ISO QoS 48_1_gc - Success Passed
ISO QoS 48_2_gc - Success Passed
ISO QoS 48_1_gr - Success Passed
ISO QoS 48_2_gr - Success Passed
ISO QoS 48_3_gr - Success Passed
ISO QoS 48_4_gr - Success Passed
|
|
This adds a test for Broadcast AC 13 reconnect:
ISO Broadcaster AC 13 Reconnect - Success
|
|
This adds a test for binding a Broadcast Receiver to a number of
BISes after PA sync has been established.
|
|
This tests that a broadcast receiver is able to successfully sync to the
PA transmitted by a source, without performing BIS sync also:
ISO Broadcaster Receiver Defer No BIS - Success
|
|
This adds a new test for the ISO Broadcast AC 13, when the BIG handle
is set but the advertising handle is unset:
ISO Broadcaster AC 13 BIG 0x01 - Success
|
|
This implements Transport.QoS as a dict instead of listing each field as
a individual property.
|
|
This adds the following tests which attempts to use SO_SNDTIMEO so the
socket times out before the connection completes:
L2CAP BR/EDR Client - Timeout
L2CAP LE Client - Timeout
L2CAP Ext-Flowctl Client - Timeout
|
|
This adds the following tests which attempts to close/shutdown the
socket before the connection completes:
L2CAP BR/EDR Client - Close
L2CAP LE Client - Close
L2CAP Ext-Flowctl Client - Close
|
|
This adds defer setup support for the Broadcast Receiver scenario.
In order to create a Broadcast Receiver with the defer setup option,
the -W command line parameter should be used, as described in
isotest.rst.
|
|
Simulate ACL being disconnected when connecting ISO, before LE Create
CIS got sent. The kernel shall indicate connection failure for the ISO
socket immediately when the ACL is gone, since connecting the ISO can no
longer proceed.
ISO Connect ACL Disconnect - Failure
|
|
Simulate ACL being disconnected before SCO is established. Kernel shall
not crash.
eSCO ACL Disconnect - Failure
Link: https://lore.kernel.org/linux-bluetooth/00000000000013b93805fbbadc50@google.com/
|
|
This adds the following test to validate defer setup support for the
Broadcast Receiver scenario:
ISO Broadcaster Receiver Defer - Success
|
|
This adds the following test which attempt to trigger suspend code path
while ISO sockets are connecting or have been connected:
ISO Connect Suspend - Success
ISO Connected Suspend - Success
ISO Connect2 Suspend - Success
ISO Connected2 Suspend - Success
|
|
This updates test-runner documentation with a few examples using rst
format.
|
|
A second connection made with same CIG while the CIG is busy, shall not
disconnect the first already existing connection.
Add test for this:
ISO Connect2 Busy CIG 0x01 - Success/Invalid
This was the original intent of "ISO Connect2 CIG 0x01 -
Success/Invalid", but the busy check should not be made synchronously in
connect() (to maintain ordering with Remove CIG etc), but must be done
in hci_sync. So the test needs to check the error async and explictly
that the first conn is not dropped.
|
|
This test shall succeed rather than fail as this appears to be a bug in
the kernel code preventing Set CIG Parameters to work properly when
there are concurrent tasks only one CIS is being programmed.
|
|
Kernel should send LE Remove CIG after all CIS are shut down. Add tests
checking this, closing either immediately or after waiting connection to
complete.
ISO Defer Close - Success
ISO Connect Close - Success
ISO Defer Wait Close - Success
ISO Connect Wait Close - Success
|
|
Add test with a large CIS_ID and multiple CIS so it hits an error
condition in current kernels (which is why the AC configuration is
used).
Add tests for invalid configurations with bad or duplicate IDs, and for
trying to connect two CIS in same CIG without BT_DEFER_SETUP.
ISO QoS CIG 0xF0 - Invalid
ISO QoS CIS 0xF0 - Invalid
ISO Connect2 CIG 0x01 - Success/Invalid
ISO AC 6(ii) CIS 0xEF/auto - Success
ISO AC 6(ii) CIS 0xEF/0xEF - Invalid
|
|
Demonstrate a kernel race condition when remote side disconnects at the
same time as local side tries to cancel the connection. I.e.
[controller] > HCI Synchronous Connect Complete
[controller] > HCI Disconnection Complete (from remote)
[user] shutdown(sco_socket)
[kernel] hci_conn_abort(SCO handle)
[kernel] > HCI Create Connection Cancel
[kernel] < HCI Synchronous Connect Complete
[kernel] < HCI Disconnect Complete
[controller] < HCI Create Connection Cancel
[controller] > HCI Command Status (Create Connection Cancel)
[kernel] < HCI Command Status (Create Connection Cancel)
and then we get BUG: KASAN: slab-use-after-free in hci_conn_failed when
hci_conn_abort tries to delete the same connection a second time.
This type of crash is probably not limited to the sequence here, but for
this one it was possible to get the timing right in the emulator.
Add a test that hits this in the emulator environment (pretty narrow
window to hit on real hardware):
eSCO Simultaneous Disconnect - Failure
|
|
This adds btmgmt.rst which is then converted to btmgmt.1 using rst2man.
|
|
This moves the functionality of btmgmt into client/mgmt.c so its
commands become available on bluetoothctl via mgmt submenu.
|
|
This adds a test for setting BT_PKT_STATUS sockopt and checks if
BT_SCM_PKT_STATUS is properly received.
|
|
This adds support to set ISO Packet Status to bthost_send_iso.
|
|
If no audio server, don't pass NULL to printf and parse TESTAUDIO
correctly.
|
|
It is useful to see WARN_ON etc. messages when running the tests.
The 'quiet' in cmdline suppresses levels >= WARN, so re-enable them
explicitly after boot, so that it is on by default and doesn't need to
be handled in local test scripts.
|
|
This fixes a couple of tests that consider 31 bytes the max advertising
length since in case of extended advertising that number is actually
251.
|
|
This adds test-runner.rst documentation with a few examples of how it
can be used to run kernel testers like mgmt-tester and also bluetoothd,
audio and Bluetooth controller plugged in the host system which is quite
useful when trying experimental features such LE Audio, etc.
|
|
Add a test "Add + Remove Device Nowait - Success" that hits a race
condition in kernel hci_sync.c. On current kernels this causes
BUG: KASAN: slab-use-after-free in hci_update_passive_scan_sync+0x857/0x1230
due to unsafe iteration of hdev->pend_le_conns (in Linux <= 6.4-rc4).
This seems to hit the race condition also without the added emulator
delay (since the emulator runs in the same thread), but it's better to
add the delay since otherwise it'll depend on timings on kernel side.
|
|
This checks for the POLLERR event on a newly accepted connection,
to determine if the connection was successful or not.
|
|
Due to rounding of latency, BAP uses msec while HCI uses slots of
1.25 ms, values may not return an exact match which is fine since the
BAP QoS suggests they are the maximum latency/interval so values bellow
that shall be considered a match.
|
|
This adds the following tests based on BAP Broadcast Audio Configurations:
ISO Broadcaster AC 12 - Success
ISO Broadcaster AC 13 - Success
ISO Broadcaster AC 14 - Success
|
|
This adds an additional command line option for the Broadcast exercise,
so that the user can indicate the number of BISes to create as part of a
BIG (Broadcast Source), or the number of BISes to synchronize
to (Broadcast Sink).
For the Broadcast Source exercise, issue the following command,
in order to create a BIG with handle 0x01, associated with the
advertising handle 0x01, with 2 BISes:
tools/isotest -i hci0 -s 00:00:00:00:00:00 -N 2 -G 1 -T 1
The isotest and btmon logs will look something like this:
isotest[7178]: mgmt socket: fd 3
isotest[7178]: mgmt_set_le: err 0
isotest[7178]: mgmt_set_experimental: err 0
isotest[7179]: Exit
isotest[7178]: Connecting 00:00:00:00:00:00 ...
isotest[7178]: Connected [00:00:00:00:00:00]
isotest[7178]: QoS [BIG 0x01 BIS 0x01 Packing 0x00 Framing 0x00 Encryption 0x00]
isotest[7178]: Input QoS [Interval 10000 us Latency 10 ms SDU 0 PHY 0x00 RTN 2]
isotest[7178]: Output QoS [Interval 10000 us Latency 10 ms SDU 40 PHY 0x02 RTN 2]
isotest[7178]: Connecting 00:00:00:00:00:00 ...
isotest[7178]: Connected [00:00:00:00:00:00]
isotest[7178]: QoS [BIG 0x01 BIS 0x01 Packing 0x00 Framing 0x00 Encryption 0x00]
isotest[7178]: Input QoS [Interval 10000 us Latency 10 ms SDU 0 PHY 0x00 RTN 2]
isotest[7178]: Output QoS [Interval 10000 us Latency 10 ms SDU 40 PHY 0x02 RTN 2]
isotest[7183]: Sending ...
isotest[7183]: Number of packets: 1
isotest[7183]: Socket jitter buffer: 80 buffer
isotest[7183]: [seq 0] 40 bytes buffered 92 (3712 bytes)
isotest[7184]: Sending ...
isotest[7184]: Number of packets: 1
isotest[7184]: Socket jitter buffer: 80 buffer
isotest[7184]: [seq 0] 40 bytes buffered 92 (3712 bytes)
isotest[7178]: Exit
< HCI Command: LE Create Broadcast Isochronous Group (0x08|0x0068) plen 31
Handle: 0x01
Advertising Handle: 0x01
Number of BIS: 2
SDU Interval: 10000 us (0x002710)
Maximum SDU size: 40
Maximum Latency: 10 ms (0x000a)
RTN: 0x02
PHY: LE 2M (0x02)
Packing: Sequential (0x00)
Framing: Unframed (0x00)
Encryption: 0x00
Broadcast Code: 00000000000000000000000000000000
> HCI Event: Command Status (0x0f) plen 4
LE Create Broadcast Isochronous Group (0x08|0x0068) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 23
LE Broadcast Isochronous Group Complete (0x1b)
Status: Success (0x00)
Handle: 0x01
BIG Synchronization Delay: 1974 us (0x0007b6)
Transport Latency: 1974 us (0x0007b6)
PHY: LE 2M (0x02)
NSE: 3
BN: 1
PTO: 1
IRC: 3
Maximum PDU: 40
ISO Interval: 10.00 msec (0x0008)
Connection Handle #0: 10
Connection Handle #1: 11
< HCI Command: LE Setup Isochronous Data Path (0x08|0x006e) plen 13
Handle: 10
Data Path Direction: Input (Host to Controller) (0x00)
Data Path: HCI (0x00)
Coding Format: Transparent (0x03)
Company Codec ID: Ericsson Technology Licensing (0)
Vendor Codec ID: 0
Controller Delay: 0 us (0x000000)
Codec Configuration Length: 0
Codec Configuration:
> HCI Event: Command Complete (0x0e) plen 6
LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1
Status: Success (0x00)
Handle: 10
< HCI Command: LE Setup Isochronous Data Path (0x08|0x006e) plen 13
Handle: 11
Data Path Direction: Input (Host to Controller) (0x00)
Data Path: HCI (0x00)
Coding Format: Transparent (0x03)
Company Codec ID: Ericsson Technology Licensing (0)
Vendor Codec ID: 0
Controller Delay: 0 us (0x000000)
Codec Configuration Length: 0
Codec Configuration:
> HCI Event: Command Complete (0x0e) plen 6
LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1
Status: Success (0x00)
Handle: 11
< ISO Data TX: Handle 10 flags 0x02 dlen 44
< ISO Data TX: Handle 11 flags 0x02 dlen 44
> HCI Event: Number of Completed Packets (0x13) plen 5
Num handles: 1
Handle: 10
Count: 1
> HCI Event: Number of Completed Packets (0x13) plen 5
Num handles: 1
Handle: 11
Count: 1
For the Broadcast Sink exercise, issue the following command,
in order to synchronize to the BISes created by the source:
tools/isotest -i hci1 -r 36:13:00:E1:1B:F0 -V le_random -N 2 -G 1
The flow is shown by the isotest log and the filtered btmon snippet below:
isotest[4033]: mgmt socket: fd 3
isotest[4034]: Exit
isotest[4033]: mgmt_set_le: err 0
isotest[4033]: mgmt_set_experimental: err 0
isotest[4033]: Waiting for connection 36:13:00:E1:1B:F0...
isotest[4036]: Connected [36:13:00:E1:1B:F0]
isotest[4036]: QoS [BIG 0x01 BIS 0x00 Packing 0x00 Framing 0x00 Encryption 0x00]
isotest[4036]: Input QoS [Interval 1974 us Latency 10 ms SDU 40 PHY 0x00 RTN 0]
isotest[4036]: Output QoS [Interval 0 us Latency 0 ms SDU 0 PHY 0x00 RTN 0]
isotest[4036]: Receiving ...
isotest[4037]: Connected [36:13:00:E1:1B:F0]
isotest[4037]: QoS [BIG 0x01 BIS 0x00 Packing 0x00 Framing 0x00 Encryption 0x00]
isotest[4037]: Input QoS [Interval 1974 us Latency 10 ms SDU 40 PHY 0x00 RTN 0]
isotest[4037]: Output QoS [Interval 0 us Latency 0 ms SDU 0 PHY 0x00 RTN 0]
isotest[4037]: Receiving ...
isotest[4037]: [seq 0] 280 bytes in 6.48 sec speed 0.34 kb/s
isotest[4036]: [seq 0] 280 bytes in 6.54 sec speed 0.33 kb/s
isotest[4037]: [seq 1] 280 bytes in 7.01 sec speed 0.31 kb/s
isotest[4036]: [seq 1] 280 bytes in 7.02 sec speed 0.31 kb/s
isotest[4037]: [seq 2] 280 bytes in 7.06 sec speed 0.31 kb/s
isotest[4036]: [seq 2] 280 bytes in 7.04 sec speed 0.31 kb/s
< HCI Command: LE Periodic Advertising Create Sync (0x08|0x0044) plen 14
Options: 0x0000
Use advertising SID, Advertiser Address Type and address
Reporting initially enabled
SID: 0x00
Adv address type: Random (0x01)
Adv address: 36:13:00:E1:1B:F0 (Non-Resolvable)
Skip: 0x0000
Sync timeout: 163840 msec (0x4000)
Sync CTE type: 0x0000
> HCI Event: Command Status (0x0f) plen 4
LE Periodic Advertising Create Sync (0x08|0x0044) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Extended Scan Parameters (0x08|0x0041) plen 13
Own address type: Public (0x00)
Filter policy: Ignore not in accept list (0x01)
PHYs: 0x05
Entry 0: LE 1M
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 30.000 msec (0x0030)
Entry 1: LE Coded
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 30.000 msec (0x0030)
> HCI Event: Command Complete (0x0e) plen 4
LE Set Extended Scan Parameters (0x08|0x0041) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Extended Scan Enable (0x08|0x0042) plen 6
Extended scan: Enabled (0x01)
Filter duplicates: Enabled (0x01)
Duration: 0 msec (0x0000)
Period: 0.00 sec (0x0000)
> HCI Event: Command Complete (0x0e) plen 4
LE Set Extended Scan Enable (0x08|0x0042) ncmd 1
Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 16
LE Periodic Advertising Sync Established (0x0e)
Status: Success (0x00)
Sync handle: 0
Advertising SID: 0x00
Advertiser address type: Random (0x01)
Advertiser address: 36:13:00:E1:1B:F0 (Non-Resolvable)
Advertiser PHY: LE 2M (0x02)
Periodic advertising interval: 10.00 msec (0x0008)
Advertiser clock accuracy: 0x00
> HCI Event: LE Meta Event (0x3e) plen 8
LE Periodic Advertising Report (0x0f)
Sync handle: 0
TX power: 127 dbm (0x7f)
RSSI: -47 dBm (0xd1)
CTE Type: No Constant Tone Extension (0xff)
Data status: Complete
Data length: 0x00
> HCI Event: LE Meta Event (0x3e) plen 20
LE Broadcast Isochronous Group Info Advertising Report (0x22)
Sync Handle: 0x0000
Number BIS: 2
NSE: 3
ISO Interval: 10.00 msec (0x0008)
BN: 1
PTO: 1
IRC: 3
Maximum PDU: 40
SDU Interval: 10000 us (0x002710)
Maximum SDU: 40
PHY: LE 2M (0x02)
Framing: Unframed (0x00)
Encryption: 0x00
< HCI Command: LE Broadcast Isochronous Group Create Sync (0x08|0x006b) plen 26
BIG Handle: 0x01
BIG Sync Handle: 0x0000
Encryption: Unencrypted (0x00)
Broadcast Code: 00000000000000000000000000000000
Maximum Number Subevents: 0x00
Timeout: 163840 ms (0x4000)
Number of BIS: 2
BIS ID: 0x01
BIS ID: 0x02
> HCI Event: LE Meta Event (0x3e) plen 19
LE Broadcast Isochronous Group Sync Estabilished (0x1d)
Status: Success (0x00)
BIG Handle: 0x01
Transport Latency: 1974 us (0x0007b6)
NSE: 3
BN: 1
PTO: 1
IRC: 3
Maximum PDU: 40
ISO Interval: 10.00 msec (0x0008)
Connection Handle #0: 10
Connection Handle #1: 11
< HCI Command: LE Setup Isochronous Data Path (0x08|0x006e) plen 13
Handle: 10
Data Path Direction: Output (Controller to Host) (0x01)
Data Path: HCI (0x00)
Coding Format: Transparent (0x03)
Company Codec ID: Ericsson Technology Licensing (0)
Vendor Codec ID: 0
Controller Delay: 0 us (0x000000)
Codec Configuration Length: 0
Codec Configuration:
> HCI Event: Command Complete (0x0e) plen 6
LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1
Status: Success (0x00)
Handle: 10
< HCI Command: LE Setup Isochronous Data Path (0x08|0x006e) plen 13
Handle: 11
Data Path Direction: Output (Controller to Host) (0x01)
Data Path: HCI (0x00)
Coding Format: Transparent (0x03)
Company Codec ID: Ericsson Technology Licensing (0)
Vendor Codec ID: 0
Controller Delay: 0 us (0x000000)
Codec Configuration Length: 0
Codec Configuration:
> HCI Event: Command Complete (0x0e) plen 6
LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1
Status: Success (0x00)
Handle: 11
> ISO Data RX: Handle 10 flags 0x06 dlen 48
> ISO Data RX: Handle 11 flags 0x06 dlen 48
|
|
Set no_hash_pointers=1 to avoid printk printing "___ptrval___" for %p.
This happens with test-runner since the kernel is not running long
enough to gather entropy and so refuses to print addresses, and makes
debugging harder. As test-runner is only used for testing and
debugging, pointer hashing is not needed.
|
|
Add test for reconnecting a CIG with two CIS, either both with same peer
or with different peers.
ISO Reconnect AC 6(i) - Success
ISO Reconnect AC 6(ii) - Success
|
|
AC 1 + 2 tests shall use their respective QoS parameters.
|
|
Add tests connecting two CIS using different CIG_ID, with fixed and
auto-allocated IDs.
ISO AC 1 + 2 - Success
ISO AC 1 + 2 CIG 0x01/0x02 - Success
The CIS are connected sequentially so that the first is closed after the
second is connected. In the auto/auto case the kernel shall pick a new
CIG_ID since the first CIG_ID is no longer in a configurable state.
|
|
There is a race between multiple connect() for CIS in the same CIG.
connect() will both reconfigure the CIG and connect the CIS, but CIG
cannot be reconfigured once one CIS has already connected. That these
tests pass currently relies on some timing/event ordering in the
emulator.
Connecting multiple CIS in same CIG is meant to be done using
DEFER_SETUP, so change the tests to use it, so we test the intended
usage.
|
|
Add option for launching Pipewire inside the VM to serve Bluetooth
endpoints, which can be used in tests.
Make the option to optionally take path to the audio daemon, so e.g.
Pulseaudio support can be added later.
|
|
Tests running inside the VM don't need access to sound cards running on
the host.
This reverts commit 91a48af52efb0751fab396b2b9026c9186b10b88
This reverts commit e20e7e0b05c7edb74255c9b092916ac5bb99c97f
|
|
This adds the following tests for encrypted broadcast:
ISO Broadcaster Encrypted - Success
ISO Broadcaster Receiver Encrypted - Success
|
|
Add command line options for BIG encryption and broadcast code.
|
|
This adds the following tests based on BAP Audio Configurations:
ISO AC 1 & 4 - Success
ISO AC 2 & 10 - Success
ISO AC 3 & 5 - Success
ISO AC 6(i) - Success
ISO AC 6(ii) - Success
ISO AC 7(i) - Success
ISO AC 7(ii) - Success
ISO AC 8(i) - Success
ISO AC 8(ii) - Success
ISO AC 9(i) - Success
ISO AC 9(ii) - Success
ISO AC 11(i) - Success
ISO AC 11(ii) - Success
|
|
This fixes the following tests now that all supported PHYs are enabled
by default:
Start Discovery LE - (Ext Scan Param) Failed
Get PHY Success Failed
Set PHY 1m 2m coded Succcess Timed out
|
|
Split bt_iso_qos into dedicated unicast and broadcast
structures and add additional broadcast parameters.
|
|
Add mgmt-tester tests for hci devcoredump. These testa trigger the
devcoredump with a test data and verifies the generated devcoredump
file for the test data and correct devcoredump header fields.
|
|
BT_MODE_* enums are used only for socket SOL_BLUETOOTH, option BT_MODE
Otherwise we should use L2CAP_MODE_* enums.
|
|
|
|
When attaching a local provisioner node, always request own
composition data to accommodate functional consolidation of
regular and remote provisioning mechanisms.
The knowledge of the own node composition is necessary for
provisioning initiation and self configuration.
|
|
This fixes the situation when subsequent requests to get a node
composition result in appending element's model list with duplicate models.
This adds a check for a presence of a model on an element when attempting
to add a new model ID to a model list on this element.
|
|
Some platforms use different filtering and for this purpose,
some of the ACL/SCO/ISO/SDP data is truncated.
In such a case, included length is smaller than the original size.
Without this fix, btmon stops working after first truncated packet.
|
|
The patch helps to generate Resolvable set identifier adv data.
which can be used as ADV data during advertisement.
It will be used to identify the device as part of setmember for
Coordinated set identification profile.
Example:
$<path to advtest/>advtest -i "761FAE703ED681F0C50B34155B6434FB"
SIRK: 761FAE703ED681F0C50B34155B6434FB
RSI: 0x71 0xcb 0xbc 0x7e 0x01 0x84
Random: bccb71
Hash: 84017e
|
|
This updates High Reliability presets as published in BAP 1.0.1:
https://www.bluetooth.com/specifications/bap-1-0-1/
|
|
This adds the following tests:
L2CAP Ext-Flowctl Server - Success
L2CAP Ext-Flowctl Server - Nval SCID
L2CAP LE EATT Client - Success
L2CAP LE EATT Server - Success
L2CAP LE EATT Server - Reject
|
|
This attempts to receive a timestamped HCI ISO data packet on central.
With kernel 6.2 HCI ISO packet parsing this test fails with
Bluetooth: Frame malformed (len 40, expected len 0)
Link: https://lore.kernel.org/linux-bluetooth/1fd2d4523c139deda93aab2c31f1508d79c32472.1676921889.git.pav@iki.fi/
|
|
Change bthost_send_iso to take packet sequence number and timestamp, and
allow it to send timestamped HCI ISO data packets.
Currently, btdev passes through ISO packets, so this can also be used to
test RX timestamping.
|
|
Add names for CIS Central/Peripheral MGMT setting bits:
[mgmt]# info
Index list with 1 item
hci0: Primary controller
addr XX:XX:XX:XX:XX:XX version 12 manufacturer 2 class 0x7c0104
supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr le advertising secure-conn debug-keys privacy configuration static-addr phy-configuration wide-band-speech cis-central cis-peripheral
current settings: powered bondable ssp br/edr le secure-conn cis-central cis-peripheral
name xxx
short name
hci0: Configuration options
supported options: public-address
missing options:
|
|
This adds support for extended device composition to account for
new fundamental models supported by bluetooth-meshd daemon.
Also, update to include explicit element locations and handle
different ordering of model IDs in the composition data.
|
|
This allows generation of Mesh Private Beacon server commands, and
recognition of the resulting Status messages.
|
|
These changes allow the mesh-cfgclient tool to request remote node
compositions from page 128. Depending on the differences between
there and what is stored in the local configuration database, it may
recomend reprovisioning with NPPI-1 (Address Refresh) or NPPI-2
(Composition Refresh).
Additionally, NPPI-0 may be performed to refresh the Device Key only.
|
|
The difference of time start and current time may have advanced just
enough to add a second leaving start nanoseconds to be bigger.
|
|
This adds the following test for testing when remote stack rejects the
CIS:
ISO Connect - Reject Passed
|
|
This enables setting an accept callback which can return reject
reason if the connection shall not be accepted.
|
|
The isotest executable was using the non-portable %zd string formatter
for loging 64 bit integers. This replaces them with PRId64.
|
|
Use the FAILIF() macro consistently to avoid unused variable n warnings.
|
|
Make hciattach_qualcomm.c and hciattach_tialt.c behave the same way
as hciattach_bcm43xx.c does, where FIRMWARE_DIR can be overridden
at build time by using -DFIRMWARE_DIR= CFLAGS.
|
|
L2CAP ECRED is now enabled by default by the following kernel change:
98f18bb78b7d ("Bluetooth: Add CONFIG_BT_LE_L2CAP_ECRED")
|
|
Set Static Address tests needs to power after setting the address since
the programming of the address using the HCI command only happens during
power on procedure.
|
|
This change checks for the expected HCI command after Static Address
change requested.
|
|
Tester was failing by not clearing the HCI queue of expected events
|
|
This fixes the following warning:
tools/rctest.c:131:2: warning: 1st function call argument is an
uninitialized value [core.CallAndMessage]
sdp_list_free(protos, NULL);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
The `owner' string, passed as user data, is freed if the player fails
registration, but the object path still exists. Upon program exiting,
the lingering path will be enumerated and the attached user data will be
freed again.
|
|
time_t is 64 bit (long long) on many 32 bit platforms (e.g. ARM) now
|
|
This patch adds ioctl-tester which tests the IOCTL commands.
HCI Down
Device List
Device List - Invalid Param 1
Device Info
Reset Stat
Set Link Mode - ACCEPT
Set Link Mode - MASTER
Set Pkt Type - DM
Set Pkt Type - DH
Set Pkt Type - HV
Set Pkt Type - 2-DH
Set Pkt Type - 2-DH
Set Pkt Type - ALL
Set ACL MTU - 1
Set ACL MTU - 2
Set SCO MTU - 1
Set SCO MTU - 2
Block BDADDR - Success
Block BDADDR - Fail
Unblock BDADDR - Success
Unblock BDADDR - Fail
Connection List - No Conn
Connection List
Connection Info
Connection Info - No Connection
Connection Info - Wrong Type
Authentication Info - No Connection
Authentication Info
|
|
This adds Basic RFCOMM Socket Client - Close test which attempt to close
socket while connecting.
|
|
This makes rfcomm-tester use the latest Bluetooth supported by the
emulator which is useful the detect regression related to ACL data
transfer.
|
|
Turns on experimental Mesh feature, and expects it in report when
querying which experimental features are supported and have been
enabled.
|
|
Ever growing set of tests for Mesh kernel support
|
|
Leave function on error instead of printing (possibly) invalid flags.
|
|
This makes use of QoS interval when sending a file.
|
|
This adds support for PAC_SINK and PAC_SOURCE endpoints as well as LC3
presets.
|
|
This makes use of bthost_add_iso_hook to track when an ISO connection
has been disconnected and then set its handle to 0x0000 which is then
checked when the socket HUP to confirm the remote has properly
disconnected (e.g. received Disconnected Complete).
|
|
This adds a destroy callback to bthost_add_iso_hook so its user can
detect when the hook is freed when the connection is disconnected.
|
|
shutdown(SHUT_RDWR) results in socket being HUP immeditaly instead of
waiting for Disconnect Complete event so instead just use SHUT_WR to
start the disconnect procedure without causing the socket to HUP.
|
|
This introduces a test that do use shutdown to disconnect an ISO socket
and then another one that attempts to reconnect it again to emulate
upper profile transitions.
|
|
This adds a test to check if different QoS are properly handled when
acting as peripheral.
|
|
This enables setting QoS other then the mandatory 16_2_1.
|
|
This fixes make check failing because lack of suppression for bind on
bt_log_open.
|
|
This attempts to test BT_DEFER_SETUP is properly set when the test has
defer flag set.
|
|
This adds ISO 48_2_1 Defer Send test which enables just output instead
of both.
|
|
This adds isotest.rst which documents the modes and options of
isotest(1) and is then converted isotest.1 manpage.
|
|
This adds isotest tool which can be used to test ISO sockets.
|
|
This adds iso-tester which tests BTPROTO_ISO socket:
Basic Framework - Success
Basic ISO Socket - Success
Basic ISO Get Socket Option - Success
Basic ISO Set Socket Option - Success
ISO QoS 8_1_1 - Success
ISO QoS 8_2_1 - Success
ISO QoS 16_1_1 - Success
ISO QoS 16_2_1 - Success
ISO QoS 16_2_1 CIG 0x01 - Success
ISO QoS 16_2_1 CIG 0x01 CIS 0x01 - Success
ISO QoS 24_1_1 - Success
ISO QoS 24_2_1 - Success
ISO QoS 32_1_1 - Success
ISO QoS 32_2_1 - Success
ISO QoS 44_1_1 - Success
ISO QoS 44_2_1 - Success
ISO QoS 48_1_1 - Success
ISO QoS 48_2_1 - Success
ISO QoS 48_3_1 - Success
ISO QoS 48_4_1 - Success
ISO QoS 48_5_1 - Success
ISO QoS 48_6_1 - Success
ISO QoS 8_1_2 - Success
ISO QoS 8_2_2 - Success
ISO QoS 16_1_2 - Success
ISO QoS 16_2_2 - Success
ISO QoS 24_1_2 - Success
ISO QoS 24_2_2 - Success
ISO QoS 32_1_2 - Success
ISO QoS 32_2_2 - Success
ISO QoS 44_1_2 - Success
ISO QoS 44_2_2 - Success
ISO QoS 48_1_2 - Success
ISO QoS 48_2_2 - Success
ISO QoS 48_3_2 - Success
ISO QoS 48_4_2 - Success
ISO QoS 48_5_2 - Success
ISO QoS 48_6_2 - Success
ISO QoS - Invalid
ISO Connect2 CIG 0x01 - Success
ISO Send - Success
ISO Receive - Success
ISO Defer - Success
ISO Defer Send - Success
ISO Defer Receive - Success
ISO Defer Reject - Success
ISO Send and Receive - Success
ISO Broadcaster - Success
ISO Broadcaster BIG 0x01 - Success
ISO Broadcaster BIG 0x01 BIS 0x01 - Success
ISO Broadcaster Receiver - Success
|
|
This adds support to create objects that map to ISO sockets.
|
|
This adds ISO Socket UUID as response to Read Exp Feature.
|
|
This patch fixes the errors reported by the scan-build.
tools/test-runner.c:315:2: warning: Null pointer passed to 1st parameter
expecting 'nonnull' [core.NonNullParamChecker]
execve(argv[0], argv, qemu_envp);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/test-runner.c:554:6: warning: Null pointer passed to 1st parameter
expecting 'nonnull' [core.NonNullParamChecker]
if (chdir(home + 5) < 0) {
^~~~~~~~~~~~~~~
tools/test-runner.c:638:6: warning: Null pointer passed to 1st parameter
expecting 'nonnull' [core.NonNullParamChecker]
if (chdir(home + 5) < 0) {
^~~~~~~~~~~~~~~
tools/test-runner.c:695:6: warning: Null pointer passed to 1st parameter
expecting 'nonnull' [core.NonNullParamChecker]
if (chdir(home + 5) < 0) {
^~~~~~~~~~~~~~~
tools/test-runner.c:984:3: warning: Value stored to 'serial_fd' is never
read [deadcode.DeadStores]
serial_fd = -1;
^ ~~
|
|
This patch fixes the errors reported by the scan-build.
tools/btmgmt.c:2699:2: warning: Value stored to 'argc' is never read
[deadcode.DeadStores]
argc -= optind;
^ ~~~~~~
tools/btmgmt.c:2859:2: warning: Value stored to 'argc' is never read
[deadcode.DeadStores]
argc -= optind;
^ ~~~~~~
tools/btmgmt.c:2860:2: warning: Value stored to 'argv' is never read
[deadcode.DeadStores]
argv += optind;
^ ~~~~~~
tools/btmgmt.c:2934:2: warning: Value stored to 'argc' is never read
[deadcode.DeadStores]
argc -= optind;
^ ~~~~~~
tools/btmgmt.c:2935:2: warning: Value stored to 'argv' is never read
[deadcode.DeadStores]
argv += optind;
^ ~~~~~~
tools/btmgmt.c:3000:2: warning: Value stored to 'argc' is never read
[deadcode.DeadStores]
argc -= optind;
^ ~~~~~~
tools/btmgmt.c:3001:2: warning: Value stored to 'argv' is never read
[deadcode.DeadStores]
argv += optind;
^ ~~~~~~
tools/btmgmt.c:3261:11: warning: Value stored to 'index' during its
initialization is never read [deadcode.DeadStores]
uint16_t index = mgmt_index;
^~~~~ ~~~~~~~~~~
tools/btmgmt.c:3450:2: warning: Value stored to 'argc' is never read
[deadcode.DeadStores]
argc -= optind;
^ ~~~~~~
tools/btmgmt.c:3451:2: warning: Value stored to 'argv' is never read
[deadcode.DeadStores]
argv += optind;
^ ~~~~~~
tools/btmgmt.c:4822:2: warning: Null pointer passed to 2nd parameter
expecting 'nonnull' [core.NonNullParamChecker]
memcpy(cp->data + uuid_bytes, adv_data, adv_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/btmgmt.c:4823:2: warning: Null pointer passed to 2nd parameter
expecting 'nonnull' [core.NonNullParamChecker]
memcpy(cp->data + uuid_bytes + adv_len, scan_rsp, scan_rsp_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/btmgmt.c:5244:2: warning: Null pointer passed to 2nd parameter
expecting 'nonnull' [core.NonNullParamChecker]
memcpy(cp->data + uuid_bytes, adv_data, adv_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tools/btmgmt.c:5245:2: warning: Null pointer passed to 2nd parameter
expecting 'nonnull' [core.NonNullParamChecker]
memcpy(cp->data + uuid_bytes + adv_len, scan_rsp, scan_rsp_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
This patch fixes the null dereference reported by the scan-build.
tools/mgmt-tester.c:12025:28: warning: Access to field 'cap_len' results
in a dereference of a null pointer (loaded from variable 'rp')
[core.NullDereference]
if (sizeof(rp->cap_len) + rp->cap_len != length) {
^~~~~~~~~~~
|
|
This patch adds a test case to test if the scan response data is updated
when the following scenarios are performed.
1. Add Extended Advertising Parameters Command
2. Add Extended Advertising Data Command w/ Scan Resp Data
3. Remove Advertising Command
4. Add Extended Advertising Parameters Command
5. Add Extended Advertising Data Command w/ Scan Resp Data
6. Host should set Scan Resp Data
|
|
|
|
This patch adds new command to support the following MGMT API:
Add Extended Advertising Parameters Command
Add Extended Advertising Data Command
|
|
This fixes the regression introduced by
ab31e2f7e828df3d971cba6f12859edc69f149d5 which causes tests using
add_advertising_mgmt_cmd_arr:
Add Advertising - Success (Name+data+appear) Timed out
Add Ext Advertising - Success (Name+data+appear) Timed out
|
|
Kernel events should have been managed so the audio card is accessible
from PipeWire
|
|
With this commit audio daemons can detect an audio card with output and
input, allowing to test interaction between BlueZ and the audio daemon.
|
|
Audio daemons requests access to DBus session to start
|
|
When running on a computer with a real Bluetooth controller (e.g. hci0) and
multiple emulators (e.g. hci1 and hci2) it isn't possible to use the
emulators with 2 test-runner vms.
If btproxy is started without index parameter the first test-runner will
use hci0, and btprox can't be started with multiple index parameters
(e.g. -i1 -i2).
This patch keeps the old beahvior when used without -i option, in this case
it will try to use the first controller available.
It also allows to select multiple controllers to be used by btproxy.
|
|
This fixes the following build error:
CC tools/mgmt-tester.o
tools/mgmt-tester.c: In function ‘setup_command_generic’:
tools/mgmt-tester.c:7503:16: error: the comparison will always evaluate
as ‘true’ for the pointer operand in
‘(const struct setup_mgmt_cmd *)test->setup_mgmt_cmd_arr +
(sizetype)(i * 24)’ must not be NULL [-Werror=address]
7503 | for (; test->setup_mgmt_cmd_arr + i; ++i) {
| ^~~~
|
|
This makes test-runner wait for system_bus_socket to be available before
continuing otherwise the likes of bluetoothd would likely fail to start.
|
|
Following scenario happens when prov is false and we have double free as
mentioned in the below
bluez-5.64/tools/mesh-gatt/prov-db.c:847: freed_arg: "g_free" frees
"in_str".
bluez-5.64/tools/mesh-gatt/prov-db.c:867: double_free: Calling "g_free"
frees pointer "in_str" which has already been freed.
|
|
Reported by coverity tool as follows :
bluez-5.64/tools/meshctl.c:1968: freed_arg: "g_free" frees "mesh_dir".
bluez-5.64/tools/meshctl.c:2018: double_free: Calling "g_free" frees
pointer "mesh_dir" which has already been freed.
|
|
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/obex-client-tool.c:315: leaked_handle: Handle variable
"sk" going out of scope leaks the handle.
|
|
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_handle: Handle variable
"fd" going out of scope leaks the handle.
bluez-5.64/tools/mesh/mesh-db.c:2388: leaked_storage: Variable "str"
going out of scope leaks the storage it points to.
|
|
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/l2cap-tester.c:1712: leaked_handle: Handle variable
"new_sk" going out of scope leaks the handle.
|
|
While performing static tool analysis using coverity found following
reports for resouse leak
bluez-5.64/tools/create-image.c:124: leaked_storage: Variable "map"
going out of scope leaks the storage it points to.
|
|
While performing static tool analysis using coverity found
following reports for resouse leak
bluez-5.64/tools/cltest.c:75: leaked_handle: Handle variable "fd"
going out of scope leaks the handle.
|
|
Some branches of execution can make handle (socket) leakage.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
|
|
According to man buffer allocated by getline() should be freed by
the user program even if getline() failed.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
|
|
printf() was using function that return dynamic allocated memory as
a parameter.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
|
|
This adds a dedicated option to start D-Bus alone which can be useful
when testing the bluetoothd with the likes of valgrind.
|
|
In tools/btmgmt.c and tools/hex2hcd.c few sscanf does not limit width
of fields. This could lead to static overflow and stack corruption.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
|
|
If malformed packet is proceed with zero 'size' field we will face with
wrong behaviour of write() call. Value 'toread - 1' gives wrong sign
for value 'written' (-1) in write() call. To prevent this we should
check that 'toread' is not equal to zero.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
|
|
Array 'c_brf_chip' of size 8 could be accessed by index > 7. We should
limit array access like in previous check at line 221.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
|
|
|
|
This moves adds the functionality of bluetooth-player into
bluetoothctl.
|
|
This updates usage so it list -l/--emulator properly:
test-runner - Automated test execution utility
Usage:
test-runner [options] [--] <command> [args]
Options:
-a, --auto Find tests and run them
-d, --dbus Start D-Bus daemon
-m, --monitor Start btmon
-l, --emulator Start btvirt
-u, --unix [path] Provide serial device
-q, --qemu <path> QEMU binary
-k, --kernel <image> Kernel image (bzImage)
-h, --help Show help options
|
|
This fixes -l/--emulator not able to start depending on what parameters
are given as it was not setting the directory properly.
|
|
Instead of parsing the command line, which can contain a shell script,
run using /bin/sh so it allows more complex command line to be tested:
sudo tools/test-runner -l -d -k <pathto/bzImage> --
'client/bluetoothctl power on && sleep 2 && client/bluetoothctl power
off'
|
|
This adds an option (-l/--emulator) to start btvirt before processing
the command which is convenient to runs tools like bluetoothctl:
sudo tools/test-runner -l -d -k <pathto/bzImage> --
client/bluetoothctl power on
|
|
If no specific index is given attempt to bind the next index if the
current one is already in use.
|
|
mesh-cfgtest.c uses MAX_PATH so it should include limits.h.
fixes compilation error with musl-based toolchains.
|
|
getrandom and sys/random.h are only available since glibc 2.25:
https://www.gnu.org/software/gnulib/manual/html_node/sys_002frandom_002eh.html
resulting in the following build failures since version 5.63 and
https://git.kernel.org/pub/scm/bluetooth/bluez.git/log/?qt=grep&q=getrandom:
plugins/autopair.c:20:24: fatal error: sys/random.h: No such file or directory
#include <sys/random.h>
^
To fix this build failure, add util_getrandom and a fallback (borrowed
from pipewire and licensed under MIT):
https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/pipewire/utils.c
Fixes:
- http://autobuild.buildroot.org/results/6b8870d12e0804d6154230a7322c49416c1dc0e2
|
|
This forces the behavior where not all data can be written at once so it
is able to reproduce the from [1].
[1]https://bugzilla.kernel.org/show_bug.cgi?id=215594
|
|
This adds a third argument to connect command so a channel can be passed
to CreateSession which is useful since it possible to force a specific
RFCOMM channel.
|
|
This attempts to test traffic similar to OBEX using big chunk of data.
|
|
An info message suggesting to request a remote node composition
should reference the correct menu command: "composition-get".
|
|
Fix keyword typos and comments.
|
|
This replaces the uses of g_memdup with util_memdup since the former has
been deprecated:
warning: ‘g_memdup’ is deprecated: Use 'g_memdup2' instead
[-Wdeprecated-declarations]
g_memdup2 requires bumping glib version which would likely have its
own problems thus why util_memdup was introduced.
|
|
This fixes various issues found when sanitizers are enabled.
|
|
This patch replaces the rand() function to the getrandom() syscall.
It was reported by the Coverity scan
rand() should not be used for security-related applications, because
linear congruential algorithms are too easy to break
|
|
If the Subscription being added is a Vendor Model, there needs to be a
4th parameter. Fixes oversight of not supporting vendor model in Meshctl.
|
|
This tests the use of Set Device Flags to set Device Privacy Mode which
results in the following sequence:
@ MGMT Event: Command Compl.. (0x0001) plen 10 {0x0001}
Set Device Flags (0x0050) plen 7
Status: Success (0x00)
LE Address: BC:9A:78:56:34:12 (OUI BC-9A-78)
< HCI Command: LE Set Exten.. (0x08|0x0042) plen 6
Extended scan: Disabled (0x00)
Filter duplicates: Disabled (0x00)
Duration: 0 msec (0x0000)
Period: 0.00 sec (0x0000)
= mgmt-tester: Set Device Flags (0x0050): Success (0x00)
= mgmt-tester: Test condition complete, 4 left
= mgmt-tester: New Device Flags Changed event received
= mgmt-tester: Test condition complete, 3 left
> HCI Event: Command Complete (0x0e) plen 4
LE Set Extended Scan Enable (0x08|0x0042) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Addre.. (0x08|0x002d) plen 1
Address resolution: Disabled (0x00)
= mgmt-tester: HCI Command 0x2042 length 6
> HCI Event: Command Complete (0x0e) plen 4
LE Set Address Resolution Enable (0x08|0x002d) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Priva.. (0x08|0x004e) plen 8
Peer Identity address type: Public (0x00)
Peer Identity address: BC:9A:78:56:34:12 (OUI BC-9A-78)
Privacy Mode: Use Device Privacy (0x01)
= mgmt-tester: HCI Command 0x202d length 1
= mgmt-tester: Test condition complete, 2 left
> HCI Event: Command Complete (0x0e) plen 4
LE Set Privacy Mode (0x08|0x004e) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Addre.. (0x08|0x002d) plen 1
Address resolution: Enabled (0x01)
= mgmt-tester: HCI Command 0x204e length 8
= mgmt-tester: Test condition complete, 1 left
> HCI Event: Command Complete (0x0e) plen 4
LE Set Address Resolution Enable (0x08|0x002d) ncmd 1
Status: Success (0x00)
< HCI Command: LE Set Exten.. (0x08|0x0041) plen 8
Own address type: Random (0x03)
Filter policy: Ignore not in accept list (0x01)
PHYs: 0x01
Entry 0: LE 1M
Type: Passive (0x00)
Interval: 60.000 msec (0x0060)
Window: 30.000 msec (0x0030)
= mgmt-tester: HCI Command 0x202d length 1
= mgmt-tester: Test condition complete, 0 left
|
|
This adds a test for Limited/Device Privacy (0x02):
@ MGMT Command: Set Privacy (0x002f) plen 17
Privacy: Limited (0x02)
Key: 01020304050607080102030405060708
@ MGMT Event: Command Complete (0x0001) plen 7
Set Privacy (0x002f) plen 4
Status: Success (0x00)
Current settings: 0x00002080
BR/EDR
Privacy
@ MGMT Event: New Settings (0x0006) plen 4
Current settings: 0x00002080
BR/EDR
Privacy
|
|
This patch adds LL Privacy related test cases.
Multi Ext Advertising - Success 3 (Add 2 Advs)
Multi Ext Advertising - Success 4 (Remove Adv)
Multi Ext Advertising - Success 5 (Remove all)
Multi Ext Advertising - Success 6 (Add w/o power on)
Multi Ext Advertising - Fail (Add MAX)
LL Privacy - Add Device 1 (Add to AL)
LL Privacy - Add Device 2 (Add to RL)
LL Privacy - Add Device 3 (Enable RL)
LL Privacy - Add Device 4 (2 Devices to AL)
LL Privacy - Add Device 5 (2 Devices to RL)
LL Privacy - Add Device 6 (RL is full)
LL Privacy - Add Device 7 (WL is full)
LL Privacy - Add Device 8 (Disable Adv)
LL Privacy - Add Device 9 (Multi Adv)
LL Privacy - Add Device 10 (Multi Dev and Multi Adv)
LL Privacy - Remove Device 1 (Remove from AL)
LL Privacy - Remove Device 2 (Remove from RL)
LL Privacy - Remove Device 3 (Disable RL)
LL Privacy - Remove Device 4 (Disable Adv)
LL Privacy - Remove Device 5 (Multi Adv)
LL Privacy - Start Discovery 1 (Disable RL)
LL Privacy - Start Discovery 2 (Disable RL)
LL Privacy - Advertising 1 (Scan Results)
LL Privacy - Acceptor 1
LL Privacy - Acceptor 2
LL Privacy - Pair 1
LL Privacy - Pair 2 (Add to AL)
LL Privacy - Unpair 1
LL Privacy - Unpair 2 (Remove from AL)
|
|
This patch updates the expected manufacturer of the emulator for the
following test cases:
> Read Ext Controller Info 1 Failed
> Read Ext Controller Info 2 Failed
> Read Ext Controller Info 3 Failed
> Read Ext Controller Info 4 Failed
> Read Ext Controller Info 5 Failed
|
|
This patch adds support for experimental feature in setup_settings
options.
|
|
The emulator is now using Linux Foundation manufacturer ID.
|
|
The descriptions of leal* commands are copied from lewl* commands.
However they should use "accept list" instead.
|
|
This replaces the direct setting debugfs to use vhci instance which
properly stores the controller index so it can be used even if there
are real controllers in the system.
|
|
This patch fixes a number of potential NULL pointer dereferencing
cases.
|
|
This patch adds more suspend/resuem test cases like
- Discover -> Suspend
- Discover -> Suspend -> Resume
- Suspend -> Resume -> Suspend -> Resume
|
|
This patch updates/adds test cases for Read and Set Experimental Feature
commands.
|
|
This patch fixes the suspend reason for the pairing test cases to the
disconnect.
|
|
This patch fixes the suspend reason code to align with the corrent
kernel implementation.
|
|
This patch adds extra test cases for load_long_term_keys command.
|
|
This patch adds the suspend/resume test cases:
Suspend/Resume - Success 1 (Suspend)
Suspend/Resume - Success 2 (Resume)
Suspend/Resume - Success 3 (Device in WL)
Suspend/Resume - Success 4 (Advertising)
Suspend/Resume - Success 5 (Pairing - Legacy)
Suspend/Resume - Success 6 (Pairing - SSP)
|
