From f4f1d20c826b75258b014ca8f688816d5f5fb4d5 Mon Sep 17 00:00:00 2001 From: Jin Cheng Date: Tue, 22 Oct 2024 21:23:21 +0800 Subject: [PATCH 1/4] fix(bt/bluedroid): AG should send OK or other error codes to HF client when it is driven by HF to initiate a call. --- .../bluetooth/bluedroid/classic_bt/hfp_ag/main/bt_app_hf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/bluetooth/bluedroid/classic_bt/hfp_ag/main/bt_app_hf.c b/examples/bluetooth/bluedroid/classic_bt/hfp_ag/main/bt_app_hf.c index 05b75588d4..5c38abda40 100644 --- a/examples/bluetooth/bluedroid/classic_bt/hfp_ag/main/bt_app_hf.c +++ b/examples/bluetooth/bluedroid/classic_bt/hfp_ag/main/bt_app_hf.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2024 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -32,7 +32,7 @@ const char *c_hf_evt_str[] = { "AUDIO_STATE_EVT", /*!< AUDIO CONNECTION STATE CONTROL */ "VR_STATE_CHANGE_EVT", /*!< VOICE RECOGNITION CHANGE */ "VOLUME_CONTROL_EVT", /*!< AUDIO VOLUME CONTROL */ - "UNKNOW_AT_CMD", /*!< UNKNOW AT COMMAND RECIEVED */ + "UNKNOW_AT_CMD", /*!< UNKNOWN AT COMMAND RECEIVED */ "IND_UPDATE", /*!< INDICATION UPDATE */ "CIND_RESPONSE_EVT", /*!< CALL & DEVICE INDICATION */ "COPS_RESPONSE_EVT", /*!< CURRENT OPERATOR EVENT */ @@ -355,7 +355,7 @@ void bt_app_hf_cb(esp_hf_cb_event_t event, esp_hf_cb_param_t *param) case ESP_HF_IND_UPDATE_EVT: { - ESP_LOGI(BT_HF_TAG, "--UPDATE INDCATOR!"); + ESP_LOGI(BT_HF_TAG, "--UPDATE INDICATOR!"); esp_hf_call_status_t call_state = 1; esp_hf_call_setup_status_t call_setup_state = 2; esp_hf_network_state_t ntk_state = 1; @@ -460,6 +460,7 @@ void bt_app_hf_cb(esp_hf_cb_event_t event, esp_hf_cb_param_t *param) if (param->out_call.type == ESP_HF_DIAL_NUM) { // dia_num ESP_LOGI(BT_HF_TAG, "--Dial number \"%s\".", param->out_call.num_or_loc); + esp_hf_ag_cmee_send(param->out_call.remote_addr, ESP_HF_AT_RESPONSE_CODE_OK, ESP_HF_CME_AG_FAILURE); esp_hf_ag_out_call(param->out_call.remote_addr,1,0,1,0,param->out_call.num_or_loc,0); } else if (param->out_call.type == ESP_HF_DIAL_MEM) { // dia_mem From 5c722289b6a04fc75548aaf2a18b1fb4250eb60c Mon Sep 17 00:00:00 2001 From: zhanghaipeng Date: Wed, 16 Oct 2024 20:49:57 +0800 Subject: [PATCH 2/4] fix(bt/ble): Update esp32 libbtdm_app.a (17db8bd) - Added a verification step for the Access Address within the CONNECT_IND PDU --- components/bt/controller/esp32/Kconfig.in | 9 +++++++++ components/bt/controller/lib_esp32 | 2 +- components/bt/include/esp32/include/esp_bt.h | 10 +++++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/components/bt/controller/esp32/Kconfig.in b/components/bt/controller/esp32/Kconfig.in index 0fd0b6e413..80f8bb2d6e 100644 --- a/components/bt/controller/esp32/Kconfig.in +++ b/components/bt/controller/esp32/Kconfig.in @@ -444,6 +444,15 @@ config BTDM_CTRL_SCAN_BACKOFF_UPPERLIMITMAX minimize collision of scan request PDUs from nultiple scanners. If scan backoff is disabled, in active scanning, scan request PDU will be sent every time when HW receives scannable ADV PDU. +config BTDM_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS + bool "Enable enhanced Access Address check in CONNECT_IND" + default n + help + Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU. + This improves security by ensuring that only connection requests with valid Access Addresses are accepted. + If disabled, only basic checks are applied, improving compatibility. + + config BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP bool "BLE adv report flow control supported" depends on (BTDM_CTRL_MODE_BTDM || BTDM_CTRL_MODE_BLE_ONLY) diff --git a/components/bt/controller/lib_esp32 b/components/bt/controller/lib_esp32 index c3f6258cfb..120783fe47 160000 --- a/components/bt/controller/lib_esp32 +++ b/components/bt/controller/lib_esp32 @@ -1 +1 @@ -Subproject commit c3f6258cfbd776d51e30bd6168f42b0cf5d73ea8 +Subproject commit 120783fe47b8267a48178f0fa2c6e794ce315eff diff --git a/components/bt/include/esp32/include/esp_bt.h b/components/bt/include/esp32/include/esp_bt.h index 74d41aa9be..be9e2cce22 100644 --- a/components/bt/include/esp32/include/esp_bt.h +++ b/components/bt/include/esp32/include/esp_bt.h @@ -55,7 +55,7 @@ extern "C" { * * @note Please do not modify this value */ -#define ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL 0x20240926 +#define ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL 0x20241015 /** * @brief Bluetooth Controller mode @@ -193,6 +193,12 @@ the advertising packet will be discarded until the memory is restored. */ #define BTDM_BLE_LLCP_DISC_FLAG (BTDM_BLE_LLCP_CONN_UPDATE | BTDM_BLE_LLCP_CHAN_MAP_UPDATE) +#ifdef CONFIG_BTDM_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS +#define BTDM_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED CONFIG_BTDM_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS +#else +#define BTDM_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED 0 +#endif + /** * @brief Default Bluetooth Controller configuration */ @@ -222,6 +228,7 @@ the advertising packet will be discarded until the memory is restored. */ .dup_list_refresh_period = SCAN_DUPL_CACHE_REFRESH_PERIOD, \ .ble_scan_backoff = BTDM_CTRL_SCAN_BACKOFF_UPPERLIMITMAX, \ .ble_llcp_disc_flag = BTDM_BLE_LLCP_DISC_FLAG, \ + .ble_aa_check = BTDM_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED, \ .magic = ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL, \ } @@ -275,6 +282,7 @@ typedef struct { uint16_t dup_list_refresh_period; /*!< Scan duplicate filtering list refresh period in seconds. Configurable in menuconfig */ bool ble_scan_backoff; /*!< True if BLE scan backoff is enabled; false otherwise. Configurable in menuconfig */ uint8_t ble_llcp_disc_flag; /*!< BLE disconnect flag when instant passed. Configurable in menuconfig */ + bool ble_aa_check; /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */ uint32_t magic; /*!< Magic number */ } esp_bt_controller_config_t; From dc6fc5a1f53a9076558503096f512fadef2d0bbf Mon Sep 17 00:00:00 2001 From: gongyantao Date: Fri, 25 Oct 2024 11:16:11 +0800 Subject: [PATCH 3/4] fix(bt): fix some issues in bt controller 1: Store local device name into NVDS when handling hci_wr_local_name_cmd. 2: Set default device name during link manager initialization. 3: Set the QoS value to the minimum value if the calculated QoS is less than the minumum. --- components/bt/controller/lib_esp32 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/bt/controller/lib_esp32 b/components/bt/controller/lib_esp32 index 120783fe47..5c4a62c1d4 160000 --- a/components/bt/controller/lib_esp32 +++ b/components/bt/controller/lib_esp32 @@ -1 +1 @@ -Subproject commit 120783fe47b8267a48178f0fa2c6e794ce315eff +Subproject commit 5c4a62c1d4577d1352d28708c790ba2b4f741842 From 5cd5ede2f55333e7c8546d3d7bbaee007b608e47 Mon Sep 17 00:00:00 2001 From: Jin Cheng Date: Fri, 8 Nov 2024 12:51:23 +0800 Subject: [PATCH 4/4] fix(bt/controller): Fixed some controller bugs on ESP32 - Fixed wrong logic in handling sniff transaction collision at slave side - Fixed the issue ACL is stopped too early before eSCO --- components/bt/controller/lib_esp32 | 2 +- components/esp_rom/esp32/ld/esp32.rom.ld | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/components/bt/controller/lib_esp32 b/components/bt/controller/lib_esp32 index 5c4a62c1d4..4f9869a760 160000 --- a/components/bt/controller/lib_esp32 +++ b/components/bt/controller/lib_esp32 @@ -1 +1 @@ -Subproject commit 5c4a62c1d4577d1352d28708c790ba2b4f741842 +Subproject commit 4f9869a760c7f6982d2d4d6b56ef46c1b2488611 diff --git a/components/esp_rom/esp32/ld/esp32.rom.ld b/components/esp_rom/esp32/ld/esp32.rom.ld index a24ff27f07..c6abfb4559 100644 --- a/components/esp_rom/esp32/ld/esp32.rom.ld +++ b/components/esp_rom/esp32/ld/esp32.rom.ld @@ -663,6 +663,7 @@ PROVIDE ( ld_acl_rsw_frm_cbk = 0x40033bb0 ); PROVIDE ( ld_sco_modify = 0x40031778 ); PROVIDE ( lm_cmd_cmp_send = 0x40051838 ); PROVIDE ( ld_sco_frm_cbk = 0x400349dc ); +PROVIDE ( ld_sco_evt_stop_cbk = 0x40031d78 ); PROVIDE ( ld_acl_sco_rsvd_check = 0x4002fa94 ); PROVIDE ( ld_acl_sniff_frm_cbk = 0x4003482c ); PROVIDE ( ld_inq_end = 0x4003ab48 );