Bluetooth: Userchan: Parse multiple hci packets

[vChavezB]

After conducting tests with a a virtual Bluetooth controller over TCP it was noticed that some HCI packets may arrive on the same buffer if sent over a short period of time.
This update ensures the hci packets are parsed correctly in the case multiple packets are in the same recieving buffer according to how HCI packets are decoded in the Bluetooth Spec v5.2 Part E.

This should fix #61762

Open for suggestions and discussion on how to address this the best way.

[jhedberg]

This doesn't seem correct. You have the packet type as the first byte and the packet-specific header comes after that. In all other cases you read &packet_buff[1] but here you read &packet_buff[0]. Actually, I don't see any reason why you need two parameters to this function. Just pass the original buffer and inside the function you can then do uint8_t type = buf[0];.

[vChavezB]

Yes, sorry mistake on my part while changing to the suggestions of the other reviewer.

[jhedberg]

This generates unnecessarily complicated code. Just do size = sys_le16_to_cpu(hdr->len);. The structs are packed, so accessing the struct members generates automatically alignment-safe code (if needed by the CPU architecture).

[vChavezB]

Does the packed attribute deal with endianness ? Thats the reason I thought parts like these ones are needed in the current bluetooth stack

https://github.com/zephyrproject-rtos/zephyr/blob/2d65acca3a76b968657c2e796512558e93f2ed23/drivers/bluetooth/hci/h4.c#L127C3-L127C3

https://github.com/zephyrproject-rtos/zephyr/blob/2d65acca3a76b968657c2e796512558e93f2ed23/drivers/bluetooth/hci/h4.c#L140C2-L140C2

Edit: I read again your comment, ok are you only referring to changing the name of the variable from payload size to size ?

[vChavezB]

I changed the other review comments accordingly but this one is still is not clear to me.

Could you be more specific on your suggestion?

Just do size = sys_le16_to_cpu(hdr->len)

I understood either:

1. Change the name of the variable payload_len to size ?
2. Obtain the size of the payload via size = sys_le16_to_cpu(hdr->len); before the switch case? Its a trivial change and only the edge case for the struct bt_hci_cmd_hdr has to be taken into account (param_len).

Sorry for the misunderstanding on my part, looking forward for your comments.

[vChavezB]

Ok, I think I overthought the comment. Changed to using sys_le16_to_cpu instead of sys_get_le16 and the lenght member of the respective hci header struct instead of the address.

[jhedberg]

This seems like an unnecessary variable (doesn't add much to readability, and the way you've named it it's even longer thansizeof(packet_type).

[vChavezB]

I have changed it to now use it directly in the the return statement of the function.

[jhedberg]

Call these len instead of size.

[vChavezB]

changed

[jhedberg]

I'd just call this function packet_len()

[vChavezB]

changed

[jhedberg]

Please follow the same struct alignment style as elsewhere in the headers, so that the struct member names are aligned. That means two spaces after uint8_t but only one after uint16_t.

[vChavezB]

changed

[jhedberg]

One more review round (thanks for your patience!). After that I think this is ready to be merged.

I think it'd also make sense to split the hci_types.h changes into its own commit (still in this same PR) before the userchan.c commit, since those changes are not strictly related to the userchan driver.

[jhedberg]

Sorry if this is getting a bit overly pedantic, but I'd prefer if we stick to existing variable naming conventions and also avoid unnecessarily long names. This helps keep the code more readable (for someone who has read a lot of other Bluetooth subsystem code). and also avoids excessively long lines.

Just call the input parameter const uint8_t *buf

[vChavezB]

Oh no problem, I am aware that style and naming conventions are highly dependent on organisations policies. As I am still not that familiar with the codebase of Zephyr I know this could come up.

[jhedberg]

const uint8_t type = buf[0];
const uint8_t hdr = &buf[sizeof(type)];

[vChavezB]

changed

[jhedberg]

const struct bt_hci_cmd_hdr *cmd = (const struct bt_hci_cmd_hdr *)hdr;

[vChavezB]

changed

[jhedberg]

const struct bt_hci_acl_hdr *acl = (const struct bt_hci_acl_hdr *)hdr;

[vChavezB]

changed

[jhedberg]

const struct bt_hci_sco_hdr *sco = (const struct bt_hci_sco_hdr *)hdr;

[vChavezB]

changed

[jhedberg]

const struct bt_hci_evt_hdr *evt = (const struct bt_hci_evt_hdr *)hdr;

[vChavezB]

changed

[jhedberg]

const struct bt_hci_iso_hdr *iso = (const struct bt_hci_iso_hdr *)hdr;

[vChavezB]

changed

[jhedberg]

Might make sense to add a LOG_WRN("Unknown packet type 0x%02x", type) before the return.

[vChavezB]

added

[jhedberg]

The other connection header structs (ACL & ISO) use simply handle here, so I'd stick to that for consistency (unless the HCI spec is actually fundamentally different in its naming conventions for these headers)

[jhedberg]

Ok, I just checked and the HCI spec uses Connection_Handle both for SCO and ISO, but just Handle for ACL. However, since the ISO struct already uses simply handle I'd follow that convention for SCO as well.

[vChavezB]

changed

[vChavezB]

Added last suggestions. Pending separation of commits...

[vChavezB]

I have separated the commits.

[Thalley]

Suggested change

	payload_len = bt_iso_hdr_len(sys_le16_to_cpu(iso->len));
	header_len = BT_HCI_ISO_HDR_SIZE;
	}
	payload_len = bt_iso_hdr_len(sys_le16_to_cpu(iso->len));
	header_len = BT_HCI_ISO_HDR_SIZE;
	break;
	}

[vChavezB]

Thanks for noticing this, have been changing different parts that I must have deleted the break while refactoring.

[Thalley]

Yeah, it existed earlier :D