tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Johan Hedberg says:
====================
pull request: bluetooth-next 2020-09-29
Here's the main bluetooth-next pull request for 5.10:
- Multiple fixes to suspend/resume handling
- Added mgmt events for controller suspend/resume state
- Improved extended advertising support
- btintel: Enhanced support for next generation controllers
- Added Qualcomm Bluetooth SoC WCN6855 support
- Several other smaller fixes & improvements
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
+851
-174
+285
-6
drivers/bluetooth/btintel.c
+285
-6
drivers/bluetooth/btintel.c
···
18
18
19
19
#define VERSION "0.1"
20
20
21
-
#define BDADDR_INTEL (&(bdaddr_t) {{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
21
+
#define BDADDR_INTEL (&(bdaddr_t){{0x00, 0x8b, 0x9e, 0x19, 0x03, 0x00}})
22
+
#define RSA_HEADER_LEN 644
23
+
#define CSS_HEADER_OFFSET 8
24
+
#define ECDSA_OFFSET 644
25
+
#define ECDSA_HEADER_LEN 320
22
26
23
27
int btintel_check_bdaddr(struct hci_dev *hdev)
24
28
{
···
364
360
}
365
361
EXPORT_SYMBOL_GPL(btintel_read_version);
366
362
363
+
void btintel_version_info_tlv(struct hci_dev *hdev, struct intel_version_tlv *version)
364
+
{
365
+
const char *variant;
366
+
367
+
switch (version->img_type) {
368
+
case 0x01:
369
+
variant = "Bootloader";
370
+
bt_dev_info(hdev, "Device revision is %u", version->dev_rev_id);
371
+
bt_dev_info(hdev, "Secure boot is %s",
372
+
version->secure_boot ? "enabled" : "disabled");
373
+
bt_dev_info(hdev, "OTP lock is %s",
374
+
version->otp_lock ? "enabled" : "disabled");
375
+
bt_dev_info(hdev, "API lock is %s",
376
+
version->api_lock ? "enabled" : "disabled");
377
+
bt_dev_info(hdev, "Debug lock is %s",
378
+
version->debug_lock ? "enabled" : "disabled");
379
+
bt_dev_info(hdev, "Minimum firmware build %u week %u %u",
380
+
version->min_fw_build_nn, version->min_fw_build_cw,
381
+
2000 + version->min_fw_build_yy);
382
+
break;
383
+
case 0x03:
384
+
variant = "Firmware";
385
+
break;
386
+
default:
387
+
bt_dev_err(hdev, "Unsupported image type(%02x)", version->img_type);
388
+
goto done;
389
+
}
390
+
391
+
bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant,
392
+
2000 + (version->timestamp >> 8), version->timestamp & 0xff,
393
+
version->build_type, version->build_num);
394
+
395
+
done:
396
+
return;
397
+
}
398
+
EXPORT_SYMBOL_GPL(btintel_version_info_tlv);
399
+
400
+
int btintel_read_version_tlv(struct hci_dev *hdev, struct intel_version_tlv *version)
401
+
{
402
+
struct sk_buff *skb;
403
+
const u8 param[1] = { 0xFF };
404
+
405
+
if (!version)
406
+
return -EINVAL;
407
+
408
+
skb = __hci_cmd_sync(hdev, 0xfc05, 1, param, HCI_CMD_TIMEOUT);
409
+
if (IS_ERR(skb)) {
410
+
bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
411
+
PTR_ERR(skb));
412
+
return PTR_ERR(skb);
413
+
}
414
+
415
+
if (skb->data[0]) {
416
+
bt_dev_err(hdev, "Intel Read Version command failed (%02x)",
417
+
skb->data[0]);
418
+
kfree_skb(skb);
419
+
return -EIO;
420
+
}
421
+
422
+
/* Consume Command Complete Status field */
423
+
skb_pull(skb, 1);
424
+
425
+
/* Event parameters contatin multiple TLVs. Read each of them
426
+
* and only keep the required data. Also, it use existing legacy
427
+
* version field like hw_platform, hw_variant, and fw_variant
428
+
* to keep the existing setup flow
429
+
*/
430
+
while (skb->len) {
431
+
struct intel_tlv *tlv;
432
+
433
+
tlv = (struct intel_tlv *)skb->data;
434
+
switch (tlv->type) {
435
+
case INTEL_TLV_CNVI_TOP:
436
+
version->cnvi_top = get_unaligned_le32(tlv->val);
437
+
break;
438
+
case INTEL_TLV_CNVR_TOP:
439
+
version->cnvr_top = get_unaligned_le32(tlv->val);
440
+
break;
441
+
case INTEL_TLV_CNVI_BT:
442
+
version->cnvi_bt = get_unaligned_le32(tlv->val);
443
+
break;
444
+
case INTEL_TLV_CNVR_BT:
445
+
version->cnvr_bt = get_unaligned_le32(tlv->val);
446
+
break;
447
+
case INTEL_TLV_DEV_REV_ID:
448
+
version->dev_rev_id = get_unaligned_le16(tlv->val);
449
+
break;
450
+
case INTEL_TLV_IMAGE_TYPE:
451
+
version->img_type = tlv->val[0];
452
+
break;
453
+
case INTEL_TLV_TIME_STAMP:
454
+
version->timestamp = get_unaligned_le16(tlv->val);
455
+
break;
456
+
case INTEL_TLV_BUILD_TYPE:
457
+
version->build_type = tlv->val[0];
458
+
break;
459
+
case INTEL_TLV_BUILD_NUM:
460
+
version->build_num = get_unaligned_le32(tlv->val);
461
+
break;
462
+
case INTEL_TLV_SECURE_BOOT:
463
+
version->secure_boot = tlv->val[0];
464
+
break;
465
+
case INTEL_TLV_OTP_LOCK:
466
+
version->otp_lock = tlv->val[0];
467
+
break;
468
+
case INTEL_TLV_API_LOCK:
469
+
version->api_lock = tlv->val[0];
470
+
break;
471
+
case INTEL_TLV_DEBUG_LOCK:
472
+
version->debug_lock = tlv->val[0];
473
+
break;
474
+
case INTEL_TLV_MIN_FW:
475
+
version->min_fw_build_nn = tlv->val[0];
476
+
version->min_fw_build_cw = tlv->val[1];
477
+
version->min_fw_build_yy = tlv->val[2];
478
+
break;
479
+
case INTEL_TLV_LIMITED_CCE:
480
+
version->limited_cce = tlv->val[0];
481
+
break;
482
+
case INTEL_TLV_SBE_TYPE:
483
+
version->sbe_type = tlv->val[0];
484
+
break;
485
+
case INTEL_TLV_OTP_BDADDR:
486
+
memcpy(&version->otp_bd_addr, tlv->val, tlv->len);
487
+
break;
488
+
default:
489
+
/* Ignore rest of information */
490
+
break;
491
+
}
492
+
/* consume the current tlv and move to next*/
493
+
skb_pull(skb, tlv->len + sizeof(*tlv));
494
+
}
495
+
496
+
kfree_skb(skb);
497
+
return 0;
498
+
}
499
+
EXPORT_SYMBOL_GPL(btintel_read_version_tlv);
500
+
367
501
/* ------- REGMAP IBT SUPPORT ------- */
368
502
369
503
#define IBT_REG_MODE_8BIT 0x00
···
768
626
}
769
627
EXPORT_SYMBOL_GPL(btintel_read_boot_params);
770
628
771
-
int btintel_download_firmware(struct hci_dev *hdev, const struct firmware *fw,
772
-
u32 *boot_param)
629
+
static int btintel_sfi_rsa_header_secure_send(struct hci_dev *hdev,
630
+
const struct firmware *fw)
773
631
{
774
632
int err;
775
-
const u8 *fw_ptr;
776
-
u32 frag_len;
777
633
778
634
/* Start the firmware download transaction with the Init fragment
779
635
* represented by the 128 bytes of CSS header.
···
800
660
goto done;
801
661
}
802
662
803
-
fw_ptr = fw->data + 644;
663
+
done:
664
+
return err;
665
+
}
666
+
667
+
static int btintel_sfi_ecdsa_header_secure_send(struct hci_dev *hdev,
668
+
const struct firmware *fw)
669
+
{
670
+
int err;
671
+
672
+
/* Start the firmware download transaction with the Init fragment
673
+
* represented by the 128 bytes of CSS header.
674
+
*/
675
+
err = btintel_secure_send(hdev, 0x00, 128, fw->data + 644);
676
+
if (err < 0) {
677
+
bt_dev_err(hdev, "Failed to send firmware header (%d)", err);
678
+
return err;
679
+
}
680
+
681
+
/* Send the 96 bytes of public key information from the firmware
682
+
* as the PKey fragment.
683
+
*/
684
+
err = btintel_secure_send(hdev, 0x03, 96, fw->data + 644 + 128);
685
+
if (err < 0) {
686
+
bt_dev_err(hdev, "Failed to send firmware pkey (%d)", err);
687
+
return err;
688
+
}
689
+
690
+
/* Send the 96 bytes of signature information from the firmware
691
+
* as the Sign fragment
692
+
*/
693
+
err = btintel_secure_send(hdev, 0x02, 96, fw->data + 644 + 224);
694
+
if (err < 0) {
695
+
bt_dev_err(hdev, "Failed to send firmware signature (%d)",
696
+
err);
697
+
return err;
698
+
}
699
+
return 0;
700
+
}
701
+
702
+
static int btintel_download_firmware_payload(struct hci_dev *hdev,
703
+
const struct firmware *fw,
704
+
u32 *boot_param, size_t offset)
705
+
{
706
+
int err;
707
+
const u8 *fw_ptr;
708
+
u32 frag_len;
709
+
710
+
fw_ptr = fw->data + offset;
804
711
frag_len = 0;
712
+
err = -EINVAL;
805
713
806
714
while (fw_ptr - fw->data < fw->size) {
807
715
struct hci_command_hdr *cmd = (void *)(fw_ptr + frag_len);
···
895
707
done:
896
708
return err;
897
709
}
710
+
711
+
int btintel_download_firmware(struct hci_dev *hdev,
712
+
const struct firmware *fw,
713
+
u32 *boot_param)
714
+
{
715
+
int err;
716
+
717
+
err = btintel_sfi_rsa_header_secure_send(hdev, fw);
718
+
if (err)
719
+
return err;
720
+
721
+
return btintel_download_firmware_payload(hdev, fw, boot_param,
722
+
RSA_HEADER_LEN);
723
+
}
898
724
EXPORT_SYMBOL_GPL(btintel_download_firmware);
725
+
726
+
int btintel_download_firmware_newgen(struct hci_dev *hdev,
727
+
const struct firmware *fw, u32 *boot_param,
728
+
u8 hw_variant, u8 sbe_type)
729
+
{
730
+
int err;
731
+
u32 css_header_ver;
732
+
733
+
/* iBT hardware variants 0x0b, 0x0c, 0x11, 0x12, 0x13, 0x14 support
734
+
* only RSA secure boot engine. Hence, the corresponding sfi file will
735
+
* have RSA header of 644 bytes followed by Command Buffer.
736
+
*
737
+
* iBT hardware variants 0x17, 0x18 onwards support both RSA and ECDSA
738
+
* secure boot engine. As a result, the corresponding sfi file will
739
+
* have RSA header of 644, ECDSA header of 320 bytes followed by
740
+
* Command Buffer.
741
+
*
742
+
* CSS Header byte positions 0x08 to 0x0B represent the CSS Header
743
+
* version: RSA(0x00010000) , ECDSA (0x00020000)
744
+
*/
745
+
css_header_ver = get_unaligned_le32(fw->data + CSS_HEADER_OFFSET);
746
+
if (css_header_ver != 0x00010000) {
747
+
bt_dev_err(hdev, "Invalid CSS Header version");
748
+
return -EINVAL;
749
+
}
750
+
751
+
if (hw_variant <= 0x14) {
752
+
if (sbe_type != 0x00) {
753
+
bt_dev_err(hdev, "Invalid SBE type for hardware variant (%d)",
754
+
hw_variant);
755
+
return -EINVAL;
756
+
}
757
+
758
+
err = btintel_sfi_rsa_header_secure_send(hdev, fw);
759
+
if (err)
760
+
return err;
761
+
762
+
err = btintel_download_firmware_payload(hdev, fw, boot_param, RSA_HEADER_LEN);
763
+
if (err)
764
+
return err;
765
+
} else if (hw_variant >= 0x17) {
766
+
/* Check if CSS header for ECDSA follows the RSA header */
767
+
if (fw->data[ECDSA_OFFSET] != 0x06)
768
+
return -EINVAL;
769
+
770
+
/* Check if the CSS Header version is ECDSA(0x00020000) */
771
+
css_header_ver = get_unaligned_le32(fw->data + ECDSA_OFFSET + CSS_HEADER_OFFSET);
772
+
if (css_header_ver != 0x00020000) {
773
+
bt_dev_err(hdev, "Invalid CSS Header version");
774
+
return -EINVAL;
775
+
}
776
+
777
+
if (sbe_type == 0x00) {
778
+
err = btintel_sfi_rsa_header_secure_send(hdev, fw);
779
+
if (err)
780
+
return err;
781
+
782
+
err = btintel_download_firmware_payload(hdev, fw,
783
+
boot_param,
784
+
RSA_HEADER_LEN + ECDSA_HEADER_LEN);
785
+
if (err)
786
+
return err;
787
+
} else if (sbe_type == 0x01) {
788
+
err = btintel_sfi_ecdsa_header_secure_send(hdev, fw);
789
+
if (err)
790
+
return err;
791
+
792
+
err = btintel_download_firmware_payload(hdev, fw,
793
+
boot_param,
794
+
RSA_HEADER_LEN + ECDSA_HEADER_LEN);
795
+
if (err)
796
+
return err;
797
+
}
798
+
}
799
+
return 0;
800
+
}
801
+
EXPORT_SYMBOL_GPL(btintel_download_firmware_newgen);
899
802
900
803
void btintel_reset_to_bootloader(struct hci_dev *hdev)
901
804
{
+91
drivers/bluetooth/btintel.h
+91
drivers/bluetooth/btintel.h
···
6
6
* Copyright (C) 2015 Intel Corporation
7
7
*/
8
8
9
+
/* List of tlv type */
10
+
enum {
11
+
INTEL_TLV_CNVI_TOP = 0x10,
12
+
INTEL_TLV_CNVR_TOP,
13
+
INTEL_TLV_CNVI_BT,
14
+
INTEL_TLV_CNVR_BT,
15
+
INTEL_TLV_CNVI_OTP,
16
+
INTEL_TLV_CNVR_OTP,
17
+
INTEL_TLV_DEV_REV_ID,
18
+
INTEL_TLV_USB_VENDOR_ID,
19
+
INTEL_TLV_USB_PRODUCT_ID,
20
+
INTEL_TLV_PCIE_VENDOR_ID,
21
+
INTEL_TLV_PCIE_DEVICE_ID,
22
+
INTEL_TLV_PCIE_SUBSYSTEM_ID,
23
+
INTEL_TLV_IMAGE_TYPE,
24
+
INTEL_TLV_TIME_STAMP,
25
+
INTEL_TLV_BUILD_TYPE,
26
+
INTEL_TLV_BUILD_NUM,
27
+
INTEL_TLV_FW_BUILD_PRODUCT,
28
+
INTEL_TLV_FW_BUILD_HW,
29
+
INTEL_TLV_FW_STEP,
30
+
INTEL_TLV_BT_SPEC,
31
+
INTEL_TLV_MFG_NAME,
32
+
INTEL_TLV_HCI_REV,
33
+
INTEL_TLV_LMP_SUBVER,
34
+
INTEL_TLV_OTP_PATCH_VER,
35
+
INTEL_TLV_SECURE_BOOT,
36
+
INTEL_TLV_KEY_FROM_HDR,
37
+
INTEL_TLV_OTP_LOCK,
38
+
INTEL_TLV_API_LOCK,
39
+
INTEL_TLV_DEBUG_LOCK,
40
+
INTEL_TLV_MIN_FW,
41
+
INTEL_TLV_LIMITED_CCE,
42
+
INTEL_TLV_SBE_TYPE,
43
+
INTEL_TLV_OTP_BDADDR,
44
+
INTEL_TLV_UNLOCKED_STATE
45
+
};
46
+
47
+
struct intel_tlv {
48
+
u8 type;
49
+
u8 len;
50
+
u8 val[0];
51
+
} __packed;
52
+
53
+
struct intel_version_tlv {
54
+
u32 cnvi_top;
55
+
u32 cnvr_top;
56
+
u32 cnvi_bt;
57
+
u32 cnvr_bt;
58
+
u16 dev_rev_id;
59
+
u8 img_type;
60
+
u16 timestamp;
61
+
u8 build_type;
62
+
u32 build_num;
63
+
u8 secure_boot;
64
+
u8 otp_lock;
65
+
u8 api_lock;
66
+
u8 debug_lock;
67
+
u8 min_fw_build_nn;
68
+
u8 min_fw_build_cw;
69
+
u8 min_fw_build_yy;
70
+
u8 limited_cce;
71
+
u8 sbe_type;
72
+
bdaddr_t otp_bd_addr;
73
+
};
74
+
9
75
struct intel_version {
10
76
u8 status;
11
77
u8 hw_platform;
···
143
77
void btintel_hw_error(struct hci_dev *hdev, u8 code);
144
78
145
79
void btintel_version_info(struct hci_dev *hdev, struct intel_version *ver);
80
+
void btintel_version_info_tlv(struct hci_dev *hdev, struct intel_version_tlv *version);
146
81
int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type, u32 plen,
147
82
const void *param);
148
83
int btintel_load_ddc_config(struct hci_dev *hdev, const char *ddc_name);
149
84
int btintel_set_event_mask(struct hci_dev *hdev, bool debug);
150
85
int btintel_set_event_mask_mfg(struct hci_dev *hdev, bool debug);
151
86
int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver);
87
+
int btintel_read_version_tlv(struct hci_dev *hdev, struct intel_version_tlv *ver);
152
88
153
89
struct regmap *btintel_regmap_init(struct hci_dev *hdev, u16 opcode_read,
154
90
u16 opcode_write);
···
159
91
struct intel_boot_params *params);
160
92
int btintel_download_firmware(struct hci_dev *dev, const struct firmware *fw,
161
93
u32 *boot_param);
94
+
int btintel_download_firmware_newgen(struct hci_dev *hdev,
95
+
const struct firmware *fw,
96
+
u32 *boot_param, u8 hw_variant,
97
+
u8 sbe_type);
162
98
void btintel_reset_to_bootloader(struct hci_dev *hdev);
163
99
int btintel_read_debug_features(struct hci_dev *hdev,
164
100
struct intel_debug_features *features);
···
209
137
{
210
138
}
211
139
140
+
static inline void btintel_version_info_tlv(struct hci_dev *hdev,
141
+
struct intel_version_tlv *version)
142
+
{
143
+
}
144
+
212
145
static inline int btintel_secure_send(struct hci_dev *hdev, u8 fragment_type,
213
146
u32 plen, const void *param)
214
147
{
···
242
165
return -EOPNOTSUPP;
243
166
}
244
167
168
+
static inline int btintel_read_version_tlv(struct hci_dev *hdev,
169
+
struct intel_version_tlv *ver)
170
+
{
171
+
return -EOPNOTSUPP;
172
+
}
173
+
245
174
static inline struct regmap *btintel_regmap_init(struct hci_dev *hdev,
246
175
u16 opcode_read,
247
176
u16 opcode_write)
···
270
187
static inline int btintel_download_firmware(struct hci_dev *dev,
271
188
const struct firmware *fw,
272
189
u32 *boot_param)
190
+
{
191
+
return -EOPNOTSUPP;
192
+
}
193
+
194
+
static inline int btintel_download_firmware_newgen(struct hci_dev *hdev,
195
+
const struct firmware *fw,
196
+
u32 *boot_param,
197
+
u8 hw_variant, u8 sbe_type)
273
198
{
274
199
return -EOPNOTSUPP;
275
200
}
+4
-50
drivers/bluetooth/btmrvl_sdio.c
+4
-50
drivers/bluetooth/btmrvl_sdio.c
···
215
215
.fw_dump_end = 0xea,
216
216
};
217
217
218
-
static const struct btmrvl_sdio_card_reg btmrvl_reg_8977 = {
219
-
.cfg = 0x00,
220
-
.host_int_mask = 0x08,
221
-
.host_intstatus = 0x0c,
222
-
.card_status = 0x5c,
223
-
.sq_read_base_addr_a0 = 0xf8,
224
-
.sq_read_base_addr_a1 = 0xf9,
225
-
.card_revision = 0xc8,
226
-
.card_fw_status0 = 0xe8,
227
-
.card_fw_status1 = 0xe9,
228
-
.card_rx_len = 0xea,
229
-
.card_rx_unit = 0xeb,
230
-
.io_port_0 = 0xe4,
231
-
.io_port_1 = 0xe5,
232
-
.io_port_2 = 0xe6,
233
-
.int_read_to_clear = true,
234
-
.host_int_rsr = 0x04,
235
-
.card_misc_cfg = 0xD8,
236
-
.fw_dump_ctrl = 0xf0,
237
-
.fw_dump_start = 0xf1,
238
-
.fw_dump_end = 0xf8,
239
-
};
240
-
241
-
static const struct btmrvl_sdio_card_reg btmrvl_reg_8987 = {
218
+
static const struct btmrvl_sdio_card_reg btmrvl_reg_89xx = {
242
219
.cfg = 0x00,
243
220
.host_int_mask = 0x08,
244
221
.host_intstatus = 0x0c,
···
233
256
.int_read_to_clear = true,
234
257
.host_int_rsr = 0x04,
235
258
.card_misc_cfg = 0xd8,
236
-
.fw_dump_ctrl = 0xf0,
237
-
.fw_dump_start = 0xf1,
238
-
.fw_dump_end = 0xf8,
239
-
};
240
-
241
-
static const struct btmrvl_sdio_card_reg btmrvl_reg_8997 = {
242
-
.cfg = 0x00,
243
-
.host_int_mask = 0x08,
244
-
.host_intstatus = 0x0c,
245
-
.card_status = 0x5c,
246
-
.sq_read_base_addr_a0 = 0xf8,
247
-
.sq_read_base_addr_a1 = 0xf9,
248
-
.card_revision = 0xc8,
249
-
.card_fw_status0 = 0xe8,
250
-
.card_fw_status1 = 0xe9,
251
-
.card_rx_len = 0xea,
252
-
.card_rx_unit = 0xeb,
253
-
.io_port_0 = 0xe4,
254
-
.io_port_1 = 0xe5,
255
-
.io_port_2 = 0xe6,
256
-
.int_read_to_clear = true,
257
-
.host_int_rsr = 0x04,
258
-
.card_misc_cfg = 0xD8,
259
259
.fw_dump_ctrl = 0xf0,
260
260
.fw_dump_start = 0xf1,
261
261
.fw_dump_end = 0xf8,
···
286
332
static const struct btmrvl_sdio_device btmrvl_sdio_sd8977 = {
287
333
.helper = NULL,
288
334
.firmware = "mrvl/sdsd8977_combo_v2.bin",
289
-
.reg = &btmrvl_reg_8977,
335
+
.reg = &btmrvl_reg_89xx,
290
336
.support_pscan_win_report = true,
291
337
.sd_blksz_fw_dl = 256,
292
338
.supports_fw_dump = true,
···
295
341
static const struct btmrvl_sdio_device btmrvl_sdio_sd8987 = {
296
342
.helper = NULL,
297
343
.firmware = "mrvl/sd8987_uapsta.bin",
298
-
.reg = &btmrvl_reg_8987,
344
+
.reg = &btmrvl_reg_89xx,
299
345
.support_pscan_win_report = true,
300
346
.sd_blksz_fw_dl = 256,
301
347
.supports_fw_dump = true,
···
304
350
static const struct btmrvl_sdio_device btmrvl_sdio_sd8997 = {
305
351
.helper = NULL,
306
352
.firmware = "mrvl/sdsd8997_combo_v4.bin",
307
-
.reg = &btmrvl_reg_8997,
353
+
.reg = &btmrvl_reg_89xx,
308
354
.support_pscan_win_report = true,
309
355
.sd_blksz_fw_dl = 256,
310
356
.supports_fw_dump = true,
+2
-2
drivers/bluetooth/btmtksdio.c
+2
-2
drivers/bluetooth/btmtksdio.c
···
496
496
sdio_claim_host(bdev->func);
497
497
498
498
/* Disable interrupt */
499
-
sdio_writel(func, C_INT_EN_CLR, MTK_REG_CHLPCR, 0);
499
+
sdio_writel(func, C_INT_EN_CLR, MTK_REG_CHLPCR, NULL);
500
500
501
501
int_status = sdio_readl(func, MTK_REG_CHISR, NULL);
502
502
···
530
530
}
531
531
532
532
/* Enable interrupt */
533
-
sdio_writel(func, C_INT_EN_SET, MTK_REG_CHLPCR, 0);
533
+
sdio_writel(func, C_INT_EN_SET, MTK_REG_CHLPCR, NULL);
534
534
535
535
pm_runtime_mark_last_busy(bdev->dev);
536
536
pm_runtime_put_autosuspend(bdev->dev);
+94
-35
drivers/bluetooth/btusb.c
+94
-35
drivers/bluetooth/btusb.c
···
59
59
#define BTUSB_MEDIATEK 0x200000
60
60
#define BTUSB_WIDEBAND_SPEECH 0x400000
61
61
#define BTUSB_VALID_LE_STATES 0x800000
62
+
#define BTUSB_QCA_WCN6855 0x1000000
62
63
63
64
static const struct usb_device_id btusb_table[] = {
64
65
/* Generic Bluetooth USB device */
···
255
254
{ USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
256
255
257
256
/* QCA ROME chipset */
258
-
{ USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME },
259
-
{ USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME },
260
-
{ USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME },
261
-
{ USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME },
262
-
{ USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME },
263
-
{ USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME },
264
-
{ USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME },
265
-
{ USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME },
266
-
{ USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME },
267
-
{ USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME },
268
-
{ USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME },
269
-
{ USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME },
270
-
{ USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME },
271
-
{ USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME },
272
-
{ USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME },
273
-
{ USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME },
274
-
{ USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME },
275
-
{ USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME },
257
+
{ USB_DEVICE(0x0cf3, 0x535b), .driver_info = BTUSB_QCA_ROME |
258
+
BTUSB_WIDEBAND_SPEECH },
259
+
{ USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME |
260
+
BTUSB_WIDEBAND_SPEECH },
261
+
{ USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME |
262
+
BTUSB_WIDEBAND_SPEECH },
263
+
{ USB_DEVICE(0x0cf3, 0xe010), .driver_info = BTUSB_QCA_ROME |
264
+
BTUSB_WIDEBAND_SPEECH },
265
+
{ USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME |
266
+
BTUSB_WIDEBAND_SPEECH },
267
+
{ USB_DEVICE(0x0cf3, 0xe301), .driver_info = BTUSB_QCA_ROME |
268
+
BTUSB_WIDEBAND_SPEECH },
269
+
{ USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME |
270
+
BTUSB_WIDEBAND_SPEECH },
271
+
{ USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME |
272
+
BTUSB_WIDEBAND_SPEECH },
273
+
{ USB_DEVICE(0x0489, 0xe09f), .driver_info = BTUSB_QCA_ROME |
274
+
BTUSB_WIDEBAND_SPEECH },
275
+
{ USB_DEVICE(0x0489, 0xe0a2), .driver_info = BTUSB_QCA_ROME |
276
+
BTUSB_WIDEBAND_SPEECH },
277
+
{ USB_DEVICE(0x04ca, 0x3011), .driver_info = BTUSB_QCA_ROME |
278
+
BTUSB_WIDEBAND_SPEECH },
279
+
{ USB_DEVICE(0x04ca, 0x3015), .driver_info = BTUSB_QCA_ROME |
280
+
BTUSB_WIDEBAND_SPEECH },
281
+
{ USB_DEVICE(0x04ca, 0x3016), .driver_info = BTUSB_QCA_ROME |
282
+
BTUSB_WIDEBAND_SPEECH },
283
+
{ USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME |
284
+
BTUSB_WIDEBAND_SPEECH },
285
+
{ USB_DEVICE(0x04ca, 0x3021), .driver_info = BTUSB_QCA_ROME |
286
+
BTUSB_WIDEBAND_SPEECH },
287
+
{ USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME |
288
+
BTUSB_WIDEBAND_SPEECH },
289
+
{ USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME |
290
+
BTUSB_WIDEBAND_SPEECH },
291
+
{ USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME |
292
+
BTUSB_WIDEBAND_SPEECH },
293
+
294
+
/* QCA WCN6855 chipset */
295
+
{ USB_DEVICE(0x0cf3, 0xe600), .driver_info = BTUSB_QCA_WCN6855 |
296
+
BTUSB_WIDEBAND_SPEECH },
276
297
277
298
/* Broadcom BCM2035 */
278
299
{ USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
···
2361
2338
2362
2339
static int btusb_intel_download_firmware(struct hci_dev *hdev,
2363
2340
struct intel_version *ver,
2364
-
struct intel_boot_params *params)
2341
+
struct intel_boot_params *params,
2342
+
u32 *boot_param)
2365
2343
{
2366
2344
const struct firmware *fw;
2367
-
u32 boot_param;
2368
2345
char fwname[64];
2369
2346
int err;
2370
2347
struct btusb_data *data = hci_get_drvdata(hdev);
···
2502
2479
set_bit(BTUSB_DOWNLOADING, &data->flags);
2503
2480
2504
2481
/* Start firmware downloading and get boot parameter */
2505
-
err = btintel_download_firmware(hdev, fw, &boot_param);
2482
+
err = btintel_download_firmware(hdev, fw, boot_param);
2506
2483
if (err < 0) {
2507
2484
/* When FW download fails, send Intel Reset to retry
2508
2485
* FW download.
···
2584
2561
return err;
2585
2562
}
2586
2563
2587
-
err = btusb_intel_download_firmware(hdev, &ver, ¶ms);
2564
+
err = btusb_intel_download_firmware(hdev, &ver, ¶ms, &boot_param);
2588
2565
if (err)
2589
2566
return err;
2590
2567
···
2919
2896
buf = kmalloc(size, GFP_KERNEL);
2920
2897
if (!buf) {
2921
2898
kfree(dr);
2899
+
usb_free_urb(urb);
2922
2900
return -ENOMEM;
2923
2901
}
2924
2902
···
3414
3390
return 0;
3415
3391
}
3416
3392
3393
+
static int btusb_set_bdaddr_wcn6855(struct hci_dev *hdev,
3394
+
const bdaddr_t *bdaddr)
3395
+
{
3396
+
struct sk_buff *skb;
3397
+
u8 buf[6];
3398
+
long ret;
3399
+
3400
+
memcpy(buf, bdaddr, sizeof(bdaddr_t));
3401
+
3402
+
skb = __hci_cmd_sync_ev(hdev, 0xfc14, sizeof(buf), buf,
3403
+
HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT);
3404
+
if (IS_ERR(skb)) {
3405
+
ret = PTR_ERR(skb);
3406
+
bt_dev_err(hdev, "Change address command failed (%ld)", ret);
3407
+
return ret;
3408
+
}
3409
+
kfree_skb(skb);
3410
+
3411
+
return 0;
3412
+
}
3413
+
3417
3414
#define QCA_DFU_PACKET_LEN 4096
3418
3415
3419
3416
#define QCA_GET_TARGET_VERSION 0x09
···
3454
3409
} __packed;
3455
3410
3456
3411
struct qca_rampatch_version {
3457
-
__le16 rom_version;
3412
+
__le16 rom_version_high;
3413
+
__le16 rom_version_low;
3458
3414
__le16 patch_version;
3459
3415
} __packed;
3460
3416
···
3467
3421
};
3468
3422
3469
3423
static const struct qca_device_info qca_devices_table[] = {
3470
-
{ 0x00000100, 20, 4, 10 }, /* Rome 1.0 */
3471
-
{ 0x00000101, 20, 4, 10 }, /* Rome 1.1 */
3472
-
{ 0x00000200, 28, 4, 18 }, /* Rome 2.0 */
3473
-
{ 0x00000201, 28, 4, 18 }, /* Rome 2.1 */
3474
-
{ 0x00000300, 28, 4, 18 }, /* Rome 3.0 */
3475
-
{ 0x00000302, 28, 4, 18 }, /* Rome 3.2 */
3424
+
{ 0x00000100, 20, 4, 8 }, /* Rome 1.0 */
3425
+
{ 0x00000101, 20, 4, 8 }, /* Rome 1.1 */
3426
+
{ 0x00000200, 28, 4, 16 }, /* Rome 2.0 */
3427
+
{ 0x00000201, 28, 4, 16 }, /* Rome 2.1 */
3428
+
{ 0x00000300, 28, 4, 16 }, /* Rome 3.0 */
3429
+
{ 0x00000302, 28, 4, 16 }, /* Rome 3.2 */
3430
+
{ 0x00130100, 40, 4, 16 }, /* WCN6855 1.0 */
3431
+
{ 0x00130200, 40, 4, 16 }, /* WCN6855 2.0 */
3476
3432
};
3477
3433
3478
3434
static int btusb_qca_send_vendor_req(struct usb_device *udev, u8 request,
···
3576
3528
{
3577
3529
struct qca_rampatch_version *rver;
3578
3530
const struct firmware *fw;
3579
-
u32 ver_rom, ver_patch;
3580
-
u16 rver_rom, rver_patch;
3531
+
u32 ver_rom, ver_patch, rver_rom;
3532
+
u16 rver_rom_low, rver_rom_high, rver_patch;
3581
3533
char fwname[64];
3582
3534
int err;
3583
3535
···
3596
3548
bt_dev_info(hdev, "using rampatch file: %s", fwname);
3597
3549
3598
3550
rver = (struct qca_rampatch_version *)(fw->data + info->ver_offset);
3599
-
rver_rom = le16_to_cpu(rver->rom_version);
3551
+
rver_rom_low = le16_to_cpu(rver->rom_version_low);
3600
3552
rver_patch = le16_to_cpu(rver->patch_version);
3553
+
3554
+
if (ver_rom & ~0xffffU) {
3555
+
rver_rom_high = le16_to_cpu(rver->rom_version_high);
3556
+
rver_rom = le32_to_cpu(rver_rom_high << 16 | rver_rom_low);
3557
+
} else {
3558
+
rver_rom = rver_rom_low;
3559
+
}
3601
3560
3602
3561
bt_dev_info(hdev, "QCA: patch rome 0x%x build 0x%x, "
3603
3562
"firmware rome 0x%x build 0x%x",
···
3679
3624
return err;
3680
3625
3681
3626
ver_rom = le32_to_cpu(ver.rom_version);
3682
-
/* Don't care about high ROM versions */
3683
-
if (ver_rom & ~0xffffU)
3684
-
return 0;
3685
3627
3686
3628
for (i = 0; i < ARRAY_SIZE(qca_devices_table); i++) {
3687
3629
if (ver_rom == qca_devices_table[i].rom_version)
···
4112
4060
hdev->cmd_timeout = btusb_qca_cmd_timeout;
4113
4061
set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4114
4062
btusb_check_needs_reset_resume(intf);
4063
+
}
4064
+
4065
+
if (id->driver_info & BTUSB_QCA_WCN6855) {
4066
+
data->setup_on_usb = btusb_setup_qca;
4067
+
hdev->set_bdaddr = btusb_set_bdaddr_wcn6855;
4068
+
hdev->cmd_timeout = btusb_qca_cmd_timeout;
4069
+
set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks);
4115
4070
}
4116
4071
4117
4072
if (id->driver_info & BTUSB_AMP) {
-2
drivers/bluetooth/hci_h5.c
-2
drivers/bluetooth/hci_h5.c
+19
-35
drivers/bluetooth/hci_intel.c
+19
-35
drivers/bluetooth/hci_intel.c
···
288
288
289
289
static int intel_set_power(struct hci_uart *hu, bool powered)
290
290
{
291
-
struct list_head *p;
291
+
struct intel_device *idev;
292
292
int err = -ENODEV;
293
293
294
294
if (!hu->tty->dev)
···
296
296
297
297
mutex_lock(&intel_device_list_lock);
298
298
299
-
list_for_each(p, &intel_device_list) {
300
-
struct intel_device *idev = list_entry(p, struct intel_device,
301
-
list);
302
-
299
+
list_for_each_entry(idev, &intel_device_list, list) {
303
300
/* tty device and pdev device should share the same parent
304
301
* which is the UART port.
305
302
*/
···
359
362
360
363
static void intel_busy_work(struct work_struct *work)
361
364
{
362
-
struct list_head *p;
363
365
struct intel_data *intel = container_of(work, struct intel_data,
364
366
busy_work);
367
+
struct intel_device *idev;
365
368
366
369
if (!intel->hu->tty->dev)
367
370
return;
368
371
369
372
/* Link is busy, delay the suspend */
370
373
mutex_lock(&intel_device_list_lock);
371
-
list_for_each(p, &intel_device_list) {
372
-
struct intel_device *idev = list_entry(p, struct intel_device,
373
-
list);
374
-
374
+
list_for_each_entry(idev, &intel_device_list, list) {
375
375
if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) {
376
376
pm_runtime_get(&idev->pdev->dev);
377
377
pm_runtime_mark_last_busy(&idev->pdev->dev);
···
527
533
struct sk_buff *skb;
528
534
struct intel_version ver;
529
535
struct intel_boot_params params;
530
-
struct list_head *p;
536
+
struct intel_device *idev;
531
537
const struct firmware *fw;
532
538
char fwname[64];
533
539
u32 boot_param;
···
687
693
case 0x0b: /* SfP */
688
694
case 0x0c: /* WsP */
689
695
snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.sfi",
690
-
le16_to_cpu(ver.hw_variant),
691
-
le16_to_cpu(params.dev_revid));
696
+
ver.hw_variant, le16_to_cpu(params.dev_revid));
692
697
break;
693
698
case 0x12: /* ThP */
694
699
snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.sfi",
695
-
le16_to_cpu(ver.hw_variant),
696
-
le16_to_cpu(ver.hw_revision),
697
-
le16_to_cpu(ver.fw_revision));
700
+
ver.hw_variant, ver.hw_revision, ver.fw_revision);
698
701
break;
699
702
default:
700
703
bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
···
713
722
case 0x0b: /* SfP */
714
723
case 0x0c: /* WsP */
715
724
snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u.ddc",
716
-
le16_to_cpu(ver.hw_variant),
717
-
le16_to_cpu(params.dev_revid));
725
+
ver.hw_variant, le16_to_cpu(params.dev_revid));
718
726
break;
719
727
case 0x12: /* ThP */
720
728
snprintf(fwname, sizeof(fwname), "intel/ibt-%u-%u-%u.ddc",
721
-
le16_to_cpu(ver.hw_variant),
722
-
le16_to_cpu(ver.hw_revision),
723
-
le16_to_cpu(ver.fw_revision));
729
+
ver.hw_variant, ver.hw_revision, ver.fw_revision);
724
730
break;
725
731
default:
726
732
bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
···
827
839
* until further LPM TX notification.
828
840
*/
829
841
mutex_lock(&intel_device_list_lock);
830
-
list_for_each(p, &intel_device_list) {
831
-
struct intel_device *dev = list_entry(p, struct intel_device,
832
-
list);
842
+
list_for_each_entry(idev, &intel_device_list, list) {
833
843
if (!hu->tty->dev)
834
844
break;
835
-
if (hu->tty->dev->parent == dev->pdev->dev.parent) {
836
-
if (device_may_wakeup(&dev->pdev->dev)) {
845
+
if (hu->tty->dev->parent == idev->pdev->dev.parent) {
846
+
if (device_may_wakeup(&idev->pdev->dev)) {
837
847
set_bit(STATE_LPM_ENABLED, &intel->flags);
838
848
set_bit(STATE_TX_ACTIVE, &intel->flags);
839
849
}
···
985
999
static int intel_enqueue(struct hci_uart *hu, struct sk_buff *skb)
986
1000
{
987
1001
struct intel_data *intel = hu->priv;
988
-
struct list_head *p;
1002
+
struct intel_device *idev;
989
1003
990
1004
BT_DBG("hu %p skb %p", hu, skb);
991
1005
···
996
1010
* completed before enqueuing any packet.
997
1011
*/
998
1012
mutex_lock(&intel_device_list_lock);
999
-
list_for_each(p, &intel_device_list) {
1000
-
struct intel_device *idev = list_entry(p, struct intel_device,
1001
-
list);
1002
-
1013
+
list_for_each_entry(idev, &intel_device_list, list) {
1003
1014
if (hu->tty->dev->parent == idev->pdev->dev.parent) {
1004
1015
pm_runtime_get_sync(&idev->pdev->dev);
1005
1016
pm_runtime_mark_last_busy(&idev->pdev->dev);
···
1059
1076
#ifdef CONFIG_ACPI
1060
1077
static const struct acpi_device_id intel_acpi_match[] = {
1061
1078
{ "INT33E1", 0 },
1062
-
{ },
1079
+
{ "INT33E3", 0 },
1080
+
{ }
1063
1081
};
1064
1082
MODULE_DEVICE_TABLE(acpi, intel_acpi_match);
1065
1083
#endif
···
1122
1138
static const struct acpi_gpio_params host_wake_gpios = { 1, 0, false };
1123
1139
1124
1140
static const struct acpi_gpio_mapping acpi_hci_intel_gpios[] = {
1125
-
{ "reset-gpios", &reset_gpios, 1 },
1126
-
{ "host-wake-gpios", &host_wake_gpios, 1 },
1127
-
{ },
1141
+
{ "reset-gpios", &reset_gpios, 1, ACPI_GPIO_QUIRK_ONLY_GPIOIO },
1142
+
{ "host-wake-gpios", &host_wake_gpios, 1, ACPI_GPIO_QUIRK_ONLY_GPIOIO },
1143
+
{ }
1128
1144
};
1129
1145
1130
1146
static int intel_probe(struct platform_device *pdev)
+1
drivers/bluetooth/hci_ldisc.c
+1
drivers/bluetooth/hci_ldisc.c
+3
-5
drivers/bluetooth/hci_qca.c
+3
-5
drivers/bluetooth/hci_qca.c
···
693
693
destroy_workqueue(qca->workqueue);
694
694
qca->hu = NULL;
695
695
696
-
qca_power_shutdown(hu);
697
-
698
696
kfree_skb(qca->rx_skb);
699
697
700
698
hu->priv = NULL;
···
2005
2007
err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
2006
2008
if (err) {
2007
2009
BT_ERR("Rome serdev registration failed");
2008
-
if (qcadev->susclk)
2009
-
clk_disable_unprepare(qcadev->susclk);
2010
+
clk_disable_unprepare(qcadev->susclk);
2010
2011
return err;
2011
2012
}
2012
2013
}
···
2029
2032
static void qca_serdev_remove(struct serdev_device *serdev)
2030
2033
{
2031
2034
struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2035
+
struct qca_power *power = qcadev->bt_power;
2032
2036
2033
-
if (qca_is_wcn399x(qcadev->btsoc_type))
2037
+
if (qca_is_wcn399x(qcadev->btsoc_type) && power->vregs_on)
2034
2038
qca_power_shutdown(&qcadev->serdev_hu);
2035
2039
else if (qcadev->susclk)
2036
2040
clk_disable_unprepare(qcadev->susclk);
+34
-2
drivers/bluetooth/hci_serdev.c
+34
-2
drivers/bluetooth/hci_serdev.c
···
113
113
/* Initialize device */
114
114
static int hci_uart_open(struct hci_dev *hdev)
115
115
{
116
+
struct hci_uart *hu = hci_get_drvdata(hdev);
117
+
int err;
118
+
116
119
BT_DBG("%s %p", hdev->name, hdev);
120
+
121
+
/* When Quirk HCI_QUIRK_NON_PERSISTENT_SETUP is set by
122
+
* driver, BT SoC is completely turned OFF during
123
+
* BT OFF. Upon next BT ON UART port should be opened.
124
+
*/
125
+
if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) {
126
+
err = serdev_device_open(hu->serdev);
127
+
if (err)
128
+
return err;
129
+
set_bit(HCI_UART_PROTO_READY, &hu->flags);
130
+
}
117
131
118
132
/* Undo clearing this from hci_uart_close() */
119
133
hdev->flush = hci_uart_flush;
···
138
124
/* Close device */
139
125
static int hci_uart_close(struct hci_dev *hdev)
140
126
{
127
+
struct hci_uart *hu = hci_get_drvdata(hdev);
128
+
141
129
BT_DBG("hdev %p", hdev);
130
+
131
+
if (!test_bit(HCI_UART_PROTO_READY, &hu->flags))
132
+
return 0;
142
133
143
134
hci_uart_flush(hdev);
144
135
hdev->flush = NULL;
136
+
137
+
/* When QUIRK HCI_QUIRK_NON_PERSISTENT_SETUP is set by driver,
138
+
* BT SOC is completely powered OFF during BT OFF, holding port
139
+
* open may drain the battery.
140
+
*/
141
+
if (test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
142
+
clear_bit(HCI_UART_PROTO_READY, &hu->flags);
143
+
serdev_device_close(hu->serdev);
144
+
}
145
145
146
146
return 0;
147
147
}
···
382
354
{
383
355
struct hci_dev *hdev = hu->hdev;
384
356
385
-
clear_bit(HCI_UART_PROTO_READY, &hu->flags);
357
+
cancel_work_sync(&hu->init_ready);
386
358
if (test_bit(HCI_UART_REGISTERED, &hu->flags))
387
359
hci_unregister_dev(hdev);
388
360
hci_free_dev(hdev);
···
390
362
cancel_work_sync(&hu->write_work);
391
363
392
364
hu->proto->close(hu);
393
-
serdev_device_close(hu->serdev);
365
+
366
+
if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) {
367
+
clear_bit(HCI_UART_PROTO_READY, &hu->flags);
368
+
serdev_device_close(hu->serdev);
369
+
}
394
370
}
395
371
EXPORT_SYMBOL_GPL(hci_uart_unregister_device);
+6
include/net/bluetooth/hci_core.h
+6
include/net/bluetooth/hci_core.h
···
484
484
enum suspended_state suspend_state;
485
485
bool scanning_paused;
486
486
bool suspended;
487
+
u8 wake_reason;
488
+
bdaddr_t wake_addr;
489
+
u8 wake_addr_type;
487
490
488
491
wait_queue_head_t suspend_wait_q;
489
492
DECLARE_BITMAP(suspend_tasks, __SUSPEND_NUM_TASKS);
···
1753
1750
void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
1754
1751
u8 addr_type, s8 rssi, u8 *name, u8 name_len);
1755
1752
void mgmt_discovering(struct hci_dev *hdev, u8 discovering);
1753
+
void mgmt_suspending(struct hci_dev *hdev, u8 state);
1754
+
void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
1755
+
u8 addr_type);
1756
1756
bool mgmt_powering_down(struct hci_dev *hdev);
1757
1757
void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent);
1758
1758
void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent);
+2
include/net/bluetooth/l2cap.h
+2
include/net/bluetooth/l2cap.h
+18
include/net/bluetooth/mgmt.h
+18
include/net/bluetooth/mgmt.h
···
572
572
#define MGMT_ADV_FLAG_SEC_1M BIT(7)
573
573
#define MGMT_ADV_FLAG_SEC_2M BIT(8)
574
574
#define MGMT_ADV_FLAG_SEC_CODED BIT(9)
575
+
#define MGMT_ADV_FLAG_CAN_SET_TX_POWER BIT(10)
576
+
#define MGMT_ADV_FLAG_HW_OFFLOAD BIT(11)
575
577
576
578
#define MGMT_ADV_FLAG_SEC_MASK (MGMT_ADV_FLAG_SEC_1M | MGMT_ADV_FLAG_SEC_2M | \
577
579
MGMT_ADV_FLAG_SEC_CODED)
···
842
840
#define MGMT_DEV_DISCONN_LOCAL_HOST 0x02
843
841
#define MGMT_DEV_DISCONN_REMOTE 0x03
844
842
#define MGMT_DEV_DISCONN_AUTH_FAILURE 0x04
843
+
#define MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND 0x05
845
844
846
845
#define MGMT_EV_DEVICE_DISCONNECTED 0x000C
847
846
struct mgmt_ev_device_disconnected {
···
1031
1028
struct mgmt_ev_adv_monitor_removed {
1032
1029
__le16 monitor_handle;
1033
1030
} __packed;
1031
+
1032
+
#define MGMT_EV_CONTROLLER_SUSPEND 0x002d
1033
+
struct mgmt_ev_controller_suspend {
1034
+
__u8 suspend_state;
1035
+
} __packed;
1036
+
1037
+
#define MGMT_EV_CONTROLLER_RESUME 0x002e
1038
+
struct mgmt_ev_controller_resume {
1039
+
__u8 wake_reason;
1040
+
struct mgmt_addr_info addr;
1041
+
} __packed;
1042
+
1043
+
#define MGMT_WAKE_REASON_NON_BT_WAKE 0x0
1044
+
#define MGMT_WAKE_REASON_UNEXPECTED 0x1
1045
+
#define MGMT_WAKE_REASON_REMOTE_WAKE 0x2
-1
net/bluetooth/Kconfig
-1
net/bluetooth/Kconfig
+21
-1
net/bluetooth/a2mp.c
+21
-1
net/bluetooth/a2mp.c
···
226
226
struct a2mp_info_req req;
227
227
228
228
found = true;
229
+
230
+
memset(&req, 0, sizeof(req));
231
+
229
232
req.id = cl->id;
230
233
a2mp_send(mgr, A2MP_GETINFO_REQ, __next_ident(mgr),
231
234
sizeof(req), &req);
···
308
305
if (!hdev || hdev->dev_type != HCI_AMP) {
309
306
struct a2mp_info_rsp rsp;
310
307
308
+
memset(&rsp, 0, sizeof(rsp));
309
+
311
310
rsp.id = req->id;
312
311
rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
313
312
···
353
348
if (!ctrl)
354
349
return -ENOMEM;
355
350
351
+
memset(&req, 0, sizeof(req));
352
+
356
353
req.id = rsp->id;
357
354
a2mp_send(mgr, A2MP_GETAMPASSOC_REQ, __next_ident(mgr), sizeof(req),
358
355
&req);
···
382
375
if (!hdev || hdev->amp_type == AMP_TYPE_BREDR || tmp) {
383
376
struct a2mp_amp_assoc_rsp rsp;
384
377
rsp.id = req->id;
378
+
379
+
memset(&rsp, 0, sizeof(rsp));
385
380
386
381
if (tmp) {
387
382
rsp.status = A2MP_STATUS_COLLISION_OCCURED;
···
473
464
struct a2mp_cmd *hdr)
474
465
{
475
466
struct a2mp_physlink_req *req = (void *) skb->data;
476
-
477
467
struct a2mp_physlink_rsp rsp;
478
468
struct hci_dev *hdev;
479
469
struct hci_conn *hcon;
···
482
474
return -EINVAL;
483
475
484
476
BT_DBG("local_id %d, remote_id %d", req->local_id, req->remote_id);
477
+
478
+
memset(&rsp, 0, sizeof(rsp));
485
479
486
480
rsp.local_id = req->remote_id;
487
481
rsp.remote_id = req->local_id;
···
562
552
return -EINVAL;
563
553
564
554
BT_DBG("local_id %d remote_id %d", req->local_id, req->remote_id);
555
+
556
+
memset(&rsp, 0, sizeof(rsp));
565
557
566
558
rsp.local_id = req->remote_id;
567
559
rsp.remote_id = req->local_id;
···
686
674
687
675
if (err) {
688
676
struct a2mp_cmd_rej rej;
677
+
678
+
memset(&rej, 0, sizeof(rej));
689
679
690
680
rej.reason = cpu_to_le16(0);
691
681
hdr = (void *) skb->data;
···
912
898
913
899
BT_DBG("%s mgr %p", hdev->name, mgr);
914
900
901
+
memset(&rsp, 0, sizeof(rsp));
902
+
915
903
rsp.id = hdev->id;
916
904
rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
917
905
···
1011
995
if (!mgr)
1012
996
return;
1013
997
998
+
memset(&rsp, 0, sizeof(rsp));
999
+
1014
1000
hs_hcon = hci_conn_hash_lookup_state(hdev, AMP_LINK, BT_CONNECT);
1015
1001
if (!hs_hcon) {
1016
1002
rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
···
1044
1026
}
1045
1027
1046
1028
mgr->bredr_chan = chan;
1029
+
1030
+
memset(&req, 0, sizeof(req));
1047
1031
1048
1032
req.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
1049
1033
req.ext_feat = 0;
+39
-2
net/bluetooth/hci_core.c
+39
-2
net/bluetooth/hci_core.c
···
2963
2963
sizeof(adv_instance->scan_rsp_data));
2964
2964
} else {
2965
2965
if (hdev->adv_instance_cnt >= hdev->le_num_of_adv_sets ||
2966
-
instance < 1 || instance > HCI_MAX_ADV_INSTANCES)
2966
+
instance < 1 || instance > hdev->le_num_of_adv_sets)
2967
2967
return -EOVERFLOW;
2968
2968
2969
2969
adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
···
3061
3061
3062
3062
idr_remove(&hdev->adv_monitors_idr, monitor->handle);
3063
3063
hci_free_adv_monitor(monitor);
3064
+
hdev->adv_monitors_cnt--;
3064
3065
3065
3066
return 0;
3066
3067
}
···
3078
3077
3079
3078
idr_remove(&hdev->adv_monitors_idr, monitor->handle);
3080
3079
hci_free_adv_monitor(monitor);
3080
+
hdev->adv_monitors_cnt--;
3081
3081
} else {
3082
3082
/* Remove all monitors if handle is 0. */
3083
3083
idr_for_each(&hdev->adv_monitors_idr, &free_adv_monitor, hdev);
···
3444
3442
}
3445
3443
}
3446
3444
3445
+
static void hci_suspend_clear_tasks(struct hci_dev *hdev)
3446
+
{
3447
+
int i;
3448
+
3449
+
for (i = 0; i < __SUSPEND_NUM_TASKS; i++)
3450
+
clear_bit(i, hdev->suspend_tasks);
3451
+
3452
+
wake_up(&hdev->suspend_wait_q);
3453
+
}
3454
+
3447
3455
static int hci_suspend_wait_event(struct hci_dev *hdev)
3448
3456
{
3449
3457
#define WAKE_COND \
···
3499
3487
return hci_suspend_wait_event(hdev);
3500
3488
}
3501
3489
3490
+
static void hci_clear_wake_reason(struct hci_dev *hdev)
3491
+
{
3492
+
hci_dev_lock(hdev);
3493
+
3494
+
hdev->wake_reason = 0;
3495
+
bacpy(&hdev->wake_addr, BDADDR_ANY);
3496
+
hdev->wake_addr_type = 0;
3497
+
3498
+
hci_dev_unlock(hdev);
3499
+
}
3500
+
3502
3501
static int hci_suspend_notifier(struct notifier_block *nb, unsigned long action,
3503
3502
void *data)
3504
3503
{
3505
3504
struct hci_dev *hdev =
3506
3505
container_of(nb, struct hci_dev, suspend_notifier);
3507
3506
int ret = 0;
3507
+
u8 state = BT_RUNNING;
3508
3508
3509
3509
/* If powering down, wait for completion. */
3510
3510
if (mgmt_powering_down(hdev)) {
···
3537
3513
* - Second, program event filter/whitelist and enable scan
3538
3514
*/
3539
3515
ret = hci_change_suspend_state(hdev, BT_SUSPEND_DISCONNECT);
3516
+
if (!ret)
3517
+
state = BT_SUSPEND_DISCONNECT;
3540
3518
3541
3519
/* Only configure whitelist if disconnect succeeded and wake
3542
3520
* isn't being prevented.
3543
3521
*/
3544
-
if (!ret && !(hdev->prevent_wake && hdev->prevent_wake(hdev)))
3522
+
if (!ret && !(hdev->prevent_wake && hdev->prevent_wake(hdev))) {
3545
3523
ret = hci_change_suspend_state(hdev,
3546
3524
BT_SUSPEND_CONFIGURE_WAKE);
3525
+
if (!ret)
3526
+
state = BT_SUSPEND_CONFIGURE_WAKE;
3527
+
}
3528
+
3529
+
hci_clear_wake_reason(hdev);
3530
+
mgmt_suspending(hdev, state);
3531
+
3547
3532
} else if (action == PM_POST_SUSPEND) {
3548
3533
ret = hci_change_suspend_state(hdev, BT_RUNNING);
3534
+
3535
+
mgmt_resuming(hdev, hdev->wake_reason, &hdev->wake_addr,
3536
+
hdev->wake_addr_type);
3549
3537
}
3550
3538
3551
3539
done:
···
3820
3784
3821
3785
cancel_work_sync(&hdev->power_on);
3822
3786
3787
+
hci_suspend_clear_tasks(hdev);
3823
3788
unregister_pm_notifier(&hdev->suspend_notifier);
3824
3789
cancel_work_sync(&hdev->suspend_prepare);
3825
3790
+83
-6
net/bluetooth/hci_event.c
+83
-6
net/bluetooth/hci_event.c
···
2569
2569
static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2570
2570
{
2571
2571
struct hci_ev_conn_complete *ev = (void *) skb->data;
2572
-
struct inquiry_entry *ie;
2573
2572
struct hci_conn *conn;
2574
2573
2575
2574
BT_DBG("%s", hdev->name);
···
2577
2578
2578
2579
conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2579
2580
if (!conn) {
2580
-
/* Connection may not exist if auto-connected. Check the inquiry
2581
-
* cache to see if we've already discovered this bdaddr before.
2582
-
* If found and link is an ACL type, create a connection class
2581
+
/* Connection may not exist if auto-connected. Check the bredr
2582
+
* allowlist to see if this device is allowed to auto connect.
2583
+
* If link is an ACL type, create a connection class
2583
2584
* automatically.
2585
+
*
2586
+
* Auto-connect will only occur if the event filter is
2587
+
* programmed with a given address. Right now, event filter is
2588
+
* only used during suspend.
2584
2589
*/
2585
-
ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2586
-
if (ie && ev->link_type == ACL_LINK) {
2590
+
if (ev->link_type == ACL_LINK &&
2591
+
hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
2592
+
&ev->bdaddr,
2593
+
BDADDR_BREDR)) {
2587
2594
conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
2588
2595
HCI_ROLE_SLAVE);
2589
2596
if (!conn) {
···
6017
6012
return true;
6018
6013
}
6019
6014
6015
+
static void hci_store_wake_reason(struct hci_dev *hdev, u8 event,
6016
+
struct sk_buff *skb)
6017
+
{
6018
+
struct hci_ev_le_advertising_info *adv;
6019
+
struct hci_ev_le_direct_adv_info *direct_adv;
6020
+
struct hci_ev_le_ext_adv_report *ext_adv;
6021
+
const struct hci_ev_conn_complete *conn_complete = (void *)skb->data;
6022
+
const struct hci_ev_conn_request *conn_request = (void *)skb->data;
6023
+
6024
+
hci_dev_lock(hdev);
6025
+
6026
+
/* If we are currently suspended and this is the first BT event seen,
6027
+
* save the wake reason associated with the event.
6028
+
*/
6029
+
if (!hdev->suspended || hdev->wake_reason)
6030
+
goto unlock;
6031
+
6032
+
/* Default to remote wake. Values for wake_reason are documented in the
6033
+
* Bluez mgmt api docs.
6034
+
*/
6035
+
hdev->wake_reason = MGMT_WAKE_REASON_REMOTE_WAKE;
6036
+
6037
+
/* Once configured for remote wakeup, we should only wake up for
6038
+
* reconnections. It's useful to see which device is waking us up so
6039
+
* keep track of the bdaddr of the connection event that woke us up.
6040
+
*/
6041
+
if (event == HCI_EV_CONN_REQUEST) {
6042
+
bacpy(&hdev->wake_addr, &conn_complete->bdaddr);
6043
+
hdev->wake_addr_type = BDADDR_BREDR;
6044
+
} else if (event == HCI_EV_CONN_COMPLETE) {
6045
+
bacpy(&hdev->wake_addr, &conn_request->bdaddr);
6046
+
hdev->wake_addr_type = BDADDR_BREDR;
6047
+
} else if (event == HCI_EV_LE_META) {
6048
+
struct hci_ev_le_meta *le_ev = (void *)skb->data;
6049
+
u8 subevent = le_ev->subevent;
6050
+
u8 *ptr = &skb->data[sizeof(*le_ev)];
6051
+
u8 num_reports = *ptr;
6052
+
6053
+
if ((subevent == HCI_EV_LE_ADVERTISING_REPORT ||
6054
+
subevent == HCI_EV_LE_DIRECT_ADV_REPORT ||
6055
+
subevent == HCI_EV_LE_EXT_ADV_REPORT) &&
6056
+
num_reports) {
6057
+
adv = (void *)(ptr + 1);
6058
+
direct_adv = (void *)(ptr + 1);
6059
+
ext_adv = (void *)(ptr + 1);
6060
+
6061
+
switch (subevent) {
6062
+
case HCI_EV_LE_ADVERTISING_REPORT:
6063
+
bacpy(&hdev->wake_addr, &adv->bdaddr);
6064
+
hdev->wake_addr_type = adv->bdaddr_type;
6065
+
break;
6066
+
case HCI_EV_LE_DIRECT_ADV_REPORT:
6067
+
bacpy(&hdev->wake_addr, &direct_adv->bdaddr);
6068
+
hdev->wake_addr_type = direct_adv->bdaddr_type;
6069
+
break;
6070
+
case HCI_EV_LE_EXT_ADV_REPORT:
6071
+
bacpy(&hdev->wake_addr, &ext_adv->bdaddr);
6072
+
hdev->wake_addr_type = ext_adv->bdaddr_type;
6073
+
break;
6074
+
}
6075
+
}
6076
+
} else {
6077
+
hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED;
6078
+
}
6079
+
6080
+
unlock:
6081
+
hci_dev_unlock(hdev);
6082
+
}
6083
+
6020
6084
void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
6021
6085
{
6022
6086
struct hci_event_hdr *hdr = (void *) skb->data;
···
6118
6044
orig_skb = skb_clone(skb, GFP_KERNEL);
6119
6045
6120
6046
skb_pull(skb, HCI_EVENT_HDR_SIZE);
6047
+
6048
+
/* Store wake reason if we're suspended */
6049
+
hci_store_wake_reason(hdev, event, skb);
6121
6050
6122
6051
switch (event) {
6123
6052
case HCI_EV_INQUIRY_COMPLETE:
+72
-13
net/bluetooth/hci_request.c
+72
-13
net/bluetooth/hci_request.c
···
1027
1027
} else if (hci_is_le_conn_scanning(hdev)) {
1028
1028
window = hdev->le_scan_window_connect;
1029
1029
interval = hdev->le_scan_int_connect;
1030
+
} else if (hci_is_adv_monitoring(hdev)) {
1031
+
window = hdev->le_scan_window_adv_monitor;
1032
+
interval = hdev->le_scan_int_adv_monitor;
1030
1033
} else {
1031
1034
window = hdev->le_scan_window;
1032
1035
interval = hdev->le_scan_interval;
···
1114
1111
set_bit(SUSPEND_SCAN_ENABLE, req->hdev->suspend_tasks);
1115
1112
}
1116
1113
1114
+
static void cancel_adv_timeout(struct hci_dev *hdev)
1115
+
{
1116
+
if (hdev->adv_instance_timeout) {
1117
+
hdev->adv_instance_timeout = 0;
1118
+
cancel_delayed_work(&hdev->adv_instance_expire);
1119
+
}
1120
+
}
1121
+
1122
+
/* This function requires the caller holds hdev->lock */
1123
+
static void hci_suspend_adv_instances(struct hci_request *req)
1124
+
{
1125
+
bt_dev_dbg(req->hdev, "Suspending advertising instances");
1126
+
1127
+
/* Call to disable any advertisements active on the controller.
1128
+
* This will succeed even if no advertisements are configured.
1129
+
*/
1130
+
__hci_req_disable_advertising(req);
1131
+
1132
+
/* If we are using software rotation, pause the loop */
1133
+
if (!ext_adv_capable(req->hdev))
1134
+
cancel_adv_timeout(req->hdev);
1135
+
}
1136
+
1137
+
/* This function requires the caller holds hdev->lock */
1138
+
static void hci_resume_adv_instances(struct hci_request *req)
1139
+
{
1140
+
struct adv_info *adv;
1141
+
1142
+
bt_dev_dbg(req->hdev, "Resuming advertising instances");
1143
+
1144
+
if (ext_adv_capable(req->hdev)) {
1145
+
/* Call for each tracked instance to be re-enabled */
1146
+
list_for_each_entry(adv, &req->hdev->adv_instances, list) {
1147
+
__hci_req_enable_ext_advertising(req,
1148
+
adv->instance);
1149
+
}
1150
+
1151
+
} else {
1152
+
/* Schedule for most recent instance to be restarted and begin
1153
+
* the software rotation loop
1154
+
*/
1155
+
__hci_req_schedule_adv_instance(req,
1156
+
req->hdev->cur_adv_instance,
1157
+
true);
1158
+
}
1159
+
}
1160
+
1117
1161
static void suspend_req_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1118
1162
{
1119
1163
bt_dev_dbg(hdev, "Request complete opcode=0x%x, status=0x%x", opcode,
···
1203
1153
hdev->discovery_paused = true;
1204
1154
hdev->discovery_old_state = old_state;
1205
1155
1206
-
/* Stop advertising */
1156
+
/* Stop directed advertising */
1207
1157
old_state = hci_dev_test_flag(hdev, HCI_ADVERTISING);
1208
1158
if (old_state) {
1209
1159
set_bit(SUSPEND_PAUSE_ADVERTISING, hdev->suspend_tasks);
···
1211
1161
queue_delayed_work(hdev->req_workqueue,
1212
1162
&hdev->discov_off, 0);
1213
1163
}
1164
+
1165
+
/* Pause other advertisements */
1166
+
if (hdev->adv_instance_cnt)
1167
+
hci_suspend_adv_instances(&req);
1214
1168
1215
1169
hdev->advertising_paused = true;
1216
1170
hdev->advertising_old_state = old_state;
···
1266
1212
/* Reset passive/background scanning to normal */
1267
1213
hci_req_config_le_suspend_scan(&req);
1268
1214
1269
-
/* Unpause advertising */
1215
+
/* Unpause directed advertising */
1270
1216
hdev->advertising_paused = false;
1271
1217
if (hdev->advertising_old_state) {
1272
1218
set_bit(SUSPEND_UNPAUSE_ADVERTISING,
···
1276
1222
&hdev->discoverable_update);
1277
1223
hdev->advertising_old_state = 0;
1278
1224
}
1225
+
1226
+
/* Resume other advertisements */
1227
+
if (hdev->adv_instance_cnt)
1228
+
hci_resume_adv_instances(&req);
1279
1229
1280
1230
/* Unpause discovery */
1281
1231
hdev->discovery_paused = false;
···
1591
1533
1592
1534
memset(&cp, 0, sizeof(cp));
1593
1535
1594
-
if (instance)
1536
+
/* Extended scan response data doesn't allow a response to be
1537
+
* set if the instance isn't scannable.
1538
+
*/
1539
+
if (get_adv_instance_scan_rsp_len(hdev, instance))
1595
1540
len = create_instance_scan_rsp_data(hdev, instance,
1596
1541
cp.data);
1597
1542
else
1598
-
len = create_default_scan_rsp_data(hdev, cp.data);
1543
+
len = 0;
1599
1544
1600
1545
if (hdev->scan_rsp_data_len == len &&
1601
1546
!memcmp(cp.data, hdev->scan_rsp_data, len))
···
1885
1824
if (use_rpa) {
1886
1825
int to;
1887
1826
1888
-
*own_addr_type = ADDR_LE_DEV_RANDOM;
1827
+
/* If Controller supports LL Privacy use own address type is
1828
+
* 0x03
1829
+
*/
1830
+
if (use_ll_privacy(hdev))
1831
+
*own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED;
1832
+
else
1833
+
*own_addr_type = ADDR_LE_DEV_RANDOM;
1889
1834
1890
1835
if (adv_instance) {
1891
1836
if (!adv_instance->rpa_expired &&
···
2248
2181
}
2249
2182
2250
2183
return 0;
2251
-
}
2252
-
2253
-
static void cancel_adv_timeout(struct hci_dev *hdev)
2254
-
{
2255
-
if (hdev->adv_instance_timeout) {
2256
-
hdev->adv_instance_timeout = 0;
2257
-
cancel_delayed_work(&hdev->adv_instance_expire);
2258
-
}
2259
2184
}
2260
2185
2261
2186
/* For a single instance:
+4
-3
net/bluetooth/l2cap_core.c
+4
-3
net/bluetooth/l2cap_core.c
···
7301
7301
goto drop;
7302
7302
}
7303
7303
7304
-
if ((chan->mode == L2CAP_MODE_ERTM ||
7305
-
chan->mode == L2CAP_MODE_STREAMING) && sk_filter(chan->data, skb))
7306
-
goto drop;
7304
+
if (chan->ops->filter) {
7305
+
if (chan->ops->filter(chan, skb))
7306
+
goto drop;
7307
+
}
7307
7308
7308
7309
if (!control->sframe) {
7309
7310
int err;
+18
-3
net/bluetooth/l2cap_sock.c
+18
-3
net/bluetooth/l2cap_sock.c
···
1521
1521
1522
1522
parent = bt_sk(sk)->parent;
1523
1523
1524
-
sock_set_flag(sk, SOCK_ZAPPED);
1525
-
1526
1524
switch (chan->state) {
1527
1525
case BT_OPEN:
1528
1526
case BT_BOUND:
···
1547
1549
1548
1550
break;
1549
1551
}
1550
-
1551
1552
release_sock(sk);
1553
+
1554
+
/* Only zap after cleanup to avoid use after free race */
1555
+
sock_set_flag(sk, SOCK_ZAPPED);
1556
+
1552
1557
}
1553
1558
1554
1559
static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,
···
1664
1663
sk->sk_state_change(sk);
1665
1664
}
1666
1665
1666
+
static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
1667
+
{
1668
+
struct sock *sk = chan->data;
1669
+
1670
+
switch (chan->mode) {
1671
+
case L2CAP_MODE_ERTM:
1672
+
case L2CAP_MODE_STREAMING:
1673
+
return sk_filter(sk, skb);
1674
+
}
1675
+
1676
+
return 0;
1677
+
}
1678
+
1667
1679
static const struct l2cap_ops l2cap_chan_ops = {
1668
1680
.name = "L2CAP Socket Interface",
1669
1681
.new_connection = l2cap_sock_new_connection_cb,
···
1692
1678
.get_sndtimeo = l2cap_sock_get_sndtimeo_cb,
1693
1679
.get_peer_pid = l2cap_sock_get_peer_pid_cb,
1694
1680
.alloc_skb = l2cap_sock_alloc_skb_cb,
1681
+
.filter = l2cap_sock_filter,
1695
1682
};
1696
1683
1697
1684
static void l2cap_sock_destruct(struct sock *sk)
+49
-8
net/bluetooth/mgmt.c
+49
-8
net/bluetooth/mgmt.c
···
163
163
MGMT_EV_PHY_CONFIGURATION_CHANGED,
164
164
MGMT_EV_EXP_FEATURE_CHANGED,
165
165
MGMT_EV_DEVICE_FLAGS_CHANGED,
166
+
MGMT_EV_CONTROLLER_SUSPEND,
167
+
MGMT_EV_CONTROLLER_RESUME,
166
168
};
167
169
168
170
static const u16 mgmt_untrusted_commands[] = {
···
784
782
785
783
if (lmp_ssp_capable(hdev)) {
786
784
settings |= MGMT_SETTING_SSP;
787
-
settings |= MGMT_SETTING_HS;
785
+
if (IS_ENABLED(CONFIG_BT_HS))
786
+
settings |= MGMT_SETTING_HS;
788
787
}
789
788
790
789
if (lmp_sc_capable(hdev))
···
1817
1814
int err;
1818
1815
1819
1816
bt_dev_dbg(hdev, "sock %p", sk);
1817
+
1818
+
if (!IS_ENABLED(CONFIG_BT_HS))
1819
+
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1820
+
MGMT_STATUS_NOT_SUPPORTED);
1820
1821
1821
1822
status = mgmt_bredr_support(hdev);
1822
1823
if (status)
···
4164
4157
{
4165
4158
struct adv_monitor *monitor = NULL;
4166
4159
struct mgmt_rp_read_adv_monitor_features *rp = NULL;
4167
-
int handle;
4160
+
int handle, err;
4168
4161
size_t rp_size = 0;
4169
4162
__u32 supported = 0;
4170
4163
__u16 num_handles = 0;
···
4199
4192
if (num_handles)
4200
4193
memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4201
4194
4202
-
return mgmt_cmd_complete(sk, hdev->id,
4203
-
MGMT_OP_READ_ADV_MONITOR_FEATURES,
4204
-
MGMT_STATUS_SUCCESS, rp, rp_size);
4195
+
err = mgmt_cmd_complete(sk, hdev->id,
4196
+
MGMT_OP_READ_ADV_MONITOR_FEATURES,
4197
+
MGMT_STATUS_SUCCESS, rp, rp_size);
4198
+
4199
+
kfree(rp);
4200
+
4201
+
return err;
4205
4202
}
4206
4203
4207
4204
static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
···
7213
7202
7214
7203
if (ext_adv_capable(hdev)) {
7215
7204
flags |= MGMT_ADV_FLAG_SEC_1M;
7205
+
flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
7206
+
flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
7216
7207
7217
7208
if (hdev->le_features[1] & HCI_LE_PHY_2M)
7218
7209
flags |= MGMT_ADV_FLAG_SEC_2M;
···
7263
7250
rp->supported_flags = cpu_to_le32(supported_flags);
7264
7251
rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7265
7252
rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
7266
-
rp->max_instances = HCI_MAX_ADV_INSTANCES;
7253
+
rp->max_instances = hdev->le_num_of_adv_sets;
7267
7254
rp->num_instances = hdev->adv_instance_cnt;
7268
7255
7269
7256
instance = rp->instance;
···
7459
7446
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
7460
7447
MGMT_STATUS_NOT_SUPPORTED);
7461
7448
7462
-
if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
7449
+
if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
7463
7450
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7464
7451
MGMT_STATUS_INVALID_PARAMS);
7465
7452
···
7712
7699
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7713
7700
MGMT_STATUS_REJECTED);
7714
7701
7715
-
if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
7702
+
if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
7716
7703
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7717
7704
MGMT_STATUS_INVALID_PARAMS);
7718
7705
···
8274
8261
bacpy(&ev.addr.bdaddr, bdaddr);
8275
8262
ev.addr.type = link_to_bdaddr(link_type, addr_type);
8276
8263
ev.reason = reason;
8264
+
8265
+
/* Report disconnects due to suspend */
8266
+
if (hdev->suspended)
8267
+
ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
8277
8268
8278
8269
mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8279
8270
···
8883
8866
ev.discovering = discovering;
8884
8867
8885
8868
mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8869
+
}
8870
+
8871
+
void mgmt_suspending(struct hci_dev *hdev, u8 state)
8872
+
{
8873
+
struct mgmt_ev_controller_suspend ev;
8874
+
8875
+
ev.suspend_state = state;
8876
+
mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
8877
+
}
8878
+
8879
+
void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
8880
+
u8 addr_type)
8881
+
{
8882
+
struct mgmt_ev_controller_resume ev;
8883
+
8884
+
ev.wake_reason = reason;
8885
+
if (bdaddr) {
8886
+
bacpy(&ev.addr.bdaddr, bdaddr);
8887
+
ev.addr.type = addr_type;
8888
+
} else {
8889
+
memset(&ev.addr, 0, sizeof(ev.addr));
8890
+
}
8891
+
8892
+
mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
8886
8893
}
8887
8894
8888
8895
static struct hci_mgmt_chan chan = {