Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next

+1 -1

Documentation/devicetree/bindings/net/realtek-bluetooth.yaml

··· 44 44 uart1 { 45 45 pinctrl-names = "default"; 46 46 pinctrl-0 = <&uart1_pins>, <&uart1_rts_cts_pins>; 47 - uart-has-rtscts = <1>; 47 + uart-has-rtscts; 48 48 49 49 bluetooth { 50 50 compatible = "realtek,rtl8723bs-bt";

+1 -1

drivers/bluetooth/bcm203x.c

··· 106 106 } 107 107 108 108 data->state = BCM203X_LOAD_FIRMWARE; 109 - /* fall through */ 109 + fallthrough; 110 110 case BCM203X_LOAD_FIRMWARE: 111 111 if (data->fw_sent == data->fw_size) { 112 112 usb_fill_int_urb(urb, udev, usb_rcvintpipe(udev, BCM203X_IN_EP),

-2

drivers/bluetooth/bluecard_cs.c

··· 295 295 baud_reg = REG_CONTROL_BAUD_RATE_115200; 296 296 break; 297 297 case PKT_BAUD_RATE_57600: 298 - /* Fall through... */ 299 298 default: 300 299 baud_reg = REG_CONTROL_BAUD_RATE_57600; 301 300 break; ··· 584 585 hci_skb_pkt_type(skb) = PKT_BAUD_RATE_115200; 585 586 break; 586 587 case 57600: 587 - /* Fall through... */ 588 588 default: 589 589 cmd[4] = 0x03; 590 590 hci_skb_pkt_type(skb) = PKT_BAUD_RATE_57600;

+59

drivers/bluetooth/btintel.c

··· 754 754 } 755 755 EXPORT_SYMBOL_GPL(btintel_reset_to_bootloader); 756 756 757 + int btintel_read_debug_features(struct hci_dev *hdev, 758 + struct intel_debug_features *features) 759 + { 760 + struct sk_buff *skb; 761 + u8 page_no = 1; 762 + 763 + /* Intel controller supports two pages, each page is of 128-bit 764 + * feature bit mask. And each bit defines specific feature support 765 + */ 766 + skb = __hci_cmd_sync(hdev, 0xfca6, sizeof(page_no), &page_no, 767 + HCI_INIT_TIMEOUT); 768 + if (IS_ERR(skb)) { 769 + bt_dev_err(hdev, "Reading supported features failed (%ld)", 770 + PTR_ERR(skb)); 771 + return PTR_ERR(skb); 772 + } 773 + 774 + if (skb->len != (sizeof(features->page1) + 3)) { 775 + bt_dev_err(hdev, "Supported features event size mismatch"); 776 + kfree_skb(skb); 777 + return -EILSEQ; 778 + } 779 + 780 + memcpy(features->page1, skb->data + 3, sizeof(features->page1)); 781 + 782 + /* Read the supported features page2 if required in future. 783 + */ 784 + kfree_skb(skb); 785 + return 0; 786 + } 787 + EXPORT_SYMBOL_GPL(btintel_read_debug_features); 788 + 789 + int btintel_set_debug_features(struct hci_dev *hdev, 790 + const struct intel_debug_features *features) 791 + { 792 + u8 mask[11] = { 0x0a, 0x92, 0x02, 0x07, 0x00, 0x00, 0x00, 0x00, 793 + 0x00, 0x00, 0x00 }; 794 + struct sk_buff *skb; 795 + 796 + if (!features) 797 + return -EINVAL; 798 + 799 + if (!(features->page1[0] & 0x3f)) { 800 + bt_dev_info(hdev, "Telemetry exception format not supported"); 801 + return 0; 802 + } 803 + 804 + skb = __hci_cmd_sync(hdev, 0xfc8b, 11, mask, HCI_INIT_TIMEOUT); 805 + if (IS_ERR(skb)) { 806 + bt_dev_err(hdev, "Setting Intel telemetry ddc write event mask failed (%ld)", 807 + PTR_ERR(skb)); 808 + return PTR_ERR(skb); 809 + } 810 + 811 + kfree_skb(skb); 812 + return 0; 813 + } 814 + EXPORT_SYMBOL_GPL(btintel_set_debug_features); 815 + 757 816 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 758 817 MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); 759 818 MODULE_VERSION(VERSION);

+21

drivers/bluetooth/btintel.h

··· 62 62 __le32 boot_param; 63 63 } __packed; 64 64 65 + struct intel_debug_features { 66 + __u8 page1[16]; 67 + } __packed; 68 + 65 69 #if IS_ENABLED(CONFIG_BT_INTEL) 66 70 67 71 int btintel_check_bdaddr(struct hci_dev *hdev); ··· 92 88 int btintel_download_firmware(struct hci_dev *dev, const struct firmware *fw, 93 89 u32 *boot_param); 94 90 void btintel_reset_to_bootloader(struct hci_dev *hdev); 91 + int btintel_read_debug_features(struct hci_dev *hdev, 92 + struct intel_debug_features *features); 93 + int btintel_set_debug_features(struct hci_dev *hdev, 94 + const struct intel_debug_features *features); 95 95 #else 96 96 97 97 static inline int btintel_check_bdaddr(struct hci_dev *hdev) ··· 194 186 static inline void btintel_reset_to_bootloader(struct hci_dev *hdev) 195 187 { 196 188 } 189 + 190 + static inline int btintel_read_debug_features(struct hci_dev *hdev, 191 + struct intel_debug_features *features) 192 + { 193 + return -EOPNOTSUPP; 194 + } 195 + 196 + static inline int btintel_set_debug_features(struct hci_dev *hdev, 197 + const struct intel_debug_features *features) 198 + { 199 + return -EOPNOTSUPP; 200 + } 201 + 197 202 #endif

+11

drivers/bluetooth/btmrvl_main.c

··· 587 587 return 0; 588 588 } 589 589 590 + static bool btmrvl_prevent_wake(struct hci_dev *hdev) 591 + { 592 + struct btmrvl_private *priv = hci_get_drvdata(hdev); 593 + struct btmrvl_sdio_card *card = priv->btmrvl_dev.card; 594 + 595 + return !device_may_wakeup(&card->func->dev); 596 + } 597 + 590 598 /* 591 599 * This function handles the event generated by firmware, rx data 592 600 * received from firmware, and tx data sent from kernel. ··· 677 669 int btmrvl_register_hdev(struct btmrvl_private *priv) 678 670 { 679 671 struct hci_dev *hdev = NULL; 672 + struct btmrvl_sdio_card *card = priv->btmrvl_dev.card; 680 673 int ret; 681 674 682 675 hdev = hci_alloc_dev(); ··· 696 687 hdev->send = btmrvl_send_frame; 697 688 hdev->setup = btmrvl_setup; 698 689 hdev->set_bdaddr = btmrvl_set_bdaddr; 690 + hdev->prevent_wake = btmrvl_prevent_wake; 691 + SET_HCIDEV_DEV(hdev, &card->func->dev); 699 692 700 693 hdev->dev_type = priv->btmrvl_dev.dev_type; 701 694

+14 -7

drivers/bluetooth/btmrvl_sdio.c

··· 111 111 "Failed to request irq_bt %d (%d)\n", 112 112 cfg->irq_bt, ret); 113 113 } 114 + 115 + /* Configure wakeup (enabled by default) */ 116 + device_init_wakeup(dev, true); 114 117 disable_irq(cfg->irq_bt); 115 118 } 116 119 } ··· 331 328 332 329 static const struct btmrvl_sdio_device btmrvl_sdio_sd8977 = { 333 330 .helper = NULL, 334 - .firmware = "mrvl/sd8977_uapsta.bin", 331 + .firmware = "mrvl/sdsd8977_combo_v2.bin", 335 332 .reg = &btmrvl_reg_8977, 336 333 .support_pscan_win_report = true, 337 334 .sd_blksz_fw_dl = 256, ··· 349 346 350 347 static const struct btmrvl_sdio_device btmrvl_sdio_sd8997 = { 351 348 .helper = NULL, 352 - .firmware = "mrvl/sd8997_uapsta.bin", 349 + .firmware = "mrvl/sdsd8997_combo_v4.bin", 353 350 .reg = &btmrvl_reg_8997, 354 351 .support_pscan_win_report = true, 355 352 .sd_blksz_fw_dl = 256, ··· 1657 1654 MODULE_SHUTDOWN_REQ); 1658 1655 btmrvl_sdio_disable_host_int(card); 1659 1656 } 1657 + 1660 1658 BT_DBG("unregister dev"); 1661 1659 card->priv->surprise_removed = true; 1662 1660 btmrvl_sdio_unregister_dev(card); ··· 1694 1690 } 1695 1691 1696 1692 /* Enable platform specific wakeup interrupt */ 1697 - if (card->plt_wake_cfg && card->plt_wake_cfg->irq_bt >= 0) { 1693 + if (card->plt_wake_cfg && card->plt_wake_cfg->irq_bt >= 0 && 1694 + device_may_wakeup(dev)) { 1698 1695 card->plt_wake_cfg->wake_by_bt = false; 1699 1696 enable_irq(card->plt_wake_cfg->irq_bt); 1700 1697 enable_irq_wake(card->plt_wake_cfg->irq_bt); ··· 1712 1707 BT_ERR("HS not activated, suspend failed!"); 1713 1708 /* Disable platform specific wakeup interrupt */ 1714 1709 if (card->plt_wake_cfg && 1715 - card->plt_wake_cfg->irq_bt >= 0) { 1710 + card->plt_wake_cfg->irq_bt >= 0 && 1711 + device_may_wakeup(dev)) { 1716 1712 disable_irq_wake(card->plt_wake_cfg->irq_bt); 1717 1713 disable_irq(card->plt_wake_cfg->irq_bt); 1718 1714 } ··· 1773 1767 hci_resume_dev(hcidev); 1774 1768 1775 1769 /* Disable platform specific wakeup interrupt */ 1776 - if (card->plt_wake_cfg && card->plt_wake_cfg->irq_bt >= 0) { 1770 + if (card->plt_wake_cfg && card->plt_wake_cfg->irq_bt >= 0 && 1771 + device_may_wakeup(dev)) { 1777 1772 disable_irq_wake(card->plt_wake_cfg->irq_bt); 1778 1773 disable_irq(card->plt_wake_cfg->irq_bt); 1779 1774 if (card->plt_wake_cfg->wake_by_bt) ··· 1838 1831 MODULE_FIRMWARE("mrvl/sd8797_uapsta.bin"); 1839 1832 MODULE_FIRMWARE("mrvl/sd8887_uapsta.bin"); 1840 1833 MODULE_FIRMWARE("mrvl/sd8897_uapsta.bin"); 1841 - MODULE_FIRMWARE("mrvl/sd8977_uapsta.bin"); 1834 + MODULE_FIRMWARE("mrvl/sdsd8977_combo_v2.bin"); 1842 1835 MODULE_FIRMWARE("mrvl/sd8987_uapsta.bin"); 1843 - MODULE_FIRMWARE("mrvl/sd8997_uapsta.bin"); 1836 + MODULE_FIRMWARE("mrvl/sdsd8997_combo_v4.bin");

+15 -1

drivers/bluetooth/btmtksdio.c

··· 685 685 const u8 *fw_ptr; 686 686 size_t fw_size; 687 687 int err, dlen; 688 - u8 flag; 688 + u8 flag, param; 689 689 690 690 err = request_firmware(&fw, fwname, &hdev->dev); 691 691 if (err < 0) { 692 692 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 693 + return err; 694 + } 695 + 696 + /* Power on data RAM the firmware relies on. */ 697 + param = 1; 698 + wmt_params.op = MTK_WMT_FUNC_CTRL; 699 + wmt_params.flag = 3; 700 + wmt_params.dlen = sizeof(param); 701 + wmt_params.data = &param; 702 + wmt_params.status = NULL; 703 + 704 + err = mtk_hci_wmt_sync(hdev, &wmt_params); 705 + if (err < 0) { 706 + bt_dev_err(hdev, "Failed to power on data RAM (%d)", err); 693 707 return err; 694 708 } 695 709

+27

drivers/bluetooth/btqca.c

··· 400 400 return ret; 401 401 } 402 402 403 + static int qca_disable_soc_logging(struct hci_dev *hdev) 404 + { 405 + struct sk_buff *skb; 406 + u8 cmd[2]; 407 + int err; 408 + 409 + cmd[0] = QCA_DISABLE_LOGGING_SUB_OP; 410 + cmd[1] = 0x00; 411 + skb = __hci_cmd_sync_ev(hdev, QCA_DISABLE_LOGGING, sizeof(cmd), cmd, 412 + HCI_EV_CMD_COMPLETE, HCI_INIT_TIMEOUT); 413 + if (IS_ERR(skb)) { 414 + err = PTR_ERR(skb); 415 + bt_dev_err(hdev, "QCA Failed to disable soc logging(%d)", err); 416 + return err; 417 + } 418 + 419 + kfree_skb(skb); 420 + 421 + return 0; 422 + } 423 + 403 424 int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) 404 425 { 405 426 struct sk_buff *skb; ··· 505 484 if (err < 0) { 506 485 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err); 507 486 return err; 487 + } 488 + 489 + if (soc_type >= QCA_WCN3991) { 490 + err = qca_disable_soc_logging(hdev); 491 + if (err < 0) 492 + return err; 508 493 } 509 494 510 495 /* Perform HCI reset */

+2

drivers/bluetooth/btqca.h

··· 14 14 #define EDL_NVM_ACCESS_SET_REQ_CMD (0x01) 15 15 #define MAX_SIZE_PER_TLV_SEGMENT (243) 16 16 #define QCA_PRE_SHUTDOWN_CMD (0xFC08) 17 + #define QCA_DISABLE_LOGGING (0xFC17) 17 18 18 19 #define EDL_CMD_REQ_RES_EVT (0x00) 19 20 #define EDL_PATCH_VER_RES_EVT (0x19) ··· 23 22 #define EDL_CMD_EXE_STATUS_EVT (0x00) 24 23 #define EDL_SET_BAUDRATE_RSP_EVT (0x92) 25 24 #define EDL_NVM_ACCESS_CODE_EVT (0x0B) 25 + #define QCA_DISABLE_LOGGING_SUB_OP (0x14) 26 26 27 27 #define EDL_TAG_ID_HCI (17) 28 28 #define EDL_TAG_ID_DEEP_SLEEP (27)

+212 -93

drivers/bluetooth/btusb.c

··· 359 359 { USB_VENDOR_AND_INTERFACE_INFO(0x8087, 0xe0, 0x01, 0x01), 360 360 .driver_info = BTUSB_IGNORE }, 361 361 362 + /* Realtek 8822CE Bluetooth devices */ 363 + { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK | 364 + BTUSB_WIDEBAND_SPEECH }, 365 + 362 366 /* Realtek Bluetooth devices */ 363 367 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), 364 368 .driver_info = BTUSB_REALTEK }, ··· 457 453 #define BTUSB_HW_RESET_ACTIVE 12 458 454 #define BTUSB_TX_WAIT_VND_EVT 13 459 455 #define BTUSB_WAKEUP_DISABLE 14 456 + #define BTUSB_USE_ALT1_FOR_WBS 15 460 457 461 458 struct btusb_data { 462 459 struct hci_dev *hdev; ··· 515 510 int oob_wake_irq; /* irq for out-of-band wake-on-bt */ 516 511 unsigned cmd_timeout_cnt; 517 512 }; 518 - 519 513 520 514 static void btusb_intel_cmd_timeout(struct hci_dev *hdev) 521 515 { ··· 575 571 gpiod_set_value_cansleep(reset_gpio, 1); 576 572 msleep(200); 577 573 gpiod_set_value_cansleep(reset_gpio, 0); 574 + } 575 + 576 + static void btusb_qca_cmd_timeout(struct hci_dev *hdev) 577 + { 578 + struct btusb_data *data = hci_get_drvdata(hdev); 579 + int err; 580 + 581 + if (++data->cmd_timeout_cnt < 5) 582 + return; 583 + 584 + bt_dev_err(hdev, "Multiple cmd timeouts seen. Resetting usb device."); 585 + /* This is not an unbalanced PM reference since the device will reset */ 586 + err = usb_autopm_get_interface(data->intf); 587 + if (!err) 588 + usb_queue_reset_device(data->intf); 589 + else 590 + bt_dev_err(hdev, "Failed usb_autopm_get_interface with %d", err); 578 591 } 579 592 580 593 static inline void btusb_free_frags(struct btusb_data *data) ··· 1687 1666 new_alts = data->sco_num; 1688 1667 } 1689 1668 } else if (data->air_mode == HCI_NOTIFY_ENABLE_SCO_TRANSP) { 1690 - 1691 - data->usb_alt6_packet_flow = true; 1692 - 1693 1669 /* Check if Alt 6 is supported for Transparent audio */ 1694 - if (btusb_find_altsetting(data, 6)) 1670 + if (btusb_find_altsetting(data, 6)) { 1671 + data->usb_alt6_packet_flow = true; 1695 1672 new_alts = 6; 1696 - else 1673 + } else if (test_bit(BTUSB_USE_ALT1_FOR_WBS, &data->flags)) { 1674 + new_alts = 1; 1675 + } else { 1697 1676 bt_dev_err(hdev, "Device does not support ALT setting 6"); 1677 + } 1698 1678 } 1699 1679 1700 1680 if (btusb_switch_alt_setting(hdev, new_alts) < 0) ··· 1742 1720 { 1743 1721 struct hci_rp_read_local_version *rp; 1744 1722 struct sk_buff *skb; 1723 + bool is_fake = false; 1745 1724 1746 1725 BT_DBG("%s", hdev->name); 1747 1726 ··· 1762 1739 1763 1740 rp = (struct hci_rp_read_local_version *)skb->data; 1764 1741 1765 - /* Detect controllers which aren't real CSR ones. */ 1742 + /* Detect a wide host of Chinese controllers that aren't CSR. 1743 + * 1744 + * Known fake bcdDevices: 0x0100, 0x0134, 0x1915, 0x2520, 0x7558, 0x8891 1745 + * 1746 + * The main thing they have in common is that these are really popular low-cost 1747 + * options that support newer Bluetooth versions but rely on heavy VID/PID 1748 + * squatting of this poor old Bluetooth 1.1 device. Even sold as such. 1749 + * 1750 + * We detect actual CSR devices by checking that the HCI manufacturer code 1751 + * is Cambridge Silicon Radio (10) and ensuring that LMP sub-version and 1752 + * HCI rev values always match. As they both store the firmware number. 1753 + */ 1766 1754 if (le16_to_cpu(rp->manufacturer) != 10 || 1767 - le16_to_cpu(rp->lmp_subver) == 0x0c5c) { 1755 + le16_to_cpu(rp->hci_rev) != le16_to_cpu(rp->lmp_subver)) 1756 + is_fake = true; 1757 + 1758 + /* Known legit CSR firmware build numbers and their supported BT versions: 1759 + * - 1.1 (0x1) -> 0x0073, 0x020d, 0x033c, 0x034e 1760 + * - 1.2 (0x2) -> 0x04d9, 0x0529 1761 + * - 2.0 (0x3) -> 0x07a6, 0x07ad, 0x0c5c 1762 + * - 2.1 (0x4) -> 0x149c, 0x1735, 0x1899 (0x1899 is a BlueCore4-External) 1763 + * - 4.0 (0x6) -> 0x1d86, 0x2031, 0x22bb 1764 + * 1765 + * e.g. Real CSR dongles with LMP subversion 0x73 are old enough that 1766 + * support BT 1.1 only; so it's a dead giveaway when some 1767 + * third-party BT 4.0 dongle reuses it. 1768 + */ 1769 + else if (le16_to_cpu(rp->lmp_subver) <= 0x034e && 1770 + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_1) 1771 + is_fake = true; 1772 + 1773 + else if (le16_to_cpu(rp->lmp_subver) <= 0x0529 && 1774 + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_1_2) 1775 + is_fake = true; 1776 + 1777 + else if (le16_to_cpu(rp->lmp_subver) <= 0x0c5c && 1778 + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_0) 1779 + is_fake = true; 1780 + 1781 + else if (le16_to_cpu(rp->lmp_subver) <= 0x1899 && 1782 + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_2_1) 1783 + is_fake = true; 1784 + 1785 + else if (le16_to_cpu(rp->lmp_subver) <= 0x22bb && 1786 + le16_to_cpu(rp->hci_ver) > BLUETOOTH_VER_4_0) 1787 + is_fake = true; 1788 + 1789 + if (is_fake) { 1790 + bt_dev_warn(hdev, "CSR: Unbranded CSR clone detected; adding workarounds..."); 1791 + 1792 + /* Generally these clones have big discrepancies between 1793 + * advertised features and what's actually supported. 1794 + * Probably will need to be expanded in the future; 1795 + * without these the controller will lock up. 1796 + */ 1797 + set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 1798 + set_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks); 1799 + 1768 1800 /* Clear the reset quirk since this is not an actual 1769 1801 * early Bluetooth 1.1 device from CSR. 1770 1802 */ 1771 1803 clear_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 1772 - 1773 - /* These fake CSR controllers have all a broken 1774 - * stored link key handling and so just disable it. 1775 - */ 1776 - set_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks); 1804 + clear_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 1777 1805 } 1778 1806 1779 1807 kfree_skb(skb); ··· 2336 2262 return true; 2337 2263 } 2338 2264 2339 - static int btusb_setup_intel_new(struct hci_dev *hdev) 2265 + static int btusb_intel_download_firmware(struct hci_dev *hdev, 2266 + struct intel_version *ver, 2267 + struct intel_boot_params *params) 2340 2268 { 2341 - struct btusb_data *data = hci_get_drvdata(hdev); 2342 - struct intel_version ver; 2343 - struct intel_boot_params params; 2344 2269 const struct firmware *fw; 2345 2270 u32 boot_param; 2346 2271 char fwname[64]; 2347 - ktime_t calltime, delta, rettime; 2348 - unsigned long long duration; 2349 2272 int err; 2273 + struct btusb_data *data = hci_get_drvdata(hdev); 2350 2274 2351 - BT_DBG("%s", hdev->name); 2352 - 2353 - /* Set the default boot parameter to 0x0 and it is updated to 2354 - * SKU specific boot parameter after reading Intel_Write_Boot_Params 2355 - * command while downloading the firmware. 2356 - */ 2357 - boot_param = 0x00000000; 2358 - 2359 - calltime = ktime_get(); 2360 - 2361 - /* Read the Intel version information to determine if the device 2362 - * is in bootloader mode or if it already has operational firmware 2363 - * loaded. 2364 - */ 2365 - err = btintel_read_version(hdev, &ver); 2366 - if (err) { 2367 - bt_dev_err(hdev, "Intel Read version failed (%d)", err); 2368 - btintel_reset_to_bootloader(hdev); 2369 - return err; 2370 - } 2275 + if (!ver || !params) 2276 + return -EINVAL; 2371 2277 2372 2278 /* The hardware platform number has a fixed value of 0x37 and 2373 2279 * for now only accept this single value. 2374 2280 */ 2375 - if (ver.hw_platform != 0x37) { 2281 + if (ver->hw_platform != 0x37) { 2376 2282 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)", 2377 - ver.hw_platform); 2283 + ver->hw_platform); 2378 2284 return -EINVAL; 2379 2285 } 2380 2286 ··· 2364 2310 * This check has been put in place to ensure correct forward 2365 2311 * compatibility options when newer hardware variants come along. 2366 2312 */ 2367 - switch (ver.hw_variant) { 2313 + switch (ver->hw_variant) { 2368 2314 case 0x0b: /* SfP */ 2369 2315 case 0x0c: /* WsP */ 2370 2316 case 0x11: /* JfP */ ··· 2374 2320 break; 2375 2321 default: 2376 2322 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)", 2377 - ver.hw_variant); 2323 + ver->hw_variant); 2378 2324 return -EINVAL; 2379 2325 } 2380 2326 2381 - btintel_version_info(hdev, &ver); 2327 + btintel_version_info(hdev, ver); 2382 2328 2383 2329 /* The firmware variant determines if the device is in bootloader 2384 2330 * mode or is running operational firmware. The value 0x06 identifies ··· 2393 2339 * It is not possible to use the Secure Boot Parameters in this 2394 2340 * case since that command is only available in bootloader mode. 2395 2341 */ 2396 - if (ver.fw_variant == 0x23) { 2342 + if (ver->fw_variant == 0x23) { 2397 2343 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2398 2344 btintel_check_bdaddr(hdev); 2399 - goto finish; 2345 + return 0; 2400 2346 } 2401 2347 2402 2348 /* If the device is not in bootloader mode, then the only possible 2403 2349 * choice is to return an error and abort the device initialization. 2404 2350 */ 2405 - if (ver.fw_variant != 0x06) { 2351 + if (ver->fw_variant != 0x06) { 2406 2352 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)", 2407 - ver.fw_variant); 2353 + ver->fw_variant); 2408 2354 return -ENODEV; 2409 2355 } 2410 2356 2411 2357 /* Read the secure boot parameters to identify the operating 2412 2358 * details of the bootloader. 2413 2359 */ 2414 - err = btintel_read_boot_params(hdev, &params); 2360 + err = btintel_read_boot_params(hdev, params); 2415 2361 if (err) 2416 2362 return err; 2417 2363 ··· 2419 2365 * with a command complete event. If the boot parameters indicate 2420 2366 * that this bootloader does not send them, then abort the setup. 2421 2367 */ 2422 - if (params.limited_cce != 0x00) { 2368 + if (params->limited_cce != 0x00) { 2423 2369 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)", 2424 - params.limited_cce); 2370 + params->limited_cce); 2425 2371 return -EINVAL; 2426 2372 } 2427 2373 2428 2374 /* If the OTP has no valid Bluetooth device address, then there will 2429 2375 * also be no valid address for the operational firmware. 2430 2376 */ 2431 - if (!bacmp(&params.otp_bdaddr, BDADDR_ANY)) { 2377 + if (!bacmp(&params->otp_bdaddr, BDADDR_ANY)) { 2432 2378 bt_dev_info(hdev, "No device address configured"); 2433 2379 set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); 2434 2380 } ··· 2454 2400 * ibt-<hw_variant>-<hw_revision>-<fw_revision>.sfi. 2455 2401 * 2456 2402 */ 2457 - err = btusb_setup_intel_new_get_fw_name(&ver, &params, fwname, 2403 + err = btusb_setup_intel_new_get_fw_name(ver, params, fwname, 2458 2404 sizeof(fwname), "sfi"); 2459 2405 if (!err) { 2460 2406 bt_dev_err(hdev, "Unsupported Intel firmware naming"); ··· 2468 2414 } 2469 2415 2470 2416 bt_dev_info(hdev, "Found device firmware: %s", fwname); 2471 - 2472 - /* Save the DDC file name for later use to apply once the firmware 2473 - * downloading is done. 2474 - */ 2475 - err = btusb_setup_intel_new_get_fw_name(&ver, &params, fwname, 2476 - sizeof(fwname), "ddc"); 2477 - if (!err) { 2478 - bt_dev_err(hdev, "Unsupported Intel firmware naming"); 2479 - return -EINVAL; 2480 - } 2481 2417 2482 2418 if (fw->size < 644) { 2483 2419 bt_dev_err(hdev, "Invalid size of firmware file (%zu)", ··· 2523 2479 goto done; 2524 2480 } 2525 2481 2482 + done: 2483 + release_firmware(fw); 2484 + return err; 2485 + } 2486 + 2487 + static int btusb_setup_intel_new(struct hci_dev *hdev) 2488 + { 2489 + struct btusb_data *data = hci_get_drvdata(hdev); 2490 + struct intel_version ver; 2491 + struct intel_boot_params params; 2492 + u32 boot_param; 2493 + char ddcname[64]; 2494 + ktime_t calltime, delta, rettime; 2495 + unsigned long long duration; 2496 + int err; 2497 + struct intel_debug_features features; 2498 + 2499 + BT_DBG("%s", hdev->name); 2500 + 2501 + /* Set the default boot parameter to 0x0 and it is updated to 2502 + * SKU specific boot parameter after reading Intel_Write_Boot_Params 2503 + * command while downloading the firmware. 2504 + */ 2505 + boot_param = 0x00000000; 2506 + 2507 + calltime = ktime_get(); 2508 + 2509 + /* Read the Intel version information to determine if the device 2510 + * is in bootloader mode or if it already has operational firmware 2511 + * loaded. 2512 + */ 2513 + err = btintel_read_version(hdev, &ver); 2514 + if (err) { 2515 + bt_dev_err(hdev, "Intel Read version failed (%d)", err); 2516 + btintel_reset_to_bootloader(hdev); 2517 + return err; 2518 + } 2519 + 2520 + err = btusb_intel_download_firmware(hdev, &ver, &params); 2521 + if (err) 2522 + return err; 2523 + 2524 + /* controller is already having an operational firmware */ 2525 + if (ver.fw_variant == 0x23) 2526 + goto finish; 2527 + 2526 2528 rettime = ktime_get(); 2527 2529 delta = ktime_sub(rettime, calltime); 2528 2530 duration = (unsigned long long) ktime_to_ns(delta) >> 10; 2529 2531 2530 2532 bt_dev_info(hdev, "Firmware loaded in %llu usecs", duration); 2531 - 2532 - done: 2533 - release_firmware(fw); 2534 - 2535 - if (err < 0) 2536 - return err; 2537 2533 2538 2534 calltime = ktime_get(); 2539 2535 ··· 2618 2534 2619 2535 clear_bit(BTUSB_BOOTLOADER, &data->flags); 2620 2536 2621 - /* Once the device is running in operational mode, it needs to apply 2622 - * the device configuration (DDC) parameters. 2623 - * 2624 - * The device can work without DDC parameters, so even if it fails 2625 - * to load the file, no need to fail the setup. 2537 + err = btusb_setup_intel_new_get_fw_name(&ver, &params, ddcname, 2538 + sizeof(ddcname), "ddc"); 2539 + 2540 + if (!err) { 2541 + bt_dev_err(hdev, "Unsupported Intel firmware naming"); 2542 + } else { 2543 + /* Once the device is running in operational mode, it needs to 2544 + * apply the device configuration (DDC) parameters. 2545 + * 2546 + * The device can work without DDC parameters, so even if it 2547 + * fails to load the file, no need to fail the setup. 2548 + */ 2549 + btintel_load_ddc_config(hdev, ddcname); 2550 + } 2551 + 2552 + /* Read the Intel supported features and if new exception formats 2553 + * supported, need to load the additional DDC config to enable. 2626 2554 */ 2627 - btintel_load_ddc_config(hdev, fwname); 2555 + btintel_read_debug_features(hdev, &features); 2556 + 2557 + /* Set DDC mask for available debug features */ 2558 + btintel_set_debug_features(hdev, &features); 2628 2559 2629 2560 /* Read the Intel version information after loading the FW */ 2630 2561 err = btintel_read_version(hdev, &ver); ··· 3024 2925 const u8 *fw_ptr; 3025 2926 size_t fw_size; 3026 2927 int err, dlen; 3027 - u8 flag; 2928 + u8 flag, param; 3028 2929 3029 2930 err = request_firmware(&fw, fwname, &hdev->dev); 3030 2931 if (err < 0) { 3031 2932 bt_dev_err(hdev, "Failed to load firmware file (%d)", err); 2933 + return err; 2934 + } 2935 + 2936 + /* Power on data RAM the firmware relies on. */ 2937 + param = 1; 2938 + wmt_params.op = BTMTK_WMT_FUNC_CTRL; 2939 + wmt_params.flag = 3; 2940 + wmt_params.dlen = sizeof(param); 2941 + wmt_params.data = &param; 2942 + wmt_params.status = NULL; 2943 + 2944 + err = btusb_mtk_hci_wmt_sync(hdev, &wmt_params); 2945 + if (err < 0) { 2946 + bt_dev_err(hdev, "Failed to power on data RAM (%d)", err); 3032 2947 return err; 3033 2948 } 3034 2949 ··· 3817 3704 { 3818 3705 struct btusb_data *data = hci_get_drvdata(hdev); 3819 3706 3707 + if (test_bit(BTUSB_WAKEUP_DISABLE, &data->flags)) 3708 + return true; 3709 + 3820 3710 return !device_may_wakeup(&data->udev->dev); 3821 3711 } 3822 3712 ··· 4057 3941 if (id->driver_info & BTUSB_QCA_ROME) { 4058 3942 data->setup_on_usb = btusb_setup_qca; 4059 3943 hdev->set_bdaddr = btusb_set_bdaddr_ath3012; 3944 + hdev->cmd_timeout = btusb_qca_cmd_timeout; 4060 3945 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 4061 3946 btusb_check_needs_reset_resume(intf); 3947 + } 3948 + 3949 + if (id->driver_info & BTUSB_AMP) { 3950 + /* AMP controllers do not support SCO packets */ 3951 + data->isoc = NULL; 3952 + } else { 3953 + /* Interface orders are hardcoded in the specification */ 3954 + data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 3955 + data->isoc_ifnum = ifnum_base + 1; 4062 3956 } 4063 3957 4064 3958 if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) && ··· 4082 3956 * (DEVICE_REMOTE_WAKEUP) 4083 3957 */ 4084 3958 set_bit(BTUSB_WAKEUP_DISABLE, &data->flags); 4085 - 4086 - err = usb_autopm_get_interface(intf); 4087 - if (err < 0) 4088 - goto out_free_dev; 4089 - } 4090 - 4091 - if (id->driver_info & BTUSB_AMP) { 4092 - /* AMP controllers do not support SCO packets */ 4093 - data->isoc = NULL; 4094 - } else { 4095 - /* Interface orders are hardcoded in the specification */ 4096 - data->isoc = usb_ifnum_to_if(data->udev, ifnum_base + 1); 4097 - data->isoc_ifnum = ifnum_base + 1; 3959 + if (btusb_find_altsetting(data, 1)) 3960 + set_bit(BTUSB_USE_ALT1_FOR_WBS, &data->flags); 3961 + else 3962 + bt_dev_err(hdev, "Device does not support ALT setting 1"); 4098 3963 } 4099 3964 4100 3965 if (!reset) ··· 4118 4001 if (bcdDevice < 0x117) 4119 4002 set_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks); 4120 4003 4121 - /* Fake CSR devices with broken commands */ 4122 - if (bcdDevice <= 0x100 || bcdDevice == 0x134) 4123 - hdev->setup = btusb_setup_csr; 4124 - 4004 + /* This must be set first in case we disable it for fakes */ 4125 4005 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 4006 + 4007 + /* Fake CSR devices with broken commands */ 4008 + if (le16_to_cpu(udev->descriptor.idVendor) == 0x0a12 && 4009 + le16_to_cpu(udev->descriptor.idProduct) == 0x0001) 4010 + hdev->setup = btusb_setup_csr; 4126 4011 } 4127 4012 4128 4013 if (id->driver_info & BTUSB_SNIFFER) {

+1 -1

drivers/bluetooth/hci_h5.c

··· 793 793 if (!h5) 794 794 return -ENOMEM; 795 795 796 - set_bit(HCI_UART_RESET_ON_INIT, &h5->serdev_hu.flags); 796 + set_bit(HCI_UART_RESET_ON_INIT, &h5->serdev_hu.hdev_flags); 797 797 798 798 h5->hu = &h5->serdev_hu; 799 799 h5->serdev_hu.serdev = serdev;

+1 -1

drivers/bluetooth/hci_ll.c

··· 219 219 * perfectly safe to always send one. 220 220 */ 221 221 BT_DBG("dual wake-up-indication"); 222 - /* fall through */ 222 + fallthrough; 223 223 case HCILL_ASLEEP: 224 224 /* acknowledge device wake up */ 225 225 if (send_hcill_cmd(HCILL_WAKE_UP_ACK, hu) < 0) {

+83 -51

drivers/bluetooth/hci_qca.c

··· 46 46 #define HCI_MAX_IBS_SIZE 10 47 47 48 48 #define IBS_WAKE_RETRANS_TIMEOUT_MS 100 49 - #define IBS_BTSOC_TX_IDLE_TIMEOUT_MS 40 49 + #define IBS_BTSOC_TX_IDLE_TIMEOUT_MS 200 50 50 #define IBS_HOST_TX_IDLE_TIMEOUT_MS 2000 51 51 #define CMD_TRANS_TIMEOUT_MS 100 52 52 #define MEMDUMP_TIMEOUT_MS 8000 ··· 72 72 QCA_DROP_VENDOR_EVENT, 73 73 QCA_SUSPENDING, 74 74 QCA_MEMDUMP_COLLECTION, 75 - QCA_HW_ERROR_EVENT 75 + QCA_HW_ERROR_EVENT, 76 + QCA_SSR_TRIGGERED 76 77 }; 77 78 78 79 enum qca_capabilities { ··· 290 289 case HCI_IBS_TX_VOTE_CLOCK_ON: 291 290 qca->tx_vote = true; 292 291 qca->tx_votes_on++; 293 - new_vote = true; 294 292 break; 295 293 296 294 case HCI_IBS_RX_VOTE_CLOCK_ON: 297 295 qca->rx_vote = true; 298 296 qca->rx_votes_on++; 299 - new_vote = true; 300 297 break; 301 298 302 299 case HCI_IBS_TX_VOTE_CLOCK_OFF: 303 300 qca->tx_vote = false; 304 301 qca->tx_votes_off++; 305 - new_vote = qca->rx_vote | qca->tx_vote; 306 302 break; 307 303 308 304 case HCI_IBS_RX_VOTE_CLOCK_OFF: 309 305 qca->rx_vote = false; 310 306 qca->rx_votes_off++; 311 - new_vote = qca->rx_vote | qca->tx_vote; 312 307 break; 313 308 314 309 default: 315 310 BT_ERR("Voting irregularity"); 316 311 return; 317 312 } 313 + 314 + new_vote = qca->rx_vote | qca->tx_vote; 318 315 319 316 if (new_vote != old_vote) { 320 317 if (new_vote) ··· 473 474 474 475 case HCI_IBS_TX_ASLEEP: 475 476 case HCI_IBS_TX_WAKING: 476 - /* Fall through */ 477 - 478 477 default: 479 478 BT_ERR("Spurious timeout tx state %d", qca->tx_ibs_state); 480 479 break; ··· 515 518 516 519 case HCI_IBS_TX_ASLEEP: 517 520 case HCI_IBS_TX_AWAKE: 518 - /* Fall through */ 519 - 520 521 default: 521 522 BT_ERR("Spurious timeout tx state %d", qca->tx_ibs_state); 522 523 break; ··· 832 837 break; 833 838 834 839 case HCI_IBS_TX_ASLEEP: 835 - /* Fall through */ 836 - 837 840 default: 838 841 BT_ERR("Received HCI_IBS_WAKE_ACK in tx state %d", 839 842 qca->tx_ibs_state); ··· 854 861 855 862 BT_DBG("hu %p qca enq skb %p tx_ibs_state %d", hu, skb, 856 863 qca->tx_ibs_state); 864 + 865 + if (test_bit(QCA_SSR_TRIGGERED, &qca->flags)) { 866 + /* As SSR is in progress, ignore the packets */ 867 + bt_dev_dbg(hu->hdev, "SSR is in progress"); 868 + kfree_skb(skb); 869 + return 0; 870 + } 857 871 858 872 /* Prepend skb with frame type */ 859 873 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1); ··· 983 983 while ((skb = skb_dequeue(&qca->rx_memdump_q))) { 984 984 985 985 mutex_lock(&qca->hci_memdump_lock); 986 - /* Skip processing the received packets if timeout detected. */ 987 - if (qca->memdump_state == QCA_MEMDUMP_TIMEOUT) { 986 + /* Skip processing the received packets if timeout detected 987 + * or memdump collection completed. 988 + */ 989 + if (qca->memdump_state == QCA_MEMDUMP_TIMEOUT || 990 + qca->memdump_state == QCA_MEMDUMP_COLLECTED) { 988 991 mutex_unlock(&qca->hci_memdump_lock); 989 992 return; 990 993 } ··· 1131 1128 struct hci_uart *hu = hci_get_drvdata(hdev); 1132 1129 struct qca_data *qca = hu->priv; 1133 1130 1131 + set_bit(QCA_SSR_TRIGGERED, &qca->flags); 1134 1132 skb_queue_tail(&qca->rx_memdump_q, skb); 1135 1133 queue_work(qca->workqueue, &qca->ctrl_memdump_evt); 1136 1134 ··· 1489 1485 { 1490 1486 struct hci_uart *hu = hci_get_drvdata(hdev); 1491 1487 struct qca_data *qca = hu->priv; 1492 - struct qca_memdump_data *qca_memdump = qca->qca_memdump; 1493 - char *memdump_buf = NULL; 1494 1488 1489 + set_bit(QCA_SSR_TRIGGERED, &qca->flags); 1495 1490 set_bit(QCA_HW_ERROR_EVENT, &qca->flags); 1496 1491 bt_dev_info(hdev, "mem_dump_status: %d", qca->memdump_state); 1497 1492 ··· 1512 1509 qca_wait_for_dump_collection(hdev); 1513 1510 } 1514 1511 1512 + mutex_lock(&qca->hci_memdump_lock); 1515 1513 if (qca->memdump_state != QCA_MEMDUMP_COLLECTED) { 1516 1514 bt_dev_err(hu->hdev, "clearing allocated memory due to memdump timeout"); 1517 - mutex_lock(&qca->hci_memdump_lock); 1518 - if (qca_memdump) 1519 - memdump_buf = qca_memdump->memdump_buf_head; 1520 - vfree(memdump_buf); 1521 - kfree(qca_memdump); 1522 - qca->qca_memdump = NULL; 1515 + if (qca->qca_memdump) { 1516 + vfree(qca->qca_memdump->memdump_buf_head); 1517 + kfree(qca->qca_memdump); 1518 + qca->qca_memdump = NULL; 1519 + } 1523 1520 qca->memdump_state = QCA_MEMDUMP_TIMEOUT; 1524 1521 cancel_delayed_work(&qca->ctrl_memdump_timeout); 1525 - skb_queue_purge(&qca->rx_memdump_q); 1526 - mutex_unlock(&qca->hci_memdump_lock); 1522 + } 1523 + mutex_unlock(&qca->hci_memdump_lock); 1524 + 1525 + if (qca->memdump_state == QCA_MEMDUMP_TIMEOUT || 1526 + qca->memdump_state == QCA_MEMDUMP_COLLECTED) { 1527 1527 cancel_work_sync(&qca->ctrl_memdump_evt); 1528 + skb_queue_purge(&qca->rx_memdump_q); 1528 1529 } 1529 1530 1530 1531 clear_bit(QCA_HW_ERROR_EVENT, &qca->flags); ··· 1539 1532 struct hci_uart *hu = hci_get_drvdata(hdev); 1540 1533 struct qca_data *qca = hu->priv; 1541 1534 1542 - if (qca->memdump_state == QCA_MEMDUMP_IDLE) 1535 + set_bit(QCA_SSR_TRIGGERED, &qca->flags); 1536 + if (qca->memdump_state == QCA_MEMDUMP_IDLE) { 1537 + set_bit(QCA_MEMDUMP_COLLECTION, &qca->flags); 1543 1538 qca_send_crashbuffer(hu); 1544 - else 1545 - bt_dev_info(hdev, "Dump collection is in process"); 1539 + qca_wait_for_dump_collection(hdev); 1540 + } else if (qca->memdump_state == QCA_MEMDUMP_COLLECTING) { 1541 + /* Let us wait here until memory dump collected or 1542 + * memory dump timer expired. 1543 + */ 1544 + bt_dev_info(hdev, "waiting for dump to complete"); 1545 + qca_wait_for_dump_collection(hdev); 1546 + } 1547 + 1548 + mutex_lock(&qca->hci_memdump_lock); 1549 + if (qca->memdump_state != QCA_MEMDUMP_COLLECTED) { 1550 + qca->memdump_state = QCA_MEMDUMP_TIMEOUT; 1551 + if (!test_bit(QCA_HW_ERROR_EVENT, &qca->flags)) { 1552 + /* Inject hw error event to reset the device 1553 + * and driver. 1554 + */ 1555 + hci_reset_dev(hu->hdev); 1556 + } 1557 + } 1558 + mutex_unlock(&qca->hci_memdump_lock); 1546 1559 } 1547 1560 1548 1561 static int qca_wcn3990_init(struct hci_uart *hu) ··· 1668 1641 bt_dev_info(hdev, "setting up %s", 1669 1642 qca_is_wcn399x(soc_type) ? "wcn399x" : "ROME/QCA6390"); 1670 1643 1644 + qca->memdump_state = QCA_MEMDUMP_IDLE; 1645 + 1671 1646 retry: 1672 1647 ret = qca_power_on(hdev); 1673 1648 if (ret) 1674 1649 return ret; 1650 + 1651 + clear_bit(QCA_SSR_TRIGGERED, &qca->flags); 1675 1652 1676 1653 if (qca_is_wcn399x(soc_type)) { 1677 1654 set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks); ··· 1819 1788 qca_flush(hu); 1820 1789 spin_unlock_irqrestore(&qca->hci_ibs_lock, flags); 1821 1790 1822 - hu->hdev->hw_error = NULL; 1823 - hu->hdev->cmd_timeout = NULL; 1824 - 1825 1791 /* Non-serdev device usually is powered by external power 1826 1792 * and don't need additional action in driver for power down 1827 1793 */ ··· 1840 1812 struct qca_data *qca = hu->priv; 1841 1813 enum qca_btsoc_type soc_type = qca_soc_type(hu); 1842 1814 1815 + hu->hdev->hw_error = NULL; 1816 + hu->hdev->cmd_timeout = NULL; 1817 + 1843 1818 /* Stop sending shutdown command if soc crashes. */ 1844 1819 if (soc_type != QCA_ROME 1845 1820 && qca->memdump_state == QCA_MEMDUMP_IDLE) { ··· 1850 1819 usleep_range(8000, 10000); 1851 1820 } 1852 1821 1853 - qca->memdump_state = QCA_MEMDUMP_IDLE; 1854 1822 qca_power_shutdown(hu); 1855 1823 return 0; 1856 1824 } ··· 1992 1962 } 1993 1963 1994 1964 qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL); 1995 - if (!qcadev->susclk) { 1965 + if (IS_ERR(qcadev->susclk)) { 1996 1966 dev_warn(&serdev->dev, "failed to acquire clk\n"); 1997 - } else { 1998 - err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ); 1999 - if (err) 2000 - return err; 2001 - 2002 - err = clk_prepare_enable(qcadev->susclk); 2003 - if (err) 2004 - return err; 1967 + return PTR_ERR(qcadev->susclk); 2005 1968 } 1969 + err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ); 1970 + if (err) 1971 + return err; 1972 + 1973 + err = clk_prepare_enable(qcadev->susclk); 1974 + if (err) 1975 + return err; 2006 1976 2007 1977 err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto); 2008 1978 if (err) { ··· 2080 2050 struct hci_uart *hu = &qcadev->serdev_hu; 2081 2051 struct qca_data *qca = hu->priv; 2082 2052 unsigned long flags; 2053 + bool tx_pending = false; 2083 2054 int ret = 0; 2084 2055 u8 cmd; 2085 2056 ··· 2099 2068 switch (qca->tx_ibs_state) { 2100 2069 case HCI_IBS_TX_WAKING: 2101 2070 del_timer(&qca->wake_retrans_timer); 2102 - /* Fall through */ 2071 + fallthrough; 2103 2072 case HCI_IBS_TX_AWAKE: 2104 2073 del_timer(&qca->tx_idle_timer); 2105 2074 ··· 2114 2083 2115 2084 qca->tx_ibs_state = HCI_IBS_TX_ASLEEP; 2116 2085 qca->ibs_sent_slps++; 2117 - 2118 - qca_wq_serial_tx_clock_vote_off(&qca->ws_tx_vote_off); 2086 + tx_pending = true; 2119 2087 break; 2120 2088 2121 2089 case HCI_IBS_TX_ASLEEP: ··· 2131 2101 if (ret < 0) 2132 2102 goto error; 2133 2103 2134 - serdev_device_wait_until_sent(hu->serdev, 2135 - msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS)); 2104 + if (tx_pending) { 2105 + serdev_device_wait_until_sent(hu->serdev, 2106 + msecs_to_jiffies(CMD_TRANS_TIMEOUT_MS)); 2107 + serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_OFF, hu); 2108 + } 2136 2109 2137 2110 /* Wait for HCI_IBS_SLEEP_IND sent by device to indicate its Tx is going 2138 2111 * to sleep, so that the packet does not wake the system later. 2139 2112 */ 2140 - 2141 2113 ret = wait_event_interruptible_timeout(qca->suspend_wait_q, 2142 2114 qca->rx_ibs_state == HCI_IBS_RX_ASLEEP, 2143 2115 msecs_to_jiffies(IBS_BTSOC_TX_IDLE_TIMEOUT_MS)); 2144 - 2145 - if (ret > 0) 2146 - return 0; 2147 - 2148 - if (ret == 0) 2116 + if (ret == 0) { 2149 2117 ret = -ETIMEDOUT; 2118 + goto error; 2119 + } 2120 + 2121 + return 0; 2150 2122 2151 2123 error: 2152 2124 clear_bit(QCA_SUSPENDING, &qca->flags);

+2 -1

drivers/bluetooth/hci_serdev.c

··· 355 355 struct hci_dev *hdev = hu->hdev; 356 356 357 357 clear_bit(HCI_UART_PROTO_READY, &hu->flags); 358 - hci_unregister_dev(hdev); 358 + if (test_bit(HCI_UART_REGISTERED, &hu->flags)) 359 + hci_unregister_dev(hdev); 359 360 hci_free_dev(hdev); 360 361 361 362 cancel_work_sync(&hu->write_work);

+2 -2

drivers/net/wireless/marvell/mwifiex/sdio.h

··· 36 36 #define SD8897_DEFAULT_FW_NAME "mrvl/sd8897_uapsta.bin" 37 37 #define SD8887_DEFAULT_FW_NAME "mrvl/sd8887_uapsta.bin" 38 38 #define SD8801_DEFAULT_FW_NAME "mrvl/sd8801_uapsta.bin" 39 - #define SD8977_DEFAULT_FW_NAME "mrvl/sd8977_uapsta.bin" 39 + #define SD8977_DEFAULT_FW_NAME "mrvl/sdsd8977_combo_v2.bin" 40 40 #define SD8987_DEFAULT_FW_NAME "mrvl/sd8987_uapsta.bin" 41 - #define SD8997_DEFAULT_FW_NAME "mrvl/sd8997_uapsta.bin" 41 + #define SD8997_DEFAULT_FW_NAME "mrvl/sdsd8997_combo_v4.bin" 42 42 43 43 #define BLOCK_MODE 1 44 44 #define BYTE_MODE 0

+12

include/net/bluetooth/bluetooth.h

··· 41 41 #define BLUETOOTH_VER_1_1 1 42 42 #define BLUETOOTH_VER_1_2 2 43 43 #define BLUETOOTH_VER_2_0 3 44 + #define BLUETOOTH_VER_2_1 4 45 + #define BLUETOOTH_VER_4_0 6 44 46 45 47 /* Reserv for core and drivers use */ 46 48 #define BT_SKB_RESERVE 8 ··· 148 146 #define BT_MODE_STREAMING 0x02 149 147 #define BT_MODE_LE_FLOWCTL 0x03 150 148 #define BT_MODE_EXT_FLOWCTL 0x04 149 + 150 + #define BT_PKT_STATUS 16 151 + 152 + #define BT_SCM_PKT_STATUS 0x03 151 153 152 154 __printf(1, 2) 153 155 void bt_info(const char *fmt, ...); ··· 292 286 struct sock *parent; 293 287 unsigned long flags; 294 288 void (*skb_msg_name)(struct sk_buff *, void *, int *); 289 + void (*skb_put_cmsg)(struct sk_buff *, struct msghdr *, struct sock *); 295 290 }; 296 291 297 292 enum { ··· 342 335 struct l2cap_chan *chan; 343 336 }; 344 337 338 + struct sco_ctrl { 339 + u8 pkt_status; 340 + }; 341 + 345 342 struct hci_dev; 346 343 347 344 typedef void (*hci_req_complete_t)(struct hci_dev *hdev, u8 status, u16 opcode); ··· 372 361 u8 incoming:1; 373 362 union { 374 363 struct l2cap_ctrl l2cap; 364 + struct sco_ctrl sco; 375 365 struct hci_ctrl hci; 376 366 }; 377 367 };

+26 -2

include/net/bluetooth/hci.h

··· 227 227 * supported. 228 228 */ 229 229 HCI_QUIRK_VALID_LE_STATES, 230 + 231 + /* When this quirk is set, then erroneous data reporting 232 + * is ignored. This is mainly due to the fact that the HCI 233 + * Read Default Erroneous Data Reporting command is advertised, 234 + * but not supported; these controllers often reply with unknown 235 + * command and tend to lock up randomly. Needing a hard reset. 236 + * 237 + * This quirk can be set before hci_register_dev is called or 238 + * during the hdev->setup vendor callback. 239 + */ 240 + HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, 230 241 }; 231 242 232 243 /* HCI device flags */ ··· 318 307 HCI_FORCE_BREDR_SMP, 319 308 HCI_FORCE_STATIC_ADDR, 320 309 HCI_LL_RPA_RESOLUTION, 310 + HCI_ENABLE_LL_PRIVACY, 321 311 HCI_CMD_PENDING, 322 312 HCI_FORCE_NO_MITM, 323 313 ··· 1649 1637 1650 1638 #define HCI_OP_LE_SET_ADDR_RESOLV_ENABLE 0x202d 1651 1639 1640 + #define HCI_OP_LE_SET_RPA_TIMEOUT 0x202e 1641 + 1652 1642 #define HCI_OP_LE_READ_MAX_DATA_LEN 0x202f 1653 1643 struct hci_rp_le_read_max_data_len { 1654 1644 __u8 status; ··· 2282 2268 #define LE_EXT_ADV_SCAN_RSP 0x0008 2283 2269 #define LE_EXT_ADV_LEGACY_PDU 0x0010 2284 2270 2285 - #define ADDR_LE_DEV_PUBLIC 0x00 2286 - #define ADDR_LE_DEV_RANDOM 0x01 2271 + #define ADDR_LE_DEV_PUBLIC 0x00 2272 + #define ADDR_LE_DEV_RANDOM 0x01 2273 + #define ADDR_LE_DEV_PUBLIC_RESOLVED 0x02 2274 + #define ADDR_LE_DEV_RANDOM_RESOLVED 0x03 2287 2275 2288 2276 #define HCI_EV_LE_ADVERTISING_REPORT 0x02 2289 2277 struct hci_ev_le_advertising_info { ··· 2531 2515 #define hci_iso_data_len_pack(h, f) ((__u16) ((h) | ((f) << 14))) 2532 2516 #define hci_iso_data_len(h) ((h) & 0x3fff) 2533 2517 #define hci_iso_data_flags(h) ((h) >> 14) 2518 + 2519 + /* le24 support */ 2520 + static inline void hci_cpu_to_le24(__u32 val, __u8 dst[3]) 2521 + { 2522 + dst[0] = val & 0xff; 2523 + dst[1] = (val & 0xff00) >> 8; 2524 + dst[2] = (val & 0xff0000) >> 16; 2525 + } 2534 2526 2535 2527 #endif /* __HCI_H */

+96 -11

include/net/bluetooth/hci_core.h

··· 25 25 #ifndef __HCI_CORE_H 26 26 #define __HCI_CORE_H 27 27 28 + #include <linux/idr.h> 28 29 #include <linux/leds.h> 29 30 #include <linux/rculist.h> 30 31 ··· 137 136 u8 local_irk[16]; 138 137 }; 139 138 139 + struct bdaddr_list_with_flags { 140 + struct list_head list; 141 + bdaddr_t bdaddr; 142 + u8 bdaddr_type; 143 + u32 current_flags; 144 + }; 145 + 146 + enum hci_conn_flags { 147 + HCI_CONN_FLAG_REMOTE_WAKEUP, 148 + HCI_CONN_FLAG_MAX 149 + }; 150 + 151 + #define hci_conn_test_flag(nr, flags) ((flags) & (1U << nr)) 152 + 153 + /* Make sure number of flags doesn't exceed sizeof(current_flags) */ 154 + static_assert(HCI_CONN_FLAG_MAX < 32); 155 + 140 156 struct bt_uuid { 141 157 struct list_head list; 142 158 u8 uuid[16]; ··· 238 220 #define HCI_MAX_ADV_INSTANCES 5 239 221 #define HCI_DEFAULT_ADV_DURATION 2 240 222 223 + struct adv_pattern { 224 + struct list_head list; 225 + __u8 ad_type; 226 + __u8 offset; 227 + __u8 length; 228 + __u8 value[HCI_MAX_AD_LENGTH]; 229 + }; 230 + 231 + struct adv_monitor { 232 + struct list_head patterns; 233 + bool active; 234 + __u16 handle; 235 + }; 236 + 237 + #define HCI_MIN_ADV_MONITOR_HANDLE 1 238 + #define HCI_MAX_ADV_MONITOR_NUM_HANDLES 32 239 + #define HCI_MAX_ADV_MONITOR_NUM_PATTERNS 16 240 + 241 241 #define HCI_MAX_SHORT_NAME_LENGTH 10 242 242 243 243 /* Min encryption key size to match with SMP */ ··· 331 295 __u8 le_scan_type; 332 296 __u16 le_scan_interval; 333 297 __u16 le_scan_window; 298 + __u16 le_scan_int_suspend; 299 + __u16 le_scan_window_suspend; 300 + __u16 le_scan_int_discovery; 301 + __u16 le_scan_window_discovery; 302 + __u16 le_scan_int_adv_monitor; 303 + __u16 le_scan_window_adv_monitor; 304 + __u16 le_scan_int_connect; 305 + __u16 le_scan_window_connect; 334 306 __u16 le_conn_min_interval; 335 307 __u16 le_conn_max_interval; 336 308 __u16 le_conn_latency; ··· 366 322 __u16 devid_vendor; 367 323 __u16 devid_product; 368 324 __u16 devid_version; 325 + 326 + __u8 def_page_scan_type; 327 + __u16 def_page_scan_int; 328 + __u16 def_page_scan_window; 329 + __u8 def_inq_scan_type; 330 + __u16 def_inq_scan_int; 331 + __u16 def_inq_scan_window; 332 + __u16 def_br_lsto; 333 + __u16 def_page_timeout; 334 + __u16 def_multi_adv_rotation_duration; 335 + __u16 def_le_autoconnect_timeout; 369 336 370 337 __u16 pkt_type; 371 338 __u16 esco_type; ··· 493 438 struct list_head mgmt_pending; 494 439 struct list_head blacklist; 495 440 struct list_head whitelist; 496 - struct list_head wakeable; 497 441 struct list_head uuids; 498 442 struct list_head link_keys; 499 443 struct list_head long_term_keys; ··· 531 477 __u16 adv_instance_timeout; 532 478 struct delayed_work adv_instance_expire; 533 479 480 + struct idr adv_monitors_idr; 481 + unsigned int adv_monitors_cnt; 482 + 534 483 __u8 irk[16]; 535 484 __u32 rpa_timeout; 536 485 struct delayed_work rpa_expired; ··· 564 507 }; 565 508 566 509 #define HCI_PHY_HANDLE(handle) (handle & 0xff) 510 + 511 + enum conn_reasons { 512 + CONN_REASON_PAIR_DEVICE, 513 + CONN_REASON_L2CAP_CHAN, 514 + CONN_REASON_SCO_CONNECT, 515 + }; 567 516 568 517 struct hci_conn { 569 518 struct list_head list; ··· 621 558 __s8 tx_power; 622 559 __s8 max_tx_power; 623 560 unsigned long flags; 561 + 562 + enum conn_reasons conn_reason; 624 563 625 564 __u32 clock; 626 565 __u16 clock_accuracy; ··· 691 626 692 627 struct hci_conn *conn; 693 628 bool explicit_connect; 694 - bool wakeable; 629 + u32 current_flags; 695 630 }; 696 631 697 632 extern struct list_head hci_dev_list; ··· 1049 984 1050 985 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, 1051 986 u8 dst_type, u8 sec_level, 1052 - u16 conn_timeout); 987 + u16 conn_timeout, 988 + enum conn_reasons conn_reason); 1053 989 struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, 1054 990 u8 dst_type, u8 sec_level, u16 conn_timeout, 1055 991 u8 role, bdaddr_t *direct_rpa); 1056 992 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, 1057 - u8 sec_level, u8 auth_type); 993 + u8 sec_level, u8 auth_type, 994 + enum conn_reasons conn_reason); 1058 995 struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, 1059 996 __u16 setting); 1060 997 int hci_conn_check_link_mode(struct hci_conn *conn); ··· 1218 1151 struct bdaddr_list_with_irk *hci_bdaddr_list_lookup_with_irk( 1219 1152 struct list_head *list, bdaddr_t *bdaddr, 1220 1153 u8 type); 1154 + struct bdaddr_list_with_flags * 1155 + hci_bdaddr_list_lookup_with_flags(struct list_head *list, bdaddr_t *bdaddr, 1156 + u8 type); 1221 1157 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type); 1222 1158 int hci_bdaddr_list_add_with_irk(struct list_head *list, bdaddr_t *bdaddr, 1223 - u8 type, u8 *peer_irk, u8 *local_irk); 1159 + u8 type, u8 *peer_irk, u8 *local_irk); 1160 + int hci_bdaddr_list_add_with_flags(struct list_head *list, bdaddr_t *bdaddr, 1161 + u8 type, u32 flags); 1224 1162 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type); 1225 1163 int hci_bdaddr_list_del_with_irk(struct list_head *list, bdaddr_t *bdaddr, 1226 - u8 type); 1164 + u8 type); 1165 + int hci_bdaddr_list_del_with_flags(struct list_head *list, bdaddr_t *bdaddr, 1166 + u8 type); 1227 1167 void hci_bdaddr_list_clear(struct list_head *list); 1228 1168 1229 1169 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev, ··· 1290 1216 u16 timeout, u16 duration); 1291 1217 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance); 1292 1218 void hci_adv_instances_set_rpa_expired(struct hci_dev *hdev, bool rpa_expired); 1219 + 1220 + void hci_adv_monitors_clear(struct hci_dev *hdev); 1221 + void hci_free_adv_monitor(struct adv_monitor *monitor); 1222 + int hci_add_adv_monitor(struct hci_dev *hdev, struct adv_monitor *monitor); 1223 + int hci_remove_adv_monitor(struct hci_dev *hdev, u16 handle); 1224 + bool hci_is_adv_monitoring(struct hci_dev *hdev); 1293 1225 1294 1226 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb); 1295 1227 ··· 1358 1278 1359 1279 #define scan_coded(dev) (((dev)->le_tx_def_phys & HCI_LE_SET_PHY_CODED) || \ 1360 1280 ((dev)->le_rx_def_phys & HCI_LE_SET_PHY_CODED)) 1281 + 1282 + /* Use LL Privacy based address resolution if supported */ 1283 + #define use_ll_privacy(dev) ((dev)->le_features[0] & HCI_LE_LL_PRIVACY) 1361 1284 1362 1285 /* Use ext scanning if set ext scan param and ext scan enable is supported */ 1363 1286 #define use_ext_scan(dev) (((dev)->commands[37] & 0x20) && \ ··· 1470 1387 __u8 encrypt; 1471 1388 1472 1389 if (conn->state == BT_CONFIG) { 1473 - if (status) 1390 + if (!status) 1474 1391 conn->state = BT_CONNECTED; 1475 1392 1476 1393 hci_connect_cfm(conn, status); ··· 1485 1402 else 1486 1403 encrypt = 0x01; 1487 1404 1488 - if (conn->sec_level == BT_SECURITY_SDP) 1489 - conn->sec_level = BT_SECURITY_LOW; 1405 + if (!status) { 1406 + if (conn->sec_level == BT_SECURITY_SDP) 1407 + conn->sec_level = BT_SECURITY_LOW; 1490 1408 1491 - if (conn->pending_sec_level > conn->sec_level) 1492 - conn->sec_level = conn->pending_sec_level; 1409 + if (conn->pending_sec_level > conn->sec_level) 1410 + conn->sec_level = conn->pending_sec_level; 1411 + } 1493 1412 1494 1413 mutex_lock(&hci_cb_list_lock); 1495 1414 list_for_each_entry(cb, &hci_cb_list, list) {

+2 -2

include/net/bluetooth/hci_sock.h

··· 31 31 #define HCI_TIME_STAMP 3 32 32 33 33 /* CMSG flags */ 34 - #define HCI_CMSG_DIR 0x0001 35 - #define HCI_CMSG_TSTAMP 0x0002 34 + #define HCI_CMSG_DIR 0x01 35 + #define HCI_CMSG_TSTAMP 0x02 36 36 37 37 struct sockaddr_hci { 38 38 sa_family_t hci_family;

+95

include/net/bluetooth/mgmt.h

··· 52 52 __le16 len; 53 53 } __packed; 54 54 55 + struct mgmt_tlv { 56 + __le16 type; 57 + __u8 length; 58 + __u8 value[]; 59 + } __packed; 60 + 55 61 struct mgmt_addr_info { 56 62 bdaddr_t bdaddr; 57 63 __u8 type; ··· 708 702 __le32 flags; 709 703 } __packed; 710 704 705 + #define MGMT_OP_READ_DEF_SYSTEM_CONFIG 0x004b 706 + #define MGMT_READ_DEF_SYSTEM_CONFIG_SIZE 0 707 + 708 + #define MGMT_OP_SET_DEF_SYSTEM_CONFIG 0x004c 709 + #define MGMT_SET_DEF_SYSTEM_CONFIG_SIZE 0 710 + 711 + #define MGMT_OP_READ_DEF_RUNTIME_CONFIG 0x004d 712 + #define MGMT_READ_DEF_RUNTIME_CONFIG_SIZE 0 713 + 714 + #define MGMT_OP_SET_DEF_RUNTIME_CONFIG 0x004e 715 + #define MGMT_SET_DEF_RUNTIME_CONFIG_SIZE 0 716 + 717 + #define MGMT_OP_GET_DEVICE_FLAGS 0x004F 718 + #define MGMT_GET_DEVICE_FLAGS_SIZE 7 719 + struct mgmt_cp_get_device_flags { 720 + struct mgmt_addr_info addr; 721 + } __packed; 722 + struct mgmt_rp_get_device_flags { 723 + struct mgmt_addr_info addr; 724 + __le32 supported_flags; 725 + __le32 current_flags; 726 + } __packed; 727 + 728 + #define MGMT_OP_SET_DEVICE_FLAGS 0x0050 729 + #define MGMT_SET_DEVICE_FLAGS_SIZE 11 730 + struct mgmt_cp_set_device_flags { 731 + struct mgmt_addr_info addr; 732 + __le32 current_flags; 733 + } __packed; 734 + struct mgmt_rp_set_device_flags { 735 + struct mgmt_addr_info addr; 736 + } __packed; 737 + 738 + #define MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS BIT(0) 739 + 740 + #define MGMT_OP_READ_ADV_MONITOR_FEATURES 0x0051 741 + #define MGMT_READ_ADV_MONITOR_FEATURES_SIZE 0 742 + struct mgmt_rp_read_adv_monitor_features { 743 + __le32 supported_features; 744 + __le32 enabled_features; 745 + __le16 max_num_handles; 746 + __u8 max_num_patterns; 747 + __le16 num_handles; 748 + __le16 handles[]; 749 + } __packed; 750 + 751 + struct mgmt_adv_pattern { 752 + __u8 ad_type; 753 + __u8 offset; 754 + __u8 length; 755 + __u8 value[31]; 756 + } __packed; 757 + 758 + #define MGMT_OP_ADD_ADV_PATTERNS_MONITOR 0x0052 759 + struct mgmt_cp_add_adv_patterns_monitor { 760 + __u8 pattern_count; 761 + struct mgmt_adv_pattern patterns[]; 762 + } __packed; 763 + #define MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE 1 764 + struct mgmt_rp_add_adv_patterns_monitor { 765 + __le16 monitor_handle; 766 + } __packed; 767 + 768 + #define MGMT_OP_REMOVE_ADV_MONITOR 0x0053 769 + struct mgmt_cp_remove_adv_monitor { 770 + __le16 monitor_handle; 771 + } __packed; 772 + #define MGMT_REMOVE_ADV_MONITOR_SIZE 2 773 + struct mgmt_rp_remove_adv_monitor { 774 + __le16 monitor_handle; 775 + } __packed; 776 + 711 777 #define MGMT_EV_CMD_COMPLETE 0x0001 712 778 struct mgmt_ev_cmd_complete { 713 779 __le16 opcode; ··· 1011 933 __u8 uuid[16]; 1012 934 __le32 flags; 1013 935 } __packed; 936 + 937 + #define MGMT_EV_DEVICE_FLAGS_CHANGED 0x002a 938 + struct mgmt_ev_device_flags_changed { 939 + struct mgmt_addr_info addr; 940 + __le32 supported_flags; 941 + __le32 current_flags; 942 + } __packed; 943 + 944 + #define MGMT_EV_ADV_MONITOR_ADDED 0x002b 945 + struct mgmt_ev_adv_monitor_added { 946 + __le16 monitor_handle; 947 + } __packed; 948 + 949 + #define MGMT_EV_ADV_MONITOR_REMOVED 0x002c 950 + struct mgmt_ev_adv_monitor_removed { 951 + __le16 monitor_handle; 952 + } __packed;

+2

include/net/bluetooth/sco.h

··· 46 46 __u8 dev_class[3]; 47 47 }; 48 48 49 + #define SCO_CMSG_PKT_STATUS 0x01 50 + 49 51 #endif /* __SCO_H */

+5

net/bluetooth/6lowpan.c

··· 50 50 /* We are listening incoming connections via this channel 51 51 */ 52 52 static struct l2cap_chan *listen_chan; 53 + static DEFINE_MUTEX(set_lock); 53 54 54 55 struct lowpan_peer { 55 56 struct list_head list; ··· 1079 1078 1080 1079 enable_6lowpan = set_enable->flag; 1081 1080 1081 + mutex_lock(&set_lock); 1082 1082 if (listen_chan) { 1083 1083 l2cap_chan_close(listen_chan, 0); 1084 1084 l2cap_chan_put(listen_chan); 1085 1085 } 1086 1086 1087 1087 listen_chan = bt_6lowpan_listen(); 1088 + mutex_unlock(&set_lock); 1088 1089 1089 1090 kfree(set_enable); 1090 1091 } ··· 1138 1135 if (ret == -EINVAL) 1139 1136 return ret; 1140 1137 1138 + mutex_lock(&set_lock); 1141 1139 if (listen_chan) { 1142 1140 l2cap_chan_close(listen_chan, 0); 1143 1141 l2cap_chan_put(listen_chan); 1144 1142 listen_chan = NULL; 1145 1143 } 1144 + mutex_unlock(&set_lock); 1146 1145 1147 1146 if (conn) { 1148 1147 struct lowpan_peer *peer;

+1 -1

net/bluetooth/Kconfig

··· 21 21 It was designed as a replacement for cables and other short-range 22 22 technologies like IrDA. Bluetooth operates in personal area range 23 23 that typically extends up to 10 meters. More information about 24 - Bluetooth can be found at <http://www.bluetooth.com/>. 24 + Bluetooth can be found at <https://www.bluetooth.com/>. 25 25 26 26 Linux Bluetooth subsystem consist of several layers: 27 27 Bluetooth Core

+1 -1

net/bluetooth/Makefile

··· 14 14 15 15 bluetooth-y := af_bluetooth.o hci_core.o hci_conn.o hci_event.o mgmt.o \ 16 16 hci_sock.o hci_sysfs.o l2cap_core.o l2cap_sock.o smp.o lib.o \ 17 - ecdh_helper.o hci_request.o mgmt_util.o 17 + ecdh_helper.o hci_request.o mgmt_util.o mgmt_config.o 18 18 19 19 bluetooth-$(CONFIG_BT_BREDR) += sco.o 20 20 bluetooth-$(CONFIG_BT_HS) += a2mp.o amp.o

+3 -2

net/bluetooth/af_bluetooth.c

··· 286 286 if (msg->msg_name && bt_sk(sk)->skb_msg_name) 287 287 bt_sk(sk)->skb_msg_name(skb, msg->msg_name, 288 288 &msg->msg_namelen); 289 + 290 + if (bt_sk(sk)->skb_put_cmsg) 291 + bt_sk(sk)->skb_put_cmsg(skb, msg, sk); 289 292 } 290 293 291 294 skb_free_datagram(sk, skb); ··· 455 452 { 456 453 struct sock *sk = sock->sk; 457 454 __poll_t mask = 0; 458 - 459 - BT_DBG("sock %p, sk %p", sock, sk); 460 455 461 456 poll_wait(file, sk_sleep(sk), wait); 462 457

+36 -15

net/bluetooth/hci_conn.c

··· 789 789 790 790 memset(p, 0, sizeof(*p)); 791 791 792 - /* Set window to be the same value as the interval to 793 - * enable continuous scanning. 794 - */ 795 - p->scan_interval = cpu_to_le16(hdev->le_scan_interval); 796 - p->scan_window = p->scan_interval; 792 + p->scan_interval = cpu_to_le16(hdev->le_scan_int_connect); 793 + p->scan_window = cpu_to_le16(hdev->le_scan_window_connect); 797 794 p->conn_interval_min = cpu_to_le16(conn->le_conn_min_interval); 798 795 p->conn_interval_max = cpu_to_le16(conn->le_conn_max_interval); 799 796 p->conn_latency = cpu_to_le16(conn->le_conn_latency); ··· 872 875 873 876 memset(&cp, 0, sizeof(cp)); 874 877 875 - /* Set window to be the same value as the interval to enable 876 - * continuous scanning. 877 - */ 878 - cp.scan_interval = cpu_to_le16(hdev->le_scan_interval); 879 - cp.scan_window = cp.scan_interval; 878 + cp.scan_interval = cpu_to_le16(hdev->le_scan_int_connect); 879 + cp.scan_window = cpu_to_le16(hdev->le_scan_window_connect); 880 880 881 881 bacpy(&cp.peer_addr, &conn->dst); 882 882 cp.peer_addr_type = conn->dst_type; ··· 931 937 * So it is required to remove adv set for handle 0x00. since we use 932 938 * instance 0 for directed adv. 933 939 */ 934 - hci_req_add(req, HCI_OP_LE_REMOVE_ADV_SET, sizeof(cp.handle), &cp.handle); 940 + __hci_req_remove_ext_adv_instance(req, cp.handle); 935 941 936 942 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(cp), &cp); 937 943 ··· 1002 1008 struct smp_irk *irk; 1003 1009 struct hci_request req; 1004 1010 int err; 1011 + 1012 + /* This ensures that during disable le_scan address resolution 1013 + * will not be disabled if it is followed by le_create_conn 1014 + */ 1015 + bool rpa_le_conn = true; 1005 1016 1006 1017 /* Let's make sure that le is enabled.*/ 1007 1018 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { ··· 1108 1109 * state. 1109 1110 */ 1110 1111 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 1111 - hci_req_add_le_scan_disable(&req); 1112 + hci_req_add_le_scan_disable(&req, rpa_le_conn); 1112 1113 hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); 1113 1114 } 1114 1115 ··· 1179 1180 /* This function requires the caller holds hdev->lock */ 1180 1181 struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, 1181 1182 u8 dst_type, u8 sec_level, 1182 - u16 conn_timeout) 1183 + u16 conn_timeout, 1184 + enum conn_reasons conn_reason) 1183 1185 { 1184 1186 struct hci_conn *conn; 1185 1187 ··· 1225 1225 conn->sec_level = BT_SECURITY_LOW; 1226 1226 conn->pending_sec_level = sec_level; 1227 1227 conn->conn_timeout = conn_timeout; 1228 + conn->conn_reason = conn_reason; 1228 1229 1229 1230 hci_update_background_scan(hdev); 1230 1231 ··· 1235 1234 } 1236 1235 1237 1236 struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, 1238 - u8 sec_level, u8 auth_type) 1237 + u8 sec_level, u8 auth_type, 1238 + enum conn_reasons conn_reason) 1239 1239 { 1240 1240 struct hci_conn *acl; 1241 1241 ··· 1256 1254 1257 1255 hci_conn_hold(acl); 1258 1256 1257 + acl->conn_reason = conn_reason; 1259 1258 if (acl->state == BT_OPEN || acl->state == BT_CLOSED) { 1260 1259 acl->sec_level = BT_SECURITY_LOW; 1261 1260 acl->pending_sec_level = sec_level; ··· 1273 1270 struct hci_conn *acl; 1274 1271 struct hci_conn *sco; 1275 1272 1276 - acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING); 1273 + acl = hci_connect_acl(hdev, dst, BT_SECURITY_LOW, HCI_AT_NO_BONDING, 1274 + CONN_REASON_SCO_CONNECT); 1277 1275 if (IS_ERR(acl)) 1278 1276 return acl; 1279 1277 ··· 1325 1321 !test_bit(HCI_CONN_AES_CCM, &conn->flags) || 1326 1322 conn->key_type != HCI_LK_AUTH_COMBINATION_P256) 1327 1323 return 0; 1324 + } 1325 + 1326 + /* AES encryption is required for Level 4: 1327 + * 1328 + * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C 1329 + * page 1319: 1330 + * 1331 + * 128-bit equivalent strength for link and encryption keys 1332 + * required using FIPS approved algorithms (E0 not allowed, 1333 + * SAFER+ not allowed, and P-192 not allowed; encryption key 1334 + * not shortened) 1335 + */ 1336 + if (conn->sec_level == BT_SECURITY_FIPS && 1337 + !test_bit(HCI_CONN_AES_CCM, &conn->flags)) { 1338 + bt_dev_err(conn->hdev, 1339 + "Invalid security: Missing AES-CCM usage"); 1340 + return 0; 1328 1341 } 1329 1342 1330 1343 if (hci_conn_ssp_enabled(conn) &&

+198 -14

net/bluetooth/hci_core.c

··· 26 26 /* Bluetooth HCI core. */ 27 27 28 28 #include <linux/export.h> 29 - #include <linux/idr.h> 30 29 #include <linux/rfkill.h> 31 30 #include <linux/debugfs.h> 32 31 #include <linux/crypto.h> ··· 605 606 if (hdev->commands[8] & 0x01) 606 607 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL); 607 608 608 - if (hdev->commands[18] & 0x04) 609 + if (hdev->commands[18] & 0x04 && 610 + !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) 609 611 hci_req_add(req, HCI_OP_READ_DEF_ERR_DATA_REPORTING, 0, NULL); 610 612 611 613 /* Some older Broadcom based Bluetooth 1.2 controllers do not ··· 763 763 hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL); 764 764 } 765 765 766 + if (hdev->commands[35] & 0x40) { 767 + __le16 rpa_timeout = cpu_to_le16(hdev->rpa_timeout); 768 + 769 + /* Set RPA timeout */ 770 + hci_req_add(req, HCI_OP_LE_SET_RPA_TIMEOUT, 2, 771 + &rpa_timeout); 772 + } 773 + 766 774 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) { 767 775 /* Read LE Maximum Data Length */ 768 776 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL); ··· 859 851 /* Set erroneous data reporting if supported to the wideband speech 860 852 * setting value 861 853 */ 862 - if (hdev->commands[18] & 0x08) { 854 + if (hdev->commands[18] & 0x08 && 855 + !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) { 863 856 bool enabled = hci_dev_test_flag(hdev, 864 857 HCI_WIDEBAND_SPEECH_ENABLED); 865 858 ··· 2991 2982 adv_instance->remaining_time = timeout; 2992 2983 2993 2984 if (duration == 0) 2994 - adv_instance->duration = HCI_DEFAULT_ADV_DURATION; 2985 + adv_instance->duration = hdev->def_multi_adv_rotation_duration; 2995 2986 else 2996 2987 adv_instance->duration = duration; 2997 2988 ··· 3003 2994 BT_DBG("%s for %dMR", hdev->name, instance); 3004 2995 3005 2996 return 0; 2997 + } 2998 + 2999 + /* This function requires the caller holds hdev->lock */ 3000 + void hci_adv_monitors_clear(struct hci_dev *hdev) 3001 + { 3002 + struct adv_monitor *monitor; 3003 + int handle; 3004 + 3005 + idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) 3006 + hci_free_adv_monitor(monitor); 3007 + 3008 + idr_destroy(&hdev->adv_monitors_idr); 3009 + } 3010 + 3011 + void hci_free_adv_monitor(struct adv_monitor *monitor) 3012 + { 3013 + struct adv_pattern *pattern; 3014 + struct adv_pattern *tmp; 3015 + 3016 + if (!monitor) 3017 + return; 3018 + 3019 + list_for_each_entry_safe(pattern, tmp, &monitor->patterns, list) 3020 + kfree(pattern); 3021 + 3022 + kfree(monitor); 3023 + } 3024 + 3025 + /* This function requires the caller holds hdev->lock */ 3026 + int hci_add_adv_monitor(struct hci_dev *hdev, struct adv_monitor *monitor) 3027 + { 3028 + int min, max, handle; 3029 + 3030 + if (!monitor) 3031 + return -EINVAL; 3032 + 3033 + min = HCI_MIN_ADV_MONITOR_HANDLE; 3034 + max = HCI_MIN_ADV_MONITOR_HANDLE + HCI_MAX_ADV_MONITOR_NUM_HANDLES; 3035 + handle = idr_alloc(&hdev->adv_monitors_idr, monitor, min, max, 3036 + GFP_KERNEL); 3037 + if (handle < 0) 3038 + return handle; 3039 + 3040 + hdev->adv_monitors_cnt++; 3041 + monitor->handle = handle; 3042 + 3043 + hci_update_background_scan(hdev); 3044 + 3045 + return 0; 3046 + } 3047 + 3048 + static int free_adv_monitor(int id, void *ptr, void *data) 3049 + { 3050 + struct hci_dev *hdev = data; 3051 + struct adv_monitor *monitor = ptr; 3052 + 3053 + idr_remove(&hdev->adv_monitors_idr, monitor->handle); 3054 + hci_free_adv_monitor(monitor); 3055 + 3056 + return 0; 3057 + } 3058 + 3059 + /* This function requires the caller holds hdev->lock */ 3060 + int hci_remove_adv_monitor(struct hci_dev *hdev, u16 handle) 3061 + { 3062 + struct adv_monitor *monitor; 3063 + 3064 + if (handle) { 3065 + monitor = idr_find(&hdev->adv_monitors_idr, handle); 3066 + if (!monitor) 3067 + return -ENOENT; 3068 + 3069 + idr_remove(&hdev->adv_monitors_idr, monitor->handle); 3070 + hci_free_adv_monitor(monitor); 3071 + } else { 3072 + /* Remove all monitors if handle is 0. */ 3073 + idr_for_each(&hdev->adv_monitors_idr, &free_adv_monitor, hdev); 3074 + } 3075 + 3076 + hci_update_background_scan(hdev); 3077 + 3078 + return 0; 3079 + } 3080 + 3081 + /* This function requires the caller holds hdev->lock */ 3082 + bool hci_is_adv_monitoring(struct hci_dev *hdev) 3083 + { 3084 + return !idr_is_empty(&hdev->adv_monitors_idr); 3006 3085 } 3007 3086 3008 3087 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list, ··· 3111 3014 u8 type) 3112 3015 { 3113 3016 struct bdaddr_list_with_irk *b; 3017 + 3018 + list_for_each_entry(b, bdaddr_list, list) { 3019 + if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type) 3020 + return b; 3021 + } 3022 + 3023 + return NULL; 3024 + } 3025 + 3026 + struct bdaddr_list_with_flags * 3027 + hci_bdaddr_list_lookup_with_flags(struct list_head *bdaddr_list, 3028 + bdaddr_t *bdaddr, u8 type) 3029 + { 3030 + struct bdaddr_list_with_flags *b; 3114 3031 3115 3032 list_for_each_entry(b, bdaddr_list, list) { 3116 3033 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type) ··· 3195 3084 return 0; 3196 3085 } 3197 3086 3087 + int hci_bdaddr_list_add_with_flags(struct list_head *list, bdaddr_t *bdaddr, 3088 + u8 type, u32 flags) 3089 + { 3090 + struct bdaddr_list_with_flags *entry; 3091 + 3092 + if (!bacmp(bdaddr, BDADDR_ANY)) 3093 + return -EBADF; 3094 + 3095 + if (hci_bdaddr_list_lookup(list, bdaddr, type)) 3096 + return -EEXIST; 3097 + 3098 + entry = kzalloc(sizeof(*entry), GFP_KERNEL); 3099 + if (!entry) 3100 + return -ENOMEM; 3101 + 3102 + bacpy(&entry->bdaddr, bdaddr); 3103 + entry->bdaddr_type = type; 3104 + entry->current_flags = flags; 3105 + 3106 + list_add(&entry->list, list); 3107 + 3108 + return 0; 3109 + } 3110 + 3198 3111 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type) 3199 3112 { 3200 3113 struct bdaddr_list *entry; ··· 3258 3123 return 0; 3259 3124 } 3260 3125 3126 + int hci_bdaddr_list_del_with_flags(struct list_head *list, bdaddr_t *bdaddr, 3127 + u8 type) 3128 + { 3129 + struct bdaddr_list_with_flags *entry; 3130 + 3131 + if (!bacmp(bdaddr, BDADDR_ANY)) { 3132 + hci_bdaddr_list_clear(list); 3133 + return 0; 3134 + } 3135 + 3136 + entry = hci_bdaddr_list_lookup_with_flags(list, bdaddr, type); 3137 + if (!entry) 3138 + return -ENOENT; 3139 + 3140 + list_del(&entry->list); 3141 + kfree(entry); 3142 + 3143 + return 0; 3144 + } 3145 + 3261 3146 /* This function requires the caller holds hdev->lock */ 3262 3147 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev, 3263 3148 bdaddr_t *addr, u8 addr_type) ··· 3299 3144 bdaddr_t *addr, u8 addr_type) 3300 3145 { 3301 3146 struct hci_conn_params *param; 3147 + 3148 + switch (addr_type) { 3149 + case ADDR_LE_DEV_PUBLIC_RESOLVED: 3150 + addr_type = ADDR_LE_DEV_PUBLIC; 3151 + break; 3152 + case ADDR_LE_DEV_RANDOM_RESOLVED: 3153 + addr_type = ADDR_LE_DEV_RANDOM; 3154 + break; 3155 + } 3302 3156 3303 3157 list_for_each_entry(param, list, action) { 3304 3158 if (bacmp(&param->addr, addr) == 0 && ··· 3453 3289 WAKE_COND, SUSPEND_NOTIFIER_TIMEOUT); 3454 3290 3455 3291 if (ret == 0) { 3456 - bt_dev_dbg(hdev, "Timed out waiting for suspend"); 3292 + bt_dev_err(hdev, "Timed out waiting for suspend events"); 3457 3293 for (i = 0; i < __SUSPEND_NUM_TASKS; ++i) { 3458 3294 if (test_bit(i, hdev->suspend_tasks)) 3459 - bt_dev_dbg(hdev, "Bit %d is set", i); 3295 + bt_dev_err(hdev, "Suspend timeout bit: %d", i); 3460 3296 clear_bit(i, hdev->suspend_tasks); 3461 3297 } 3462 3298 ··· 3524 3360 ret = hci_change_suspend_state(hdev, BT_RUNNING); 3525 3361 } 3526 3362 3527 - /* If suspend failed, restore it to running */ 3528 - if (ret && action == PM_SUSPEND_PREPARE) 3529 - hci_change_suspend_state(hdev, BT_RUNNING); 3530 - 3531 3363 done: 3532 - return ret ? notifier_from_errno(-EBUSY) : NOTIFY_STOP; 3364 + /* We always allow suspend even if suspend preparation failed and 3365 + * attempt to recover in resume. 3366 + */ 3367 + if (ret) 3368 + bt_dev_err(hdev, "Suspend notifier action (%lu) failed: %d", 3369 + action, ret); 3370 + 3371 + return NOTIFY_DONE; 3533 3372 } 3534 3373 3535 3374 /* Alloc HCI device */ ··· 3564 3397 hdev->le_adv_max_interval = 0x0800; 3565 3398 hdev->le_scan_interval = 0x0060; 3566 3399 hdev->le_scan_window = 0x0030; 3400 + hdev->le_scan_int_suspend = 0x0400; 3401 + hdev->le_scan_window_suspend = 0x0012; 3402 + hdev->le_scan_int_discovery = DISCOV_LE_SCAN_INT; 3403 + hdev->le_scan_window_discovery = DISCOV_LE_SCAN_WIN; 3404 + hdev->le_scan_int_connect = 0x0060; 3405 + hdev->le_scan_window_connect = 0x0060; 3567 3406 hdev->le_conn_min_interval = 0x0018; 3568 3407 hdev->le_conn_max_interval = 0x0028; 3569 3408 hdev->le_conn_latency = 0x0000; ··· 3585 3412 hdev->le_tx_def_phys = HCI_LE_SET_PHY_1M; 3586 3413 hdev->le_rx_def_phys = HCI_LE_SET_PHY_1M; 3587 3414 hdev->le_num_of_adv_sets = HCI_MAX_ADV_INSTANCES; 3415 + hdev->def_multi_adv_rotation_duration = HCI_DEFAULT_ADV_DURATION; 3416 + hdev->def_le_autoconnect_timeout = HCI_LE_AUTOCONN_TIMEOUT; 3588 3417 3589 3418 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT; 3590 3419 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT; ··· 3595 3420 hdev->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT; 3596 3421 hdev->min_enc_key_size = HCI_MIN_ENC_KEY_SIZE; 3597 3422 3423 + /* default 1.28 sec page scan */ 3424 + hdev->def_page_scan_type = PAGE_SCAN_TYPE_STANDARD; 3425 + hdev->def_page_scan_int = 0x0800; 3426 + hdev->def_page_scan_window = 0x0012; 3427 + 3598 3428 mutex_init(&hdev->lock); 3599 3429 mutex_init(&hdev->req_lock); 3600 3430 3601 3431 INIT_LIST_HEAD(&hdev->mgmt_pending); 3602 3432 INIT_LIST_HEAD(&hdev->blacklist); 3603 3433 INIT_LIST_HEAD(&hdev->whitelist); 3604 - INIT_LIST_HEAD(&hdev->wakeable); 3605 3434 INIT_LIST_HEAD(&hdev->uuids); 3606 3435 INIT_LIST_HEAD(&hdev->link_keys); 3607 3436 INIT_LIST_HEAD(&hdev->long_term_keys); ··· 3753 3574 3754 3575 queue_work(hdev->req_workqueue, &hdev->power_on); 3755 3576 3577 + idr_init(&hdev->adv_monitors_idr); 3578 + 3756 3579 return id; 3757 3580 3758 3581 err_wqueue: ··· 3784 3603 3785 3604 cancel_work_sync(&hdev->power_on); 3786 3605 3787 - hci_dev_do_close(hdev); 3788 - 3789 3606 unregister_pm_notifier(&hdev->suspend_notifier); 3607 + cancel_work_sync(&hdev->suspend_prepare); 3608 + 3609 + hci_dev_do_close(hdev); 3790 3610 3791 3611 if (!test_bit(HCI_INIT, &hdev->flags) && 3792 3612 !hci_dev_test_flag(hdev, HCI_SETUP) && ··· 3826 3644 hci_smp_irks_clear(hdev); 3827 3645 hci_remote_oob_data_clear(hdev); 3828 3646 hci_adv_instances_clear(hdev); 3647 + hci_adv_monitors_clear(hdev); 3829 3648 hci_bdaddr_list_clear(&hdev->le_white_list); 3830 3649 hci_bdaddr_list_clear(&hdev->le_resolv_list); 3831 3650 hci_conn_params_clear_all(hdev); ··· 4734 4551 4735 4552 if (conn) { 4736 4553 /* Send to upper protocol */ 4554 + bt_cb(skb)->sco.pkt_status = flags & 0x03; 4737 4555 sco_recv_scodata(conn, skb); 4738 4556 return; 4739 4557 } else {

+48 -23

net/bluetooth/hci_event.c

··· 2296 2296 if (!conn) 2297 2297 return; 2298 2298 2299 + /* When using controller based address resolution, then the new 2300 + * address types 0x02 and 0x03 are used. These types need to be 2301 + * converted back into either public address or random address type 2302 + */ 2303 + if (use_ll_privacy(hdev) && 2304 + hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) { 2305 + switch (own_address_type) { 2306 + case ADDR_LE_DEV_PUBLIC_RESOLVED: 2307 + own_address_type = ADDR_LE_DEV_PUBLIC; 2308 + break; 2309 + case ADDR_LE_DEV_RANDOM_RESOLVED: 2310 + own_address_type = ADDR_LE_DEV_RANDOM; 2311 + break; 2312 + } 2313 + } 2314 + 2299 2315 /* Store the initiator and responder address information which 2300 2316 * is needed for SMP. These values will not change during the 2301 2317 * lifetime of the connection. ··· 2533 2517 2534 2518 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 2535 2519 2536 - if (!num_rsp) 2520 + if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1) 2537 2521 return; 2538 2522 2539 2523 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) ··· 2713 2697 */ 2714 2698 if (hci_dev_test_flag(hdev, HCI_MGMT) && 2715 2699 !hci_dev_test_flag(hdev, HCI_CONNECTABLE) && 2716 - !hci_bdaddr_list_lookup(&hdev->whitelist, &ev->bdaddr, 2717 - BDADDR_BREDR)) { 2718 - hci_reject_conn(hdev, &ev->bdaddr); 2719 - return; 2700 + !hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, &ev->bdaddr, 2701 + BDADDR_BREDR)) { 2702 + hci_reject_conn(hdev, &ev->bdaddr); 2703 + return; 2720 2704 } 2721 2705 2722 2706 /* Connection accepted */ ··· 2841 2825 case HCI_AUTO_CONN_LINK_LOSS: 2842 2826 if (ev->reason != HCI_ERROR_CONNECTION_TIMEOUT) 2843 2827 break; 2844 - /* Fall through */ 2828 + fallthrough; 2845 2829 2846 2830 case HCI_AUTO_CONN_DIRECT: 2847 2831 case HCI_AUTO_CONN_ALWAYS: ··· 3081 3065 3082 3066 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 3083 3067 3068 + /* Check link security requirements are met */ 3069 + if (!hci_conn_check_link_mode(conn)) 3070 + ev->status = HCI_ERROR_AUTH_FAILURE; 3071 + 3084 3072 if (ev->status && conn->state == BT_CONNECTED) { 3085 3073 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING) 3086 3074 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags); 3087 3075 3076 + /* Notify upper layers so they can cleanup before 3077 + * disconnecting. 3078 + */ 3079 + hci_encrypt_cfm(conn, ev->status); 3088 3080 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 3089 - hci_conn_drop(conn); 3090 - goto unlock; 3091 - } 3092 - 3093 - /* In Secure Connections Only mode, do not allow any connections 3094 - * that are not encrypted with AES-CCM using a P-256 authenticated 3095 - * combination key. 3096 - */ 3097 - if (hci_dev_test_flag(hdev, HCI_SC_ONLY) && 3098 - (!test_bit(HCI_CONN_AES_CCM, &conn->flags) || 3099 - conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) { 3100 - hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE); 3101 3081 hci_conn_drop(conn); 3102 3082 goto unlock; 3103 3083 } ··· 4175 4163 struct inquiry_info_with_rssi_and_pscan_mode *info; 4176 4164 info = (void *) (skb->data + 1); 4177 4165 4166 + if (skb->len < num_rsp * sizeof(*info) + 1) 4167 + goto unlock; 4168 + 4178 4169 for (; num_rsp; num_rsp--, info++) { 4179 4170 u32 flags; 4180 4171 ··· 4199 4184 } else { 4200 4185 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1); 4201 4186 4187 + if (skb->len < num_rsp * sizeof(*info) + 1) 4188 + goto unlock; 4189 + 4202 4190 for (; num_rsp; num_rsp--, info++) { 4203 4191 u32 flags; 4204 4192 ··· 4222 4204 } 4223 4205 } 4224 4206 4207 + unlock: 4225 4208 hci_dev_unlock(hdev); 4226 4209 } 4227 4210 ··· 4343 4324 if (hci_setup_sync(conn, conn->link->handle)) 4344 4325 goto unlock; 4345 4326 } 4346 - /* fall through */ 4327 + fallthrough; 4347 4328 4348 4329 default: 4349 4330 conn->state = BT_CLOSED; ··· 4398 4379 4399 4380 BT_DBG("%s num_rsp %d", hdev->name, num_rsp); 4400 4381 4401 - if (!num_rsp) 4382 + if (!num_rsp || skb->len < num_rsp * sizeof(*info) + 1) 4402 4383 return; 4403 4384 4404 4385 if (hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) ··· 5228 5209 le16_to_cpu(ev->interval), 5229 5210 le16_to_cpu(ev->latency), 5230 5211 le16_to_cpu(ev->supervision_timeout)); 5212 + 5213 + if (use_ll_privacy(hdev) && 5214 + hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) && 5215 + hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) 5216 + hci_req_disable_address_resolution(hdev); 5231 5217 } 5232 5218 5233 5219 static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb) ··· 5343 5319 } 5344 5320 5345 5321 conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, 5346 - HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER, 5322 + hdev->def_le_autoconnect_timeout, HCI_ROLE_MASTER, 5347 5323 direct_rpa); 5348 5324 if (!IS_ERR(conn)) { 5349 5325 /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned ··· 5471 5447 5472 5448 /* Passive scanning shouldn't trigger any device found events, 5473 5449 * except for devices marked as CONN_REPORT for which we do send 5474 - * device found events. 5450 + * device found events, or advertisement monitoring requested. 5475 5451 */ 5476 5452 if (hdev->le_scan_type == LE_SCAN_PASSIVE) { 5477 5453 if (type == LE_ADV_DIRECT_IND) 5478 5454 return; 5479 5455 5480 5456 if (!hci_pend_le_action_lookup(&hdev->pend_le_reports, 5481 - bdaddr, bdaddr_type)) 5457 + bdaddr, bdaddr_type) && 5458 + idr_is_empty(&hdev->adv_monitors_idr)) 5482 5459 return; 5483 5460 5484 5461 if (type == LE_ADV_NONCONN_IND || type == LE_ADV_SCAN_IND)

+233 -53

net/bluetooth/hci_request.c

··· 34 34 #define HCI_REQ_PEND 1 35 35 #define HCI_REQ_CANCELED 2 36 36 37 - #define LE_SUSPEND_SCAN_WINDOW 0x0012 38 - #define LE_SUSPEND_SCAN_INTERVAL 0x0400 39 - 40 37 void hci_req_init(struct hci_request *req, struct hci_dev *hdev) 41 38 { 42 39 skb_queue_head_init(&req->cmd_q); ··· 363 366 /* 160 msec page scan interval */ 364 367 acp.interval = cpu_to_le16(0x0100); 365 368 } else { 366 - type = PAGE_SCAN_TYPE_STANDARD; /* default */ 367 - 368 - /* default 1.28 sec page scan */ 369 - acp.interval = cpu_to_le16(0x0800); 369 + type = hdev->def_page_scan_type; 370 + acp.interval = cpu_to_le16(hdev->def_page_scan_int); 370 371 } 371 372 372 - acp.window = cpu_to_le16(0x0012); 373 + acp.window = cpu_to_le16(hdev->def_page_scan_window); 373 374 374 375 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval || 375 376 __cpu_to_le16(hdev->page_scan_window) != acp.window) ··· 413 418 */ 414 419 hci_discovery_filter_clear(hdev); 415 420 421 + BT_DBG("%s ADV monitoring is %s", hdev->name, 422 + hci_is_adv_monitoring(hdev) ? "on" : "off"); 423 + 416 424 if (list_empty(&hdev->pend_le_conns) && 417 - list_empty(&hdev->pend_le_reports)) { 425 + list_empty(&hdev->pend_le_reports) && 426 + !hci_is_adv_monitoring(hdev)) { 418 427 /* If there is no pending LE connections or devices 419 - * to be scanned for, we should stop the background 420 - * scanning. 428 + * to be scanned for or no ADV monitors, we should stop the 429 + * background scanning. 421 430 */ 422 431 423 432 /* If controller is not scanning we are done. */ 424 433 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 425 434 return; 426 435 427 - hci_req_add_le_scan_disable(req); 436 + hci_req_add_le_scan_disable(req, false); 428 437 429 438 BT_DBG("%s stopping background scanning", hdev->name); 430 439 } else { ··· 447 448 * don't miss any advertising (due to duplicates filter). 448 449 */ 449 450 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 450 - hci_req_add_le_scan_disable(req); 451 + hci_req_add_le_scan_disable(req, false); 451 452 452 453 hci_req_add_le_passive_scan(req); 453 454 ··· 652 653 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 653 654 } 654 655 655 - void hci_req_add_le_scan_disable(struct hci_request *req) 656 + void hci_req_add_le_scan_disable(struct hci_request *req, bool rpa_le_conn) 656 657 { 657 658 struct hci_dev *hdev = req->hdev; 658 659 ··· 675 676 cp.enable = LE_SCAN_DISABLE; 676 677 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 677 678 } 679 + 680 + /* Disable address resolution */ 681 + if (use_ll_privacy(hdev) && 682 + hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) && 683 + hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION) && !rpa_le_conn) { 684 + __u8 enable = 0x00; 685 + 686 + hci_req_add(req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable); 687 + } 678 688 } 679 689 680 690 static void del_from_white_list(struct hci_request *req, bdaddr_t *bdaddr, ··· 697 689 bt_dev_dbg(req->hdev, "Remove %pMR (0x%x) from whitelist", &cp.bdaddr, 698 690 cp.bdaddr_type); 699 691 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, sizeof(cp), &cp); 692 + 693 + if (use_ll_privacy(req->hdev)) { 694 + struct smp_irk *irk; 695 + 696 + irk = hci_find_irk_by_addr(req->hdev, bdaddr, bdaddr_type); 697 + if (irk) { 698 + struct hci_cp_le_del_from_resolv_list cp; 699 + 700 + cp.bdaddr_type = bdaddr_type; 701 + bacpy(&cp.bdaddr, bdaddr); 702 + 703 + hci_req_add(req, HCI_OP_LE_DEL_FROM_RESOLV_LIST, 704 + sizeof(cp), &cp); 705 + } 706 + } 700 707 } 701 708 702 709 /* Adds connection to white list if needed. On error, returns -1. */ ··· 732 709 return -1; 733 710 734 711 /* White list can not be used with RPAs */ 735 - if (!allow_rpa && 712 + if (!allow_rpa && !use_ll_privacy(hdev) && 736 713 hci_find_irk_by_addr(hdev, &params->addr, params->addr_type)) { 737 714 return -1; 738 715 } 739 716 740 717 /* During suspend, only wakeable devices can be in whitelist */ 741 - if (hdev->suspended && !params->wakeable) 718 + if (hdev->suspended && !hci_conn_test_flag(HCI_CONN_FLAG_REMOTE_WAKEUP, 719 + params->current_flags)) 742 720 return 0; 743 721 744 722 *num_entries += 1; ··· 749 725 bt_dev_dbg(hdev, "Add %pMR (0x%x) to whitelist", &cp.bdaddr, 750 726 cp.bdaddr_type); 751 727 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp); 728 + 729 + if (use_ll_privacy(hdev)) { 730 + struct smp_irk *irk; 731 + 732 + irk = hci_find_irk_by_addr(hdev, &params->addr, 733 + params->addr_type); 734 + if (irk) { 735 + struct hci_cp_le_add_to_resolv_list cp; 736 + 737 + cp.bdaddr_type = params->addr_type; 738 + bacpy(&cp.bdaddr, &params->addr); 739 + memcpy(cp.peer_irk, irk->val, 16); 740 + 741 + if (hci_dev_test_flag(hdev, HCI_PRIVACY)) 742 + memcpy(cp.local_irk, hdev->irk, 16); 743 + else 744 + memset(cp.local_irk, 0, 16); 745 + 746 + hci_req_add(req, HCI_OP_LE_ADD_TO_RESOLV_LIST, 747 + sizeof(cp), &cp); 748 + } 749 + } 752 750 753 751 return 0; 754 752 } ··· 812 766 } 813 767 814 768 /* White list can not be used with RPAs */ 815 - if (!allow_rpa && 769 + if (!allow_rpa && !use_ll_privacy(hdev) && 816 770 hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) { 817 771 return 0x00; 818 772 } ··· 844 798 return 0x00; 845 799 } 846 800 801 + /* Once the controller offloading of advertisement monitor is in place, 802 + * the if condition should include the support of MSFT extension 803 + * support. If suspend is ongoing, whitelist should be the default to 804 + * prevent waking by random advertisements. 805 + */ 806 + if (!idr_is_empty(&hdev->adv_monitors_idr) && !hdev->suspended) 807 + return 0x00; 808 + 847 809 /* Select filter policy to use white list */ 848 810 return 0x01; 849 811 } ··· 862 808 } 863 809 864 810 static void hci_req_start_scan(struct hci_request *req, u8 type, u16 interval, 865 - u16 window, u8 own_addr_type, u8 filter_policy) 811 + u16 window, u8 own_addr_type, u8 filter_policy, 812 + bool addr_resolv) 866 813 { 867 814 struct hci_dev *hdev = req->hdev; 815 + 816 + if (hdev->scanning_paused) { 817 + bt_dev_dbg(hdev, "Scanning is paused for suspend"); 818 + return; 819 + } 820 + 821 + if (use_ll_privacy(hdev) && 822 + hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) && 823 + addr_resolv) { 824 + u8 enable = 0x01; 825 + 826 + hci_req_add(req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable); 827 + } 868 828 869 829 /* Use ext scanning if set ext scan param and ext scan enable is 870 830 * supported ··· 953 885 } 954 886 } 955 887 888 + /* Returns true if an le connection is in the scanning state */ 889 + static inline bool hci_is_le_conn_scanning(struct hci_dev *hdev) 890 + { 891 + struct hci_conn_hash *h = &hdev->conn_hash; 892 + struct hci_conn *c; 893 + 894 + rcu_read_lock(); 895 + 896 + list_for_each_entry_rcu(c, &h->list, list) { 897 + if (c->type == LE_LINK && c->state == BT_CONNECT && 898 + test_bit(HCI_CONN_SCANNING, &c->flags)) { 899 + rcu_read_unlock(); 900 + return true; 901 + } 902 + } 903 + 904 + rcu_read_unlock(); 905 + 906 + return false; 907 + } 908 + 909 + /* Ensure to call hci_req_add_le_scan_disable() first to disable the 910 + * controller based address resolution to be able to reconfigure 911 + * resolving list. 912 + */ 956 913 void hci_req_add_le_passive_scan(struct hci_request *req) 957 914 { 958 915 struct hci_dev *hdev = req->hdev; 959 916 u8 own_addr_type; 960 917 u8 filter_policy; 961 918 u16 window, interval; 919 + /* Background scanning should run with address resolution */ 920 + bool addr_resolv = true; 962 921 963 922 if (hdev->scanning_paused) { 964 923 bt_dev_dbg(hdev, "Scanning is paused for suspend"); ··· 1022 927 filter_policy |= 0x02; 1023 928 1024 929 if (hdev->suspended) { 1025 - window = LE_SUSPEND_SCAN_WINDOW; 1026 - interval = LE_SUSPEND_SCAN_INTERVAL; 930 + window = hdev->le_scan_window_suspend; 931 + interval = hdev->le_scan_int_suspend; 932 + } else if (hci_is_le_conn_scanning(hdev)) { 933 + window = hdev->le_scan_window_connect; 934 + interval = hdev->le_scan_int_connect; 1027 935 } else { 1028 936 window = hdev->le_scan_window; 1029 937 interval = hdev->le_scan_interval; ··· 1034 936 1035 937 bt_dev_dbg(hdev, "LE passive scan with whitelist = %d", filter_policy); 1036 938 hci_req_start_scan(req, LE_SCAN_PASSIVE, interval, window, 1037 - own_addr_type, filter_policy); 939 + own_addr_type, filter_policy, addr_resolv); 1038 940 } 1039 941 1040 942 static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance) ··· 1071 973 1072 974 static void hci_req_set_event_filter(struct hci_request *req) 1073 975 { 1074 - struct bdaddr_list *b; 976 + struct bdaddr_list_with_flags *b; 1075 977 struct hci_cp_set_event_filter f; 1076 978 struct hci_dev *hdev = req->hdev; 1077 - u8 scan; 979 + u8 scan = SCAN_DISABLED; 1078 980 1079 981 /* Always clear event filter when starting */ 1080 982 hci_req_clear_event_filter(req); 1081 983 1082 - list_for_each_entry(b, &hdev->wakeable, list) { 984 + list_for_each_entry(b, &hdev->whitelist, list) { 985 + if (!hci_conn_test_flag(HCI_CONN_FLAG_REMOTE_WAKEUP, 986 + b->current_flags)) 987 + continue; 988 + 1083 989 memset(&f, 0, sizeof(f)); 1084 990 bacpy(&f.addr_conn_flt.bdaddr, &b->bdaddr); 1085 991 f.flt_type = HCI_FLT_CONN_SETUP; ··· 1092 990 1093 991 bt_dev_dbg(hdev, "Adding event filters for %pMR", &b->bdaddr); 1094 992 hci_req_add(req, HCI_OP_SET_EVENT_FLT, sizeof(f), &f); 993 + scan = SCAN_PAGE; 1095 994 } 1096 995 1097 - scan = !list_empty(&hdev->wakeable) ? SCAN_PAGE : SCAN_DISABLED; 1098 996 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 1099 997 } 1100 998 1101 999 static void hci_req_config_le_suspend_scan(struct hci_request *req) 1102 1000 { 1103 - /* Can't change params without disabling first */ 1104 - hci_req_add_le_scan_disable(req); 1001 + /* Before changing params disable scan if enabled */ 1002 + if (hci_dev_test_flag(req->hdev, HCI_LE_SCAN)) 1003 + hci_req_add_le_scan_disable(req, false); 1105 1004 1106 1005 /* Configure params and enable scanning */ 1107 1006 hci_req_add_le_passive_scan(req); ··· 1168 1065 page_scan = SCAN_DISABLED; 1169 1066 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &page_scan); 1170 1067 1171 - /* Disable LE passive scan */ 1172 - hci_req_add_le_scan_disable(&req); 1068 + /* Disable LE passive scan if enabled */ 1069 + if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 1070 + hci_req_add_le_scan_disable(&req, false); 1173 1071 1174 1072 /* Mark task needing completion */ 1175 1073 set_bit(SUSPEND_SCAN_DISABLE, hdev->suspend_tasks); ··· 1264 1160 void __hci_req_disable_advertising(struct hci_request *req) 1265 1161 { 1266 1162 if (ext_adv_capable(req->hdev)) { 1267 - struct hci_cp_le_set_ext_adv_enable cp; 1163 + __hci_req_disable_ext_adv_instance(req, 0x00); 1268 1164 1269 - cp.enable = 0x00; 1270 - /* Disable all sets since we only support one set at the moment */ 1271 - cp.num_of_sets = 0x00; 1272 - 1273 - hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), &cp); 1274 1165 } else { 1275 1166 u8 enable = 0x00; 1276 1167 ··· 1726 1627 return hci_req_run(&req, NULL); 1727 1628 } 1728 1629 1630 + static void enable_addr_resolution_complete(struct hci_dev *hdev, u8 status, 1631 + u16 opcode) 1632 + { 1633 + BT_DBG("%s status %u", hdev->name, status); 1634 + } 1635 + 1636 + void hci_req_disable_address_resolution(struct hci_dev *hdev) 1637 + { 1638 + struct hci_request req; 1639 + __u8 enable = 0x00; 1640 + 1641 + if (!use_ll_privacy(hdev) && 1642 + !hci_dev_test_flag(hdev, HCI_LL_RPA_RESOLUTION)) 1643 + return; 1644 + 1645 + hci_req_init(&req, hdev); 1646 + 1647 + hci_req_add(&req, HCI_OP_LE_SET_ADDR_RESOLV_ENABLE, 1, &enable); 1648 + 1649 + hci_req_run(&req, enable_addr_resolution_complete); 1650 + } 1651 + 1729 1652 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode) 1730 1653 { 1731 1654 BT_DBG("%s status %u", hdev->name, status); ··· 1907 1786 int err; 1908 1787 struct adv_info *adv_instance; 1909 1788 bool secondary_adv; 1910 - /* In ext adv set param interval is 3 octets */ 1911 - const u8 adv_interval[3] = { 0x00, 0x08, 0x00 }; 1912 1789 1913 1790 if (instance > 0) { 1914 1791 adv_instance = hci_find_adv_instance(hdev, instance); ··· 1939 1820 1940 1821 memset(&cp, 0, sizeof(cp)); 1941 1822 1942 - memcpy(cp.min_interval, adv_interval, sizeof(cp.min_interval)); 1943 - memcpy(cp.max_interval, adv_interval, sizeof(cp.max_interval)); 1823 + /* In ext adv set param interval is 3 octets */ 1824 + hci_cpu_to_le24(hdev->le_adv_min_interval, cp.min_interval); 1825 + hci_cpu_to_le24(hdev->le_adv_max_interval, cp.max_interval); 1944 1826 1945 1827 secondary_adv = (flags & MGMT_ADV_FLAG_SEC_MASK); 1946 1828 ··· 2052 1932 return 0; 2053 1933 } 2054 1934 1935 + int __hci_req_disable_ext_adv_instance(struct hci_request *req, u8 instance) 1936 + { 1937 + struct hci_dev *hdev = req->hdev; 1938 + struct hci_cp_le_set_ext_adv_enable *cp; 1939 + struct hci_cp_ext_adv_set *adv_set; 1940 + u8 data[sizeof(*cp) + sizeof(*adv_set) * 1]; 1941 + u8 req_size; 1942 + 1943 + /* If request specifies an instance that doesn't exist, fail */ 1944 + if (instance > 0 && !hci_find_adv_instance(hdev, instance)) 1945 + return -EINVAL; 1946 + 1947 + memset(data, 0, sizeof(data)); 1948 + 1949 + cp = (void *)data; 1950 + adv_set = (void *)cp->data; 1951 + 1952 + /* Instance 0x00 indicates all advertising instances will be disabled */ 1953 + cp->num_of_sets = !!instance; 1954 + cp->enable = 0x00; 1955 + 1956 + adv_set->handle = instance; 1957 + 1958 + req_size = sizeof(*cp) + sizeof(*adv_set) * cp->num_of_sets; 1959 + hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE, req_size, data); 1960 + 1961 + return 0; 1962 + } 1963 + 1964 + int __hci_req_remove_ext_adv_instance(struct hci_request *req, u8 instance) 1965 + { 1966 + struct hci_dev *hdev = req->hdev; 1967 + 1968 + /* If request specifies an instance that doesn't exist, fail */ 1969 + if (instance > 0 && !hci_find_adv_instance(hdev, instance)) 1970 + return -EINVAL; 1971 + 1972 + hci_req_add(req, HCI_OP_LE_REMOVE_ADV_SET, sizeof(instance), &instance); 1973 + 1974 + return 0; 1975 + } 1976 + 2055 1977 int __hci_req_start_ext_adv(struct hci_request *req, u8 instance) 2056 1978 { 2057 1979 struct hci_dev *hdev = req->hdev; 1980 + struct adv_info *adv_instance = hci_find_adv_instance(hdev, instance); 2058 1981 int err; 2059 1982 2060 - if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 2061 - __hci_req_disable_advertising(req); 1983 + /* If instance isn't pending, the chip knows about it, and it's safe to 1984 + * disable 1985 + */ 1986 + if (adv_instance && !adv_instance->pending) 1987 + __hci_req_disable_ext_adv_instance(req, instance); 2062 1988 2063 1989 err = __hci_req_setup_ext_adv_instance(req, instance); 2064 1990 if (err < 0) ··· 2252 2086 hci_dev_test_flag(hdev, HCI_ADVERTISING)) 2253 2087 return; 2254 2088 2255 - if (next_instance) 2089 + if (next_instance && !ext_adv_capable(hdev)) 2256 2090 __hci_req_schedule_adv_instance(req, next_instance->instance, 2257 2091 false); 2258 2092 } ··· 2294 2128 if (use_rpa) { 2295 2129 int to; 2296 2130 2297 - *own_addr_type = ADDR_LE_DEV_RANDOM; 2131 + /* If Controller supports LL Privacy use own address type is 2132 + * 0x03 2133 + */ 2134 + if (use_ll_privacy(hdev)) 2135 + *own_addr_type = ADDR_LE_DEV_RANDOM_RESOLVED; 2136 + else 2137 + *own_addr_type = ADDR_LE_DEV_RANDOM; 2298 2138 2299 2139 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) && 2300 2140 !bacmp(&hdev->random_addr, &hdev->rpa)) ··· 2719 2547 2720 2548 static int le_scan_disable(struct hci_request *req, unsigned long opt) 2721 2549 { 2722 - hci_req_add_le_scan_disable(req); 2550 + hci_req_add_le_scan_disable(req, false); 2723 2551 return 0; 2724 2552 } 2725 2553 ··· 2817 2645 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 2818 2646 return 0; 2819 2647 2820 - hci_req_add_le_scan_disable(req); 2648 + if (hdev->scanning_paused) { 2649 + bt_dev_dbg(hdev, "Scanning is paused for suspend"); 2650 + return 0; 2651 + } 2652 + 2653 + hci_req_add_le_scan_disable(req, false); 2821 2654 2822 2655 if (use_ext_scan(hdev)) { 2823 2656 struct hci_cp_le_set_ext_scan_enable ext_enable_cp; ··· 2902 2725 u8 own_addr_type; 2903 2726 /* White list is not used for discovery */ 2904 2727 u8 filter_policy = 0x00; 2728 + /* Discovery doesn't require controller address resolution */ 2729 + bool addr_resolv = false; 2905 2730 int err; 2906 2731 2907 2732 BT_DBG("%s", hdev->name); ··· 2913 2734 * discovery scanning parameters. 2914 2735 */ 2915 2736 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) 2916 - hci_req_add_le_scan_disable(req); 2737 + hci_req_add_le_scan_disable(req, false); 2917 2738 2918 2739 /* All active scans will be done with either a resolvable private 2919 2740 * address (when privacy feature has been enabled) or non-resolvable ··· 2924 2745 if (err < 0) 2925 2746 own_addr_type = ADDR_LE_DEV_PUBLIC; 2926 2747 2927 - hci_req_start_scan(req, LE_SCAN_ACTIVE, interval, DISCOV_LE_SCAN_WIN, 2928 - own_addr_type, filter_policy); 2748 + hci_req_start_scan(req, LE_SCAN_ACTIVE, interval, 2749 + hdev->le_scan_window_discovery, own_addr_type, 2750 + filter_policy, addr_resolv); 2929 2751 return 0; 2930 2752 } 2931 2753 ··· 2973 2793 * to do BR/EDR inquiry. 2974 2794 */ 2975 2795 hci_req_sync(hdev, interleaved_discov, 2976 - DISCOV_LE_SCAN_INT * 2, HCI_CMD_TIMEOUT, 2796 + hdev->le_scan_int_discovery * 2, HCI_CMD_TIMEOUT, 2977 2797 status); 2978 2798 break; 2979 2799 } 2980 2800 2981 2801 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout); 2982 - hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT, 2802 + hci_req_sync(hdev, active_scan, hdev->le_scan_int_discovery, 2983 2803 HCI_CMD_TIMEOUT, status); 2984 2804 break; 2985 2805 case DISCOV_TYPE_LE: 2986 2806 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT); 2987 - hci_req_sync(hdev, active_scan, DISCOV_LE_SCAN_INT, 2807 + hci_req_sync(hdev, active_scan, hdev->le_scan_int_discovery, 2988 2808 HCI_CMD_TIMEOUT, status); 2989 2809 break; 2990 2810 default: ··· 3028 2848 3029 2849 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 3030 2850 cancel_delayed_work(&hdev->le_scan_disable); 3031 - hci_req_add_le_scan_disable(req); 2851 + hci_req_add_le_scan_disable(req, false); 3032 2852 } 3033 2853 3034 2854 ret = true; 3035 2855 } else { 3036 2856 /* Passive scanning */ 3037 2857 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 3038 - hci_req_add_le_scan_disable(req); 2858 + hci_req_add_le_scan_disable(req, false); 3039 2859 ret = true; 3040 2860 } 3041 2861 }

+4 -1

net/bluetooth/hci_request.h

··· 65 65 void __hci_req_update_name(struct hci_request *req); 66 66 void __hci_req_update_eir(struct hci_request *req); 67 67 68 - void hci_req_add_le_scan_disable(struct hci_request *req); 68 + void hci_req_add_le_scan_disable(struct hci_request *req, bool rpa_le_conn); 69 69 void hci_req_add_le_passive_scan(struct hci_request *req); 70 70 71 71 void hci_req_prepare_suspend(struct hci_dev *hdev, enum suspended_state next); 72 72 73 + void hci_req_disable_address_resolution(struct hci_dev *hdev); 73 74 void hci_req_reenable_advertising(struct hci_dev *hdev); 74 75 void __hci_req_enable_advertising(struct hci_request *req); 75 76 void __hci_req_disable_advertising(struct hci_request *req); ··· 87 86 int __hci_req_setup_ext_adv_instance(struct hci_request *req, u8 instance); 88 87 int __hci_req_start_ext_adv(struct hci_request *req, u8 instance); 89 88 int __hci_req_enable_ext_advertising(struct hci_request *req, u8 instance); 89 + int __hci_req_disable_ext_adv_instance(struct hci_request *req, u8 instance); 90 + int __hci_req_remove_ext_adv_instance(struct hci_request *req, u8 instance); 90 91 void __hci_req_clear_ext_adv_sets(struct hci_request *req); 91 92 int hci_get_random_address(struct hci_dev *hdev, bool require_privacy, 92 93 bool use_rpa, struct adv_info *adv_instance,

+3 -4

net/bluetooth/hci_sock.c

··· 52 52 struct bt_sock bt; 53 53 struct hci_dev *hdev; 54 54 struct hci_filter filter; 55 - __u32 cmsg_mask; 55 + __u8 cmsg_mask; 56 56 unsigned short channel; 57 57 unsigned long flags; 58 58 __u32 cookie; ··· 443 443 case HCI_DEV_SETUP: 444 444 if (hdev->manufacturer == 0xffff) 445 445 return NULL; 446 - 447 - /* fall through */ 446 + fallthrough; 448 447 449 448 case HCI_DEV_UP: 450 449 skb = bt_skb_alloc(HCI_MON_INDEX_INFO_SIZE, GFP_ATOMIC); ··· 1398 1399 static void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, 1399 1400 struct sk_buff *skb) 1400 1401 { 1401 - __u32 mask = hci_pi(sk)->cmsg_mask; 1402 + __u8 mask = hci_pi(sk)->cmsg_mask; 1402 1403 1403 1404 if (mask & HCI_CMSG_DIR) { 1404 1405 int incoming = bt_cb(skb)->incoming;

+13 -12

net/bluetooth/l2cap_core.c

··· 666 666 667 667 l2cap_seq_list_free(&chan->srej_list); 668 668 l2cap_seq_list_free(&chan->retrans_list); 669 - 670 - /* fall through */ 669 + fallthrough; 671 670 672 671 case L2CAP_MODE_STREAMING: 673 672 skb_queue_purge(&chan->tx_q); ··· 871 872 else 872 873 return HCI_AT_NO_BONDING; 873 874 } 874 - /* fall through */ 875 + fallthrough; 876 + 875 877 default: 876 878 switch (chan->sec_level) { 877 879 case BT_SECURITY_HIGH: ··· 2983 2983 break; 2984 2984 case L2CAP_EV_RECV_REQSEQ_AND_FBIT: 2985 2985 l2cap_process_reqseq(chan, control->reqseq); 2986 - 2987 - /* Fall through */ 2986 + fallthrough; 2988 2987 2989 2988 case L2CAP_EV_RECV_FBIT: 2990 2989 if (control && control->final) { ··· 3310 3311 case L2CAP_MODE_ERTM: 3311 3312 if (l2cap_mode_supported(mode, remote_feat_mask)) 3312 3313 return mode; 3313 - /* fall through */ 3314 + fallthrough; 3314 3315 default: 3315 3316 return L2CAP_MODE_BASIC; 3316 3317 } ··· 3446 3447 if (__l2cap_efs_supported(chan->conn)) 3447 3448 set_bit(FLAG_EFS_ENABLE, &chan->flags); 3448 3449 3449 - /* fall through */ 3450 + fallthrough; 3450 3451 default: 3451 3452 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask); 3452 3453 break; ··· 4538 4539 goto done; 4539 4540 break; 4540 4541 } 4541 - /* fall through */ 4542 + fallthrough; 4542 4543 4543 4544 default: 4544 4545 l2cap_chan_set_err(chan, ECONNRESET); ··· 7718 7719 conn->mtu = hcon->hdev->le_mtu; 7719 7720 break; 7720 7721 } 7721 - /* fall through */ 7722 + fallthrough; 7722 7723 default: 7723 7724 conn->mtu = hcon->hdev->acl_mtu; 7724 7725 break; ··· 7840 7841 case L2CAP_MODE_STREAMING: 7841 7842 if (!disable_ertm) 7842 7843 break; 7843 - /* fall through */ 7844 + fallthrough; 7844 7845 default: 7845 7846 err = -EOPNOTSUPP; 7846 7847 goto done; ··· 7892 7893 else 7893 7894 hcon = hci_connect_le_scan(hdev, dst, dst_type, 7894 7895 chan->sec_level, 7895 - HCI_LE_CONN_TIMEOUT); 7896 + HCI_LE_CONN_TIMEOUT, 7897 + CONN_REASON_L2CAP_CHAN); 7896 7898 7897 7899 } else { 7898 7900 u8 auth_type = l2cap_get_auth_type(chan); 7899 - hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type); 7901 + hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type, 7902 + CONN_REASON_L2CAP_CHAN); 7900 7903 } 7901 7904 7902 7905 if (IS_ERR(hcon)) {

+2 -2

net/bluetooth/l2cap_sock.c

··· 284 284 case L2CAP_MODE_STREAMING: 285 285 if (!disable_ertm) 286 286 break; 287 - /* fall through */ 287 + fallthrough; 288 288 default: 289 289 err = -EOPNOTSUPP; 290 290 goto done; ··· 760 760 case L2CAP_MODE_STREAMING: 761 761 if (!disable_ertm) 762 762 break; 763 - /* fall through */ 763 + fallthrough; 764 764 default: 765 765 err = -EINVAL; 766 766 break;

+563 -14

net/bluetooth/mgmt.c

··· 36 36 #include "hci_request.h" 37 37 #include "smp.h" 38 38 #include "mgmt_util.h" 39 + #include "mgmt_config.h" 40 + #include "msft.h" 39 41 40 42 #define MGMT_VERSION 1 41 - #define MGMT_REVISION 17 43 + #define MGMT_REVISION 18 42 44 43 45 static const u16 mgmt_commands[] = { 44 46 MGMT_OP_READ_INDEX_LIST, ··· 113 111 MGMT_OP_READ_SECURITY_INFO, 114 112 MGMT_OP_READ_EXP_FEATURES_INFO, 115 113 MGMT_OP_SET_EXP_FEATURE, 114 + MGMT_OP_READ_DEF_SYSTEM_CONFIG, 115 + MGMT_OP_SET_DEF_SYSTEM_CONFIG, 116 + MGMT_OP_READ_DEF_RUNTIME_CONFIG, 117 + MGMT_OP_SET_DEF_RUNTIME_CONFIG, 118 + MGMT_OP_GET_DEVICE_FLAGS, 119 + MGMT_OP_SET_DEVICE_FLAGS, 120 + MGMT_OP_READ_ADV_MONITOR_FEATURES, 121 + MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 122 + MGMT_OP_REMOVE_ADV_MONITOR, 116 123 }; 117 124 118 125 static const u16 mgmt_events[] = { ··· 162 151 MGMT_EV_EXT_INFO_CHANGED, 163 152 MGMT_EV_PHY_CONFIGURATION_CHANGED, 164 153 MGMT_EV_EXP_FEATURE_CHANGED, 154 + MGMT_EV_DEVICE_FLAGS_CHANGED, 165 155 }; 166 156 167 157 static const u16 mgmt_untrusted_commands[] = { ··· 174 162 MGMT_OP_READ_EXT_INFO, 175 163 MGMT_OP_READ_SECURITY_INFO, 176 164 MGMT_OP_READ_EXP_FEATURES_INFO, 165 + MGMT_OP_READ_DEF_SYSTEM_CONFIG, 166 + MGMT_OP_READ_DEF_RUNTIME_CONFIG, 177 167 }; 178 168 179 169 static const u16 mgmt_untrusted_events[] = { ··· 191 177 MGMT_EV_EXT_INDEX_REMOVED, 192 178 MGMT_EV_EXT_INFO_CHANGED, 193 179 MGMT_EV_EXP_FEATURE_CHANGED, 180 + MGMT_EV_ADV_MONITOR_ADDED, 181 + MGMT_EV_ADV_MONITOR_REMOVED, 194 182 }; 195 183 196 184 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000) ··· 795 779 796 780 if (lmp_le_capable(hdev)) { 797 781 settings |= MGMT_SETTING_LE; 798 - settings |= MGMT_SETTING_ADVERTISING; 799 782 settings |= MGMT_SETTING_SECURE_CONN; 800 783 settings |= MGMT_SETTING_PRIVACY; 801 784 settings |= MGMT_SETTING_STATIC_ADDRESS; 785 + 786 + /* When the experimental feature for LL Privacy support is 787 + * enabled, then advertising is no longer supported. 788 + */ 789 + if (!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 790 + settings |= MGMT_SETTING_ADVERTISING; 802 791 } 803 792 804 793 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) || ··· 2936 2915 2937 2916 if (cp->addr.type == BDADDR_BREDR) { 2938 2917 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level, 2939 - auth_type); 2918 + auth_type, CONN_REASON_PAIR_DEVICE); 2940 2919 } else { 2941 2920 u8 addr_type = le_addr_type(cp->addr.type); 2942 2921 struct hci_conn_params *p; ··· 2955 2934 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) 2956 2935 p->auto_connect = HCI_AUTO_CONN_DISABLED; 2957 2936 2958 - conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, 2959 - addr_type, sec_level, 2960 - HCI_LE_CONN_TIMEOUT); 2937 + conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type, 2938 + sec_level, HCI_LE_CONN_TIMEOUT, 2939 + CONN_REASON_PAIR_DEVICE); 2961 2940 } 2962 2941 2963 2942 if (IS_ERR(conn)) { ··· 3058 3037 3059 3038 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0, 3060 3039 addr, sizeof(*addr)); 3040 + 3041 + /* Since user doesn't want to proceed with the connection, abort any 3042 + * ongoing pairing and then terminate the link if it was created 3043 + * because of the pair device action. 3044 + */ 3045 + if (addr->type == BDADDR_BREDR) 3046 + hci_remove_link_key(hdev, &addr->bdaddr); 3047 + else 3048 + smp_cancel_and_remove_pairing(hdev, &addr->bdaddr, 3049 + le_addr_type(addr->type)); 3050 + 3051 + if (conn->conn_reason == CONN_REASON_PAIR_DEVICE) 3052 + hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM); 3053 + 3061 3054 unlock: 3062 3055 hci_dev_unlock(hdev); 3063 3056 return err; ··· 3758 3723 }; 3759 3724 #endif 3760 3725 3726 + /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */ 3727 + static const u8 simult_central_periph_uuid[16] = { 3728 + 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92, 3729 + 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67, 3730 + }; 3731 + 3732 + /* 15c0a148-c273-11ea-b3de-0242ac130004 */ 3733 + static const u8 rpa_resolution_uuid[16] = { 3734 + 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3, 3735 + 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15, 3736 + }; 3737 + 3761 3738 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev, 3762 3739 void *data, u16 data_len) 3763 3740 { 3764 - char buf[42]; 3741 + char buf[62]; /* Enough space for 3 features */ 3765 3742 struct mgmt_rp_read_exp_features_info *rp = (void *)buf; 3766 3743 u16 idx = 0; 3744 + u32 flags; 3767 3745 3768 3746 bt_dev_dbg(hdev, "sock %p", sk); 3769 3747 ··· 3784 3736 3785 3737 #ifdef CONFIG_BT_FEATURE_DEBUG 3786 3738 if (!hdev) { 3787 - u32 flags = bt_dbg_get() ? BIT(0) : 0; 3739 + flags = bt_dbg_get() ? BIT(0) : 0; 3788 3740 3789 3741 memcpy(rp->features[idx].uuid, debug_uuid, 16); 3790 3742 rp->features[idx].flags = cpu_to_le32(flags); 3791 3743 idx++; 3792 3744 } 3793 3745 #endif 3746 + 3747 + if (hdev) { 3748 + if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) && 3749 + (hdev->le_states[4] & 0x08) && /* Central */ 3750 + (hdev->le_states[4] & 0x40) && /* Peripheral */ 3751 + (hdev->le_states[3] & 0x10)) /* Simultaneous */ 3752 + flags = BIT(0); 3753 + else 3754 + flags = 0; 3755 + 3756 + memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16); 3757 + rp->features[idx].flags = cpu_to_le32(flags); 3758 + idx++; 3759 + } 3760 + 3761 + if (hdev && use_ll_privacy(hdev)) { 3762 + if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 3763 + flags = BIT(0) | BIT(1); 3764 + else 3765 + flags = BIT(1); 3766 + 3767 + memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16); 3768 + rp->features[idx].flags = cpu_to_le32(flags); 3769 + idx++; 3770 + } 3794 3771 3795 3772 rp->feature_count = cpu_to_le16(idx); 3796 3773 ··· 3827 3754 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 3828 3755 MGMT_OP_READ_EXP_FEATURES_INFO, 3829 3756 0, rp, sizeof(*rp) + (20 * idx)); 3757 + } 3758 + 3759 + static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev, 3760 + struct sock *skip) 3761 + { 3762 + struct mgmt_ev_exp_feature_changed ev; 3763 + 3764 + memset(&ev, 0, sizeof(ev)); 3765 + memcpy(ev.uuid, rpa_resolution_uuid, 16); 3766 + ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1)); 3767 + 3768 + return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev, 3769 + &ev, sizeof(ev), 3770 + HCI_MGMT_EXP_FEATURE_EVENTS, skip); 3771 + 3830 3772 } 3831 3773 3832 3774 #ifdef CONFIG_BT_FEATURE_DEBUG ··· 3881 3793 exp_debug_feature_changed(false, sk); 3882 3794 } 3883 3795 #endif 3796 + 3797 + if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) { 3798 + bool changed = hci_dev_test_flag(hdev, 3799 + HCI_ENABLE_LL_PRIVACY); 3800 + 3801 + hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY); 3802 + 3803 + if (changed) 3804 + exp_ll_privacy_feature_changed(false, hdev, sk); 3805 + } 3884 3806 3885 3807 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 3886 3808 ··· 3942 3844 } 3943 3845 #endif 3944 3846 3847 + if (!memcmp(cp->uuid, rpa_resolution_uuid, 16)) { 3848 + bool val, changed; 3849 + int err; 3850 + u32 flags; 3851 + 3852 + /* Command requires to use the controller index */ 3853 + if (!hdev) 3854 + return mgmt_cmd_status(sk, MGMT_INDEX_NONE, 3855 + MGMT_OP_SET_EXP_FEATURE, 3856 + MGMT_STATUS_INVALID_INDEX); 3857 + 3858 + /* Changes can only be made when controller is powered down */ 3859 + if (hdev_is_powered(hdev)) 3860 + return mgmt_cmd_status(sk, hdev->id, 3861 + MGMT_OP_SET_EXP_FEATURE, 3862 + MGMT_STATUS_NOT_POWERED); 3863 + 3864 + /* Parameters are limited to a single octet */ 3865 + if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1) 3866 + return mgmt_cmd_status(sk, hdev->id, 3867 + MGMT_OP_SET_EXP_FEATURE, 3868 + MGMT_STATUS_INVALID_PARAMS); 3869 + 3870 + /* Only boolean on/off is supported */ 3871 + if (cp->param[0] != 0x00 && cp->param[0] != 0x01) 3872 + return mgmt_cmd_status(sk, hdev->id, 3873 + MGMT_OP_SET_EXP_FEATURE, 3874 + MGMT_STATUS_INVALID_PARAMS); 3875 + 3876 + val = !!cp->param[0]; 3877 + 3878 + if (val) { 3879 + changed = !hci_dev_test_flag(hdev, 3880 + HCI_ENABLE_LL_PRIVACY); 3881 + hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY); 3882 + hci_dev_clear_flag(hdev, HCI_ADVERTISING); 3883 + 3884 + /* Enable LL privacy + supported settings changed */ 3885 + flags = BIT(0) | BIT(1); 3886 + } else { 3887 + changed = hci_dev_test_flag(hdev, 3888 + HCI_ENABLE_LL_PRIVACY); 3889 + hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY); 3890 + 3891 + /* Disable LL privacy + supported settings changed */ 3892 + flags = BIT(1); 3893 + } 3894 + 3895 + memcpy(rp.uuid, rpa_resolution_uuid, 16); 3896 + rp.flags = cpu_to_le32(flags); 3897 + 3898 + hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS); 3899 + 3900 + err = mgmt_cmd_complete(sk, hdev->id, 3901 + MGMT_OP_SET_EXP_FEATURE, 0, 3902 + &rp, sizeof(rp)); 3903 + 3904 + if (changed) 3905 + exp_ll_privacy_feature_changed(val, hdev, sk); 3906 + 3907 + return err; 3908 + } 3909 + 3945 3910 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE, 3946 3911 MGMT_OP_SET_EXP_FEATURE, 3947 3912 MGMT_STATUS_NOT_SUPPORTED); 3913 + } 3914 + 3915 + #define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1) 3916 + 3917 + static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 3918 + u16 data_len) 3919 + { 3920 + struct mgmt_cp_get_device_flags *cp = data; 3921 + struct mgmt_rp_get_device_flags rp; 3922 + struct bdaddr_list_with_flags *br_params; 3923 + struct hci_conn_params *params; 3924 + u32 supported_flags = SUPPORTED_DEVICE_FLAGS(); 3925 + u32 current_flags = 0; 3926 + u8 status = MGMT_STATUS_INVALID_PARAMS; 3927 + 3928 + bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n", 3929 + &cp->addr.bdaddr, cp->addr.type); 3930 + 3931 + hci_dev_lock(hdev); 3932 + 3933 + if (cp->addr.type == BDADDR_BREDR) { 3934 + br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, 3935 + &cp->addr.bdaddr, 3936 + cp->addr.type); 3937 + if (!br_params) 3938 + goto done; 3939 + 3940 + current_flags = br_params->current_flags; 3941 + } else { 3942 + params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 3943 + le_addr_type(cp->addr.type)); 3944 + 3945 + if (!params) 3946 + goto done; 3947 + 3948 + current_flags = params->current_flags; 3949 + } 3950 + 3951 + bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 3952 + rp.addr.type = cp->addr.type; 3953 + rp.supported_flags = cpu_to_le32(supported_flags); 3954 + rp.current_flags = cpu_to_le32(current_flags); 3955 + 3956 + status = MGMT_STATUS_SUCCESS; 3957 + 3958 + done: 3959 + hci_dev_unlock(hdev); 3960 + 3961 + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status, 3962 + &rp, sizeof(rp)); 3963 + } 3964 + 3965 + static void device_flags_changed(struct sock *sk, struct hci_dev *hdev, 3966 + bdaddr_t *bdaddr, u8 bdaddr_type, 3967 + u32 supported_flags, u32 current_flags) 3968 + { 3969 + struct mgmt_ev_device_flags_changed ev; 3970 + 3971 + bacpy(&ev.addr.bdaddr, bdaddr); 3972 + ev.addr.type = bdaddr_type; 3973 + ev.supported_flags = cpu_to_le32(supported_flags); 3974 + ev.current_flags = cpu_to_le32(current_flags); 3975 + 3976 + mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk); 3977 + } 3978 + 3979 + static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 3980 + u16 len) 3981 + { 3982 + struct mgmt_cp_set_device_flags *cp = data; 3983 + struct bdaddr_list_with_flags *br_params; 3984 + struct hci_conn_params *params; 3985 + u8 status = MGMT_STATUS_INVALID_PARAMS; 3986 + u32 supported_flags = SUPPORTED_DEVICE_FLAGS(); 3987 + u32 current_flags = __le32_to_cpu(cp->current_flags); 3988 + 3989 + bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x", 3990 + &cp->addr.bdaddr, cp->addr.type, 3991 + __le32_to_cpu(current_flags)); 3992 + 3993 + if ((supported_flags | current_flags) != supported_flags) { 3994 + bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)", 3995 + current_flags, supported_flags); 3996 + goto done; 3997 + } 3998 + 3999 + hci_dev_lock(hdev); 4000 + 4001 + if (cp->addr.type == BDADDR_BREDR) { 4002 + br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, 4003 + &cp->addr.bdaddr, 4004 + cp->addr.type); 4005 + 4006 + if (br_params) { 4007 + br_params->current_flags = current_flags; 4008 + status = MGMT_STATUS_SUCCESS; 4009 + } else { 4010 + bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)", 4011 + &cp->addr.bdaddr, cp->addr.type); 4012 + } 4013 + } else { 4014 + params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 4015 + le_addr_type(cp->addr.type)); 4016 + if (params) { 4017 + params->current_flags = current_flags; 4018 + status = MGMT_STATUS_SUCCESS; 4019 + } else { 4020 + bt_dev_warn(hdev, "No such LE device %pMR (0x%x)", 4021 + &cp->addr.bdaddr, 4022 + le_addr_type(cp->addr.type)); 4023 + } 4024 + } 4025 + 4026 + done: 4027 + hci_dev_unlock(hdev); 4028 + 4029 + if (status == MGMT_STATUS_SUCCESS) 4030 + device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type, 4031 + supported_flags, current_flags); 4032 + 4033 + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status, 4034 + &cp->addr, sizeof(cp->addr)); 4035 + } 4036 + 4037 + static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev, 4038 + u16 handle) 4039 + { 4040 + struct mgmt_ev_adv_monitor_added ev; 4041 + 4042 + ev.monitor_handle = cpu_to_le16(handle); 4043 + 4044 + mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk); 4045 + } 4046 + 4047 + static void mgmt_adv_monitor_removed(struct sock *sk, struct hci_dev *hdev, 4048 + u16 handle) 4049 + { 4050 + struct mgmt_ev_adv_monitor_added ev; 4051 + 4052 + ev.monitor_handle = cpu_to_le16(handle); 4053 + 4054 + mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk); 4055 + } 4056 + 4057 + static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev, 4058 + void *data, u16 len) 4059 + { 4060 + struct adv_monitor *monitor = NULL; 4061 + struct mgmt_rp_read_adv_monitor_features *rp = NULL; 4062 + int handle; 4063 + size_t rp_size = 0; 4064 + __u32 supported = 0; 4065 + __u16 num_handles = 0; 4066 + __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES]; 4067 + 4068 + BT_DBG("request for %s", hdev->name); 4069 + 4070 + hci_dev_lock(hdev); 4071 + 4072 + if (msft_get_features(hdev) & MSFT_FEATURE_MASK_LE_ADV_MONITOR) 4073 + supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS; 4074 + 4075 + idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) { 4076 + handles[num_handles++] = monitor->handle; 4077 + } 4078 + 4079 + hci_dev_unlock(hdev); 4080 + 4081 + rp_size = sizeof(*rp) + (num_handles * sizeof(u16)); 4082 + rp = kmalloc(rp_size, GFP_KERNEL); 4083 + if (!rp) 4084 + return -ENOMEM; 4085 + 4086 + /* Once controller-based monitoring is in place, the enabled_features 4087 + * should reflect the use. 4088 + */ 4089 + rp->supported_features = cpu_to_le32(supported); 4090 + rp->enabled_features = 0; 4091 + rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES); 4092 + rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS; 4093 + rp->num_handles = cpu_to_le16(num_handles); 4094 + if (num_handles) 4095 + memcpy(&rp->handles, &handles, (num_handles * sizeof(u16))); 4096 + 4097 + return mgmt_cmd_complete(sk, hdev->id, 4098 + MGMT_OP_READ_ADV_MONITOR_FEATURES, 4099 + MGMT_STATUS_SUCCESS, rp, rp_size); 4100 + } 4101 + 4102 + static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev, 4103 + void *data, u16 len) 4104 + { 4105 + struct mgmt_cp_add_adv_patterns_monitor *cp = data; 4106 + struct mgmt_rp_add_adv_patterns_monitor rp; 4107 + struct adv_monitor *m = NULL; 4108 + struct adv_pattern *p = NULL; 4109 + unsigned int mp_cnt = 0, prev_adv_monitors_cnt; 4110 + __u8 cp_ofst = 0, cp_len = 0; 4111 + int err, i; 4112 + 4113 + BT_DBG("request for %s", hdev->name); 4114 + 4115 + if (len <= sizeof(*cp) || cp->pattern_count == 0) { 4116 + err = mgmt_cmd_status(sk, hdev->id, 4117 + MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4118 + MGMT_STATUS_INVALID_PARAMS); 4119 + goto failed; 4120 + } 4121 + 4122 + m = kmalloc(sizeof(*m), GFP_KERNEL); 4123 + if (!m) { 4124 + err = -ENOMEM; 4125 + goto failed; 4126 + } 4127 + 4128 + INIT_LIST_HEAD(&m->patterns); 4129 + m->active = false; 4130 + 4131 + for (i = 0; i < cp->pattern_count; i++) { 4132 + if (++mp_cnt > HCI_MAX_ADV_MONITOR_NUM_PATTERNS) { 4133 + err = mgmt_cmd_status(sk, hdev->id, 4134 + MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4135 + MGMT_STATUS_INVALID_PARAMS); 4136 + goto failed; 4137 + } 4138 + 4139 + cp_ofst = cp->patterns[i].offset; 4140 + cp_len = cp->patterns[i].length; 4141 + if (cp_ofst >= HCI_MAX_AD_LENGTH || 4142 + cp_len > HCI_MAX_AD_LENGTH || 4143 + (cp_ofst + cp_len) > HCI_MAX_AD_LENGTH) { 4144 + err = mgmt_cmd_status(sk, hdev->id, 4145 + MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4146 + MGMT_STATUS_INVALID_PARAMS); 4147 + goto failed; 4148 + } 4149 + 4150 + p = kmalloc(sizeof(*p), GFP_KERNEL); 4151 + if (!p) { 4152 + err = -ENOMEM; 4153 + goto failed; 4154 + } 4155 + 4156 + p->ad_type = cp->patterns[i].ad_type; 4157 + p->offset = cp->patterns[i].offset; 4158 + p->length = cp->patterns[i].length; 4159 + memcpy(p->value, cp->patterns[i].value, p->length); 4160 + 4161 + INIT_LIST_HEAD(&p->list); 4162 + list_add(&p->list, &m->patterns); 4163 + } 4164 + 4165 + if (mp_cnt != cp->pattern_count) { 4166 + err = mgmt_cmd_status(sk, hdev->id, 4167 + MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4168 + MGMT_STATUS_INVALID_PARAMS); 4169 + goto failed; 4170 + } 4171 + 4172 + hci_dev_lock(hdev); 4173 + 4174 + prev_adv_monitors_cnt = hdev->adv_monitors_cnt; 4175 + 4176 + err = hci_add_adv_monitor(hdev, m); 4177 + if (err) { 4178 + if (err == -ENOSPC) { 4179 + mgmt_cmd_status(sk, hdev->id, 4180 + MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4181 + MGMT_STATUS_NO_RESOURCES); 4182 + } 4183 + goto unlock; 4184 + } 4185 + 4186 + if (hdev->adv_monitors_cnt > prev_adv_monitors_cnt) 4187 + mgmt_adv_monitor_added(sk, hdev, m->handle); 4188 + 4189 + hci_dev_unlock(hdev); 4190 + 4191 + rp.monitor_handle = cpu_to_le16(m->handle); 4192 + 4193 + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADV_PATTERNS_MONITOR, 4194 + MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 4195 + 4196 + unlock: 4197 + hci_dev_unlock(hdev); 4198 + 4199 + failed: 4200 + hci_free_adv_monitor(m); 4201 + return err; 4202 + } 4203 + 4204 + static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev, 4205 + void *data, u16 len) 4206 + { 4207 + struct mgmt_cp_remove_adv_monitor *cp = data; 4208 + struct mgmt_rp_remove_adv_monitor rp; 4209 + unsigned int prev_adv_monitors_cnt; 4210 + u16 handle; 4211 + int err; 4212 + 4213 + BT_DBG("request for %s", hdev->name); 4214 + 4215 + hci_dev_lock(hdev); 4216 + 4217 + handle = __le16_to_cpu(cp->monitor_handle); 4218 + prev_adv_monitors_cnt = hdev->adv_monitors_cnt; 4219 + 4220 + err = hci_remove_adv_monitor(hdev, handle); 4221 + if (err == -ENOENT) { 4222 + err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR, 4223 + MGMT_STATUS_INVALID_INDEX); 4224 + goto unlock; 4225 + } 4226 + 4227 + if (hdev->adv_monitors_cnt < prev_adv_monitors_cnt) 4228 + mgmt_adv_monitor_removed(sk, hdev, handle); 4229 + 4230 + hci_dev_unlock(hdev); 4231 + 4232 + rp.monitor_handle = cp->monitor_handle; 4233 + 4234 + return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR, 4235 + MGMT_STATUS_SUCCESS, &rp, sizeof(rp)); 4236 + 4237 + unlock: 4238 + hci_dev_unlock(hdev); 4239 + return err; 3948 4240 } 3949 4241 3950 4242 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, ··· 4635 4147 *mgmt_status = mgmt_le_support(hdev); 4636 4148 if (*mgmt_status) 4637 4149 return false; 4638 - /* Intentional fall-through */ 4150 + fallthrough; 4639 4151 case DISCOV_TYPE_BREDR: 4640 4152 *mgmt_status = mgmt_bredr_support(hdev); 4641 4153 if (*mgmt_status) ··· 5150 4662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5151 4663 status); 5152 4664 4665 + /* Enabling the experimental LL Privay support disables support for 4666 + * advertising. 4667 + */ 4668 + if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 4669 + return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 4670 + MGMT_STATUS_NOT_SUPPORTED); 4671 + 5153 4672 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02) 5154 4673 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 5155 4674 MGMT_STATUS_INVALID_PARAMS); ··· 5343 4848 5344 4849 hci_req_init(&req, hdev); 5345 4850 5346 - hci_req_add_le_scan_disable(&req); 4851 + hci_req_add_le_scan_disable(&req, false); 5347 4852 hci_req_add_le_passive_scan(&req); 5348 4853 5349 4854 hci_req_run(&req, NULL); ··· 6018 5523 case MGMT_LTK_P256_DEBUG: 6019 5524 authenticated = 0x00; 6020 5525 type = SMP_LTK_P256_DEBUG; 6021 - /* fall through */ 5526 + fallthrough; 6022 5527 default: 6023 5528 continue; 6024 5529 } ··· 6461 5966 { 6462 5967 struct mgmt_cp_add_device *cp = data; 6463 5968 u8 auto_conn, addr_type; 5969 + struct hci_conn_params *params; 6464 5970 int err; 5971 + u32 current_flags = 0; 6465 5972 6466 5973 bt_dev_dbg(hdev, "sock %p", sk); 6467 5974 ··· 6490 5993 goto unlock; 6491 5994 } 6492 5995 6493 - err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr, 6494 - cp->addr.type); 5996 + err = hci_bdaddr_list_add_with_flags(&hdev->whitelist, 5997 + &cp->addr.bdaddr, 5998 + cp->addr.type, 0); 6495 5999 if (err) 6496 6000 goto unlock; 6497 6001 ··· 6531 6033 MGMT_STATUS_FAILED, &cp->addr, 6532 6034 sizeof(cp->addr)); 6533 6035 goto unlock; 6036 + } else { 6037 + params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 6038 + addr_type); 6039 + if (params) 6040 + current_flags = params->current_flags; 6534 6041 } 6535 6042 6536 6043 hci_update_background_scan(hdev); 6537 6044 6538 6045 added: 6539 6046 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action); 6047 + device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type, 6048 + SUPPORTED_DEVICE_FLAGS(), current_flags); 6540 6049 6541 6050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 6542 6051 MGMT_STATUS_SUCCESS, &cp->addr, ··· 7229 6724 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES, 7230 6725 MGMT_STATUS_REJECTED); 7231 6726 6727 + /* Enabling the experimental LL Privay support disables support for 6728 + * advertising. 6729 + */ 6730 + if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 6731 + return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6732 + MGMT_STATUS_NOT_SUPPORTED); 6733 + 7232 6734 hci_dev_lock(hdev); 7233 6735 7234 6736 rp_len = sizeof(*rp) + hdev->adv_instance_cnt; ··· 7439 6927 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7440 6928 status); 7441 6929 6930 + /* Enabling the experimental LL Privay support disables support for 6931 + * advertising. 6932 + */ 6933 + if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 6934 + return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 6935 + MGMT_STATUS_NOT_SUPPORTED); 6936 + 7442 6937 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES) 7443 6938 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 7444 6939 MGMT_STATUS_INVALID_PARAMS); ··· 7610 7091 7611 7092 bt_dev_dbg(hdev, "sock %p", sk); 7612 7093 7094 + /* Enabling the experimental LL Privay support disables support for 7095 + * advertising. 7096 + */ 7097 + if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) 7098 + return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING, 7099 + MGMT_STATUS_NOT_SUPPORTED); 7100 + 7613 7101 hci_dev_lock(hdev); 7614 7102 7615 7103 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) { ··· 7641 7115 } 7642 7116 7643 7117 hci_req_init(&req, hdev); 7118 + 7119 + /* If we use extended advertising, instance is disabled and removed */ 7120 + if (ext_adv_capable(hdev)) { 7121 + __hci_req_disable_ext_adv_instance(&req, cp->instance); 7122 + __hci_req_remove_ext_adv_instance(&req, cp->instance); 7123 + } 7644 7124 7645 7125 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true); 7646 7126 ··· 7829 7297 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE, 7830 7298 HCI_MGMT_VAR_LEN | 7831 7299 HCI_MGMT_HDEV_OPTIONAL }, 7300 + { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE, 7301 + HCI_MGMT_UNTRUSTED }, 7302 + { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE, 7303 + HCI_MGMT_VAR_LEN }, 7304 + { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE, 7305 + HCI_MGMT_UNTRUSTED }, 7306 + { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE, 7307 + HCI_MGMT_VAR_LEN }, 7308 + { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE }, 7309 + { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE }, 7310 + { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE }, 7311 + { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE, 7312 + HCI_MGMT_VAR_LEN }, 7313 + { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE }, 7832 7314 }; 7833 7315 7834 7316 void mgmt_index_added(struct hci_dev *hdev) ··· 8762 8216 if (!hci_discovery_active(hdev)) { 8763 8217 if (link_type == ACL_LINK) 8764 8218 return; 8765 - if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports)) 8219 + if (link_type == LE_LINK && 8220 + list_empty(&hdev->pend_le_reports) && 8221 + !hci_is_adv_monitoring(hdev)) { 8766 8222 return; 8223 + } 8767 8224 } 8768 8225 8769 8226 if (hdev->discovery.result_filtering) {

+283

net/bluetooth/mgmt_config.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + 3 + /* 4 + * Copyright (C) 2020 Google Corporation 5 + */ 6 + 7 + #include <net/bluetooth/bluetooth.h> 8 + #include <net/bluetooth/hci_core.h> 9 + #include <net/bluetooth/mgmt.h> 10 + 11 + #include "mgmt_util.h" 12 + #include "mgmt_config.h" 13 + 14 + #define HDEV_PARAM_U16(_param_code_, _param_name_) \ 15 + { \ 16 + { cpu_to_le16(_param_code_), sizeof(__u16) }, \ 17 + { cpu_to_le16(hdev->_param_name_) } \ 18 + } 19 + 20 + #define HDEV_PARAM_U16_JIFFIES_TO_MSECS(_param_code_, _param_name_) \ 21 + { \ 22 + { cpu_to_le16(_param_code_), sizeof(__u16) }, \ 23 + { cpu_to_le16(jiffies_to_msecs(hdev->_param_name_)) } \ 24 + } 25 + 26 + int read_def_system_config(struct sock *sk, struct hci_dev *hdev, void *data, 27 + u16 data_len) 28 + { 29 + struct { 30 + struct mgmt_tlv entry; 31 + union { 32 + /* This is a simplification for now since all values 33 + * are 16 bits. In the future, this code may need 34 + * refactoring to account for variable length values 35 + * and properly calculate the required buffer size. 36 + */ 37 + __le16 value; 38 + }; 39 + } __packed params[] = { 40 + /* Please see mgmt-api.txt for documentation of these values */ 41 + HDEV_PARAM_U16(0x0000, def_page_scan_type), 42 + HDEV_PARAM_U16(0x0001, def_page_scan_int), 43 + HDEV_PARAM_U16(0x0002, def_page_scan_window), 44 + HDEV_PARAM_U16(0x0003, def_inq_scan_type), 45 + HDEV_PARAM_U16(0x0004, def_inq_scan_int), 46 + HDEV_PARAM_U16(0x0005, def_inq_scan_window), 47 + HDEV_PARAM_U16(0x0006, def_br_lsto), 48 + HDEV_PARAM_U16(0x0007, def_page_timeout), 49 + HDEV_PARAM_U16(0x0008, sniff_min_interval), 50 + HDEV_PARAM_U16(0x0009, sniff_max_interval), 51 + HDEV_PARAM_U16(0x000a, le_adv_min_interval), 52 + HDEV_PARAM_U16(0x000b, le_adv_max_interval), 53 + HDEV_PARAM_U16(0x000c, def_multi_adv_rotation_duration), 54 + HDEV_PARAM_U16(0x000d, le_scan_interval), 55 + HDEV_PARAM_U16(0x000e, le_scan_window), 56 + HDEV_PARAM_U16(0x000f, le_scan_int_suspend), 57 + HDEV_PARAM_U16(0x0010, le_scan_window_suspend), 58 + HDEV_PARAM_U16(0x0011, le_scan_int_discovery), 59 + HDEV_PARAM_U16(0x0012, le_scan_window_discovery), 60 + HDEV_PARAM_U16(0x0013, le_scan_int_adv_monitor), 61 + HDEV_PARAM_U16(0x0014, le_scan_window_adv_monitor), 62 + HDEV_PARAM_U16(0x0015, le_scan_int_connect), 63 + HDEV_PARAM_U16(0x0016, le_scan_window_connect), 64 + HDEV_PARAM_U16(0x0017, le_conn_min_interval), 65 + HDEV_PARAM_U16(0x0018, le_conn_max_interval), 66 + HDEV_PARAM_U16(0x0019, le_conn_latency), 67 + HDEV_PARAM_U16(0x001a, le_supv_timeout), 68 + HDEV_PARAM_U16_JIFFIES_TO_MSECS(0x001b, 69 + def_le_autoconnect_timeout), 70 + }; 71 + struct mgmt_rp_read_def_system_config *rp = (void *)params; 72 + 73 + bt_dev_dbg(hdev, "sock %p", sk); 74 + 75 + return mgmt_cmd_complete(sk, hdev->id, 76 + MGMT_OP_READ_DEF_SYSTEM_CONFIG, 77 + 0, rp, sizeof(params)); 78 + } 79 + 80 + #define TO_TLV(x) ((struct mgmt_tlv *)(x)) 81 + #define TLV_GET_LE16(tlv) le16_to_cpu(*((__le16 *)(TO_TLV(tlv)->value))) 82 + 83 + int set_def_system_config(struct sock *sk, struct hci_dev *hdev, void *data, 84 + u16 data_len) 85 + { 86 + u16 buffer_left = data_len; 87 + u8 *buffer = data; 88 + 89 + if (buffer_left < sizeof(struct mgmt_tlv)) { 90 + return mgmt_cmd_status(sk, hdev->id, 91 + MGMT_OP_SET_DEF_SYSTEM_CONFIG, 92 + MGMT_STATUS_INVALID_PARAMS); 93 + } 94 + 95 + /* First pass to validate the tlv */ 96 + while (buffer_left >= sizeof(struct mgmt_tlv)) { 97 + const u8 len = TO_TLV(buffer)->length; 98 + const u16 exp_len = sizeof(struct mgmt_tlv) + 99 + len; 100 + const u16 type = le16_to_cpu(TO_TLV(buffer)->type); 101 + 102 + if (buffer_left < exp_len) { 103 + bt_dev_warn(hdev, "invalid len left %d, exp >= %d", 104 + buffer_left, exp_len); 105 + 106 + return mgmt_cmd_status(sk, hdev->id, 107 + MGMT_OP_SET_DEF_SYSTEM_CONFIG, 108 + MGMT_STATUS_INVALID_PARAMS); 109 + } 110 + 111 + /* Please see mgmt-api.txt for documentation of these values */ 112 + switch (type) { 113 + case 0x0000: 114 + case 0x0001: 115 + case 0x0002: 116 + case 0x0003: 117 + case 0x0004: 118 + case 0x0005: 119 + case 0x0006: 120 + case 0x0007: 121 + case 0x0008: 122 + case 0x0009: 123 + case 0x000a: 124 + case 0x000b: 125 + case 0x000c: 126 + case 0x000d: 127 + case 0x000e: 128 + case 0x000f: 129 + case 0x0010: 130 + case 0x0011: 131 + case 0x0012: 132 + case 0x0013: 133 + case 0x0014: 134 + case 0x0015: 135 + case 0x0016: 136 + case 0x0017: 137 + case 0x0018: 138 + case 0x0019: 139 + case 0x001a: 140 + case 0x001b: 141 + if (len != sizeof(u16)) { 142 + bt_dev_warn(hdev, "invalid length %d, exp %zu for type %d", 143 + len, sizeof(u16), type); 144 + 145 + return mgmt_cmd_status(sk, hdev->id, 146 + MGMT_OP_SET_DEF_SYSTEM_CONFIG, 147 + MGMT_STATUS_INVALID_PARAMS); 148 + } 149 + break; 150 + default: 151 + bt_dev_warn(hdev, "unsupported parameter %u", type); 152 + break; 153 + } 154 + 155 + buffer_left -= exp_len; 156 + buffer += exp_len; 157 + } 158 + 159 + buffer_left = data_len; 160 + buffer = data; 161 + while (buffer_left >= sizeof(struct mgmt_tlv)) { 162 + const u8 len = TO_TLV(buffer)->length; 163 + const u16 exp_len = sizeof(struct mgmt_tlv) + 164 + len; 165 + const u16 type = le16_to_cpu(TO_TLV(buffer)->type); 166 + 167 + switch (type) { 168 + case 0x0000: 169 + hdev->def_page_scan_type = TLV_GET_LE16(buffer); 170 + break; 171 + case 0x0001: 172 + hdev->def_page_scan_int = TLV_GET_LE16(buffer); 173 + break; 174 + case 0x0002: 175 + hdev->def_page_scan_window = TLV_GET_LE16(buffer); 176 + break; 177 + case 0x0003: 178 + hdev->def_inq_scan_type = TLV_GET_LE16(buffer); 179 + break; 180 + case 0x0004: 181 + hdev->def_inq_scan_int = TLV_GET_LE16(buffer); 182 + break; 183 + case 0x0005: 184 + hdev->def_inq_scan_window = TLV_GET_LE16(buffer); 185 + break; 186 + case 0x0006: 187 + hdev->def_br_lsto = TLV_GET_LE16(buffer); 188 + break; 189 + case 0x0007: 190 + hdev->def_page_timeout = TLV_GET_LE16(buffer); 191 + break; 192 + case 0x0008: 193 + hdev->sniff_min_interval = TLV_GET_LE16(buffer); 194 + break; 195 + case 0x0009: 196 + hdev->sniff_max_interval = TLV_GET_LE16(buffer); 197 + break; 198 + case 0x000a: 199 + hdev->le_adv_min_interval = TLV_GET_LE16(buffer); 200 + break; 201 + case 0x000b: 202 + hdev->le_adv_max_interval = TLV_GET_LE16(buffer); 203 + break; 204 + case 0x000c: 205 + hdev->def_multi_adv_rotation_duration = 206 + TLV_GET_LE16(buffer); 207 + break; 208 + case 0x000d: 209 + hdev->le_scan_interval = TLV_GET_LE16(buffer); 210 + break; 211 + case 0x000e: 212 + hdev->le_scan_window = TLV_GET_LE16(buffer); 213 + break; 214 + case 0x000f: 215 + hdev->le_scan_int_suspend = TLV_GET_LE16(buffer); 216 + break; 217 + case 0x0010: 218 + hdev->le_scan_window_suspend = TLV_GET_LE16(buffer); 219 + break; 220 + case 0x0011: 221 + hdev->le_scan_int_discovery = TLV_GET_LE16(buffer); 222 + break; 223 + case 0x00012: 224 + hdev->le_scan_window_discovery = TLV_GET_LE16(buffer); 225 + break; 226 + case 0x00013: 227 + hdev->le_scan_int_adv_monitor = TLV_GET_LE16(buffer); 228 + break; 229 + case 0x00014: 230 + hdev->le_scan_window_adv_monitor = TLV_GET_LE16(buffer); 231 + break; 232 + case 0x00015: 233 + hdev->le_scan_int_connect = TLV_GET_LE16(buffer); 234 + break; 235 + case 0x00016: 236 + hdev->le_scan_window_connect = TLV_GET_LE16(buffer); 237 + break; 238 + case 0x00017: 239 + hdev->le_conn_min_interval = TLV_GET_LE16(buffer); 240 + break; 241 + case 0x00018: 242 + hdev->le_conn_max_interval = TLV_GET_LE16(buffer); 243 + break; 244 + case 0x00019: 245 + hdev->le_conn_latency = TLV_GET_LE16(buffer); 246 + break; 247 + case 0x0001a: 248 + hdev->le_supv_timeout = TLV_GET_LE16(buffer); 249 + break; 250 + case 0x0001b: 251 + hdev->def_le_autoconnect_timeout = 252 + msecs_to_jiffies(TLV_GET_LE16(buffer)); 253 + break; 254 + default: 255 + bt_dev_warn(hdev, "unsupported parameter %u", type); 256 + break; 257 + } 258 + 259 + buffer_left -= exp_len; 260 + buffer += exp_len; 261 + } 262 + 263 + return mgmt_cmd_complete(sk, hdev->id, 264 + MGMT_OP_SET_DEF_SYSTEM_CONFIG, 0, NULL, 0); 265 + } 266 + 267 + int read_def_runtime_config(struct sock *sk, struct hci_dev *hdev, void *data, 268 + u16 data_len) 269 + { 270 + bt_dev_dbg(hdev, "sock %p", sk); 271 + 272 + return mgmt_cmd_complete(sk, hdev->id, 273 + MGMT_OP_READ_DEF_RUNTIME_CONFIG, 0, NULL, 0); 274 + } 275 + 276 + int set_def_runtime_config(struct sock *sk, struct hci_dev *hdev, void *data, 277 + u16 data_len) 278 + { 279 + bt_dev_dbg(hdev, "sock %p", sk); 280 + 281 + return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEF_SYSTEM_CONFIG, 282 + MGMT_STATUS_INVALID_PARAMS); 283 + }

+17

net/bluetooth/mgmt_config.h

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + 3 + /* 4 + * Copyright (C) 2020 Google Corporation 5 + */ 6 + 7 + int read_def_system_config(struct sock *sk, struct hci_dev *hdev, void *data, 8 + u16 data_len); 9 + 10 + int set_def_system_config(struct sock *sk, struct hci_dev *hdev, void *data, 11 + u16 data_len); 12 + 13 + int read_def_runtime_config(struct sock *sk, struct hci_dev *hdev, void *data, 14 + u16 data_len); 15 + 16 + int set_def_runtime_config(struct sock *sk, struct hci_dev *hdev, void *data, 17 + u16 data_len);

+7

net/bluetooth/msft.c

··· 139 139 140 140 bt_dev_dbg(hdev, "MSFT vendor event %u", event); 141 141 } 142 + 143 + __u64 msft_get_features(struct hci_dev *hdev) 144 + { 145 + struct msft_data *msft = hdev->msft_data; 146 + 147 + return msft ? msft->features : 0; 148 + }

+9

net/bluetooth/msft.h

··· 3 3 * Copyright (C) 2020 Google Corporation 4 4 */ 5 5 6 + #define MSFT_FEATURE_MASK_BREDR_RSSI_MONITOR BIT(0) 7 + #define MSFT_FEATURE_MASK_LE_CONN_RSSI_MONITOR BIT(1) 8 + #define MSFT_FEATURE_MASK_LE_ADV_RSSI_MONITOR BIT(2) 9 + #define MSFT_FEATURE_MASK_LE_ADV_MONITOR BIT(3) 10 + #define MSFT_FEATURE_MASK_CURVE_VALIDITY BIT(4) 11 + #define MSFT_FEATURE_MASK_CONCURRENT_ADV_MONITOR BIT(5) 12 + 6 13 #if IS_ENABLED(CONFIG_BT_MSFTEXT) 7 14 8 15 void msft_do_open(struct hci_dev *hdev); 9 16 void msft_do_close(struct hci_dev *hdev); 10 17 void msft_vendor_evt(struct hci_dev *hdev, struct sk_buff *skb); 18 + __u64 msft_get_features(struct hci_dev *hdev); 11 19 12 20 #else 13 21 14 22 static inline void msft_do_open(struct hci_dev *hdev) {} 15 23 static inline void msft_do_close(struct hci_dev *hdev) {} 16 24 static inline void msft_vendor_evt(struct hci_dev *hdev, struct sk_buff *skb) {} 25 + static inline __u64 msft_get_features(struct hci_dev *hdev) { return 0; } 17 26 18 27 #endif

+1 -1

net/bluetooth/rfcomm/core.c

··· 479 479 /* if closing a dlc in a session that hasn't been started, 480 480 * just close and unlink the dlc 481 481 */ 482 - /* fall through */ 482 + fallthrough; 483 483 484 484 default: 485 485 rfcomm_dlc_clear_timer(d);

+1 -1

net/bluetooth/rfcomm/sock.c

··· 218 218 case BT_CONFIG: 219 219 case BT_CONNECTED: 220 220 rfcomm_dlc_close(d, 0); 221 - /* fall through */ 221 + fallthrough; 222 222 223 223 default: 224 224 sock_set_flag(sk, SOCK_ZAPPED);

+32

net/bluetooth/sco.c

··· 66 66 bdaddr_t dst; 67 67 __u32 flags; 68 68 __u16 setting; 69 + __u8 cmsg_mask; 69 70 struct sco_conn *conn; 70 71 }; 71 72 ··· 450 449 sco_sock_kill(sk); 451 450 } 452 451 452 + static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg, 453 + struct sock *sk) 454 + { 455 + if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS) 456 + put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS, 457 + sizeof(bt_cb(skb)->sco.pkt_status), 458 + &bt_cb(skb)->sco.pkt_status); 459 + } 460 + 453 461 static void sco_sock_init(struct sock *sk, struct sock *parent) 454 462 { 455 463 BT_DBG("sk %p", sk); ··· 467 457 sk->sk_type = parent->sk_type; 468 458 bt_sk(sk)->flags = bt_sk(parent)->flags; 469 459 security_sk_clone(parent, sk); 460 + } else { 461 + bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg; 470 462 } 471 463 } 472 464 ··· 858 846 sco_pi(sk)->setting = voice.setting; 859 847 break; 860 848 849 + case BT_PKT_STATUS: 850 + if (get_user(opt, (u32 __user *)optval)) { 851 + err = -EFAULT; 852 + break; 853 + } 854 + 855 + if (opt) 856 + sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS; 857 + else 858 + sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS; 859 + break; 860 + 861 861 default: 862 862 err = -ENOPROTOOPT; 863 863 break; ··· 947 923 int len, err = 0; 948 924 struct bt_voice voice; 949 925 u32 phys; 926 + int pkt_status; 950 927 951 928 BT_DBG("sk %p", sk); 952 929 ··· 991 966 phys = hci_conn_get_phy(sco_pi(sk)->conn->hcon); 992 967 993 968 if (put_user(phys, (u32 __user *) optval)) 969 + err = -EFAULT; 970 + break; 971 + 972 + case BT_PKT_STATUS: 973 + pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS); 974 + 975 + if (put_user(pkt_status, (int __user *)optval)) 994 976 err = -EFAULT; 995 977 break; 996 978

+1 -1

net/bluetooth/selftest.c

··· 205 205 206 206 calltime = ktime_get(); 207 207 208 - tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); 208 + tfm = crypto_alloc_kpp("ecdh", 0, 0); 209 209 if (IS_ERR(tfm)) { 210 210 BT_ERR("Unable to create ECDH crypto context"); 211 211 err = PTR_ERR(tfm);

+4 -4

net/bluetooth/smp.c

··· 1387 1387 goto zfree_smp; 1388 1388 } 1389 1389 1390 - smp->tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); 1390 + smp->tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0); 1391 1391 if (IS_ERR(smp->tfm_ecdh)) { 1392 1392 BT_ERR("Unable to create ECDH crypto context"); 1393 1393 goto free_shash; ··· 1654 1654 memset(smp->tk, 0, sizeof(smp->tk)); 1655 1655 BT_DBG("PassKey: %d", value); 1656 1656 put_unaligned_le32(value, smp->tk); 1657 - /* Fall Through */ 1657 + fallthrough; 1658 1658 case MGMT_OP_USER_CONFIRM_REPLY: 1659 1659 set_bit(SMP_FLAG_TK_VALID, &smp->flags); 1660 1660 break; ··· 3282 3282 return ERR_CAST(tfm_cmac); 3283 3283 } 3284 3284 3285 - tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); 3285 + tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0); 3286 3286 if (IS_ERR(tfm_ecdh)) { 3287 3287 BT_ERR("Unable to create ECDH crypto context"); 3288 3288 crypto_free_shash(tfm_cmac); ··· 3847 3847 return PTR_ERR(tfm_cmac); 3848 3848 } 3849 3849 3850 - tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); 3850 + tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0); 3851 3851 if (IS_ERR(tfm_ecdh)) { 3852 3852 BT_ERR("Unable to create ECDH crypto context"); 3853 3853 crypto_free_shash(tfm_cmac);