Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'for-net-next-2023-08-11' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
bluetooth-next pull request for net-next:
- Add new VID/PID for Mediatek MT7922
- Add support multiple BIS/BIG
- Add support for Intel Gale Peak
- Add support for Qualcomm WCN3988
- Add support for BT_PKT_STATUS for ISO sockets
- Various fixes for experimental ISO support
- Load FW v2 for RTL8852C
- Add support for NXP AW693 chipset
- Add support for Mediatek MT2925
+2381
-1013
+2
Documentation/devicetree/bindings/net/bluetooth/qualcomm-bluetooth.yaml
+2
Documentation/devicetree/bindings/net/bluetooth/qualcomm-bluetooth.yaml
···
19
19
- qcom,qca2066-bt
20
20
- qcom,qca6174-bt
21
21
- qcom,qca9377-bt
22
+
- qcom,wcn3988-bt
22
23
- qcom,wcn3990-bt
23
24
- qcom,wcn3991-bt
24
25
- qcom,wcn3998-bt
···
112
111
compatible:
113
112
contains:
114
113
enum:
114
+
- qcom,wcn3988-bt
115
115
- qcom,wcn3990-bt
116
116
- qcom,wcn3991-bt
117
117
- qcom,wcn3998-bt
+5
drivers/bluetooth/btbcm.c
+5
drivers/bluetooth/btbcm.c
···
24
24
#define BDADDR_BCM20702A1 (&(bdaddr_t) {{0x00, 0x00, 0xa0, 0x02, 0x70, 0x20}})
25
25
#define BDADDR_BCM2076B1 (&(bdaddr_t) {{0x79, 0x56, 0x00, 0xa0, 0x76, 0x20}})
26
26
#define BDADDR_BCM43430A0 (&(bdaddr_t) {{0xac, 0x1f, 0x12, 0xa0, 0x43, 0x43}})
27
+
#define BDADDR_BCM43430A1 (&(bdaddr_t) {{0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa}})
27
28
#define BDADDR_BCM4324B3 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb3, 0x24, 0x43}})
28
29
#define BDADDR_BCM4330B1 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb1, 0x30, 0x43}})
29
30
#define BDADDR_BCM4334B0 (&(bdaddr_t) {{0x00, 0x00, 0x00, 0xb0, 0x34, 0x43}})
···
116
115
*
117
116
* The address 43:43:A0:12:1F:AC indicates a BCM43430A0 controller
118
117
* with no configured address.
118
+
*
119
+
* The address AA:AA:AA:AA:AA:AA indicates a BCM43430A1 controller
120
+
* with no configured address.
119
121
*/
120
122
if (!bacmp(&bda->bdaddr, BDADDR_BCM20702A0) ||
121
123
!bacmp(&bda->bdaddr, BDADDR_BCM20702A1) ||
···
128
124
!bacmp(&bda->bdaddr, BDADDR_BCM4334B0) ||
129
125
!bacmp(&bda->bdaddr, BDADDR_BCM4345C5) ||
130
126
!bacmp(&bda->bdaddr, BDADDR_BCM43430A0) ||
127
+
!bacmp(&bda->bdaddr, BDADDR_BCM43430A1) ||
131
128
!bacmp(&bda->bdaddr, BDADDR_BCM43341B)) {
132
129
/* Try falling back to BDADDR EFI variable */
133
130
if (btbcm_set_bdaddr_from_efi(hdev) != 0) {
+198
drivers/bluetooth/btintel.c
+198
drivers/bluetooth/btintel.c
···
10
10
#include <linux/firmware.h>
11
11
#include <linux/regmap.h>
12
12
#include <linux/acpi.h>
13
+
#include <acpi/acpi_bus.h>
13
14
#include <asm/unaligned.h>
14
15
15
16
#include <net/bluetooth/bluetooth.h>
···
27
26
#define ECDSA_HEADER_LEN 320
28
27
29
28
#define BTINTEL_PPAG_NAME "PPAG"
29
+
30
+
enum {
31
+
DSM_SET_WDISABLE2_DELAY = 1,
32
+
DSM_SET_RESET_METHOD = 3,
33
+
};
30
34
31
35
/* structure to store the PPAG data read from ACPI table */
32
36
struct btintel_ppag {
···
54
48
u8 hw_variant;
55
49
u32 fw_build_num;
56
50
} coredump_info;
51
+
52
+
static const guid_t btintel_guid_dsm =
53
+
GUID_INIT(0xaa10f4e0, 0x81ac, 0x4233,
54
+
0xab, 0xf6, 0x3b, 0x2a, 0xc5, 0x0e, 0x28, 0xd9);
57
55
58
56
int btintel_check_bdaddr(struct hci_dev *hdev)
59
57
{
···
480
470
case 0x18: /* Slr */
481
471
case 0x19: /* Slr-F */
482
472
case 0x1b: /* Mgr */
473
+
case 0x1c: /* Gale Peak (GaP) */
483
474
break;
484
475
default:
485
476
bt_dev_err(hdev, "Unsupported Intel hardware variant (0x%x)",
···
2455
2444
kfree_skb(skb);
2456
2445
}
2457
2446
2447
+
static int btintel_acpi_reset_method(struct hci_dev *hdev)
2448
+
{
2449
+
int ret = 0;
2450
+
acpi_status status;
2451
+
union acpi_object *p, *ref;
2452
+
struct acpi_buffer buffer = { ACPI_ALLOCATE_BUFFER, NULL };
2453
+
2454
+
status = acpi_evaluate_object(ACPI_HANDLE(GET_HCIDEV_DEV(hdev)), "_PRR", NULL, &buffer);
2455
+
if (ACPI_FAILURE(status)) {
2456
+
bt_dev_err(hdev, "Failed to run _PRR method");
2457
+
ret = -ENODEV;
2458
+
return ret;
2459
+
}
2460
+
p = buffer.pointer;
2461
+
2462
+
if (p->package.count != 1 || p->type != ACPI_TYPE_PACKAGE) {
2463
+
bt_dev_err(hdev, "Invalid arguments");
2464
+
ret = -EINVAL;
2465
+
goto exit_on_error;
2466
+
}
2467
+
2468
+
ref = &p->package.elements[0];
2469
+
if (ref->type != ACPI_TYPE_LOCAL_REFERENCE) {
2470
+
bt_dev_err(hdev, "Invalid object type: 0x%x", ref->type);
2471
+
ret = -EINVAL;
2472
+
goto exit_on_error;
2473
+
}
2474
+
2475
+
status = acpi_evaluate_object(ref->reference.handle, "_RST", NULL, NULL);
2476
+
if (ACPI_FAILURE(status)) {
2477
+
bt_dev_err(hdev, "Failed to run_RST method");
2478
+
ret = -ENODEV;
2479
+
goto exit_on_error;
2480
+
}
2481
+
2482
+
exit_on_error:
2483
+
kfree(buffer.pointer);
2484
+
return ret;
2485
+
}
2486
+
2487
+
static void btintel_set_dsm_reset_method(struct hci_dev *hdev,
2488
+
struct intel_version_tlv *ver_tlv)
2489
+
{
2490
+
struct btintel_data *data = hci_get_priv(hdev);
2491
+
acpi_handle handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
2492
+
u8 reset_payload[4] = {0x01, 0x00, 0x01, 0x00};
2493
+
union acpi_object *obj, argv4;
2494
+
enum {
2495
+
RESET_TYPE_WDISABLE2,
2496
+
RESET_TYPE_VSEC
2497
+
};
2498
+
2499
+
handle = ACPI_HANDLE(GET_HCIDEV_DEV(hdev));
2500
+
2501
+
if (!handle) {
2502
+
bt_dev_dbg(hdev, "No support for bluetooth device in ACPI firmware");
2503
+
return;
2504
+
}
2505
+
2506
+
if (!acpi_has_method(handle, "_PRR")) {
2507
+
bt_dev_err(hdev, "No support for _PRR ACPI method");
2508
+
return;
2509
+
}
2510
+
2511
+
switch (ver_tlv->cnvi_top & 0xfff) {
2512
+
case 0x910: /* GalePeak2 */
2513
+
reset_payload[2] = RESET_TYPE_VSEC;
2514
+
break;
2515
+
default:
2516
+
/* WDISABLE2 is the default reset method */
2517
+
reset_payload[2] = RESET_TYPE_WDISABLE2;
2518
+
2519
+
if (!acpi_check_dsm(handle, &btintel_guid_dsm, 0,
2520
+
BIT(DSM_SET_WDISABLE2_DELAY))) {
2521
+
bt_dev_err(hdev, "No dsm support to set reset delay");
2522
+
return;
2523
+
}
2524
+
argv4.integer.type = ACPI_TYPE_INTEGER;
2525
+
/* delay required to toggle BT power */
2526
+
argv4.integer.value = 160;
2527
+
obj = acpi_evaluate_dsm(handle, &btintel_guid_dsm, 0,
2528
+
DSM_SET_WDISABLE2_DELAY, &argv4);
2529
+
if (!obj) {
2530
+
bt_dev_err(hdev, "Failed to call dsm to set reset delay");
2531
+
return;
2532
+
}
2533
+
ACPI_FREE(obj);
2534
+
}
2535
+
2536
+
bt_dev_info(hdev, "DSM reset method type: 0x%02x", reset_payload[2]);
2537
+
2538
+
if (!acpi_check_dsm(handle, &btintel_guid_dsm, 0,
2539
+
DSM_SET_RESET_METHOD)) {
2540
+
bt_dev_warn(hdev, "No support for dsm to set reset method");
2541
+
return;
2542
+
}
2543
+
argv4.buffer.type = ACPI_TYPE_BUFFER;
2544
+
argv4.buffer.length = sizeof(reset_payload);
2545
+
argv4.buffer.pointer = reset_payload;
2546
+
2547
+
obj = acpi_evaluate_dsm(handle, &btintel_guid_dsm, 0,
2548
+
DSM_SET_RESET_METHOD, &argv4);
2549
+
if (!obj) {
2550
+
bt_dev_err(hdev, "Failed to call dsm to set reset method");
2551
+
return;
2552
+
}
2553
+
ACPI_FREE(obj);
2554
+
data->acpi_reset_method = btintel_acpi_reset_method;
2555
+
}
2556
+
2458
2557
static int btintel_bootloader_setup_tlv(struct hci_dev *hdev,
2459
2558
struct intel_version_tlv *ver)
2460
2559
{
···
2649
2528
case 0x18:
2650
2529
case 0x19:
2651
2530
case 0x1b:
2531
+
case 0x1c:
2652
2532
hci_set_msft_opcode(hdev, 0xFC1E);
2653
2533
break;
2654
2534
default:
···
2864
2742
case 0x18:
2865
2743
case 0x19:
2866
2744
case 0x1b:
2745
+
case 0x1c:
2867
2746
/* Display version information of TLV type */
2868
2747
btintel_version_info_tlv(hdev, &ver_tlv);
2869
2748
···
2880
2757
/* Setup MSFT Extension support */
2881
2758
btintel_set_msft_opcode(hdev,
2882
2759
INTEL_HW_VARIANT(ver_tlv.cnvi_bt));
2760
+
btintel_set_dsm_reset_method(hdev, &ver_tlv);
2883
2761
2884
2762
err = btintel_bootloader_setup_tlv(hdev, &ver_tlv);
2885
2763
btintel_register_devcoredump_support(hdev);
···
2947
2823
return 0;
2948
2824
}
2949
2825
EXPORT_SYMBOL_GPL(btintel_configure_setup);
2826
+
2827
+
static int btintel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
2828
+
{
2829
+
struct intel_tlv *tlv = (void *)&skb->data[5];
2830
+
2831
+
/* The first event is always an event type TLV */
2832
+
if (tlv->type != INTEL_TLV_TYPE_ID)
2833
+
goto recv_frame;
2834
+
2835
+
switch (tlv->val[0]) {
2836
+
case INTEL_TLV_SYSTEM_EXCEPTION:
2837
+
case INTEL_TLV_FATAL_EXCEPTION:
2838
+
case INTEL_TLV_DEBUG_EXCEPTION:
2839
+
case INTEL_TLV_TEST_EXCEPTION:
2840
+
/* Generate devcoredump from exception */
2841
+
if (!hci_devcd_init(hdev, skb->len)) {
2842
+
hci_devcd_append(hdev, skb);
2843
+
hci_devcd_complete(hdev);
2844
+
} else {
2845
+
bt_dev_err(hdev, "Failed to generate devcoredump");
2846
+
kfree_skb(skb);
2847
+
}
2848
+
return 0;
2849
+
default:
2850
+
bt_dev_err(hdev, "Invalid exception type %02X", tlv->val[0]);
2851
+
}
2852
+
2853
+
recv_frame:
2854
+
return hci_recv_frame(hdev, skb);
2855
+
}
2856
+
2857
+
int btintel_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
2858
+
{
2859
+
struct hci_event_hdr *hdr = (void *)skb->data;
2860
+
const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
2861
+
2862
+
if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
2863
+
hdr->plen > 0) {
2864
+
const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
2865
+
unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
2866
+
2867
+
if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2868
+
switch (skb->data[2]) {
2869
+
case 0x02:
2870
+
/* When switching to the operational firmware
2871
+
* the device sends a vendor specific event
2872
+
* indicating that the bootup completed.
2873
+
*/
2874
+
btintel_bootup(hdev, ptr, len);
2875
+
break;
2876
+
case 0x06:
2877
+
/* When the firmware loading completes the
2878
+
* device sends out a vendor specific event
2879
+
* indicating the result of the firmware
2880
+
* loading.
2881
+
*/
2882
+
btintel_secure_send_result(hdev, ptr, len);
2883
+
break;
2884
+
}
2885
+
}
2886
+
2887
+
/* Handle all diagnostics events separately. May still call
2888
+
* hci_recv_frame.
2889
+
*/
2890
+
if (len >= sizeof(diagnostics_hdr) &&
2891
+
memcmp(&skb->data[2], diagnostics_hdr,
2892
+
sizeof(diagnostics_hdr)) == 0) {
2893
+
return btintel_diagnostics(hdev, skb);
2894
+
}
2895
+
}
2896
+
2897
+
return hci_recv_frame(hdev, skb);
2898
+
}
2899
+
EXPORT_SYMBOL_GPL(btintel_recv_event);
2950
2900
2951
2901
void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len)
2952
2902
{
+3
drivers/bluetooth/btintel.h
+3
drivers/bluetooth/btintel.h
···
166
166
INTEL_BROKEN_SHUTDOWN_LED,
167
167
INTEL_ROM_LEGACY,
168
168
INTEL_ROM_LEGACY_NO_WBS_SUPPORT,
169
+
INTEL_ACPI_RESET_ACTIVE,
169
170
170
171
__INTEL_NUM_FLAGS,
171
172
};
172
173
173
174
struct btintel_data {
174
175
DECLARE_BITMAP(flags, __INTEL_NUM_FLAGS);
176
+
int (*acpi_reset_method)(struct hci_dev *hdev);
175
177
};
176
178
177
179
#define btintel_set_flag(hdev, nr) \
···
222
220
int btintel_download_firmware(struct hci_dev *dev, struct intel_version *ver,
223
221
const struct firmware *fw, u32 *boot_param);
224
222
int btintel_configure_setup(struct hci_dev *hdev, const char *driver_name);
223
+
int btintel_recv_event(struct hci_dev *hdev, struct sk_buff *skb);
225
224
void btintel_bootup(struct hci_dev *hdev, const void *ptr, unsigned int len);
226
225
void btintel_secure_send_result(struct hci_dev *hdev,
227
226
const void *ptr, unsigned int len);
+133
drivers/bluetooth/btmtk.c
+133
drivers/bluetooth/btmtk.c
···
53
53
};
54
54
} __packed;
55
55
56
+
static void btmtk_coredump(struct hci_dev *hdev)
57
+
{
58
+
int err;
59
+
60
+
err = __hci_cmd_send(hdev, 0xfd5b, 0, NULL);
61
+
if (err < 0)
62
+
bt_dev_err(hdev, "Coredump failed (%d)", err);
63
+
}
64
+
65
+
static void btmtk_coredump_hdr(struct hci_dev *hdev, struct sk_buff *skb)
66
+
{
67
+
struct btmediatek_data *data = hci_get_priv(hdev);
68
+
char buf[80];
69
+
70
+
snprintf(buf, sizeof(buf), "Controller Name: 0x%X\n",
71
+
data->dev_id);
72
+
skb_put_data(skb, buf, strlen(buf));
73
+
74
+
snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
75
+
data->cd_info.fw_version);
76
+
skb_put_data(skb, buf, strlen(buf));
77
+
78
+
snprintf(buf, sizeof(buf), "Driver: %s\n",
79
+
data->cd_info.driver_name);
80
+
skb_put_data(skb, buf, strlen(buf));
81
+
82
+
snprintf(buf, sizeof(buf), "Vendor: MediaTek\n");
83
+
skb_put_data(skb, buf, strlen(buf));
84
+
}
85
+
86
+
static void btmtk_coredump_notify(struct hci_dev *hdev, int state)
87
+
{
88
+
struct btmediatek_data *data = hci_get_priv(hdev);
89
+
90
+
switch (state) {
91
+
case HCI_DEVCOREDUMP_IDLE:
92
+
data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
93
+
break;
94
+
case HCI_DEVCOREDUMP_ACTIVE:
95
+
data->cd_info.state = HCI_DEVCOREDUMP_ACTIVE;
96
+
break;
97
+
case HCI_DEVCOREDUMP_TIMEOUT:
98
+
case HCI_DEVCOREDUMP_ABORT:
99
+
case HCI_DEVCOREDUMP_DONE:
100
+
data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
101
+
btmtk_reset_sync(hdev);
102
+
break;
103
+
}
104
+
}
105
+
56
106
int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
57
107
wmt_cmd_sync_func_t wmt_cmd_sync)
58
108
{
59
109
struct btmtk_hci_wmt_params wmt_params;
110
+
struct btmtk_patch_header *hdr;
60
111
struct btmtk_global_desc *globaldesc = NULL;
61
112
struct btmtk_section_map *sectionmap;
62
113
const struct firmware *fw;
···
126
75
127
76
fw_ptr = fw->data;
128
77
fw_bin_ptr = fw_ptr;
78
+
hdr = (struct btmtk_patch_header *)fw_ptr;
129
79
globaldesc = (struct btmtk_global_desc *)(fw_ptr + MTK_FW_ROM_PATCH_HEADER_SIZE);
130
80
section_num = le32_to_cpu(globaldesc->section_num);
81
+
82
+
bt_dev_info(hdev, "HW/SW Version: 0x%04x%04x, Build Time: %s",
83
+
le16_to_cpu(hdr->hwver), le16_to_cpu(hdr->swver), hdr->datetime);
131
84
132
85
for (i = 0; i < section_num; i++) {
133
86
first_block = 1;
···
335
280
}
336
281
EXPORT_SYMBOL_GPL(btmtk_set_bdaddr);
337
282
283
+
void btmtk_reset_sync(struct hci_dev *hdev)
284
+
{
285
+
struct btmediatek_data *reset_work = hci_get_priv(hdev);
286
+
int err;
287
+
288
+
hci_dev_lock(hdev);
289
+
290
+
err = hci_cmd_sync_queue(hdev, reset_work->reset_sync, NULL, NULL);
291
+
if (err)
292
+
bt_dev_err(hdev, "failed to reset (%d)", err);
293
+
294
+
hci_dev_unlock(hdev);
295
+
}
296
+
EXPORT_SYMBOL_GPL(btmtk_reset_sync);
297
+
298
+
int btmtk_register_coredump(struct hci_dev *hdev, const char *name,
299
+
u32 fw_version)
300
+
{
301
+
struct btmediatek_data *data = hci_get_priv(hdev);
302
+
303
+
if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
304
+
return -EOPNOTSUPP;
305
+
306
+
data->cd_info.fw_version = fw_version;
307
+
data->cd_info.state = HCI_DEVCOREDUMP_IDLE;
308
+
data->cd_info.driver_name = name;
309
+
310
+
return hci_devcd_register(hdev, btmtk_coredump, btmtk_coredump_hdr,
311
+
btmtk_coredump_notify);
312
+
}
313
+
EXPORT_SYMBOL_GPL(btmtk_register_coredump);
314
+
315
+
int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
316
+
{
317
+
struct btmediatek_data *data = hci_get_priv(hdev);
318
+
int err;
319
+
320
+
if (!IS_ENABLED(CONFIG_DEV_COREDUMP))
321
+
return 0;
322
+
323
+
switch (data->cd_info.state) {
324
+
case HCI_DEVCOREDUMP_IDLE:
325
+
err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE);
326
+
if (err < 0)
327
+
break;
328
+
data->cd_info.cnt = 0;
329
+
330
+
/* It is supposed coredump can be done within 5 seconds */
331
+
schedule_delayed_work(&hdev->dump.dump_timeout,
332
+
msecs_to_jiffies(5000));
333
+
fallthrough;
334
+
case HCI_DEVCOREDUMP_ACTIVE:
335
+
default:
336
+
err = hci_devcd_append(hdev, skb);
337
+
if (err < 0)
338
+
break;
339
+
data->cd_info.cnt++;
340
+
341
+
/* Mediatek coredump data would be more than MTK_COREDUMP_NUM */
342
+
if (data->cd_info.cnt > MTK_COREDUMP_NUM &&
343
+
skb->len > MTK_COREDUMP_END_LEN)
344
+
if (!memcmp((char *)&skb->data[skb->len - MTK_COREDUMP_END_LEN],
345
+
MTK_COREDUMP_END, MTK_COREDUMP_END_LEN - 1)) {
346
+
bt_dev_info(hdev, "Mediatek coredump end");
347
+
hci_devcd_complete(hdev);
348
+
}
349
+
350
+
break;
351
+
}
352
+
353
+
if (err < 0)
354
+
kfree_skb(skb);
355
+
356
+
return err;
357
+
}
358
+
EXPORT_SYMBOL_GPL(btmtk_process_coredump);
359
+
338
360
MODULE_AUTHOR("Sean Wang <sean.wang@mediatek.com>");
339
361
MODULE_AUTHOR("Mark Chen <mark-yw.chen@mediatek.com>");
340
362
MODULE_DESCRIPTION("Bluetooth support for MediaTek devices ver " VERSION);
···
421
289
MODULE_FIRMWARE(FIRMWARE_MT7663);
422
290
MODULE_FIRMWARE(FIRMWARE_MT7668);
423
291
MODULE_FIRMWARE(FIRMWARE_MT7961);
292
+
MODULE_FIRMWARE(FIRMWARE_MT7925);
+42
drivers/bluetooth/btmtk.h
+42
drivers/bluetooth/btmtk.h
···
5
5
#define FIRMWARE_MT7663 "mediatek/mt7663pr2h.bin"
6
6
#define FIRMWARE_MT7668 "mediatek/mt7668pr2h.bin"
7
7
#define FIRMWARE_MT7961 "mediatek/BT_RAM_CODE_MT7961_1_2_hdr.bin"
8
+
#define FIRMWARE_MT7925 "mediatek/mt7925/BT_RAM_CODE_MT7925_1_1_hdr.bin"
8
9
9
10
#define HCI_EV_WMT 0xe4
10
11
#define HCI_WMT_MAX_EVENT_SIZE 64
···
21
20
22
21
#define MT7921_DLSTATUS 0x7c053c10
23
22
#define BT_DL_STATE BIT(1)
23
+
24
+
#define MTK_COREDUMP_SIZE (1024 * 1000)
25
+
#define MTK_COREDUMP_END "coredump end"
26
+
#define MTK_COREDUMP_END_LEN (sizeof(MTK_COREDUMP_END))
27
+
#define MTK_COREDUMP_NUM 255
24
28
25
29
enum {
26
30
BTMTK_WMT_PATCH_DWNLD = 0x1,
···
125
119
u32 *status;
126
120
};
127
121
122
+
typedef int (*btmtk_reset_sync_func_t)(struct hci_dev *, void *);
123
+
124
+
struct btmtk_coredump_info {
125
+
const char *driver_name;
126
+
u32 fw_version;
127
+
u16 cnt;
128
+
int state;
129
+
};
130
+
131
+
struct btmediatek_data {
132
+
u32 dev_id;
133
+
btmtk_reset_sync_func_t reset_sync;
134
+
struct btmtk_coredump_info cd_info;
135
+
};
136
+
128
137
typedef int (*wmt_cmd_sync_func_t)(struct hci_dev *,
129
138
struct btmtk_hci_wmt_params *);
130
139
···
152
131
153
132
int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname,
154
133
wmt_cmd_sync_func_t wmt_cmd_sync);
134
+
135
+
void btmtk_reset_sync(struct hci_dev *hdev);
136
+
137
+
int btmtk_register_coredump(struct hci_dev *hdev, const char *name,
138
+
u32 fw_version);
139
+
140
+
int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb);
155
141
#else
156
142
157
143
static inline int btmtk_set_bdaddr(struct hci_dev *hdev,
···
179
151
return -EOPNOTSUPP;
180
152
}
181
153
154
+
static void btmtk_reset_sync(struct hci_dev *hdev)
155
+
{
156
+
}
157
+
158
+
static int btmtk_register_coredump(struct hci_dev *hdev, const char *name,
159
+
u32 fw_version)
160
+
{
161
+
return -EOPNOTSUPP;
162
+
}
163
+
164
+
static int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
165
+
{
166
+
return -EOPNOTSUPP;
167
+
}
182
168
#endif
-1
drivers/bluetooth/btmtkuart.c
-1
drivers/bluetooth/btmtkuart.c
+31
-8
drivers/bluetooth/btnxpuart.c
+31
-8
drivers/bluetooth/btnxpuart.c
···
29
29
#define BTNXPUART_CHECK_BOOT_SIGNATURE 3
30
30
#define BTNXPUART_SERDEV_OPEN 4
31
31
32
-
#define FIRMWARE_W8987 "nxp/uartuart8987_bt.bin"
33
-
#define FIRMWARE_W8997 "nxp/uartuart8997_bt_v4.bin"
34
-
#define FIRMWARE_W9098 "nxp/uartuart9098_bt_v1.bin"
35
-
#define FIRMWARE_IW416 "nxp/uartiw416_bt_v0.bin"
36
-
#define FIRMWARE_IW612 "nxp/uartspi_n61x_v1.bin.se"
37
-
#define FIRMWARE_HELPER "nxp/helper_uart_3000000.bin"
32
+
#define FIRMWARE_W8987 "nxp/uartuart8987_bt.bin"
33
+
#define FIRMWARE_W8997 "nxp/uartuart8997_bt_v4.bin"
34
+
#define FIRMWARE_W9098 "nxp/uartuart9098_bt_v1.bin"
35
+
#define FIRMWARE_IW416 "nxp/uartiw416_bt_v0.bin"
36
+
#define FIRMWARE_IW612 "nxp/uartspi_n61x_v1.bin.se"
37
+
#define FIRMWARE_AW693 "nxp/uartaw693_bt.bin"
38
+
#define FIRMWARE_SECURE_AW693 "nxp/uartaw693_bt.bin.se"
39
+
#define FIRMWARE_HELPER "nxp/helper_uart_3000000.bin"
38
40
39
41
#define CHIP_ID_W9098 0x5c03
40
42
#define CHIP_ID_IW416 0x7201
41
43
#define CHIP_ID_IW612 0x7601
44
+
#define CHIP_ID_AW693 0x8200
45
+
46
+
#define FW_SECURE_MASK 0xc0
47
+
#define FW_OPEN 0x00
48
+
#define FW_AUTH_ILLEGAL 0x40
49
+
#define FW_AUTH_PLAIN 0x80
50
+
#define FW_AUTH_ENC 0xc0
42
51
43
52
#define HCI_NXP_PRI_BAUDRATE 115200
44
53
#define HCI_NXP_SEC_BAUDRATE 3000000
···
674
665
struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
675
666
int err = 0;
676
667
668
+
if (!fw_name)
669
+
return -ENOENT;
670
+
677
671
if (!strlen(nxpdev->fw_name)) {
678
672
snprintf(nxpdev->fw_name, MAX_FW_FILE_NAME_LEN, "%s", fw_name);
679
673
···
824
812
return 0;
825
813
}
826
814
827
-
static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid)
815
+
static char *nxp_get_fw_name_from_chipid(struct hci_dev *hdev, u16 chipid,
816
+
u8 loader_ver)
828
817
{
829
818
char *fw_name = NULL;
830
819
···
839
826
case CHIP_ID_IW612:
840
827
fw_name = FIRMWARE_IW612;
841
828
break;
829
+
case CHIP_ID_AW693:
830
+
if ((loader_ver & FW_SECURE_MASK) == FW_OPEN)
831
+
fw_name = FIRMWARE_AW693;
832
+
else if ((loader_ver & FW_SECURE_MASK) != FW_AUTH_ILLEGAL)
833
+
fw_name = FIRMWARE_SECURE_AW693;
834
+
else
835
+
bt_dev_err(hdev, "Illegal loader version %02x", loader_ver);
836
+
break;
842
837
default:
843
838
bt_dev_err(hdev, "Unknown chip signature %04x", chipid);
844
839
break;
···
859
838
struct v3_start_ind *req = skb_pull_data(skb, sizeof(*req));
860
839
struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
861
840
u16 chip_id;
841
+
u8 loader_ver;
862
842
863
843
if (!process_boot_signature(nxpdev))
864
844
goto free_skb;
865
845
866
846
chip_id = le16_to_cpu(req->chip_id);
847
+
loader_ver = req->loader_ver;
867
848
if (!nxp_request_firmware(hdev, nxp_get_fw_name_from_chipid(hdev,
868
-
chip_id)))
849
+
chip_id, loader_ver)))
869
850
nxp_send_ack(NXP_ACK_V3, hdev);
870
851
871
852
free_skb:
+11
-2
drivers/bluetooth/btqca.c
+11
-2
drivers/bluetooth/btqca.c
···
594
594
/* Firmware files to download are based on ROM version.
595
595
* ROM version is derived from last two bytes of soc_ver.
596
596
*/
597
-
rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f);
597
+
if (soc_type == QCA_WCN3988)
598
+
rom_ver = ((soc_ver & 0x00000f00) >> 0x05) | (soc_ver & 0x0000000f);
599
+
else
600
+
rom_ver = ((soc_ver & 0x00000f00) >> 0x04) | (soc_ver & 0x0000000f);
598
601
599
602
if (soc_type == QCA_WCN6750)
600
603
qca_send_patch_config_cmd(hdev);
601
604
602
605
/* Download rampatch file */
603
606
config.type = TLV_TYPE_PATCH;
604
-
if (qca_is_wcn399x(soc_type)) {
607
+
if (soc_type == QCA_WCN3988) {
608
+
snprintf(config.fwname, sizeof(config.fwname),
609
+
"qca/apbtfw%02x.tlv", rom_ver);
610
+
} else if (qca_is_wcn399x(soc_type)) {
605
611
snprintf(config.fwname, sizeof(config.fwname),
606
612
"qca/crbtfw%02x.tlv", rom_ver);
607
613
} else if (soc_type == QCA_QCA6390) {
···
642
636
if (firmware_name)
643
637
snprintf(config.fwname, sizeof(config.fwname),
644
638
"qca/%s", firmware_name);
639
+
else if (soc_type == QCA_WCN3988)
640
+
snprintf(config.fwname, sizeof(config.fwname),
641
+
"qca/apnv%02x.bin", rom_ver);
645
642
else if (qca_is_wcn399x(soc_type)) {
646
643
if (le32_to_cpu(ver.soc_id) == QCA_WCN3991_SOC_ID) {
647
644
snprintf(config.fwname, sizeof(config.fwname),
+10
-2
drivers/bluetooth/btqca.h
+10
-2
drivers/bluetooth/btqca.h
···
142
142
QCA_INVALID = -1,
143
143
QCA_AR3002,
144
144
QCA_ROME,
145
+
QCA_WCN3988,
145
146
QCA_WCN3990,
146
147
QCA_WCN3998,
147
148
QCA_WCN3991,
···
163
162
int qca_send_pre_shutdown_cmd(struct hci_dev *hdev);
164
163
static inline bool qca_is_wcn399x(enum qca_btsoc_type soc_type)
165
164
{
166
-
return soc_type == QCA_WCN3990 || soc_type == QCA_WCN3991 ||
167
-
soc_type == QCA_WCN3998;
165
+
switch (soc_type) {
166
+
case QCA_WCN3988:
167
+
case QCA_WCN3990:
168
+
case QCA_WCN3991:
169
+
case QCA_WCN3998:
170
+
return true;
171
+
default:
172
+
return false;
173
+
}
168
174
}
169
175
static inline bool qca_is_wcn6750(enum qca_btsoc_type soc_type)
170
176
{
+173
-60
drivers/bluetooth/btrtl.c
+173
-60
drivers/bluetooth/btrtl.c
···
32
32
#define RTL_ROM_LMP_8851B 0x8851
33
33
#define RTL_CONFIG_MAGIC 0x8723ab55
34
34
35
+
#define RTL_VSC_OP_COREDUMP 0xfcff
36
+
35
37
#define IC_MATCH_FL_LMPSUBV (1 << 0)
36
38
#define IC_MATCH_FL_HCIREV (1 << 1)
37
39
#define IC_MATCH_FL_HCIVER (1 << 2)
···
83
81
bool has_msft_ext;
84
82
char *fw_name;
85
83
char *cfg_name;
84
+
char *hw_info;
86
85
};
87
86
88
87
struct btrtl_device_info {
···
104
101
{ IC_INFO(RTL_ROM_LMP_8723A, 0xb, 0x6, HCI_USB),
105
102
.config_needed = false,
106
103
.has_rom_version = false,
107
-
.fw_name = "rtl_bt/rtl8723a_fw.bin",
108
-
.cfg_name = NULL },
104
+
.fw_name = "rtl_bt/rtl8723a_fw",
105
+
.cfg_name = NULL,
106
+
.hw_info = "rtl8723au" },
109
107
110
108
/* 8723BS */
111
109
{ IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_UART),
112
110
.config_needed = true,
113
111
.has_rom_version = true,
114
-
.fw_name = "rtl_bt/rtl8723bs_fw.bin",
115
-
.cfg_name = "rtl_bt/rtl8723bs_config" },
112
+
.fw_name = "rtl_bt/rtl8723bs_fw",
113
+
.cfg_name = "rtl_bt/rtl8723bs_config",
114
+
.hw_info = "rtl8723bs" },
116
115
117
116
/* 8723B */
118
117
{ IC_INFO(RTL_ROM_LMP_8723B, 0xb, 0x6, HCI_USB),
119
118
.config_needed = false,
120
119
.has_rom_version = true,
121
-
.fw_name = "rtl_bt/rtl8723b_fw.bin",
122
-
.cfg_name = "rtl_bt/rtl8723b_config" },
120
+
.fw_name = "rtl_bt/rtl8723b_fw",
121
+
.cfg_name = "rtl_bt/rtl8723b_config",
122
+
.hw_info = "rtl8723bu" },
123
123
124
124
/* 8723CS-CG */
125
125
{ .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
···
132
126
.hci_bus = HCI_UART,
133
127
.config_needed = true,
134
128
.has_rom_version = true,
135
-
.fw_name = "rtl_bt/rtl8723cs_cg_fw.bin",
136
-
.cfg_name = "rtl_bt/rtl8723cs_cg_config" },
129
+
.fw_name = "rtl_bt/rtl8723cs_cg_fw",
130
+
.cfg_name = "rtl_bt/rtl8723cs_cg_config",
131
+
.hw_info = "rtl8723cs-cg" },
137
132
138
133
/* 8723CS-VF */
139
134
{ .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
···
144
137
.hci_bus = HCI_UART,
145
138
.config_needed = true,
146
139
.has_rom_version = true,
147
-
.fw_name = "rtl_bt/rtl8723cs_vf_fw.bin",
148
-
.cfg_name = "rtl_bt/rtl8723cs_vf_config" },
140
+
.fw_name = "rtl_bt/rtl8723cs_vf_fw",
141
+
.cfg_name = "rtl_bt/rtl8723cs_vf_config",
142
+
.hw_info = "rtl8723cs-vf" },
149
143
150
144
/* 8723CS-XX */
151
145
{ .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_CHIP_TYPE |
···
156
148
.hci_bus = HCI_UART,
157
149
.config_needed = true,
158
150
.has_rom_version = true,
159
-
.fw_name = "rtl_bt/rtl8723cs_xx_fw.bin",
160
-
.cfg_name = "rtl_bt/rtl8723cs_xx_config" },
151
+
.fw_name = "rtl_bt/rtl8723cs_xx_fw",
152
+
.cfg_name = "rtl_bt/rtl8723cs_xx_config",
153
+
.hw_info = "rtl8723cs" },
161
154
162
155
/* 8723D */
163
156
{ IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_USB),
164
157
.config_needed = true,
165
158
.has_rom_version = true,
166
-
.fw_name = "rtl_bt/rtl8723d_fw.bin",
167
-
.cfg_name = "rtl_bt/rtl8723d_config" },
159
+
.fw_name = "rtl_bt/rtl8723d_fw",
160
+
.cfg_name = "rtl_bt/rtl8723d_config",
161
+
.hw_info = "rtl8723du" },
168
162
169
163
/* 8723DS */
170
164
{ IC_INFO(RTL_ROM_LMP_8723B, 0xd, 0x8, HCI_UART),
171
165
.config_needed = true,
172
166
.has_rom_version = true,
173
-
.fw_name = "rtl_bt/rtl8723ds_fw.bin",
174
-
.cfg_name = "rtl_bt/rtl8723ds_config" },
167
+
.fw_name = "rtl_bt/rtl8723ds_fw",
168
+
.cfg_name = "rtl_bt/rtl8723ds_config",
169
+
.hw_info = "rtl8723ds" },
175
170
176
171
/* 8821A */
177
172
{ IC_INFO(RTL_ROM_LMP_8821A, 0xa, 0x6, HCI_USB),
178
173
.config_needed = false,
179
174
.has_rom_version = true,
180
-
.fw_name = "rtl_bt/rtl8821a_fw.bin",
181
-
.cfg_name = "rtl_bt/rtl8821a_config" },
175
+
.fw_name = "rtl_bt/rtl8821a_fw",
176
+
.cfg_name = "rtl_bt/rtl8821a_config",
177
+
.hw_info = "rtl8821au" },
182
178
183
179
/* 8821C */
184
180
{ IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_USB),
185
181
.config_needed = false,
186
182
.has_rom_version = true,
187
183
.has_msft_ext = true,
188
-
.fw_name = "rtl_bt/rtl8821c_fw.bin",
189
-
.cfg_name = "rtl_bt/rtl8821c_config" },
184
+
.fw_name = "rtl_bt/rtl8821c_fw",
185
+
.cfg_name = "rtl_bt/rtl8821c_config",
186
+
.hw_info = "rtl8821cu" },
190
187
191
188
/* 8821CS */
192
189
{ IC_INFO(RTL_ROM_LMP_8821A, 0xc, 0x8, HCI_UART),
193
190
.config_needed = true,
194
191
.has_rom_version = true,
195
192
.has_msft_ext = true,
196
-
.fw_name = "rtl_bt/rtl8821cs_fw.bin",
197
-
.cfg_name = "rtl_bt/rtl8821cs_config" },
193
+
.fw_name = "rtl_bt/rtl8821cs_fw",
194
+
.cfg_name = "rtl_bt/rtl8821cs_config",
195
+
.hw_info = "rtl8821cs" },
198
196
199
197
/* 8761A */
200
198
{ IC_INFO(RTL_ROM_LMP_8761A, 0xa, 0x6, HCI_USB),
201
199
.config_needed = false,
202
200
.has_rom_version = true,
203
-
.fw_name = "rtl_bt/rtl8761a_fw.bin",
204
-
.cfg_name = "rtl_bt/rtl8761a_config" },
201
+
.fw_name = "rtl_bt/rtl8761a_fw",
202
+
.cfg_name = "rtl_bt/rtl8761a_config",
203
+
.hw_info = "rtl8761au" },
205
204
206
205
/* 8761B */
207
206
{ IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_UART),
208
207
.config_needed = false,
209
208
.has_rom_version = true,
210
209
.has_msft_ext = true,
211
-
.fw_name = "rtl_bt/rtl8761b_fw.bin",
212
-
.cfg_name = "rtl_bt/rtl8761b_config" },
210
+
.fw_name = "rtl_bt/rtl8761b_fw",
211
+
.cfg_name = "rtl_bt/rtl8761b_config",
212
+
.hw_info = "rtl8761btv" },
213
213
214
214
/* 8761BU */
215
215
{ IC_INFO(RTL_ROM_LMP_8761A, 0xb, 0xa, HCI_USB),
216
216
.config_needed = false,
217
217
.has_rom_version = true,
218
-
.fw_name = "rtl_bt/rtl8761bu_fw.bin",
219
-
.cfg_name = "rtl_bt/rtl8761bu_config" },
218
+
.fw_name = "rtl_bt/rtl8761bu_fw",
219
+
.cfg_name = "rtl_bt/rtl8761bu_config",
220
+
.hw_info = "rtl8761bu" },
220
221
221
222
/* 8822C with UART interface */
222
223
{ IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART),
223
224
.config_needed = true,
224
225
.has_rom_version = true,
225
226
.has_msft_ext = true,
226
-
.fw_name = "rtl_bt/rtl8822cs_fw.bin",
227
-
.cfg_name = "rtl_bt/rtl8822cs_config" },
227
+
.fw_name = "rtl_bt/rtl8822cs_fw",
228
+
.cfg_name = "rtl_bt/rtl8822cs_config",
229
+
.hw_info = "rtl8822cs" },
228
230
229
231
/* 8822C with UART interface */
230
232
{ IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_UART),
231
233
.config_needed = true,
232
234
.has_rom_version = true,
233
235
.has_msft_ext = true,
234
-
.fw_name = "rtl_bt/rtl8822cs_fw.bin",
235
-
.cfg_name = "rtl_bt/rtl8822cs_config" },
236
+
.fw_name = "rtl_bt/rtl8822cs_fw",
237
+
.cfg_name = "rtl_bt/rtl8822cs_config",
238
+
.hw_info = "rtl8822cs" },
236
239
237
240
/* 8822C with USB interface */
238
241
{ IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0xa, HCI_USB),
239
242
.config_needed = false,
240
243
.has_rom_version = true,
241
244
.has_msft_ext = true,
242
-
.fw_name = "rtl_bt/rtl8822cu_fw.bin",
243
-
.cfg_name = "rtl_bt/rtl8822cu_config" },
245
+
.fw_name = "rtl_bt/rtl8822cu_fw",
246
+
.cfg_name = "rtl_bt/rtl8822cu_config",
247
+
.hw_info = "rtl8822cu" },
244
248
245
249
/* 8822B */
246
250
{ IC_INFO(RTL_ROM_LMP_8822B, 0xb, 0x7, HCI_USB),
247
251
.config_needed = true,
248
252
.has_rom_version = true,
249
253
.has_msft_ext = true,
250
-
.fw_name = "rtl_bt/rtl8822b_fw.bin",
251
-
.cfg_name = "rtl_bt/rtl8822b_config" },
254
+
.fw_name = "rtl_bt/rtl8822b_fw",
255
+
.cfg_name = "rtl_bt/rtl8822b_config",
256
+
.hw_info = "rtl8822bu" },
252
257
253
258
/* 8852A */
254
259
{ IC_INFO(RTL_ROM_LMP_8852A, 0xa, 0xb, HCI_USB),
255
260
.config_needed = false,
256
261
.has_rom_version = true,
257
262
.has_msft_ext = true,
258
-
.fw_name = "rtl_bt/rtl8852au_fw.bin",
259
-
.cfg_name = "rtl_bt/rtl8852au_config" },
263
+
.fw_name = "rtl_bt/rtl8852au_fw",
264
+
.cfg_name = "rtl_bt/rtl8852au_config",
265
+
.hw_info = "rtl8852au" },
260
266
261
267
/* 8852B with UART interface */
262
268
{ IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_UART),
263
269
.config_needed = true,
264
270
.has_rom_version = true,
265
271
.has_msft_ext = true,
266
-
.fw_name = "rtl_bt/rtl8852bs_fw.bin",
267
-
.cfg_name = "rtl_bt/rtl8852bs_config" },
272
+
.fw_name = "rtl_bt/rtl8852bs_fw",
273
+
.cfg_name = "rtl_bt/rtl8852bs_config",
274
+
.hw_info = "rtl8852bs" },
268
275
269
276
/* 8852B */
270
277
{ IC_INFO(RTL_ROM_LMP_8852A, 0xb, 0xb, HCI_USB),
271
278
.config_needed = false,
272
279
.has_rom_version = true,
273
280
.has_msft_ext = true,
274
-
.fw_name = "rtl_bt/rtl8852bu_fw.bin",
275
-
.cfg_name = "rtl_bt/rtl8852bu_config" },
281
+
.fw_name = "rtl_bt/rtl8852bu_fw",
282
+
.cfg_name = "rtl_bt/rtl8852bu_config",
283
+
.hw_info = "rtl8852bu" },
276
284
277
285
/* 8852C */
278
286
{ IC_INFO(RTL_ROM_LMP_8852A, 0xc, 0xc, HCI_USB),
279
287
.config_needed = false,
280
288
.has_rom_version = true,
281
289
.has_msft_ext = true,
282
-
.fw_name = "rtl_bt/rtl8852cu_fw.bin",
283
-
.cfg_name = "rtl_bt/rtl8852cu_config" },
290
+
.fw_name = "rtl_bt/rtl8852cu_fw",
291
+
.cfg_name = "rtl_bt/rtl8852cu_config",
292
+
.hw_info = "rtl8852cu" },
284
293
285
294
/* 8851B */
286
295
{ IC_INFO(RTL_ROM_LMP_8851B, 0xb, 0xc, HCI_USB),
287
296
.config_needed = false,
288
297
.has_rom_version = true,
289
298
.has_msft_ext = false,
290
-
.fw_name = "rtl_bt/rtl8851bu_fw.bin",
291
-
.cfg_name = "rtl_bt/rtl8851bu_config" },
299
+
.fw_name = "rtl_bt/rtl8851bu_fw",
300
+
.cfg_name = "rtl_bt/rtl8851bu_config",
301
+
.hw_info = "rtl8851bu" },
292
302
};
293
303
294
304
static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
···
616
590
unsigned char **_buf)
617
591
{
618
592
static const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 };
593
+
struct btrealtek_data *coredump_info = hci_get_priv(hdev);
619
594
struct rtl_epatch_header *epatch_info;
620
595
unsigned char *buf;
621
596
int i, len;
···
732
705
733
706
epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
734
707
num_patches = le16_to_cpu(epatch_info->num_patches);
708
+
735
709
BT_DBG("fw_version=%x, num_patches=%d",
736
710
le32_to_cpu(epatch_info->fw_version), num_patches);
711
+
coredump_info->rtl_dump.fw_version = le32_to_cpu(epatch_info->fw_version);
737
712
738
713
/* After the rtl_epatch_header there is a funky patch metadata section.
739
714
* Assuming 2 patches, the layout is:
···
932
903
return ret;
933
904
}
934
905
906
+
static void btrtl_coredump(struct hci_dev *hdev)
907
+
{
908
+
static const u8 param[] = { 0x00, 0x00 };
909
+
910
+
__hci_cmd_send(hdev, RTL_VSC_OP_COREDUMP, sizeof(param), param);
911
+
}
912
+
913
+
static void btrtl_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
914
+
{
915
+
struct btrealtek_data *coredump_info = hci_get_priv(hdev);
916
+
char buf[80];
917
+
918
+
if (coredump_info->rtl_dump.controller)
919
+
snprintf(buf, sizeof(buf), "Controller Name: %s\n",
920
+
coredump_info->rtl_dump.controller);
921
+
else
922
+
snprintf(buf, sizeof(buf), "Controller Name: Unknown\n");
923
+
skb_put_data(skb, buf, strlen(buf));
924
+
925
+
snprintf(buf, sizeof(buf), "Firmware Version: 0x%X\n",
926
+
coredump_info->rtl_dump.fw_version);
927
+
skb_put_data(skb, buf, strlen(buf));
928
+
929
+
snprintf(buf, sizeof(buf), "Driver: %s\n", coredump_info->rtl_dump.driver_name);
930
+
skb_put_data(skb, buf, strlen(buf));
931
+
932
+
snprintf(buf, sizeof(buf), "Vendor: Realtek\n");
933
+
skb_put_data(skb, buf, strlen(buf));
934
+
}
935
+
936
+
static int btrtl_register_devcoredump_support(struct hci_dev *hdev)
937
+
{
938
+
int err;
939
+
940
+
err = hci_devcd_register(hdev, btrtl_coredump, btrtl_dmp_hdr, NULL);
941
+
942
+
return err;
943
+
}
944
+
945
+
void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name)
946
+
{
947
+
struct btrealtek_data *coredump_info = hci_get_priv(hdev);
948
+
949
+
coredump_info->rtl_dump.driver_name = driver_name;
950
+
}
951
+
EXPORT_SYMBOL_GPL(btrtl_set_driver_name);
952
+
935
953
static bool rtl_has_chip_type(u16 lmp_subver)
936
954
{
937
955
switch (lmp_subver) {
···
1040
964
struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
1041
965
const char *postfix)
1042
966
{
967
+
struct btrealtek_data *coredump_info = hci_get_priv(hdev);
1043
968
struct btrtl_device_info *btrtl_dev;
1044
969
struct sk_buff *skb;
1045
970
struct hci_rp_read_local_version *resp;
971
+
struct hci_command_hdr *cmd;
972
+
char fw_name[40];
1046
973
char cfg_name[40];
1047
974
u16 hci_rev, lmp_subver;
1048
975
u8 hci_ver, lmp_ver, chip_type = 0;
1049
976
int ret;
1050
-
u16 opcode;
1051
-
u8 cmd[2];
1052
977
u8 reg_val[2];
1053
978
1054
979
btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL);
···
1118
1041
btrtl_dev->drop_fw = false;
1119
1042
1120
1043
if (btrtl_dev->drop_fw) {
1121
-
opcode = hci_opcode_pack(0x3f, 0x66);
1122
-
cmd[0] = opcode & 0xff;
1123
-
cmd[1] = opcode >> 8;
1124
-
1125
-
skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1044
+
skb = bt_skb_alloc(sizeof(*cmd), GFP_KERNEL);
1126
1045
if (!skb)
1127
1046
goto err_free;
1128
1047
1129
-
skb_put_data(skb, cmd, sizeof(cmd));
1048
+
cmd = skb_put(skb, HCI_COMMAND_HDR_SIZE);
1049
+
cmd->opcode = cpu_to_le16(0xfc66);
1050
+
cmd->plen = 0;
1051
+
1130
1052
hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1131
1053
1132
1054
ret = hdev->send(hdev, skb);
···
1155
1079
goto err_free;
1156
1080
}
1157
1081
1158
-
btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name,
1159
-
&btrtl_dev->fw_data);
1082
+
if (!btrtl_dev->ic_info->fw_name) {
1083
+
ret = -ENOMEM;
1084
+
goto err_free;
1085
+
}
1086
+
1087
+
btrtl_dev->fw_len = -EIO;
1088
+
if (lmp_subver == RTL_ROM_LMP_8852A && hci_rev == 0x000c) {
1089
+
snprintf(fw_name, sizeof(fw_name), "%s_v2.bin",
1090
+
btrtl_dev->ic_info->fw_name);
1091
+
btrtl_dev->fw_len = rtl_load_file(hdev, fw_name,
1092
+
&btrtl_dev->fw_data);
1093
+
}
1094
+
1095
+
if (btrtl_dev->fw_len < 0) {
1096
+
snprintf(fw_name, sizeof(fw_name), "%s.bin",
1097
+
btrtl_dev->ic_info->fw_name);
1098
+
btrtl_dev->fw_len = rtl_load_file(hdev, fw_name,
1099
+
&btrtl_dev->fw_data);
1100
+
}
1101
+
1160
1102
if (btrtl_dev->fw_len < 0) {
1161
1103
rtl_dev_err(hdev, "firmware file %s not found",
1162
1104
btrtl_dev->ic_info->fw_name);
···
1207
1113
if (btrtl_dev->ic_info->has_msft_ext)
1208
1114
hci_set_msft_opcode(hdev, 0xFCF0);
1209
1115
1116
+
if (btrtl_dev->ic_info)
1117
+
coredump_info->rtl_dump.controller = btrtl_dev->ic_info->hw_info;
1118
+
1210
1119
return btrtl_dev;
1211
1120
1212
1121
err_free:
···
1222
1125
int btrtl_download_firmware(struct hci_dev *hdev,
1223
1126
struct btrtl_device_info *btrtl_dev)
1224
1127
{
1128
+
int err = 0;
1129
+
1225
1130
/* Match a set of subver values that correspond to stock firmware,
1226
1131
* which is not compatible with standard btusb.
1227
1132
* If matched, upload an alternative firmware that does conform to
···
1232
1133
*/
1233
1134
if (!btrtl_dev->ic_info) {
1234
1135
rtl_dev_info(hdev, "assuming no firmware upload needed");
1235
-
return 0;
1136
+
err = 0;
1137
+
goto done;
1236
1138
}
1237
1139
1238
1140
switch (btrtl_dev->ic_info->lmp_subver) {
1239
1141
case RTL_ROM_LMP_8723A:
1240
-
return btrtl_setup_rtl8723a(hdev, btrtl_dev);
1142
+
err = btrtl_setup_rtl8723a(hdev, btrtl_dev);
1143
+
break;
1241
1144
case RTL_ROM_LMP_8723B:
1242
1145
case RTL_ROM_LMP_8821A:
1243
1146
case RTL_ROM_LMP_8761A:
···
1247
1146
case RTL_ROM_LMP_8852A:
1248
1147
case RTL_ROM_LMP_8703B:
1249
1148
case RTL_ROM_LMP_8851B:
1250
-
return btrtl_setup_rtl8723b(hdev, btrtl_dev);
1149
+
err = btrtl_setup_rtl8723b(hdev, btrtl_dev);
1150
+
break;
1251
1151
default:
1252
1152
rtl_dev_info(hdev, "assuming no firmware upload needed");
1253
-
return 0;
1153
+
break;
1254
1154
}
1155
+
1156
+
done:
1157
+
if (!err)
1158
+
err = btrtl_register_devcoredump_support(hdev);
1159
+
1160
+
return err;
1255
1161
}
1256
1162
EXPORT_SYMBOL_GPL(btrtl_download_firmware);
1257
1163
···
1287
1179
*/
1288
1180
if (btrtl_dev->project_id == CHIP_ID_8852C)
1289
1181
btrealtek_set_flag(hdev, REALTEK_ALT6_CONTINUOUS_TX_CHIP);
1182
+
1183
+
if (btrtl_dev->project_id == CHIP_ID_8852A ||
1184
+
btrtl_dev->project_id == CHIP_ID_8852C)
1185
+
set_bit(HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER, &hdev->quirks);
1290
1186
1291
1187
hci_set_aosp_capable(hdev);
1292
1188
break;
···
1510
1398
MODULE_FIRMWARE("rtl_bt/rtl8852bu_fw.bin");
1511
1399
MODULE_FIRMWARE("rtl_bt/rtl8852bu_config.bin");
1512
1400
MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw.bin");
1401
+
MODULE_FIRMWARE("rtl_bt/rtl8852cu_fw_v2.bin");
1513
1402
MODULE_FIRMWARE("rtl_bt/rtl8852cu_config.bin");
+13
drivers/bluetooth/btrtl.h
+13
drivers/bluetooth/btrtl.h
···
109
109
__REALTEK_NUM_FLAGS,
110
110
};
111
111
112
+
struct rtl_dump_info {
113
+
const char *driver_name;
114
+
char *controller;
115
+
u32 fw_version;
116
+
};
117
+
112
118
struct btrealtek_data {
113
119
DECLARE_BITMAP(flags, __REALTEK_NUM_FLAGS);
120
+
121
+
struct rtl_dump_info rtl_dump;
114
122
};
115
123
116
124
#define btrealtek_set_flag(hdev, nr) \
···
147
139
struct btrtl_device_info *btrtl_dev,
148
140
unsigned int *controller_baudrate,
149
141
u32 *device_baudrate, bool *flow_control);
142
+
void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name);
150
143
151
144
#else
152
145
···
189
180
bool *flow_control)
190
181
{
191
182
return -ENOENT;
183
+
}
184
+
185
+
static inline void btrtl_set_driver_name(struct hci_dev *hdev, const char *driver_name)
186
+
{
192
187
}
193
188
194
189
#endif
+227
-139
drivers/bluetooth/btusb.c
+227
-139
drivers/bluetooth/btusb.c
···
476
476
{ USB_DEVICE(0x8087, 0x0032), .driver_info = BTUSB_INTEL_COMBINED },
477
477
{ USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED },
478
478
{ USB_DEVICE(0x8087, 0x0035), .driver_info = BTUSB_INTEL_COMBINED },
479
+
{ USB_DEVICE(0x8087, 0x0036), .driver_info = BTUSB_INTEL_COMBINED },
479
480
{ USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR },
480
481
{ USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED |
481
482
BTUSB_INTEL_NO_WBS_SUPPORT |
···
626
625
{ USB_DEVICE(0x0489, 0xe0e4), .driver_info = BTUSB_MEDIATEK |
627
626
BTUSB_WIDEBAND_SPEECH |
628
627
BTUSB_VALID_LE_STATES },
628
+
{ USB_DEVICE(0x0489, 0xe0f1), .driver_info = BTUSB_MEDIATEK |
629
+
BTUSB_WIDEBAND_SPEECH |
630
+
BTUSB_VALID_LE_STATES },
629
631
{ USB_DEVICE(0x0489, 0xe0f2), .driver_info = BTUSB_MEDIATEK |
632
+
BTUSB_WIDEBAND_SPEECH |
633
+
BTUSB_VALID_LE_STATES },
634
+
{ USB_DEVICE(0x0489, 0xe0f5), .driver_info = BTUSB_MEDIATEK |
635
+
BTUSB_WIDEBAND_SPEECH |
636
+
BTUSB_VALID_LE_STATES },
637
+
{ USB_DEVICE(0x0489, 0xe0f6), .driver_info = BTUSB_MEDIATEK |
638
+
BTUSB_WIDEBAND_SPEECH |
639
+
BTUSB_VALID_LE_STATES },
640
+
{ USB_DEVICE(0x0489, 0xe102), .driver_info = BTUSB_MEDIATEK |
641
+
BTUSB_WIDEBAND_SPEECH |
642
+
BTUSB_VALID_LE_STATES },
643
+
{ USB_DEVICE(0x04ca, 0x3804), .driver_info = BTUSB_MEDIATEK |
630
644
BTUSB_WIDEBAND_SPEECH |
631
645
BTUSB_VALID_LE_STATES },
632
646
···
876
860
{
877
861
struct btusb_data *data = hci_get_drvdata(hdev);
878
862
struct gpio_desc *reset_gpio = data->reset_gpio;
863
+
struct btintel_data *intel_data = hci_get_priv(hdev);
879
864
880
865
if (++data->cmd_timeout_cnt < 5)
881
866
return;
867
+
868
+
if (intel_data->acpi_reset_method) {
869
+
if (test_and_set_bit(INTEL_ACPI_RESET_ACTIVE, intel_data->flags)) {
870
+
bt_dev_err(hdev, "acpi: last reset failed ? Not resetting again");
871
+
return;
872
+
}
873
+
874
+
bt_dev_err(hdev, "Initiating acpi reset method");
875
+
/* If ACPI reset method fails, lets try with legacy GPIO
876
+
* toggling
877
+
*/
878
+
if (!intel_data->acpi_reset_method(hdev)) {
879
+
return;
880
+
}
881
+
}
882
882
883
883
if (!reset_gpio) {
884
884
btusb_reset(hdev);
···
919
887
gpiod_set_value_cansleep(reset_gpio, 0);
920
888
}
921
889
890
+
#define RTK_DEVCOREDUMP_CODE_MEMDUMP 0x01
891
+
#define RTK_DEVCOREDUMP_CODE_HW_ERR 0x02
892
+
#define RTK_DEVCOREDUMP_CODE_CMD_TIMEOUT 0x03
893
+
894
+
#define RTK_SUB_EVENT_CODE_COREDUMP 0x34
895
+
896
+
struct rtk_dev_coredump_hdr {
897
+
u8 type;
898
+
u8 code;
899
+
u8 reserved[2];
900
+
} __packed;
901
+
902
+
static inline void btusb_rtl_alloc_devcoredump(struct hci_dev *hdev,
903
+
struct rtk_dev_coredump_hdr *hdr, u8 *buf, u32 len)
904
+
{
905
+
struct sk_buff *skb;
906
+
907
+
skb = alloc_skb(len + sizeof(*hdr), GFP_ATOMIC);
908
+
if (!skb)
909
+
return;
910
+
911
+
skb_put_data(skb, hdr, sizeof(*hdr));
912
+
if (len)
913
+
skb_put_data(skb, buf, len);
914
+
915
+
if (!hci_devcd_init(hdev, skb->len)) {
916
+
hci_devcd_append(hdev, skb);
917
+
hci_devcd_complete(hdev);
918
+
} else {
919
+
bt_dev_err(hdev, "RTL: Failed to generate devcoredump");
920
+
kfree_skb(skb);
921
+
}
922
+
}
923
+
922
924
static void btusb_rtl_cmd_timeout(struct hci_dev *hdev)
923
925
{
924
926
struct btusb_data *data = hci_get_drvdata(hdev);
925
927
struct gpio_desc *reset_gpio = data->reset_gpio;
928
+
struct rtk_dev_coredump_hdr hdr = {
929
+
.type = RTK_DEVCOREDUMP_CODE_CMD_TIMEOUT,
930
+
};
931
+
932
+
btusb_rtl_alloc_devcoredump(hdev, &hdr, NULL, 0);
926
933
927
934
if (++data->cmd_timeout_cnt < 5)
928
935
return;
···
986
915
gpiod_set_value_cansleep(reset_gpio, 1);
987
916
msleep(200);
988
917
gpiod_set_value_cansleep(reset_gpio, 0);
918
+
}
919
+
920
+
static void btusb_rtl_hw_error(struct hci_dev *hdev, u8 code)
921
+
{
922
+
struct rtk_dev_coredump_hdr hdr = {
923
+
.type = RTK_DEVCOREDUMP_CODE_HW_ERR,
924
+
.code = code,
925
+
};
926
+
927
+
bt_dev_err(hdev, "RTL: hw err, trigger devcoredump (%d)", code);
928
+
929
+
btusb_rtl_alloc_devcoredump(hdev, &hdr, NULL, 0);
989
930
}
990
931
991
932
static void btusb_qca_cmd_timeout(struct hci_dev *hdev)
···
2492
2409
return btusb_recv_bulk(data, buffer, count);
2493
2410
}
2494
2411
2495
-
static int btusb_intel_diagnostics(struct hci_dev *hdev, struct sk_buff *skb)
2496
-
{
2497
-
struct intel_tlv *tlv = (void *)&skb->data[5];
2498
-
2499
-
/* The first event is always an event type TLV */
2500
-
if (tlv->type != INTEL_TLV_TYPE_ID)
2501
-
goto recv_frame;
2502
-
2503
-
switch (tlv->val[0]) {
2504
-
case INTEL_TLV_SYSTEM_EXCEPTION:
2505
-
case INTEL_TLV_FATAL_EXCEPTION:
2506
-
case INTEL_TLV_DEBUG_EXCEPTION:
2507
-
case INTEL_TLV_TEST_EXCEPTION:
2508
-
/* Generate devcoredump from exception */
2509
-
if (!hci_devcd_init(hdev, skb->len)) {
2510
-
hci_devcd_append(hdev, skb);
2511
-
hci_devcd_complete(hdev);
2512
-
} else {
2513
-
bt_dev_err(hdev, "Failed to generate devcoredump");
2514
-
kfree_skb(skb);
2515
-
}
2516
-
return 0;
2517
-
default:
2518
-
bt_dev_err(hdev, "Invalid exception type %02X", tlv->val[0]);
2519
-
}
2520
-
2521
-
recv_frame:
2522
-
return hci_recv_frame(hdev, skb);
2523
-
}
2524
-
2525
-
static int btusb_recv_event_intel(struct hci_dev *hdev, struct sk_buff *skb)
2526
-
{
2527
-
struct hci_event_hdr *hdr = (void *)skb->data;
2528
-
const char diagnostics_hdr[] = { 0x87, 0x80, 0x03 };
2529
-
2530
-
if (skb->len > HCI_EVENT_HDR_SIZE && hdr->evt == 0xff &&
2531
-
hdr->plen > 0) {
2532
-
const void *ptr = skb->data + HCI_EVENT_HDR_SIZE + 1;
2533
-
unsigned int len = skb->len - HCI_EVENT_HDR_SIZE - 1;
2534
-
2535
-
if (btintel_test_flag(hdev, INTEL_BOOTLOADER)) {
2536
-
switch (skb->data[2]) {
2537
-
case 0x02:
2538
-
/* When switching to the operational firmware
2539
-
* the device sends a vendor specific event
2540
-
* indicating that the bootup completed.
2541
-
*/
2542
-
btintel_bootup(hdev, ptr, len);
2543
-
break;
2544
-
case 0x06:
2545
-
/* When the firmware loading completes the
2546
-
* device sends out a vendor specific event
2547
-
* indicating the result of the firmware
2548
-
* loading.
2549
-
*/
2550
-
btintel_secure_send_result(hdev, ptr, len);
2551
-
break;
2552
-
}
2553
-
}
2554
-
2555
-
/* Handle all diagnostics events separately. May still call
2556
-
* hci_recv_frame.
2557
-
*/
2558
-
if (len >= sizeof(diagnostics_hdr) &&
2559
-
memcmp(&skb->data[2], diagnostics_hdr,
2560
-
sizeof(diagnostics_hdr)) == 0) {
2561
-
return btusb_intel_diagnostics(hdev, skb);
2562
-
}
2563
-
}
2564
-
2565
-
return hci_recv_frame(hdev, skb);
2566
-
}
2567
-
2568
2412
static int btusb_send_frame_intel(struct hci_dev *hdev, struct sk_buff *skb)
2569
2413
{
2570
2414
struct urb *urb;
···
2572
2562
return ret;
2573
2563
}
2574
2564
2565
+
static int btusb_recv_event_realtek(struct hci_dev *hdev, struct sk_buff *skb)
2566
+
{
2567
+
if (skb->data[0] == HCI_VENDOR_PKT && skb->data[2] == RTK_SUB_EVENT_CODE_COREDUMP) {
2568
+
struct rtk_dev_coredump_hdr hdr = {
2569
+
.code = RTK_DEVCOREDUMP_CODE_MEMDUMP,
2570
+
};
2571
+
2572
+
bt_dev_dbg(hdev, "RTL: received coredump vendor evt, len %u",
2573
+
skb->len);
2574
+
2575
+
btusb_rtl_alloc_devcoredump(hdev, &hdr, skb->data, skb->len);
2576
+
kfree_skb(skb);
2577
+
2578
+
return 0;
2579
+
}
2580
+
2581
+
return hci_recv_frame(hdev, skb);
2582
+
}
2583
+
2575
2584
/* UHW CR mapping */
2576
2585
#define MTK_BT_MISC 0x70002510
2577
2586
#define MTK_BT_SUBSYS_RST 0x70002610
···
2600
2571
#define MTK_EP_RST_OPT 0x74011890
2601
2572
#define MTK_EP_RST_IN_OUT_OPT 0x00010001
2602
2573
#define MTK_BT_RST_DONE 0x00000100
2603
-
#define MTK_BT_RESET_WAIT_MS 100
2604
-
#define MTK_BT_RESET_NUM_TRIES 10
2574
+
#define MTK_BT_RESET_REG_CONNV3 0x70028610
2575
+
#define MTK_BT_READ_DEV_ID 0x70010200
2576
+
2605
2577
2606
2578
static void btusb_mtk_wmt_recv(struct urb *urb)
2607
2579
{
···
2973
2943
return btusb_mtk_reg_read(data, reg, id);
2974
2944
}
2975
2945
2946
+
static u32 btusb_mtk_reset_done(struct hci_dev *hdev)
2947
+
{
2948
+
struct btusb_data *data = hci_get_drvdata(hdev);
2949
+
u32 val = 0;
2950
+
2951
+
btusb_mtk_uhw_reg_read(data, MTK_BT_MISC, &val);
2952
+
2953
+
return val & MTK_BT_RST_DONE;
2954
+
}
2955
+
2956
+
static int btusb_mtk_reset(struct hci_dev *hdev, void *rst_data)
2957
+
{
2958
+
struct btusb_data *data = hci_get_drvdata(hdev);
2959
+
struct btmediatek_data *mediatek;
2960
+
u32 val;
2961
+
int err;
2962
+
2963
+
/* It's MediaTek specific bluetooth reset mechanism via USB */
2964
+
if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
2965
+
bt_dev_err(hdev, "last reset failed? Not resetting again");
2966
+
return -EBUSY;
2967
+
}
2968
+
2969
+
err = usb_autopm_get_interface(data->intf);
2970
+
if (err < 0)
2971
+
return err;
2972
+
2973
+
btusb_stop_traffic(data);
2974
+
usb_kill_anchored_urbs(&data->tx_anchor);
2975
+
mediatek = hci_get_priv(hdev);
2976
+
2977
+
if (mediatek->dev_id == 0x7925) {
2978
+
btusb_mtk_uhw_reg_read(data, MTK_BT_RESET_REG_CONNV3, &val);
2979
+
val |= (1 << 5);
2980
+
btusb_mtk_uhw_reg_write(data, MTK_BT_RESET_REG_CONNV3, val);
2981
+
btusb_mtk_uhw_reg_read(data, MTK_BT_RESET_REG_CONNV3, &val);
2982
+
val &= 0xFFFF00FF;
2983
+
val |= (1 << 13);
2984
+
btusb_mtk_uhw_reg_write(data, MTK_BT_RESET_REG_CONNV3, val);
2985
+
btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, 0x00010001);
2986
+
btusb_mtk_uhw_reg_read(data, MTK_BT_RESET_REG_CONNV3, &val);
2987
+
val |= (1 << 0);
2988
+
btusb_mtk_uhw_reg_write(data, MTK_BT_RESET_REG_CONNV3, val);
2989
+
btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, 0x000000FF);
2990
+
btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, &val);
2991
+
btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, 0x000000FF);
2992
+
btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, &val);
2993
+
msleep(100);
2994
+
} else {
2995
+
/* It's Device EndPoint Reset Option Register */
2996
+
bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
2997
+
btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
2998
+
btusb_mtk_uhw_reg_read(data, MTK_BT_WDT_STATUS, &val);
2999
+
3000
+
/* Reset the bluetooth chip via USB interface. */
3001
+
btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 1);
3002
+
btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, 0x000000FF);
3003
+
btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, &val);
3004
+
btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, 0x000000FF);
3005
+
btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, &val);
3006
+
/* MT7921 need to delay 20ms between toggle reset bit */
3007
+
msleep(20);
3008
+
btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 0);
3009
+
btusb_mtk_uhw_reg_read(data, MTK_BT_SUBSYS_RST, &val);
3010
+
}
3011
+
3012
+
err = readx_poll_timeout(btusb_mtk_reset_done, hdev, val,
3013
+
val & MTK_BT_RST_DONE, 20000, 1000000);
3014
+
if (err < 0)
3015
+
bt_dev_err(hdev, "Reset timeout");
3016
+
3017
+
btusb_mtk_id_get(data, 0x70010200, &val);
3018
+
if (!val)
3019
+
bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
3020
+
3021
+
usb_queue_reset_device(data->intf);
3022
+
3023
+
clear_bit(BTUSB_HW_RESET_ACTIVE, &data->flags);
3024
+
3025
+
return err;
3026
+
}
3027
+
2976
3028
static int btusb_mtk_setup(struct hci_dev *hdev)
2977
3029
{
2978
3030
struct btusb_data *data = hci_get_drvdata(hdev);
···
3065
2953
struct sk_buff *skb;
3066
2954
const char *fwname;
3067
2955
int err, status;
3068
-
u32 dev_id;
2956
+
u32 dev_id = 0;
3069
2957
char fw_bin_name[64];
3070
2958
u32 fw_version = 0;
3071
2959
u8 param;
2960
+
struct btmediatek_data *mediatek;
3072
2961
3073
2962
calltime = ktime_get();
3074
2963
···
3079
2966
return err;
3080
2967
}
3081
2968
3082
-
if (!dev_id) {
2969
+
if (!dev_id || dev_id != 0x7663) {
3083
2970
err = btusb_mtk_id_get(data, 0x70010200, &dev_id);
3084
2971
if (err < 0) {
3085
2972
bt_dev_err(hdev, "Failed to get device id (%d)", err);
···
3092
2979
}
3093
2980
}
3094
2981
2982
+
mediatek = hci_get_priv(hdev);
2983
+
mediatek->dev_id = dev_id;
2984
+
mediatek->reset_sync = btusb_mtk_reset;
2985
+
2986
+
err = btmtk_register_coredump(hdev, btusb_driver.name, fw_version);
2987
+
if (err < 0)
2988
+
bt_dev_err(hdev, "Failed to register coredump (%d)", err);
2989
+
3095
2990
switch (dev_id) {
3096
2991
case 0x7663:
3097
2992
fwname = FIRMWARE_MT7663;
···
3109
2988
break;
3110
2989
case 0x7922:
3111
2990
case 0x7961:
3112
-
snprintf(fw_bin_name, sizeof(fw_bin_name),
3113
-
"mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
3114
-
dev_id & 0xffff, (fw_version & 0xff) + 1);
2991
+
case 0x7925:
2992
+
if (dev_id == 0x7925)
2993
+
snprintf(fw_bin_name, sizeof(fw_bin_name),
2994
+
"mediatek/mt%04x/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
2995
+
dev_id & 0xffff, dev_id & 0xffff, (fw_version & 0xff) + 1);
2996
+
else
2997
+
snprintf(fw_bin_name, sizeof(fw_bin_name),
2998
+
"mediatek/BT_RAM_CODE_MT%04x_1_%x_hdr.bin",
2999
+
dev_id & 0xffff, (fw_version & 0xff) + 1);
3000
+
3115
3001
err = btmtk_setup_firmware_79xx(hdev, fw_bin_name,
3116
3002
btusb_mtk_hci_wmt_sync);
3117
3003
if (err < 0) {
···
3256
3128
return 0;
3257
3129
}
3258
3130
3259
-
static void btusb_mtk_cmd_timeout(struct hci_dev *hdev)
3260
-
{
3261
-
struct btusb_data *data = hci_get_drvdata(hdev);
3262
-
u32 val;
3263
-
int err, retry = 0;
3264
-
3265
-
/* It's MediaTek specific bluetooth reset mechanism via USB */
3266
-
if (test_and_set_bit(BTUSB_HW_RESET_ACTIVE, &data->flags)) {
3267
-
bt_dev_err(hdev, "last reset failed? Not resetting again");
3268
-
return;
3269
-
}
3270
-
3271
-
err = usb_autopm_get_interface(data->intf);
3272
-
if (err < 0)
3273
-
return;
3274
-
3275
-
btusb_stop_traffic(data);
3276
-
usb_kill_anchored_urbs(&data->tx_anchor);
3277
-
3278
-
/* It's Device EndPoint Reset Option Register */
3279
-
bt_dev_dbg(hdev, "Initiating reset mechanism via uhw");
3280
-
btusb_mtk_uhw_reg_write(data, MTK_EP_RST_OPT, MTK_EP_RST_IN_OUT_OPT);
3281
-
btusb_mtk_uhw_reg_read(data, MTK_BT_WDT_STATUS, &val);
3282
-
3283
-
/* Reset the bluetooth chip via USB interface. */
3284
-
btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 1);
3285
-
btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT, 0x000000FF);
3286
-
btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT, &val);
3287
-
btusb_mtk_uhw_reg_write(data, MTK_UDMA_INT_STA_BT1, 0x000000FF);
3288
-
btusb_mtk_uhw_reg_read(data, MTK_UDMA_INT_STA_BT1, &val);
3289
-
/* MT7921 need to delay 20ms between toggle reset bit */
3290
-
msleep(20);
3291
-
btusb_mtk_uhw_reg_write(data, MTK_BT_SUBSYS_RST, 0);
3292
-
btusb_mtk_uhw_reg_read(data, MTK_BT_SUBSYS_RST, &val);
3293
-
3294
-
/* Poll the register until reset is completed */
3295
-
do {
3296
-
btusb_mtk_uhw_reg_read(data, MTK_BT_MISC, &val);
3297
-
if (val & MTK_BT_RST_DONE) {
3298
-
bt_dev_dbg(hdev, "Bluetooth Reset Successfully");
3299
-
break;
3300
-
}
3301
-
3302
-
bt_dev_dbg(hdev, "Polling Bluetooth Reset CR");
3303
-
retry++;
3304
-
msleep(MTK_BT_RESET_WAIT_MS);
3305
-
} while (retry < MTK_BT_RESET_NUM_TRIES);
3306
-
3307
-
btusb_mtk_id_get(data, 0x70010200, &val);
3308
-
if (!val)
3309
-
bt_dev_err(hdev, "Can't get device id, subsys reset fail.");
3310
-
3311
-
usb_queue_reset_device(data->intf);
3312
-
3313
-
clear_bit(BTUSB_HW_RESET_ACTIVE, &data->flags);
3314
-
}
3315
-
3316
3131
static int btusb_recv_acl_mtk(struct hci_dev *hdev, struct sk_buff *skb)
3317
3132
{
3318
3133
struct btusb_data *data = hci_get_drvdata(hdev);
3319
3134
u16 handle = le16_to_cpu(hci_acl_hdr(skb)->handle);
3135
+
struct sk_buff *skb_cd;
3320
3136
3321
3137
switch (handle) {
3322
3138
case 0xfc6f: /* Firmware dump from device */
···
3268
3196
* suspend and thus disable auto-suspend.
3269
3197
*/
3270
3198
usb_disable_autosuspend(data->udev);
3199
+
3200
+
/* We need to forward the diagnostic packet to userspace daemon
3201
+
* for backward compatibility, so we have to clone the packet
3202
+
* extraly for the in-kernel coredump support.
3203
+
*/
3204
+
skb_cd = skb_clone(skb, GFP_ATOMIC);
3205
+
if (skb_cd)
3206
+
btmtk_process_coredump(hdev, skb_cd);
3207
+
3271
3208
fallthrough;
3272
3209
case 0x05ff: /* Firmware debug logging 1 */
3273
3210
case 0x05fe: /* Firmware debug logging 2 */
···
4277
4196
priv_size += sizeof(struct btintel_data);
4278
4197
4279
4198
/* Override the rx handlers */
4280
-
data->recv_event = btusb_recv_event_intel;
4199
+
data->recv_event = btintel_recv_event;
4281
4200
data->recv_bulk = btusb_recv_bulk_intel;
4282
4201
} else if (id->driver_info & BTUSB_REALTEK) {
4283
4202
/* Allocate extra space for Realtek device */
4284
4203
priv_size += sizeof(struct btrealtek_data);
4204
+
4205
+
data->recv_event = btusb_recv_event_realtek;
4206
+
} else if (id->driver_info & BTUSB_MEDIATEK) {
4207
+
/* Allocate extra space for Mediatek device */
4208
+
priv_size += sizeof(struct btmediatek_data);
4285
4209
}
4286
4210
4287
4211
data->recv_acl = hci_recv_frame;
···
4393
4307
hdev->setup = btusb_mtk_setup;
4394
4308
hdev->shutdown = btusb_mtk_shutdown;
4395
4309
hdev->manufacturer = 70;
4396
-
hdev->cmd_timeout = btusb_mtk_cmd_timeout;
4310
+
hdev->cmd_timeout = btmtk_reset_sync;
4397
4311
hdev->set_bdaddr = btmtk_set_bdaddr;
4398
4312
set_bit(HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, &hdev->quirks);
4399
4313
set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks);
···
4450
4364
4451
4365
if (IS_ENABLED(CONFIG_BT_HCIBTUSB_RTL) &&
4452
4366
(id->driver_info & BTUSB_REALTEK)) {
4367
+
btrtl_set_driver_name(hdev, btusb_driver.name);
4453
4368
hdev->setup = btusb_setup_realtek;
4454
4369
hdev->shutdown = btrtl_shutdown_realtek;
4455
4370
hdev->cmd_timeout = btusb_rtl_cmd_timeout;
4371
+
hdev->hw_error = btusb_rtl_hw_error;
4456
4372
4457
4373
/* Realtek devices need to set remote wakeup on auto-suspend */
4458
4374
set_bit(BTUSB_WAKEUP_AUTOSUSPEND, &data->flags);
+1
-1
drivers/bluetooth/hci_h5.c
+1
-1
drivers/bluetooth/hci_h5.c
+2
-1
drivers/bluetooth/hci_ldisc.c
+2
-1
drivers/bluetooth/hci_ldisc.c
+5
-1
drivers/bluetooth/hci_nokia.c
+5
-1
drivers/bluetooth/hci_nokia.c
···
734
734
return err;
735
735
}
736
736
737
-
clk_prepare_enable(sysclk);
737
+
err = clk_prepare_enable(sysclk);
738
+
if (err) {
739
+
dev_err(dev, "could not enable sysclk: %d", err);
740
+
return err;
741
+
}
738
742
btdev->sysclk_speed = clk_get_rate(sysclk);
739
743
clk_disable_unprepare(sysclk);
740
744
+112
-50
drivers/bluetooth/hci_qca.c
+112
-50
drivers/bluetooth/hci_qca.c
···
25
25
#include <linux/gpio/consumer.h>
26
26
#include <linux/mod_devicetable.h>
27
27
#include <linux/module.h>
28
-
#include <linux/of_device.h>
28
+
#include <linux/of.h>
29
29
#include <linux/acpi.h>
30
30
#include <linux/platform_device.h>
31
31
#include <linux/regulator/consumer.h>
···
117
117
QCA_MEMDUMP_TIMEOUT,
118
118
};
119
119
120
-
struct qca_memdump_data {
121
-
char *memdump_buf_head;
122
-
char *memdump_buf_tail;
120
+
struct qca_memdump_info {
123
121
u32 current_seq_no;
124
122
u32 received_dump;
125
123
u32 ram_dump_size;
···
158
160
struct work_struct ws_tx_vote_off;
159
161
struct work_struct ctrl_memdump_evt;
160
162
struct delayed_work ctrl_memdump_timeout;
161
-
struct qca_memdump_data *qca_memdump;
163
+
struct qca_memdump_info *qca_memdump;
162
164
unsigned long flags;
163
165
struct completion drop_ev_comp;
164
166
wait_queue_head_t suspend_wait_q;
165
167
enum qca_memdump_states memdump_state;
166
168
struct mutex hci_memdump_lock;
167
169
170
+
u16 fw_version;
171
+
u16 controller_id;
168
172
/* For debugging purpose */
169
173
u64 ibs_sent_wacks;
170
174
u64 ibs_sent_slps;
···
233
233
static void qca_power_shutdown(struct hci_uart *hu);
234
234
static int qca_power_off(struct hci_dev *hdev);
235
235
static void qca_controller_memdump(struct work_struct *work);
236
+
static void qca_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb);
236
237
237
238
static enum qca_btsoc_type qca_soc_type(struct hci_uart *hu)
238
239
{
···
981
980
return hci_recv_frame(hdev, skb);
982
981
}
983
982
983
+
static void qca_dmp_hdr(struct hci_dev *hdev, struct sk_buff *skb)
984
+
{
985
+
struct hci_uart *hu = hci_get_drvdata(hdev);
986
+
struct qca_data *qca = hu->priv;
987
+
char buf[80];
988
+
989
+
snprintf(buf, sizeof(buf), "Controller Name: 0x%x\n",
990
+
qca->controller_id);
991
+
skb_put_data(skb, buf, strlen(buf));
992
+
993
+
snprintf(buf, sizeof(buf), "Firmware Version: 0x%x\n",
994
+
qca->fw_version);
995
+
skb_put_data(skb, buf, strlen(buf));
996
+
997
+
snprintf(buf, sizeof(buf), "Vendor:Qualcomm\n");
998
+
skb_put_data(skb, buf, strlen(buf));
999
+
1000
+
snprintf(buf, sizeof(buf), "Driver: %s\n",
1001
+
hu->serdev->dev.driver->name);
1002
+
skb_put_data(skb, buf, strlen(buf));
1003
+
}
1004
+
984
1005
static void qca_controller_memdump(struct work_struct *work)
985
1006
{
986
1007
struct qca_data *qca = container_of(work, struct qca_data,
···
1010
987
struct hci_uart *hu = qca->hu;
1011
988
struct sk_buff *skb;
1012
989
struct qca_memdump_event_hdr *cmd_hdr;
1013
-
struct qca_memdump_data *qca_memdump = qca->qca_memdump;
990
+
struct qca_memdump_info *qca_memdump = qca->qca_memdump;
1014
991
struct qca_dump_size *dump;
1015
-
char *memdump_buf;
1016
-
char nullBuff[QCA_DUMP_PACKET_SIZE] = { 0 };
1017
992
u16 seq_no;
1018
-
u32 dump_size;
1019
993
u32 rx_size;
994
+
int ret = 0;
1020
995
enum qca_btsoc_type soc_type = qca_soc_type(hu);
1021
996
1022
997
while ((skb = skb_dequeue(&qca->rx_memdump_q))) {
···
1030
1009
}
1031
1010
1032
1011
if (!qca_memdump) {
1033
-
qca_memdump = kzalloc(sizeof(struct qca_memdump_data),
1012
+
qca_memdump = kzalloc(sizeof(struct qca_memdump_info),
1034
1013
GFP_ATOMIC);
1035
1014
if (!qca_memdump) {
1036
1015
mutex_unlock(&qca->hci_memdump_lock);
···
1056
1035
set_bit(QCA_IBS_DISABLED, &qca->flags);
1057
1036
set_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1058
1037
dump = (void *) skb->data;
1059
-
dump_size = __le32_to_cpu(dump->dump_size);
1060
-
if (!(dump_size)) {
1038
+
qca_memdump->ram_dump_size = __le32_to_cpu(dump->dump_size);
1039
+
if (!(qca_memdump->ram_dump_size)) {
1061
1040
bt_dev_err(hu->hdev, "Rx invalid memdump size");
1062
1041
kfree(qca_memdump);
1063
1042
kfree_skb(skb);
1043
+
mutex_unlock(&qca->hci_memdump_lock);
1044
+
return;
1045
+
}
1046
+
1047
+
queue_delayed_work(qca->workqueue,
1048
+
&qca->ctrl_memdump_timeout,
1049
+
msecs_to_jiffies(MEMDUMP_TIMEOUT_MS));
1050
+
skb_pull(skb, sizeof(qca_memdump->ram_dump_size));
1051
+
qca_memdump->current_seq_no = 0;
1052
+
qca_memdump->received_dump = 0;
1053
+
ret = hci_devcd_init(hu->hdev, qca_memdump->ram_dump_size);
1054
+
bt_dev_info(hu->hdev, "hci_devcd_init Return:%d",
1055
+
ret);
1056
+
if (ret < 0) {
1057
+
kfree(qca->qca_memdump);
1064
1058
qca->qca_memdump = NULL;
1059
+
qca->memdump_state = QCA_MEMDUMP_COLLECTED;
1060
+
cancel_delayed_work(&qca->ctrl_memdump_timeout);
1061
+
clear_bit(QCA_MEMDUMP_COLLECTION, &qca->flags);
1065
1062
mutex_unlock(&qca->hci_memdump_lock);
1066
1063
return;
1067
1064
}
1068
1065
1069
1066
bt_dev_info(hu->hdev, "QCA collecting dump of size:%u",
1070
-
dump_size);
1071
-
queue_delayed_work(qca->workqueue,
1072
-
&qca->ctrl_memdump_timeout,
1073
-
msecs_to_jiffies(MEMDUMP_TIMEOUT_MS)
1074
-
);
1067
+
qca_memdump->ram_dump_size);
1075
1068
1076
-
skb_pull(skb, sizeof(dump_size));
1077
-
memdump_buf = vmalloc(dump_size);
1078
-
qca_memdump->ram_dump_size = dump_size;
1079
-
qca_memdump->memdump_buf_head = memdump_buf;
1080
-
qca_memdump->memdump_buf_tail = memdump_buf;
1081
1069
}
1082
-
1083
-
memdump_buf = qca_memdump->memdump_buf_tail;
1084
1070
1085
1071
/* If sequence no 0 is missed then there is no point in
1086
1072
* accepting the other sequences.
1087
1073
*/
1088
-
if (!memdump_buf) {
1074
+
if (!test_bit(QCA_MEMDUMP_COLLECTION, &qca->flags)) {
1089
1075
bt_dev_err(hu->hdev, "QCA: Discarding other packets");
1090
1076
kfree(qca_memdump);
1091
1077
kfree_skb(skb);
1092
-
qca->qca_memdump = NULL;
1093
1078
mutex_unlock(&qca->hci_memdump_lock);
1094
1079
return;
1095
1080
}
1096
-
1097
1081
/* There could be chance of missing some packets from
1098
1082
* the controller. In such cases let us store the dummy
1099
1083
* packets in the buffer.
···
1108
1082
* bits, so skip this checking for missing packet.
1109
1083
*/
1110
1084
while ((seq_no > qca_memdump->current_seq_no + 1) &&
1111
-
(soc_type != QCA_QCA6390) &&
1112
-
seq_no != QCA_LAST_SEQUENCE_NUM) {
1085
+
(soc_type != QCA_QCA6390) &&
1086
+
seq_no != QCA_LAST_SEQUENCE_NUM) {
1113
1087
bt_dev_err(hu->hdev, "QCA controller missed packet:%d",
1114
1088
qca_memdump->current_seq_no);
1115
1089
rx_size = qca_memdump->received_dump;
···
1120
1094
qca_memdump->received_dump);
1121
1095
break;
1122
1096
}
1123
-
memcpy(memdump_buf, nullBuff, QCA_DUMP_PACKET_SIZE);
1124
-
memdump_buf = memdump_buf + QCA_DUMP_PACKET_SIZE;
1097
+
hci_devcd_append_pattern(hu->hdev, 0x00,
1098
+
QCA_DUMP_PACKET_SIZE);
1125
1099
qca_memdump->received_dump += QCA_DUMP_PACKET_SIZE;
1126
1100
qca_memdump->current_seq_no++;
1127
1101
}
1128
1102
1129
-
rx_size = qca_memdump->received_dump + skb->len;
1103
+
rx_size = qca_memdump->received_dump + skb->len;
1130
1104
if (rx_size <= qca_memdump->ram_dump_size) {
1131
1105
if ((seq_no != QCA_LAST_SEQUENCE_NUM) &&
1132
-
(seq_no != qca_memdump->current_seq_no))
1106
+
(seq_no != qca_memdump->current_seq_no)) {
1133
1107
bt_dev_err(hu->hdev,
1134
1108
"QCA memdump unexpected packet %d",
1135
1109
seq_no);
1110
+
}
1136
1111
bt_dev_dbg(hu->hdev,
1137
1112
"QCA memdump packet %d with length %d",
1138
1113
seq_no, skb->len);
1139
-
memcpy(memdump_buf, (unsigned char *)skb->data,
1140
-
skb->len);
1141
-
memdump_buf = memdump_buf + skb->len;
1142
-
qca_memdump->memdump_buf_tail = memdump_buf;
1143
-
qca_memdump->current_seq_no = seq_no + 1;
1144
-
qca_memdump->received_dump += skb->len;
1114
+
hci_devcd_append(hu->hdev, skb);
1115
+
qca_memdump->current_seq_no += 1;
1116
+
qca_memdump->received_dump = rx_size;
1145
1117
} else {
1146
1118
bt_dev_err(hu->hdev,
1147
-
"QCA memdump received %d, no space for packet %d",
1148
-
qca_memdump->received_dump, seq_no);
1119
+
"QCA memdump received no space for packet %d",
1120
+
qca_memdump->current_seq_no);
1149
1121
}
1150
-
qca->qca_memdump = qca_memdump;
1151
-
kfree_skb(skb);
1122
+
1152
1123
if (seq_no == QCA_LAST_SEQUENCE_NUM) {
1153
1124
bt_dev_info(hu->hdev,
1154
-
"QCA memdump Done, received %d, total %d",
1155
-
qca_memdump->received_dump,
1156
-
qca_memdump->ram_dump_size);
1157
-
memdump_buf = qca_memdump->memdump_buf_head;
1158
-
dev_coredumpv(&hu->serdev->dev, memdump_buf,
1159
-
qca_memdump->received_dump, GFP_KERNEL);
1125
+
"QCA memdump Done, received %d, total %d",
1126
+
qca_memdump->received_dump,
1127
+
qca_memdump->ram_dump_size);
1128
+
hci_devcd_complete(hu->hdev);
1160
1129
cancel_delayed_work(&qca->ctrl_memdump_timeout);
1161
1130
kfree(qca->qca_memdump);
1162
1131
qca->qca_memdump = NULL;
···
1562
1541
mutex_lock(&qca->hci_memdump_lock);
1563
1542
if (qca->memdump_state != QCA_MEMDUMP_COLLECTED) {
1564
1543
bt_dev_err(hu->hdev, "clearing allocated memory due to memdump timeout");
1544
+
hci_devcd_abort(hu->hdev);
1565
1545
if (qca->qca_memdump) {
1566
-
vfree(qca->qca_memdump->memdump_buf_head);
1567
1546
kfree(qca->qca_memdump);
1568
1547
qca->qca_memdump = NULL;
1569
1548
}
···
1727
1706
return ret;
1728
1707
}
1729
1708
1709
+
static void hci_coredump_qca(struct hci_dev *hdev)
1710
+
{
1711
+
static const u8 param[] = { 0x26 };
1712
+
struct sk_buff *skb;
1713
+
1714
+
skb = __hci_cmd_sync(hdev, 0xfc0c, 1, param, HCI_CMD_TIMEOUT);
1715
+
if (IS_ERR(skb))
1716
+
bt_dev_err(hdev, "%s: trigger crash failed (%ld)", __func__, PTR_ERR(skb));
1717
+
kfree_skb(skb);
1718
+
}
1719
+
1730
1720
static int qca_setup(struct hci_uart *hu)
1731
1721
{
1732
1722
struct hci_dev *hdev = hu->hdev;
···
1852
1820
hu->hdev->set_bdaddr = qca_set_bdaddr_rome;
1853
1821
else
1854
1822
hu->hdev->set_bdaddr = qca_set_bdaddr;
1823
+
qca->fw_version = le16_to_cpu(ver.patch_ver);
1824
+
qca->controller_id = le16_to_cpu(ver.rom_ver);
1825
+
hci_devcd_register(hdev, hci_coredump_qca, qca_dmp_hdr, NULL);
1855
1826
1856
1827
return ret;
1857
1828
}
···
1872
1837
.recv = qca_recv,
1873
1838
.enqueue = qca_enqueue,
1874
1839
.dequeue = qca_dequeue,
1840
+
};
1841
+
1842
+
static const struct qca_device_data qca_soc_data_wcn3988 __maybe_unused = {
1843
+
.soc_type = QCA_WCN3988,
1844
+
.vregs = (struct qca_vreg []) {
1845
+
{ "vddio", 15000 },
1846
+
{ "vddxo", 80000 },
1847
+
{ "vddrf", 300000 },
1848
+
{ "vddch0", 450000 },
1849
+
},
1850
+
.num_vregs = 4,
1875
1851
};
1876
1852
1877
1853
static const struct qca_device_data qca_soc_data_wcn3990 __maybe_unused = {
···
2409
2363
{ .compatible = "qcom,qca6174-bt" },
2410
2364
{ .compatible = "qcom,qca6390-bt", .data = &qca_soc_data_qca6390},
2411
2365
{ .compatible = "qcom,qca9377-bt" },
2366
+
{ .compatible = "qcom,wcn3988-bt", .data = &qca_soc_data_wcn3988},
2412
2367
{ .compatible = "qcom,wcn3990-bt", .data = &qca_soc_data_wcn3990},
2413
2368
{ .compatible = "qcom,wcn3991-bt", .data = &qca_soc_data_wcn3991},
2414
2369
{ .compatible = "qcom,wcn3998-bt", .data = &qca_soc_data_wcn3998},
···
2431
2384
MODULE_DEVICE_TABLE(acpi, qca_bluetooth_acpi_match);
2432
2385
#endif
2433
2386
2387
+
#ifdef CONFIG_DEV_COREDUMP
2388
+
static void hciqca_coredump(struct device *dev)
2389
+
{
2390
+
struct serdev_device *serdev = to_serdev_device(dev);
2391
+
struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
2392
+
struct hci_uart *hu = &qcadev->serdev_hu;
2393
+
struct hci_dev *hdev = hu->hdev;
2394
+
2395
+
if (hdev->dump.coredump)
2396
+
hdev->dump.coredump(hdev);
2397
+
}
2398
+
#endif
2434
2399
2435
2400
static struct serdev_device_driver qca_serdev_driver = {
2436
2401
.probe = qca_serdev_probe,
···
2453
2394
.acpi_match_table = ACPI_PTR(qca_bluetooth_acpi_match),
2454
2395
.shutdown = qca_serdev_shutdown,
2455
2396
.pm = &qca_pm_ops,
2397
+
#ifdef CONFIG_DEV_COREDUMP
2398
+
.coredump = hciqca_coredump,
2399
+
#endif
2456
2400
},
2457
2401
};
2458
2402
+6
-5
include/net/bluetooth/bluetooth.h
+6
-5
include/net/bluetooth/bluetooth.h
···
386
386
enum {
387
387
BT_SK_DEFER_SETUP,
388
388
BT_SK_SUSPEND,
389
+
BT_SK_PKT_STATUS
389
390
};
390
391
391
392
struct bt_sock_list {
···
401
400
void bt_sock_unregister(int proto);
402
401
void bt_sock_link(struct bt_sock_list *l, struct sock *s);
403
402
void bt_sock_unlink(struct bt_sock_list *l, struct sock *s);
403
+
struct sock *bt_sock_alloc(struct net *net, struct socket *sock,
404
+
struct proto *prot, int proto, gfp_t prio, int kern);
404
405
int bt_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
405
406
int flags);
406
407
int bt_sock_stream_recvmsg(struct socket *sock, struct msghdr *msg,
···
431
428
__le16 psm;
432
429
bdaddr_t bdaddr;
433
430
struct l2cap_chan *chan;
434
-
};
435
-
436
-
struct sco_ctrl {
437
-
u8 pkt_status;
438
431
};
439
432
440
433
struct hci_dev;
···
463
464
u8 force_active;
464
465
u16 expect;
465
466
u8 incoming:1;
467
+
u8 pkt_status:2;
466
468
union {
467
469
struct l2cap_ctrl l2cap;
468
-
struct sco_ctrl sco;
469
470
struct hci_ctrl hci;
470
471
struct mgmt_ctrl mgmt;
472
+
struct scm_creds creds;
471
473
};
472
474
};
473
475
#define bt_cb(skb) ((struct bt_skb_cb *)((skb)->cb))
474
476
475
477
#define hci_skb_pkt_type(skb) bt_cb((skb))->pkt_type
478
+
#define hci_skb_pkt_status(skb) bt_cb((skb))->pkt_status
476
479
#define hci_skb_expect(skb) bt_cb((skb))->expect
477
480
#define hci_skb_opcode(skb) bt_cb((skb))->hci.opcode
478
481
#define hci_skb_event(skb) bt_cb((skb))->hci.req_event
+11
include/net/bluetooth/hci.h
+11
include/net/bluetooth/hci.h
···
309
309
* to support it.
310
310
*/
311
311
HCI_QUIRK_BROKEN_SET_RPA_TIMEOUT,
312
+
313
+
/* When this quirk is set, MSFT extension monitor tracking by
314
+
* address filter is supported. Since tracking quantity of each
315
+
* pattern is limited, this feature supports tracking multiple
316
+
* devices concurrently if controller supports multiple
317
+
* address filters.
318
+
*
319
+
* This quirk must be set before hci_register_dev is called.
320
+
*/
321
+
HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER,
312
322
};
313
323
314
324
/* HCI device flags */
···
587
577
#define HCI_LE_CIS_CENTRAL 0x10
588
578
#define HCI_LE_CIS_PERIPHERAL 0x20
589
579
#define HCI_LE_ISO_BROADCASTER 0x40
580
+
#define HCI_LE_ISO_SYNC_RECEIVER 0x80
590
581
591
582
/* Connection modes */
592
583
#define HCI_CM_ACTIVE 0x0000
+91
-8
include/net/bluetooth/hci_core.h
+91
-8
include/net/bluetooth/hci_core.h
···
321
321
322
322
#define HCI_MAX_SHORT_NAME_LENGTH 10
323
323
324
-
#define HCI_CONN_HANDLE_UNSET 0xffff
325
324
#define HCI_CONN_HANDLE_MAX 0x0eff
325
+
#define HCI_CONN_HANDLE_UNSET(_handle) (_handle > HCI_CONN_HANDLE_MAX)
326
326
327
327
/* Min encryption key size to match with SMP */
328
328
#define HCI_MIN_ENC_KEY_SIZE 7
···
739
739
unsigned long flags;
740
740
741
741
enum conn_reasons conn_reason;
742
+
__u8 abort_reason;
742
743
743
744
__u32 clock;
744
745
__u16 clock_accuracy;
···
759
758
struct delayed_work auto_accept_work;
760
759
struct delayed_work idle_work;
761
760
struct delayed_work le_conn_timeout;
762
-
struct work_struct le_scan_cleanup;
763
761
764
762
struct device dev;
765
763
struct dentry *debugfs;
···
974
974
HCI_CONN_SCANNING,
975
975
HCI_CONN_AUTH_FAILURE,
976
976
HCI_CONN_PER_ADV,
977
+
HCI_CONN_BIG_CREATED,
978
+
HCI_CONN_CREATE_CIS,
979
+
HCI_CONN_BIG_SYNC,
980
+
HCI_CONN_BIG_SYNC_FAILED,
977
981
};
978
982
979
983
static inline bool hci_conn_ssp_enabled(struct hci_conn *conn)
···
1097
1093
}
1098
1094
1099
1095
static inline struct hci_conn *hci_conn_hash_lookup_bis(struct hci_dev *hdev,
1100
-
bdaddr_t *ba,
1101
-
__u8 big, __u8 bis)
1096
+
bdaddr_t *ba, __u8 bis)
1102
1097
{
1103
1098
struct hci_conn_hash *h = &hdev->conn_hash;
1104
1099
struct hci_conn *c;
···
1108
1105
if (bacmp(&c->dst, ba) || c->type != ISO_LINK)
1109
1106
continue;
1110
1107
1111
-
if (c->iso_qos.bcast.big == big && c->iso_qos.bcast.bis == bis) {
1108
+
if (c->iso_qos.bcast.bis == bis) {
1109
+
rcu_read_unlock();
1110
+
return c;
1111
+
}
1112
+
}
1113
+
rcu_read_unlock();
1114
+
1115
+
return NULL;
1116
+
}
1117
+
1118
+
static inline struct hci_conn *
1119
+
hci_conn_hash_lookup_per_adv_bis(struct hci_dev *hdev,
1120
+
bdaddr_t *ba,
1121
+
__u8 big, __u8 bis)
1122
+
{
1123
+
struct hci_conn_hash *h = &hdev->conn_hash;
1124
+
struct hci_conn *c;
1125
+
1126
+
rcu_read_lock();
1127
+
1128
+
list_for_each_entry_rcu(c, &h->list, list) {
1129
+
if (bacmp(&c->dst, ba) || c->type != ISO_LINK ||
1130
+
!test_bit(HCI_CONN_PER_ADV, &c->flags))
1131
+
continue;
1132
+
1133
+
if (c->iso_qos.bcast.big == big &&
1134
+
c->iso_qos.bcast.bis == bis) {
1112
1135
rcu_read_unlock();
1113
1136
return c;
1114
1137
}
···
1219
1190
rcu_read_lock();
1220
1191
1221
1192
list_for_each_entry_rcu(c, &h->list, list) {
1222
-
if (c->type != ISO_LINK)
1193
+
if (c->type != ISO_LINK || !bacmp(&c->dst, BDADDR_ANY))
1223
1194
continue;
1224
1195
1225
1196
/* Match CIG ID if set */
···
1251
1222
rcu_read_lock();
1252
1223
1253
1224
list_for_each_entry_rcu(c, &h->list, list) {
1254
-
if (c->type != ISO_LINK)
1225
+
if (c->type != ISO_LINK || !bacmp(&c->dst, BDADDR_ANY))
1255
1226
continue;
1256
1227
1257
1228
if (handle == c->iso_qos.ucast.cig) {
···
1275
1246
1276
1247
list_for_each_entry_rcu(c, &h->list, list) {
1277
1248
if (bacmp(&c->dst, BDADDR_ANY) || c->type != ISO_LINK)
1249
+
continue;
1250
+
1251
+
if (handle == c->iso_qos.bcast.big) {
1252
+
rcu_read_unlock();
1253
+
return c;
1254
+
}
1255
+
}
1256
+
1257
+
rcu_read_unlock();
1258
+
1259
+
return NULL;
1260
+
}
1261
+
1262
+
static inline struct hci_conn *hci_conn_hash_lookup_big_any_dst(struct hci_dev *hdev,
1263
+
__u8 handle)
1264
+
{
1265
+
struct hci_conn_hash *h = &hdev->conn_hash;
1266
+
struct hci_conn *c;
1267
+
1268
+
rcu_read_lock();
1269
+
1270
+
list_for_each_entry_rcu(c, &h->list, list) {
1271
+
if (c->type != ISO_LINK)
1278
1272
continue;
1279
1273
1280
1274
if (handle == c->iso_qos.bcast.big) {
···
1372
1320
return NULL;
1373
1321
}
1374
1322
1323
+
/* Returns true if an le connection is in the scanning state */
1324
+
static inline bool hci_is_le_conn_scanning(struct hci_dev *hdev)
1325
+
{
1326
+
struct hci_conn_hash *h = &hdev->conn_hash;
1327
+
struct hci_conn *c;
1328
+
1329
+
rcu_read_lock();
1330
+
1331
+
list_for_each_entry_rcu(c, &h->list, list) {
1332
+
if (c->type == LE_LINK && c->state == BT_CONNECT &&
1333
+
test_bit(HCI_CONN_SCANNING, &c->flags)) {
1334
+
rcu_read_unlock();
1335
+
return true;
1336
+
}
1337
+
}
1338
+
1339
+
rcu_read_unlock();
1340
+
1341
+
return false;
1342
+
}
1343
+
1375
1344
int hci_disconnect(struct hci_conn *conn, __u8 reason);
1376
1345
bool hci_setup_sync(struct hci_conn *conn, __u16 handle);
1377
1346
void hci_sco_setup(struct hci_conn *conn, __u8 status);
1378
1347
bool hci_iso_setup_path(struct hci_conn *conn);
1379
-
int hci_le_create_cis(struct hci_conn *conn);
1348
+
int hci_le_create_cis_pending(struct hci_dev *hdev);
1349
+
int hci_conn_check_create_cis(struct hci_conn *conn);
1380
1350
1381
1351
struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
1382
1352
u8 role);
···
1425
1351
__u16 setting, struct bt_codec *codec);
1426
1352
struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst,
1427
1353
__u8 dst_type, struct bt_iso_qos *qos);
1354
+
struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst,
1355
+
struct bt_iso_qos *qos,
1356
+
__u8 base_len, __u8 *base);
1428
1357
struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
1429
1358
__u8 dst_type, struct bt_iso_qos *qos);
1430
1359
struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
···
1446
1369
void hci_conn_enter_active_mode(struct hci_conn *conn, __u8 force_active);
1447
1370
1448
1371
void hci_conn_failed(struct hci_conn *conn, u8 status);
1372
+
u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle);
1449
1373
1450
1374
/*
1451
1375
* hci_conn_get() and hci_conn_put() are used to control the life-time of an
···
1823
1745
/* Extended advertising support */
1824
1746
#define ext_adv_capable(dev) (((dev)->le_features[1] & HCI_LE_EXT_ADV))
1825
1747
1748
+
/* Maximum advertising length */
1749
+
#define max_adv_len(dev) \
1750
+
(ext_adv_capable(dev) ? HCI_MAX_EXT_AD_LENGTH : HCI_MAX_AD_LENGTH)
1751
+
1826
1752
/* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E page 1789:
1827
1753
*
1828
1754
* C24: Mandatory if the LE Controller supports Connection State and either
···
1847
1765
#define cis_peripheral_capable(dev) \
1848
1766
((dev)->le_features[3] & HCI_LE_CIS_PERIPHERAL)
1849
1767
#define bis_capable(dev) ((dev)->le_features[3] & HCI_LE_ISO_BROADCASTER)
1768
+
#define sync_recv_capable(dev) ((dev)->le_features[3] & HCI_LE_ISO_SYNC_RECEIVER)
1850
1769
1851
1770
#define mws_transport_config_capable(dev) (((dev)->commands[30] & 0x08) && \
1852
1771
(!test_bit(HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG, &(dev)->quirks)))
+4
-1
include/net/bluetooth/hci_sync.h
+4
-1
include/net/bluetooth/hci_sync.h
···
5
5
* Copyright (C) 2021 Intel Corporation
6
6
*/
7
7
8
+
#define UINT_PTR(_handle) ((void *)((uintptr_t)_handle))
9
+
#define PTR_UINT(_ptr) ((uintptr_t)((void *)_ptr))
10
+
8
11
typedef int (*hci_cmd_sync_work_func_t)(struct hci_dev *hdev, void *data);
9
12
typedef void (*hci_cmd_sync_work_destroy_t)(struct hci_dev *hdev, void *data,
10
13
int err);
···
127
124
128
125
int hci_le_create_conn_sync(struct hci_dev *hdev, struct hci_conn *conn);
129
126
130
-
int hci_le_create_cis_sync(struct hci_dev *hdev, struct hci_conn *conn);
127
+
int hci_le_create_cis_sync(struct hci_dev *hdev);
131
128
132
129
int hci_le_remove_cig_sync(struct hci_dev *hdev, u8 handle);
133
130
+2
include/net/bluetooth/mgmt.h
+2
include/net/bluetooth/mgmt.h
···
111
111
#define MGMT_SETTING_WIDEBAND_SPEECH BIT(17)
112
112
#define MGMT_SETTING_CIS_CENTRAL BIT(18)
113
113
#define MGMT_SETTING_CIS_PERIPHERAL BIT(19)
114
+
#define MGMT_SETTING_ISO_BROADCASTER BIT(20)
115
+
#define MGMT_SETTING_ISO_SYNC_RECEIVER BIT(21)
114
116
115
117
#define MGMT_OP_READ_INFO 0x0004
116
118
#define MGMT_READ_INFO_SIZE 0
-2
include/net/bluetooth/sco.h
-2
include/net/bluetooth/sco.h
+51
-2
net/bluetooth/af_bluetooth.c
+51
-2
net/bluetooth/af_bluetooth.c
···
140
140
return err;
141
141
}
142
142
143
+
struct sock *bt_sock_alloc(struct net *net, struct socket *sock,
144
+
struct proto *prot, int proto, gfp_t prio, int kern)
145
+
{
146
+
struct sock *sk;
147
+
148
+
sk = sk_alloc(net, PF_BLUETOOTH, prio, prot, kern);
149
+
if (!sk)
150
+
return NULL;
151
+
152
+
sock_init_data(sock, sk);
153
+
INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
154
+
155
+
sock_reset_flag(sk, SOCK_ZAPPED);
156
+
157
+
sk->sk_protocol = proto;
158
+
sk->sk_state = BT_OPEN;
159
+
160
+
/* Init peer information so it can be properly monitored */
161
+
if (!kern) {
162
+
spin_lock(&sk->sk_peer_lock);
163
+
sk->sk_peer_pid = get_pid(task_tgid(current));
164
+
sk->sk_peer_cred = get_current_cred();
165
+
spin_unlock(&sk->sk_peer_lock);
166
+
}
167
+
168
+
return sk;
169
+
}
170
+
EXPORT_SYMBOL(bt_sock_alloc);
171
+
143
172
void bt_sock_link(struct bt_sock_list *l, struct sock *sk)
144
173
{
145
174
write_lock(&l->lock);
···
187
158
188
159
void bt_accept_enqueue(struct sock *parent, struct sock *sk, bool bh)
189
160
{
161
+
const struct cred *old_cred;
162
+
struct pid *old_pid;
163
+
190
164
BT_DBG("parent %p, sk %p", parent, sk);
191
165
192
166
sock_hold(sk);
···
201
169
202
170
list_add_tail(&bt_sk(sk)->accept_q, &bt_sk(parent)->accept_q);
203
171
bt_sk(sk)->parent = parent;
172
+
173
+
/* Copy credentials from parent since for incoming connections the
174
+
* socket is allocated by the kernel.
175
+
*/
176
+
spin_lock(&sk->sk_peer_lock);
177
+
old_pid = sk->sk_peer_pid;
178
+
old_cred = sk->sk_peer_cred;
179
+
sk->sk_peer_pid = get_pid(parent->sk_peer_pid);
180
+
sk->sk_peer_cred = get_cred(parent->sk_peer_cred);
181
+
spin_unlock(&sk->sk_peer_lock);
182
+
183
+
put_pid(old_pid);
184
+
put_cred(old_cred);
204
185
205
186
if (bh)
206
187
bh_unlock_sock(sk);
···
333
288
bt_sk(sk)->skb_msg_name(skb, msg->msg_name,
334
289
&msg->msg_namelen);
335
290
336
-
if (bt_sk(sk)->skb_put_cmsg)
337
-
bt_sk(sk)->skb_put_cmsg(skb, msg, sk);
291
+
if (test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags)) {
292
+
u8 pkt_status = hci_skb_pkt_status(skb);
293
+
294
+
put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
295
+
sizeof(pkt_status), &pkt_status);
296
+
}
338
297
}
339
298
340
299
skb_free_datagram(sk, skb);
-1
net/bluetooth/amp.h
-1
net/bluetooth/amp.h
···
28
28
29
29
int phylink_gen_key(struct hci_conn *hcon, u8 *data, u8 *len, u8 *type);
30
30
31
-
void amp_read_loc_info(struct hci_dev *hdev, struct amp_mgr *mgr);
32
31
void amp_read_loc_assoc_frag(struct hci_dev *hdev, u8 phy_handle);
33
32
void amp_read_loc_assoc(struct hci_dev *hdev, struct amp_mgr *mgr);
34
33
void amp_read_loc_assoc_final_data(struct hci_dev *hdev,
+1
-9
net/bluetooth/bnep/sock.c
+1
-9
net/bluetooth/bnep/sock.c
···
205
205
if (sock->type != SOCK_RAW)
206
206
return -ESOCKTNOSUPPORT;
207
207
208
-
sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &bnep_proto, kern);
208
+
sk = bt_sock_alloc(net, sock, &bnep_proto, protocol, GFP_ATOMIC, kern);
209
209
if (!sk)
210
210
return -ENOMEM;
211
211
212
-
sock_init_data(sock, sk);
213
-
214
212
sock->ops = &bnep_sock_ops;
215
-
216
213
sock->state = SS_UNCONNECTED;
217
-
218
-
sock_reset_flag(sk, SOCK_ZAPPED);
219
-
220
-
sk->sk_protocol = protocol;
221
-
sk->sk_state = BT_OPEN;
222
214
223
215
bt_sock_link(&bnep_sk_list, sk);
224
216
return 0;
+1
-2
net/bluetooth/coredump.c
+1
-2
net/bluetooth/coredump.c
+338
-360
net/bluetooth/hci_conn.c
+338
-360
net/bluetooth/hci_conn.c
···
178
178
hci_conn_put(conn);
179
179
}
180
180
181
-
static void le_scan_cleanup(struct work_struct *work)
182
-
{
183
-
struct hci_conn *conn = container_of(work, struct hci_conn,
184
-
le_scan_cleanup);
185
-
struct hci_dev *hdev = conn->hdev;
186
-
struct hci_conn *c = NULL;
187
-
188
-
BT_DBG("%s hcon %p", hdev->name, conn);
189
-
190
-
hci_dev_lock(hdev);
191
-
192
-
/* Check that the hci_conn is still around */
193
-
rcu_read_lock();
194
-
list_for_each_entry_rcu(c, &hdev->conn_hash.list, list) {
195
-
if (c == conn)
196
-
break;
197
-
}
198
-
rcu_read_unlock();
199
-
200
-
if (c == conn) {
201
-
hci_connect_le_scan_cleanup(conn, 0x00);
202
-
hci_conn_cleanup(conn);
203
-
}
204
-
205
-
hci_dev_unlock(hdev);
206
-
hci_dev_put(hdev);
207
-
hci_conn_put(conn);
208
-
}
209
-
210
-
static void hci_connect_le_scan_remove(struct hci_conn *conn)
211
-
{
212
-
BT_DBG("%s hcon %p", conn->hdev->name, conn);
213
-
214
-
/* We can't call hci_conn_del/hci_conn_cleanup here since that
215
-
* could deadlock with another hci_conn_del() call that's holding
216
-
* hci_dev_lock and doing cancel_delayed_work_sync(&conn->disc_work).
217
-
* Instead, grab temporary extra references to the hci_dev and
218
-
* hci_conn and perform the necessary cleanup in a separate work
219
-
* callback.
220
-
*/
221
-
222
-
hci_dev_hold(conn->hdev);
223
-
hci_conn_get(conn);
224
-
225
-
/* Even though we hold a reference to the hdev, many other
226
-
* things might get cleaned up meanwhile, including the hdev's
227
-
* own workqueue, so we can't use that for scheduling.
228
-
*/
229
-
schedule_work(&conn->le_scan_cleanup);
230
-
}
231
-
232
181
static void hci_acl_create_connection(struct hci_conn *conn)
233
182
{
234
183
struct hci_dev *hdev = conn->hdev;
···
628
679
if (refcnt > 0)
629
680
return;
630
681
631
-
/* LE connections in scanning state need special handling */
632
-
if (conn->state == BT_CONNECT && conn->type == LE_LINK &&
633
-
test_bit(HCI_CONN_SCANNING, &conn->flags)) {
634
-
hci_connect_le_scan_remove(conn);
635
-
return;
636
-
}
637
-
638
682
hci_abort_conn(conn, hci_proto_disconn_ind(conn));
639
683
}
640
684
···
733
791
u16 sync_handle;
734
792
};
735
793
int count;
736
-
struct iso_cig_params pdu;
794
+
bool big_term;
795
+
bool big_sync_term;
737
796
};
738
797
739
798
static void bis_list(struct hci_conn *conn, void *data)
···
752
809
d->count++;
753
810
}
754
811
755
-
static void find_bis(struct hci_conn *conn, void *data)
756
-
{
757
-
struct iso_list_data *d = data;
758
-
759
-
/* Ignore unicast */
760
-
if (bacmp(&conn->dst, BDADDR_ANY))
761
-
return;
762
-
763
-
d->count++;
764
-
}
765
-
766
812
static int terminate_big_sync(struct hci_dev *hdev, void *data)
767
813
{
768
814
struct iso_list_data *d = data;
···
760
828
761
829
hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL);
762
830
763
-
/* Check if ISO connection is a BIS and terminate BIG if there are
764
-
* no other connections using it.
765
-
*/
766
-
hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
767
-
if (d->count)
831
+
/* Only terminate BIG if it has been created */
832
+
if (!d->big_term)
768
833
return 0;
769
834
770
835
return hci_le_terminate_big_sync(hdev, d->big,
···
773
844
kfree(data);
774
845
}
775
846
776
-
static int hci_le_terminate_big(struct hci_dev *hdev, u8 big, u8 bis)
847
+
static int hci_le_terminate_big(struct hci_dev *hdev, struct hci_conn *conn)
777
848
{
778
849
struct iso_list_data *d;
779
850
int ret;
780
851
781
-
bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", big, bis);
852
+
bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", conn->iso_qos.bcast.big,
853
+
conn->iso_qos.bcast.bis);
782
854
783
855
d = kzalloc(sizeof(*d), GFP_KERNEL);
784
856
if (!d)
785
857
return -ENOMEM;
786
858
787
-
d->big = big;
788
-
d->bis = bis;
859
+
d->big = conn->iso_qos.bcast.big;
860
+
d->bis = conn->iso_qos.bcast.bis;
861
+
d->big_term = test_and_clear_bit(HCI_CONN_BIG_CREATED, &conn->flags);
789
862
790
863
ret = hci_cmd_sync_queue(hdev, terminate_big_sync, d,
791
864
terminate_big_destroy);
···
804
873
bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", d->big,
805
874
d->sync_handle);
806
875
807
-
/* Check if ISO connection is a BIS and terminate BIG if there are
808
-
* no other connections using it.
809
-
*/
810
-
hci_conn_hash_list_state(hdev, find_bis, ISO_LINK, BT_CONNECTED, d);
811
-
if (d->count)
812
-
return 0;
813
-
814
-
hci_le_big_terminate_sync(hdev, d->big);
876
+
if (d->big_sync_term)
877
+
hci_le_big_terminate_sync(hdev, d->big);
815
878
816
879
return hci_le_pa_terminate_sync(hdev, d->sync_handle);
817
880
}
818
881
819
-
static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, u16 sync_handle)
882
+
static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn)
820
883
{
821
884
struct iso_list_data *d;
822
885
int ret;
823
886
824
-
bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, sync_handle);
887
+
bt_dev_dbg(hdev, "big 0x%2.2x sync_handle 0x%4.4x", big, conn->sync_handle);
825
888
826
889
d = kzalloc(sizeof(*d), GFP_KERNEL);
827
890
if (!d)
828
891
return -ENOMEM;
829
892
830
893
d->big = big;
831
-
d->sync_handle = sync_handle;
894
+
d->sync_handle = conn->sync_handle;
895
+
d->big_sync_term = test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags);
832
896
833
897
ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d,
834
898
terminate_big_destroy);
···
842
916
static void bis_cleanup(struct hci_conn *conn)
843
917
{
844
918
struct hci_dev *hdev = conn->hdev;
919
+
struct hci_conn *bis;
845
920
846
921
bt_dev_dbg(hdev, "conn %p", conn);
847
922
···
850
923
if (!test_and_clear_bit(HCI_CONN_PER_ADV, &conn->flags))
851
924
return;
852
925
853
-
hci_le_terminate_big(hdev, conn->iso_qos.bcast.big,
854
-
conn->iso_qos.bcast.bis);
926
+
/* Check if ISO connection is a BIS and terminate advertising
927
+
* set and BIG if there are no other connections using it.
928
+
*/
929
+
bis = hci_conn_hash_lookup_big(hdev, conn->iso_qos.bcast.big);
930
+
if (bis)
931
+
return;
932
+
933
+
hci_le_terminate_big(hdev, conn);
855
934
} else {
935
+
bis = hci_conn_hash_lookup_big_any_dst(hdev,
936
+
conn->iso_qos.bcast.big);
937
+
938
+
if (bis)
939
+
return;
940
+
856
941
hci_le_big_terminate(hdev, conn->iso_qos.bcast.big,
857
-
conn->sync_handle);
942
+
conn);
858
943
}
859
944
}
860
945
861
946
static int remove_cig_sync(struct hci_dev *hdev, void *data)
862
947
{
863
-
u8 handle = PTR_ERR(data);
948
+
u8 handle = PTR_UINT(data);
864
949
865
950
return hci_le_remove_cig_sync(hdev, handle);
866
951
}
···
881
942
{
882
943
bt_dev_dbg(hdev, "handle 0x%2.2x", handle);
883
944
884
-
return hci_cmd_sync_queue(hdev, remove_cig_sync, ERR_PTR(handle), NULL);
945
+
return hci_cmd_sync_queue(hdev, remove_cig_sync, UINT_PTR(handle),
946
+
NULL);
885
947
}
886
948
887
949
static void find_cis(struct hci_conn *conn, void *data)
···
923
983
hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig);
924
984
}
925
985
986
+
static u16 hci_conn_hash_alloc_unset(struct hci_dev *hdev)
987
+
{
988
+
struct hci_conn_hash *h = &hdev->conn_hash;
989
+
struct hci_conn *c;
990
+
u16 handle = HCI_CONN_HANDLE_MAX + 1;
991
+
992
+
rcu_read_lock();
993
+
994
+
list_for_each_entry_rcu(c, &h->list, list) {
995
+
/* Find the first unused handle */
996
+
if (handle == 0xffff || c->handle != handle)
997
+
break;
998
+
handle++;
999
+
}
1000
+
rcu_read_unlock();
1001
+
1002
+
return handle;
1003
+
}
1004
+
926
1005
struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst,
927
1006
u8 role)
928
1007
{
···
955
996
956
997
bacpy(&conn->dst, dst);
957
998
bacpy(&conn->src, &hdev->bdaddr);
958
-
conn->handle = HCI_CONN_HANDLE_UNSET;
999
+
conn->handle = hci_conn_hash_alloc_unset(hdev);
959
1000
conn->hdev = hdev;
960
1001
conn->type = type;
961
1002
conn->role = role;
···
1018
1059
INIT_DELAYED_WORK(&conn->auto_accept_work, hci_conn_auto_accept);
1019
1060
INIT_DELAYED_WORK(&conn->idle_work, hci_conn_idle);
1020
1061
INIT_DELAYED_WORK(&conn->le_conn_timeout, le_conn_timeout);
1021
-
INIT_WORK(&conn->le_scan_cleanup, le_scan_cleanup);
1022
1062
1023
1063
atomic_set(&conn->refcnt, 0);
1024
1064
···
1067
1109
*/
1068
1110
if ((child->type == SCO_LINK ||
1069
1111
child->type == ESCO_LINK) &&
1070
-
child->handle == HCI_CONN_HANDLE_UNSET)
1112
+
HCI_CONN_HANDLE_UNSET(child->handle))
1071
1113
hci_conn_del(child);
1072
1114
}
1073
1115
···
1231
1273
hci_conn_del(conn);
1232
1274
}
1233
1275
1276
+
/* This function requires the caller holds hdev->lock */
1277
+
u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle)
1278
+
{
1279
+
struct hci_dev *hdev = conn->hdev;
1280
+
1281
+
bt_dev_dbg(hdev, "hcon %p handle 0x%4.4x", conn, handle);
1282
+
1283
+
if (conn->handle == handle)
1284
+
return 0;
1285
+
1286
+
if (handle > HCI_CONN_HANDLE_MAX) {
1287
+
bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
1288
+
handle, HCI_CONN_HANDLE_MAX);
1289
+
return HCI_ERROR_INVALID_PARAMETERS;
1290
+
}
1291
+
1292
+
/* If abort_reason has been sent it means the connection is being
1293
+
* aborted and the handle shall not be changed.
1294
+
*/
1295
+
if (conn->abort_reason)
1296
+
return conn->abort_reason;
1297
+
1298
+
conn->handle = handle;
1299
+
1300
+
return 0;
1301
+
}
1302
+
1234
1303
static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
1235
1304
{
1236
-
struct hci_conn *conn = data;
1305
+
struct hci_conn *conn;
1306
+
u16 handle = PTR_UINT(data);
1307
+
1308
+
conn = hci_conn_hash_lookup_handle(hdev, handle);
1309
+
if (!conn)
1310
+
return;
1237
1311
1238
1312
bt_dev_dbg(hdev, "err %d", err);
1239
1313
···
1290
1300
1291
1301
static int hci_connect_le_sync(struct hci_dev *hdev, void *data)
1292
1302
{
1293
-
struct hci_conn *conn = data;
1303
+
struct hci_conn *conn;
1304
+
u16 handle = PTR_UINT(data);
1305
+
1306
+
conn = hci_conn_hash_lookup_handle(hdev, handle);
1307
+
if (!conn)
1308
+
return 0;
1294
1309
1295
1310
bt_dev_dbg(hdev, "conn %p", conn);
1311
+
1312
+
conn->state = BT_CONNECT;
1296
1313
1297
1314
return hci_le_create_conn_sync(hdev, conn);
1298
1315
}
···
1370
1373
conn->sec_level = BT_SECURITY_LOW;
1371
1374
conn->conn_timeout = conn_timeout;
1372
1375
1373
-
conn->state = BT_CONNECT;
1374
1376
clear_bit(HCI_CONN_SCANNING, &conn->flags);
1375
1377
1376
-
err = hci_cmd_sync_queue(hdev, hci_connect_le_sync, conn,
1378
+
err = hci_cmd_sync_queue(hdev, hci_connect_le_sync,
1379
+
UINT_PTR(conn->handle),
1377
1380
create_le_conn_complete);
1378
1381
if (err) {
1379
1382
hci_conn_del(conn);
···
1437
1440
1438
1441
static int qos_set_big(struct hci_dev *hdev, struct bt_iso_qos *qos)
1439
1442
{
1440
-
struct iso_list_data data;
1443
+
struct hci_conn *conn;
1444
+
u8 big;
1441
1445
1442
1446
/* Allocate a BIG if not set */
1443
1447
if (qos->bcast.big == BT_ISO_QOS_BIG_UNSET) {
1444
-
for (data.big = 0x00; data.big < 0xef; data.big++) {
1445
-
data.count = 0;
1446
-
data.bis = 0xff;
1448
+
for (big = 0x00; big < 0xef; big++) {
1447
1449
1448
-
hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1449
-
BT_BOUND, &data);
1450
-
if (!data.count)
1450
+
conn = hci_conn_hash_lookup_big(hdev, big);
1451
+
if (!conn)
1451
1452
break;
1452
1453
}
1453
1454
1454
-
if (data.big == 0xef)
1455
+
if (big == 0xef)
1455
1456
return -EADDRNOTAVAIL;
1456
1457
1457
1458
/* Update BIG */
1458
-
qos->bcast.big = data.big;
1459
+
qos->bcast.big = big;
1459
1460
}
1460
1461
1461
1462
return 0;
···
1461
1466
1462
1467
static int qos_set_bis(struct hci_dev *hdev, struct bt_iso_qos *qos)
1463
1468
{
1464
-
struct iso_list_data data;
1469
+
struct hci_conn *conn;
1470
+
u8 bis;
1465
1471
1466
1472
/* Allocate BIS if not set */
1467
1473
if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) {
1468
1474
/* Find an unused adv set to advertise BIS, skip instance 0x00
1469
1475
* since it is reserved as general purpose set.
1470
1476
*/
1471
-
for (data.bis = 0x01; data.bis < hdev->le_num_of_adv_sets;
1472
-
data.bis++) {
1473
-
data.count = 0;
1477
+
for (bis = 0x01; bis < hdev->le_num_of_adv_sets;
1478
+
bis++) {
1474
1479
1475
-
hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1476
-
BT_BOUND, &data);
1477
-
if (!data.count)
1480
+
conn = hci_conn_hash_lookup_bis(hdev, BDADDR_ANY, bis);
1481
+
if (!conn)
1478
1482
break;
1479
1483
}
1480
1484
1481
-
if (data.bis == hdev->le_num_of_adv_sets)
1485
+
if (bis == hdev->le_num_of_adv_sets)
1482
1486
return -EADDRNOTAVAIL;
1483
1487
1484
1488
/* Update BIS */
1485
-
qos->bcast.bis = data.bis;
1489
+
qos->bcast.bis = bis;
1486
1490
}
1487
1491
1488
1492
return 0;
···
1489
1495
1490
1496
/* This function requires the caller holds hdev->lock */
1491
1497
static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst,
1492
-
struct bt_iso_qos *qos)
1498
+
struct bt_iso_qos *qos, __u8 base_len,
1499
+
__u8 *base)
1493
1500
{
1494
1501
struct hci_conn *conn;
1495
-
struct iso_list_data data;
1496
1502
int err;
1497
1503
1498
1504
/* Let's make sure that le is enabled.*/
···
1510
1516
if (err)
1511
1517
return ERR_PTR(err);
1512
1518
1513
-
data.big = qos->bcast.big;
1514
-
data.bis = qos->bcast.bis;
1515
-
data.count = 0;
1516
-
1517
-
/* Check if there is already a matching BIG/BIS */
1518
-
hci_conn_hash_list_state(hdev, bis_list, ISO_LINK, BT_BOUND, &data);
1519
-
if (data.count)
1519
+
/* Check if the LE Create BIG command has already been sent */
1520
+
conn = hci_conn_hash_lookup_per_adv_bis(hdev, dst, qos->bcast.big,
1521
+
qos->bcast.big);
1522
+
if (conn)
1520
1523
return ERR_PTR(-EADDRINUSE);
1521
1524
1522
-
conn = hci_conn_hash_lookup_bis(hdev, dst, qos->bcast.big, qos->bcast.bis);
1523
-
if (conn)
1525
+
/* Check BIS settings against other bound BISes, since all
1526
+
* BISes in a BIG must have the same value for all parameters
1527
+
*/
1528
+
conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big);
1529
+
1530
+
if (conn && (memcmp(qos, &conn->iso_qos, sizeof(*qos)) ||
1531
+
base_len != conn->le_per_adv_data_len ||
1532
+
memcmp(conn->le_per_adv_data, base, base_len)))
1524
1533
return ERR_PTR(-EADDRINUSE);
1525
1534
1526
1535
conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER);
1527
1536
if (!conn)
1528
1537
return ERR_PTR(-ENOMEM);
1529
1538
1530
-
set_bit(HCI_CONN_PER_ADV, &conn->flags);
1531
1539
conn->state = BT_CONNECT;
1532
1540
1533
1541
hci_conn_hold(conn);
···
1703
1707
return sco;
1704
1708
}
1705
1709
1706
-
static void cis_add(struct iso_list_data *d, struct bt_iso_qos *qos)
1707
-
{
1708
-
struct hci_cis_params *cis = &d->pdu.cis[d->pdu.cp.num_cis];
1709
-
1710
-
cis->cis_id = qos->ucast.cis;
1711
-
cis->c_sdu = cpu_to_le16(qos->ucast.out.sdu);
1712
-
cis->p_sdu = cpu_to_le16(qos->ucast.in.sdu);
1713
-
cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy : qos->ucast.in.phy;
1714
-
cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy : qos->ucast.out.phy;
1715
-
cis->c_rtn = qos->ucast.out.rtn;
1716
-
cis->p_rtn = qos->ucast.in.rtn;
1717
-
1718
-
d->pdu.cp.num_cis++;
1719
-
}
1720
-
1721
-
static void cis_list(struct hci_conn *conn, void *data)
1722
-
{
1723
-
struct iso_list_data *d = data;
1724
-
1725
-
/* Skip if broadcast/ANY address */
1726
-
if (!bacmp(&conn->dst, BDADDR_ANY))
1727
-
return;
1728
-
1729
-
if (d->cig != conn->iso_qos.ucast.cig || d->cis == BT_ISO_QOS_CIS_UNSET ||
1730
-
d->cis != conn->iso_qos.ucast.cis)
1731
-
return;
1732
-
1733
-
d->count++;
1734
-
1735
-
if (d->pdu.cp.cig_id == BT_ISO_QOS_CIG_UNSET ||
1736
-
d->count >= ARRAY_SIZE(d->pdu.cis))
1737
-
return;
1738
-
1739
-
cis_add(d, &conn->iso_qos);
1740
-
}
1741
-
1742
1710
static int hci_le_create_big(struct hci_conn *conn, struct bt_iso_qos *qos)
1743
1711
{
1744
1712
struct hci_dev *hdev = conn->hdev;
1745
1713
struct hci_cp_le_create_big cp;
1714
+
struct iso_list_data data;
1746
1715
1747
1716
memset(&cp, 0, sizeof(cp));
1748
1717
1718
+
data.big = qos->bcast.big;
1719
+
data.bis = qos->bcast.bis;
1720
+
data.count = 0;
1721
+
1722
+
/* Create a BIS for each bound connection */
1723
+
hci_conn_hash_list_state(hdev, bis_list, ISO_LINK,
1724
+
BT_BOUND, &data);
1725
+
1749
1726
cp.handle = qos->bcast.big;
1750
1727
cp.adv_handle = qos->bcast.bis;
1751
-
cp.num_bis = 0x01;
1728
+
cp.num_bis = data.count;
1752
1729
hci_cpu_to_le24(qos->bcast.out.interval, cp.bis.sdu_interval);
1753
1730
cp.bis.sdu = cpu_to_le16(qos->bcast.out.sdu);
1754
1731
cp.bis.latency = cpu_to_le16(qos->bcast.out.latency);
···
1735
1766
return hci_send_cmd(hdev, HCI_OP_LE_CREATE_BIG, sizeof(cp), &cp);
1736
1767
}
1737
1768
1738
-
static void set_cig_params_complete(struct hci_dev *hdev, void *data, int err)
1739
-
{
1740
-
struct iso_cig_params *pdu = data;
1741
-
1742
-
bt_dev_dbg(hdev, "");
1743
-
1744
-
if (err)
1745
-
bt_dev_err(hdev, "Unable to set CIG parameters: %d", err);
1746
-
1747
-
kfree(pdu);
1748
-
}
1749
-
1750
1769
static int set_cig_params_sync(struct hci_dev *hdev, void *data)
1751
1770
{
1752
-
struct iso_cig_params *pdu = data;
1753
-
u32 plen;
1771
+
u8 cig_id = PTR_UINT(data);
1772
+
struct hci_conn *conn;
1773
+
struct bt_iso_qos *qos;
1774
+
struct iso_cig_params pdu;
1775
+
u8 cis_id;
1754
1776
1755
-
plen = sizeof(pdu->cp) + pdu->cp.num_cis * sizeof(pdu->cis[0]);
1756
-
return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS, plen, pdu,
1777
+
conn = hci_conn_hash_lookup_cig(hdev, cig_id);
1778
+
if (!conn)
1779
+
return 0;
1780
+
1781
+
memset(&pdu, 0, sizeof(pdu));
1782
+
1783
+
qos = &conn->iso_qos;
1784
+
pdu.cp.cig_id = cig_id;
1785
+
hci_cpu_to_le24(qos->ucast.out.interval, pdu.cp.c_interval);
1786
+
hci_cpu_to_le24(qos->ucast.in.interval, pdu.cp.p_interval);
1787
+
pdu.cp.sca = qos->ucast.sca;
1788
+
pdu.cp.packing = qos->ucast.packing;
1789
+
pdu.cp.framing = qos->ucast.framing;
1790
+
pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1791
+
pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
1792
+
1793
+
/* Reprogram all CIS(s) with the same CIG, valid range are:
1794
+
* num_cis: 0x00 to 0x1F
1795
+
* cis_id: 0x00 to 0xEF
1796
+
*/
1797
+
for (cis_id = 0x00; cis_id < 0xf0 &&
1798
+
pdu.cp.num_cis < ARRAY_SIZE(pdu.cis); cis_id++) {
1799
+
struct hci_cis_params *cis;
1800
+
1801
+
conn = hci_conn_hash_lookup_cis(hdev, NULL, 0, cig_id, cis_id);
1802
+
if (!conn)
1803
+
continue;
1804
+
1805
+
qos = &conn->iso_qos;
1806
+
1807
+
cis = &pdu.cis[pdu.cp.num_cis++];
1808
+
cis->cis_id = cis_id;
1809
+
cis->c_sdu = cpu_to_le16(conn->iso_qos.ucast.out.sdu);
1810
+
cis->p_sdu = cpu_to_le16(conn->iso_qos.ucast.in.sdu);
1811
+
cis->c_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
1812
+
qos->ucast.in.phy;
1813
+
cis->p_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
1814
+
qos->ucast.out.phy;
1815
+
cis->c_rtn = qos->ucast.out.rtn;
1816
+
cis->p_rtn = qos->ucast.in.rtn;
1817
+
}
1818
+
1819
+
if (!pdu.cp.num_cis)
1820
+
return 0;
1821
+
1822
+
return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_CIG_PARAMS,
1823
+
sizeof(pdu.cp) +
1824
+
pdu.cp.num_cis * sizeof(pdu.cis[0]), &pdu,
1757
1825
HCI_CMD_TIMEOUT);
1758
1826
}
1759
1827
···
1798
1792
{
1799
1793
struct hci_dev *hdev = conn->hdev;
1800
1794
struct iso_list_data data;
1801
-
struct iso_cig_params *pdu;
1802
1795
1803
1796
memset(&data, 0, sizeof(data));
1804
1797
···
1824
1819
qos->ucast.cig = data.cig;
1825
1820
}
1826
1821
1827
-
data.pdu.cp.cig_id = qos->ucast.cig;
1828
-
hci_cpu_to_le24(qos->ucast.out.interval, data.pdu.cp.c_interval);
1829
-
hci_cpu_to_le24(qos->ucast.in.interval, data.pdu.cp.p_interval);
1830
-
data.pdu.cp.sca = qos->ucast.sca;
1831
-
data.pdu.cp.packing = qos->ucast.packing;
1832
-
data.pdu.cp.framing = qos->ucast.framing;
1833
-
data.pdu.cp.c_latency = cpu_to_le16(qos->ucast.out.latency);
1834
-
data.pdu.cp.p_latency = cpu_to_le16(qos->ucast.in.latency);
1835
-
1836
1822
if (qos->ucast.cis != BT_ISO_QOS_CIS_UNSET) {
1837
-
data.count = 0;
1838
-
data.cig = qos->ucast.cig;
1839
-
data.cis = qos->ucast.cis;
1840
-
1841
-
hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1842
-
&data);
1843
-
if (data.count)
1823
+
if (hci_conn_hash_lookup_cis(hdev, NULL, 0, qos->ucast.cig,
1824
+
qos->ucast.cis))
1844
1825
return false;
1845
-
1846
-
cis_add(&data, qos);
1826
+
goto done;
1847
1827
}
1848
1828
1849
-
/* Reprogram all CIS(s) with the same CIG */
1850
-
for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0x11;
1829
+
/* Allocate first available CIS if not set */
1830
+
for (data.cig = qos->ucast.cig, data.cis = 0x00; data.cis < 0xf0;
1851
1831
data.cis++) {
1852
-
data.count = 0;
1853
-
1854
-
hci_conn_hash_list_state(hdev, cis_list, ISO_LINK, BT_BOUND,
1855
-
&data);
1856
-
if (data.count)
1857
-
continue;
1858
-
1859
-
/* Allocate a CIS if not set */
1860
-
if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET) {
1832
+
if (!hci_conn_hash_lookup_cis(hdev, NULL, 0, data.cig,
1833
+
data.cis)) {
1861
1834
/* Update CIS */
1862
1835
qos->ucast.cis = data.cis;
1863
-
cis_add(&data, qos);
1836
+
break;
1864
1837
}
1865
1838
}
1866
1839
1867
-
if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET || !data.pdu.cp.num_cis)
1840
+
if (qos->ucast.cis == BT_ISO_QOS_CIS_UNSET)
1868
1841
return false;
1869
1842
1870
-
pdu = kmemdup(&data.pdu, sizeof(*pdu), GFP_KERNEL);
1871
-
if (!pdu)
1843
+
done:
1844
+
if (hci_cmd_sync_queue(hdev, set_cig_params_sync,
1845
+
UINT_PTR(qos->ucast.cig), NULL) < 0)
1872
1846
return false;
1873
-
1874
-
if (hci_cmd_sync_queue(hdev, set_cig_params_sync, pdu,
1875
-
set_cig_params_complete) < 0) {
1876
-
kfree(pdu);
1877
-
return false;
1878
-
}
1879
1847
1880
1848
return true;
1881
1849
}
···
1866
1888
return ERR_PTR(-ENOMEM);
1867
1889
cis->cleanup = cis_cleanup;
1868
1890
cis->dst_type = dst_type;
1891
+
cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET;
1892
+
cis->iso_qos.ucast.cis = BT_ISO_QOS_CIS_UNSET;
1869
1893
}
1870
1894
1871
1895
if (cis->state == BT_CONNECTED)
···
1911
1931
return ERR_PTR(-EINVAL);
1912
1932
}
1913
1933
1934
+
hci_conn_hold(cis);
1935
+
1914
1936
cis->iso_qos = *qos;
1915
1937
cis->state = BT_BOUND;
1916
1938
···
1951
1969
return true;
1952
1970
}
1953
1971
1954
-
static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1972
+
int hci_conn_check_create_cis(struct hci_conn *conn)
1955
1973
{
1956
-
return hci_le_create_cis_sync(hdev, data);
1974
+
if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY))
1975
+
return -EINVAL;
1976
+
1977
+
if (!conn->parent || conn->parent->state != BT_CONNECTED ||
1978
+
conn->state != BT_CONNECT || HCI_CONN_HANDLE_UNSET(conn->handle))
1979
+
return 1;
1980
+
1981
+
return 0;
1957
1982
}
1958
1983
1959
-
int hci_le_create_cis(struct hci_conn *conn)
1984
+
static int hci_create_cis_sync(struct hci_dev *hdev, void *data)
1960
1985
{
1961
-
struct hci_conn *cis;
1962
-
struct hci_link *link, *t;
1963
-
struct hci_dev *hdev = conn->hdev;
1964
-
int err;
1986
+
return hci_le_create_cis_sync(hdev);
1987
+
}
1965
1988
1966
-
bt_dev_dbg(hdev, "hcon %p", conn);
1989
+
int hci_le_create_cis_pending(struct hci_dev *hdev)
1990
+
{
1991
+
struct hci_conn *conn;
1992
+
bool pending = false;
1967
1993
1968
-
switch (conn->type) {
1969
-
case LE_LINK:
1970
-
if (conn->state != BT_CONNECTED || list_empty(&conn->link_list))
1971
-
return -EINVAL;
1994
+
rcu_read_lock();
1972
1995
1973
-
cis = NULL;
1974
-
1975
-
/* hci_conn_link uses list_add_tail_rcu so the list is in
1976
-
* the same order as the connections are requested.
1977
-
*/
1978
-
list_for_each_entry_safe(link, t, &conn->link_list, list) {
1979
-
if (link->conn->state == BT_BOUND) {
1980
-
err = hci_le_create_cis(link->conn);
1981
-
if (err)
1982
-
return err;
1983
-
1984
-
cis = link->conn;
1985
-
}
1996
+
list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
1997
+
if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) {
1998
+
rcu_read_unlock();
1999
+
return -EBUSY;
1986
2000
}
1987
2001
1988
-
return cis ? 0 : -EINVAL;
1989
-
case ISO_LINK:
1990
-
cis = conn;
1991
-
break;
1992
-
default:
1993
-
return -EINVAL;
2002
+
if (!hci_conn_check_create_cis(conn))
2003
+
pending = true;
1994
2004
}
1995
2005
1996
-
if (cis->state == BT_CONNECT)
2006
+
rcu_read_unlock();
2007
+
2008
+
if (!pending)
1997
2009
return 0;
1998
2010
1999
2011
/* Queue Create CIS */
2000
-
err = hci_cmd_sync_queue(hdev, hci_create_cis_sync, cis, NULL);
2001
-
if (err)
2002
-
return err;
2003
-
2004
-
cis->state = BT_CONNECT;
2005
-
2006
-
return 0;
2012
+
return hci_cmd_sync_queue(hdev, hci_create_cis_sync, NULL, NULL);
2007
2013
}
2008
2014
2009
2015
static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn,
···
2019
2049
/* Use LE ACL connection latency if not set */
2020
2050
if (!qos->latency)
2021
2051
qos->latency = conn->le_conn_latency;
2022
-
}
2023
-
2024
-
static void hci_bind_bis(struct hci_conn *conn,
2025
-
struct bt_iso_qos *qos)
2026
-
{
2027
-
/* Update LINK PHYs according to QoS preference */
2028
-
conn->le_tx_phy = qos->bcast.out.phy;
2029
-
conn->le_tx_phy = qos->bcast.out.phy;
2030
-
conn->iso_qos = *qos;
2031
-
conn->state = BT_BOUND;
2032
2052
}
2033
2053
2034
2054
static int create_big_sync(struct hci_dev *hdev, void *data)
···
2143
2183
}
2144
2184
}
2145
2185
2186
+
struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst,
2187
+
struct bt_iso_qos *qos,
2188
+
__u8 base_len, __u8 *base)
2189
+
{
2190
+
struct hci_conn *conn;
2191
+
__u8 eir[HCI_MAX_PER_AD_LENGTH];
2192
+
2193
+
if (base_len && base)
2194
+
base_len = eir_append_service_data(eir, 0, 0x1851,
2195
+
base, base_len);
2196
+
2197
+
/* We need hci_conn object using the BDADDR_ANY as dst */
2198
+
conn = hci_add_bis(hdev, dst, qos, base_len, eir);
2199
+
if (IS_ERR(conn))
2200
+
return conn;
2201
+
2202
+
/* Update LINK PHYs according to QoS preference */
2203
+
conn->le_tx_phy = qos->bcast.out.phy;
2204
+
conn->le_tx_phy = qos->bcast.out.phy;
2205
+
2206
+
/* Add Basic Announcement into Peridic Adv Data if BASE is set */
2207
+
if (base_len && base) {
2208
+
memcpy(conn->le_per_adv_data, eir, sizeof(eir));
2209
+
conn->le_per_adv_data_len = base_len;
2210
+
}
2211
+
2212
+
hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2213
+
conn->le_tx_phy ? conn->le_tx_phy :
2214
+
hdev->le_tx_def_phys);
2215
+
2216
+
conn->iso_qos = *qos;
2217
+
conn->state = BT_BOUND;
2218
+
2219
+
return conn;
2220
+
}
2221
+
2222
+
static void bis_mark_per_adv(struct hci_conn *conn, void *data)
2223
+
{
2224
+
struct iso_list_data *d = data;
2225
+
2226
+
/* Skip if not broadcast/ANY address */
2227
+
if (bacmp(&conn->dst, BDADDR_ANY))
2228
+
return;
2229
+
2230
+
if (d->big != conn->iso_qos.bcast.big ||
2231
+
d->bis == BT_ISO_QOS_BIS_UNSET ||
2232
+
d->bis != conn->iso_qos.bcast.bis)
2233
+
return;
2234
+
2235
+
set_bit(HCI_CONN_PER_ADV, &conn->flags);
2236
+
}
2237
+
2146
2238
struct hci_conn *hci_connect_bis(struct hci_dev *hdev, bdaddr_t *dst,
2147
2239
__u8 dst_type, struct bt_iso_qos *qos,
2148
2240
__u8 base_len, __u8 *base)
2149
2241
{
2150
2242
struct hci_conn *conn;
2151
2243
int err;
2244
+
struct iso_list_data data;
2152
2245
2153
-
/* We need hci_conn object using the BDADDR_ANY as dst */
2154
-
conn = hci_add_bis(hdev, dst, qos);
2246
+
conn = hci_bind_bis(hdev, dst, qos, base_len, base);
2155
2247
if (IS_ERR(conn))
2156
2248
return conn;
2157
2249
2158
-
hci_bind_bis(conn, qos);
2250
+
data.big = qos->bcast.big;
2251
+
data.bis = qos->bcast.bis;
2159
2252
2160
-
/* Add Basic Announcement into Peridic Adv Data if BASE is set */
2161
-
if (base_len && base) {
2162
-
base_len = eir_append_service_data(conn->le_per_adv_data, 0,
2163
-
0x1851, base, base_len);
2164
-
conn->le_per_adv_data_len = base_len;
2165
-
}
2253
+
/* Set HCI_CONN_PER_ADV for all bound connections, to mark that
2254
+
* the start periodic advertising and create BIG commands have
2255
+
* been queued
2256
+
*/
2257
+
hci_conn_hash_list_state(hdev, bis_mark_per_adv, ISO_LINK,
2258
+
BT_BOUND, &data);
2166
2259
2167
2260
/* Queue start periodic advertising and create BIG */
2168
2261
err = hci_cmd_sync_queue(hdev, create_big_sync, conn,
···
2224
2211
hci_conn_drop(conn);
2225
2212
return ERR_PTR(err);
2226
2213
}
2227
-
2228
-
hci_iso_qos_setup(hdev, conn, &qos->bcast.out,
2229
-
conn->le_tx_phy ? conn->le_tx_phy :
2230
-
hdev->le_tx_def_phys);
2231
2214
2232
2215
return conn;
2233
2216
}
···
2266
2257
return ERR_PTR(-ENOLINK);
2267
2258
}
2268
2259
2269
-
/* If LE is already connected and CIS handle is already set proceed to
2270
-
* Create CIS immediately.
2271
-
*/
2272
-
if (le->state == BT_CONNECTED && cis->handle != HCI_CONN_HANDLE_UNSET)
2273
-
hci_le_create_cis(cis);
2260
+
/* Link takes the refcount */
2261
+
hci_conn_drop(cis);
2262
+
2263
+
cis->state = BT_CONNECT;
2264
+
2265
+
hci_le_create_cis_pending(hdev);
2274
2266
2275
2267
return cis;
2276
2268
}
···
2858
2848
return phys;
2859
2849
}
2860
2850
2861
-
int hci_abort_conn(struct hci_conn *conn, u8 reason)
2851
+
static int abort_conn_sync(struct hci_dev *hdev, void *data)
2862
2852
{
2863
-
int r = 0;
2853
+
struct hci_conn *conn;
2854
+
u16 handle = PTR_UINT(data);
2864
2855
2865
-
if (test_and_set_bit(HCI_CONN_CANCEL, &conn->flags))
2856
+
conn = hci_conn_hash_lookup_handle(hdev, handle);
2857
+
if (!conn)
2866
2858
return 0;
2867
2859
2868
-
switch (conn->state) {
2869
-
case BT_CONNECTED:
2870
-
case BT_CONFIG:
2871
-
if (conn->type == AMP_LINK) {
2872
-
struct hci_cp_disconn_phy_link cp;
2860
+
return hci_abort_conn_sync(hdev, conn, conn->abort_reason);
2861
+
}
2873
2862
2874
-
cp.phy_handle = HCI_PHY_HANDLE(conn->handle);
2875
-
cp.reason = reason;
2876
-
r = hci_send_cmd(conn->hdev, HCI_OP_DISCONN_PHY_LINK,
2877
-
sizeof(cp), &cp);
2878
-
} else {
2879
-
struct hci_cp_disconnect dc;
2863
+
int hci_abort_conn(struct hci_conn *conn, u8 reason)
2864
+
{
2865
+
struct hci_dev *hdev = conn->hdev;
2880
2866
2881
-
dc.handle = cpu_to_le16(conn->handle);
2882
-
dc.reason = reason;
2883
-
r = hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT,
2884
-
sizeof(dc), &dc);
2867
+
/* If abort_reason has already been set it means the connection is
2868
+
* already being aborted so don't attempt to overwrite it.
2869
+
*/
2870
+
if (conn->abort_reason)
2871
+
return 0;
2872
+
2873
+
bt_dev_dbg(hdev, "handle 0x%2.2x reason 0x%2.2x", conn->handle, reason);
2874
+
2875
+
conn->abort_reason = reason;
2876
+
2877
+
/* If the connection is pending check the command opcode since that
2878
+
* might be blocking on hci_cmd_sync_work while waiting its respective
2879
+
* event so we need to hci_cmd_sync_cancel to cancel it.
2880
+
*
2881
+
* hci_connect_le serializes the connection attempts so only one
2882
+
* connection can be in BT_CONNECT at time.
2883
+
*/
2884
+
if (conn->state == BT_CONNECT && hdev->req_status == HCI_REQ_PEND) {
2885
+
switch (hci_skb_event(hdev->sent_cmd)) {
2886
+
case HCI_EV_LE_CONN_COMPLETE:
2887
+
case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
2888
+
case HCI_EVT_LE_CIS_ESTABLISHED:
2889
+
hci_cmd_sync_cancel(hdev, -ECANCELED);
2890
+
break;
2885
2891
}
2886
-
2887
-
conn->state = BT_DISCONN;
2888
-
2889
-
break;
2890
-
case BT_CONNECT:
2891
-
if (conn->type == LE_LINK) {
2892
-
if (test_bit(HCI_CONN_SCANNING, &conn->flags))
2893
-
break;
2894
-
r = hci_send_cmd(conn->hdev,
2895
-
HCI_OP_LE_CREATE_CONN_CANCEL, 0, NULL);
2896
-
} else if (conn->type == ACL_LINK) {
2897
-
if (conn->hdev->hci_ver < BLUETOOTH_VER_1_2)
2898
-
break;
2899
-
r = hci_send_cmd(conn->hdev,
2900
-
HCI_OP_CREATE_CONN_CANCEL,
2901
-
6, &conn->dst);
2902
-
}
2903
-
break;
2904
-
case BT_CONNECT2:
2905
-
if (conn->type == ACL_LINK) {
2906
-
struct hci_cp_reject_conn_req rej;
2907
-
2908
-
bacpy(&rej.bdaddr, &conn->dst);
2909
-
rej.reason = reason;
2910
-
2911
-
r = hci_send_cmd(conn->hdev,
2912
-
HCI_OP_REJECT_CONN_REQ,
2913
-
sizeof(rej), &rej);
2914
-
} else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
2915
-
struct hci_cp_reject_sync_conn_req rej;
2916
-
2917
-
bacpy(&rej.bdaddr, &conn->dst);
2918
-
2919
-
/* SCO rejection has its own limited set of
2920
-
* allowed error values (0x0D-0x0F) which isn't
2921
-
* compatible with most values passed to this
2922
-
* function. To be safe hard-code one of the
2923
-
* values that's suitable for SCO.
2924
-
*/
2925
-
rej.reason = HCI_ERROR_REJ_LIMITED_RESOURCES;
2926
-
2927
-
r = hci_send_cmd(conn->hdev,
2928
-
HCI_OP_REJECT_SYNC_CONN_REQ,
2929
-
sizeof(rej), &rej);
2930
-
}
2931
-
break;
2932
-
default:
2933
-
conn->state = BT_CLOSED;
2934
-
break;
2935
2892
}
2936
2893
2937
-
return r;
2894
+
return hci_cmd_sync_queue(hdev, abort_conn_sync, UINT_PTR(conn->handle),
2895
+
NULL);
2938
2896
}
+19
-15
net/bluetooth/hci_core.c
+19
-15
net/bluetooth/hci_core.c
···
1074
1074
1075
1075
void hci_link_keys_clear(struct hci_dev *hdev)
1076
1076
{
1077
-
struct link_key *key;
1077
+
struct link_key *key, *tmp;
1078
1078
1079
-
list_for_each_entry(key, &hdev->link_keys, list) {
1079
+
list_for_each_entry_safe(key, tmp, &hdev->link_keys, list) {
1080
1080
list_del_rcu(&key->list);
1081
1081
kfree_rcu(key, rcu);
1082
1082
}
···
1084
1084
1085
1085
void hci_smp_ltks_clear(struct hci_dev *hdev)
1086
1086
{
1087
-
struct smp_ltk *k;
1087
+
struct smp_ltk *k, *tmp;
1088
1088
1089
-
list_for_each_entry(k, &hdev->long_term_keys, list) {
1089
+
list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1090
1090
list_del_rcu(&k->list);
1091
1091
kfree_rcu(k, rcu);
1092
1092
}
···
1094
1094
1095
1095
void hci_smp_irks_clear(struct hci_dev *hdev)
1096
1096
{
1097
-
struct smp_irk *k;
1097
+
struct smp_irk *k, *tmp;
1098
1098
1099
-
list_for_each_entry(k, &hdev->identity_resolving_keys, list) {
1099
+
list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
1100
1100
list_del_rcu(&k->list);
1101
1101
kfree_rcu(k, rcu);
1102
1102
}
···
1104
1104
1105
1105
void hci_blocked_keys_clear(struct hci_dev *hdev)
1106
1106
{
1107
-
struct blocked_key *b;
1107
+
struct blocked_key *b, *tmp;
1108
1108
1109
-
list_for_each_entry(b, &hdev->blocked_keys, list) {
1109
+
list_for_each_entry_safe(b, tmp, &hdev->blocked_keys, list) {
1110
1110
list_del_rcu(&b->list);
1111
1111
kfree_rcu(b, rcu);
1112
1112
}
···
1949
1949
1950
1950
switch (hci_get_adv_monitor_offload_ext(hdev)) {
1951
1951
case HCI_ADV_MONITOR_EXT_NONE:
1952
-
bt_dev_dbg(hdev, "%s add monitor %d status %d", hdev->name,
1952
+
bt_dev_dbg(hdev, "add monitor %d status %d",
1953
1953
monitor->handle, status);
1954
1954
/* Message was not forwarded to controller - not an error */
1955
1955
break;
1956
1956
1957
1957
case HCI_ADV_MONITOR_EXT_MSFT:
1958
1958
status = msft_add_monitor_pattern(hdev, monitor);
1959
-
bt_dev_dbg(hdev, "%s add monitor %d msft status %d", hdev->name,
1960
-
monitor->handle, status);
1959
+
bt_dev_dbg(hdev, "add monitor %d msft status %d",
1960
+
handle, status);
1961
1961
break;
1962
1962
}
1963
1963
···
1976
1976
1977
1977
switch (hci_get_adv_monitor_offload_ext(hdev)) {
1978
1978
case HCI_ADV_MONITOR_EXT_NONE: /* also goes here when powered off */
1979
-
bt_dev_dbg(hdev, "%s remove monitor %d status %d", hdev->name,
1979
+
bt_dev_dbg(hdev, "remove monitor %d status %d",
1980
1980
monitor->handle, status);
1981
1981
goto free_monitor;
1982
1982
1983
1983
case HCI_ADV_MONITOR_EXT_MSFT:
1984
1984
handle = monitor->handle;
1985
1985
status = msft_remove_monitor(hdev, monitor);
1986
-
bt_dev_dbg(hdev, "%s remove monitor %d msft status %d",
1987
-
hdev->name, handle, status);
1986
+
bt_dev_dbg(hdev, "remove monitor %d msft status %d",
1987
+
handle, status);
1988
1988
break;
1989
1989
}
1990
1990
···
2436
2436
if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2437
2437
return NOTIFY_DONE;
2438
2438
2439
+
/* To avoid a potential race with hci_unregister_dev. */
2440
+
hci_dev_hold(hdev);
2441
+
2439
2442
if (action == PM_SUSPEND_PREPARE)
2440
2443
ret = hci_suspend_dev(hdev);
2441
2444
else if (action == PM_POST_SUSPEND)
···
2448
2445
bt_dev_err(hdev, "Suspend notifier action (%lu) failed: %d",
2449
2446
action, ret);
2450
2447
2448
+
hci_dev_put(hdev);
2451
2449
return NOTIFY_DONE;
2452
2450
}
2453
2451
···
3895
3891
3896
3892
if (conn) {
3897
3893
/* Send to upper protocol */
3898
-
bt_cb(skb)->sco.pkt_status = flags & 0x03;
3894
+
hci_skb_pkt_status(skb) = flags & 0x03;
3899
3895
sco_recv_scodata(conn, skb);
3900
3896
return;
3901
3897
} else {
+2
-1
net/bluetooth/hci_debugfs.c
+2
-1
net/bluetooth/hci_debugfs.c
···
22
22
*/
23
23
24
24
#include <linux/debugfs.h>
25
+
#include <linux/kstrtox.h>
25
26
26
27
#include <net/bluetooth/bluetooth.h>
27
28
#include <net/bluetooth/hci_core.h>
···
1153
1152
return -EFAULT;
1154
1153
1155
1154
buf[buf_size] = '\0';
1156
-
if (strtobool(buf, &enable))
1155
+
if (kstrtobool(buf, &enable))
1157
1156
return -EINVAL;
1158
1157
1159
1158
if (enable == hci_dev_test_flag(hdev, HCI_FORCE_NO_MITM))
+144
-65
net/bluetooth/hci_event.c
+144
-65
net/bluetooth/hci_event.c
···
1639
1639
1640
1640
hci_dev_set_flag(hdev, HCI_LE_ADV);
1641
1641
1642
-
if (adv)
1642
+
if (adv && !adv->periodic)
1643
1643
adv->enabled = true;
1644
1644
1645
1645
conn = hci_lookup_le_connect(hdev);
···
1747
1747
{
1748
1748
struct discovery_state *d = &hdev->discovery;
1749
1749
1750
-
if (len > HCI_MAX_AD_LENGTH)
1750
+
if (len > max_adv_len(hdev))
1751
1751
return;
1752
1752
1753
1753
bacpy(&d->last_adv_addr, bdaddr);
···
3173
3173
* As the connection handle is set here for the first time, it indicates
3174
3174
* whether the connection is already set up.
3175
3175
*/
3176
-
if (conn->handle != HCI_CONN_HANDLE_UNSET) {
3176
+
if (!HCI_CONN_HANDLE_UNSET(conn->handle)) {
3177
3177
bt_dev_err(hdev, "Ignoring HCI_Connection_Complete for existing connection");
3178
3178
goto unlock;
3179
3179
}
3180
3180
3181
3181
if (!status) {
3182
-
conn->handle = __le16_to_cpu(ev->handle);
3183
-
if (conn->handle > HCI_CONN_HANDLE_MAX) {
3184
-
bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
3185
-
conn->handle, HCI_CONN_HANDLE_MAX);
3186
-
status = HCI_ERROR_INVALID_PARAMETERS;
3182
+
status = hci_conn_set_handle(conn, __le16_to_cpu(ev->handle));
3183
+
if (status)
3187
3184
goto done;
3188
-
}
3189
3185
3190
3186
if (conn->type == ACL_LINK) {
3191
3187
conn->state = BT_CONFIG;
···
3799
3803
return rp->status;
3800
3804
}
3801
3805
3806
+
static void hci_unbound_cis_failed(struct hci_dev *hdev, u8 cig, u8 status)
3807
+
{
3808
+
struct hci_conn *conn, *tmp;
3809
+
3810
+
lockdep_assert_held(&hdev->lock);
3811
+
3812
+
list_for_each_entry_safe(conn, tmp, &hdev->conn_hash.list, list) {
3813
+
if (conn->type != ISO_LINK || !bacmp(&conn->dst, BDADDR_ANY) ||
3814
+
conn->state == BT_OPEN || conn->iso_qos.ucast.cig != cig)
3815
+
continue;
3816
+
3817
+
if (HCI_CONN_HANDLE_UNSET(conn->handle))
3818
+
hci_conn_failed(conn, status);
3819
+
}
3820
+
}
3821
+
3802
3822
static u8 hci_cc_le_set_cig_params(struct hci_dev *hdev, void *data,
3803
3823
struct sk_buff *skb)
3804
3824
{
···
3822
3810
struct hci_cp_le_set_cig_params *cp;
3823
3811
struct hci_conn *conn;
3824
3812
u8 status = rp->status;
3813
+
bool pending = false;
3825
3814
int i;
3826
3815
3827
3816
bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
···
3836
3823
3837
3824
hci_dev_lock(hdev);
3838
3825
3826
+
/* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E page 2554
3827
+
*
3828
+
* If the Status return parameter is non-zero, then the state of the CIG
3829
+
* and its CIS configurations shall not be changed by the command. If
3830
+
* the CIG did not already exist, it shall not be created.
3831
+
*/
3839
3832
if (status) {
3840
-
while ((conn = hci_conn_hash_lookup_cig(hdev, rp->cig_id))) {
3841
-
conn->state = BT_CLOSED;
3842
-
hci_connect_cfm(conn, status);
3843
-
hci_conn_del(conn);
3844
-
}
3833
+
/* Keep current configuration, fail only the unbound CIS */
3834
+
hci_unbound_cis_failed(hdev, rp->cig_id, status);
3845
3835
goto unlock;
3846
3836
}
3847
3837
···
3864
3848
if (conn->state != BT_BOUND && conn->state != BT_CONNECT)
3865
3849
continue;
3866
3850
3867
-
conn->handle = __le16_to_cpu(rp->handle[i]);
3851
+
if (hci_conn_set_handle(conn, __le16_to_cpu(rp->handle[i])))
3852
+
continue;
3868
3853
3869
-
bt_dev_dbg(hdev, "%p handle 0x%4.4x parent %p", conn,
3870
-
conn->handle, conn->parent);
3871
-
3872
-
/* Create CIS if LE is already connected */
3873
-
if (conn->parent && conn->parent->state == BT_CONNECTED)
3874
-
hci_le_create_cis(conn);
3854
+
if (conn->state == BT_CONNECT)
3855
+
pending = true;
3875
3856
}
3876
3857
3877
3858
unlock:
3859
+
if (pending)
3860
+
hci_le_create_cis_pending(hdev);
3861
+
3878
3862
hci_dev_unlock(hdev);
3879
3863
3880
3864
return rp->status;
···
3954
3938
struct sk_buff *skb)
3955
3939
{
3956
3940
struct hci_ev_status *rp = data;
3957
-
__u8 *sent;
3941
+
struct hci_cp_le_set_per_adv_enable *cp;
3942
+
struct adv_info *adv = NULL, *n;
3943
+
u8 per_adv_cnt = 0;
3958
3944
3959
3945
bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
3960
3946
3961
3947
if (rp->status)
3962
3948
return rp->status;
3963
3949
3964
-
sent = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_PER_ADV_ENABLE);
3965
-
if (!sent)
3950
+
cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_PER_ADV_ENABLE);
3951
+
if (!cp)
3966
3952
return rp->status;
3967
3953
3968
3954
hci_dev_lock(hdev);
3969
3955
3970
-
if (*sent)
3971
-
hci_dev_set_flag(hdev, HCI_LE_PER_ADV);
3972
-
else
3973
-
hci_dev_clear_flag(hdev, HCI_LE_PER_ADV);
3956
+
adv = hci_find_adv_instance(hdev, cp->handle);
3974
3957
3958
+
if (cp->enable) {
3959
+
hci_dev_set_flag(hdev, HCI_LE_PER_ADV);
3960
+
3961
+
if (adv)
3962
+
adv->enabled = true;
3963
+
} else {
3964
+
/* If just one instance was disabled check if there are
3965
+
* any other instance enabled before clearing HCI_LE_PER_ADV.
3966
+
* The current periodic adv instance will be marked as
3967
+
* disabled once extended advertising is also disabled.
3968
+
*/
3969
+
list_for_each_entry_safe(adv, n, &hdev->adv_instances,
3970
+
list) {
3971
+
if (adv->periodic && adv->enabled)
3972
+
per_adv_cnt++;
3973
+
}
3974
+
3975
+
if (per_adv_cnt > 1)
3976
+
goto unlock;
3977
+
3978
+
hci_dev_clear_flag(hdev, HCI_LE_PER_ADV);
3979
+
}
3980
+
3981
+
unlock:
3975
3982
hci_dev_unlock(hdev);
3976
3983
3977
3984
return rp->status;
···
4263
4224
static void hci_cs_le_create_cis(struct hci_dev *hdev, u8 status)
4264
4225
{
4265
4226
struct hci_cp_le_create_cis *cp;
4227
+
bool pending = false;
4266
4228
int i;
4267
4229
4268
4230
bt_dev_dbg(hdev, "status 0x%2.2x", status);
···
4286
4246
4287
4247
conn = hci_conn_hash_lookup_handle(hdev, handle);
4288
4248
if (conn) {
4249
+
if (test_and_clear_bit(HCI_CONN_CREATE_CIS,
4250
+
&conn->flags))
4251
+
pending = true;
4289
4252
conn->state = BT_CLOSED;
4290
4253
hci_connect_cfm(conn, status);
4291
4254
hci_conn_del(conn);
4292
4255
}
4293
4256
}
4257
+
4258
+
if (pending)
4259
+
hci_le_create_cis_pending(hdev);
4294
4260
4295
4261
hci_dev_unlock(hdev);
4296
4262
}
···
5045
4999
* As the connection handle is set here for the first time, it indicates
5046
5000
* whether the connection is already set up.
5047
5001
*/
5048
-
if (conn->handle != HCI_CONN_HANDLE_UNSET) {
5002
+
if (!HCI_CONN_HANDLE_UNSET(conn->handle)) {
5049
5003
bt_dev_err(hdev, "Ignoring HCI_Sync_Conn_Complete event for existing connection");
5050
5004
goto unlock;
5051
5005
}
5052
5006
5053
5007
switch (status) {
5054
5008
case 0x00:
5055
-
conn->handle = __le16_to_cpu(ev->handle);
5056
-
if (conn->handle > HCI_CONN_HANDLE_MAX) {
5057
-
bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x",
5058
-
conn->handle, HCI_CONN_HANDLE_MAX);
5059
-
status = HCI_ERROR_INVALID_PARAMETERS;
5009
+
status = hci_conn_set_handle(conn, __le16_to_cpu(ev->handle));
5010
+
if (status) {
5060
5011
conn->state = BT_CLOSED;
5061
5012
break;
5062
5013
}
···
5906
5863
* As the connection handle is set here for the first time, it indicates
5907
5864
* whether the connection is already set up.
5908
5865
*/
5909
-
if (conn->handle != HCI_CONN_HANDLE_UNSET) {
5866
+
if (!HCI_CONN_HANDLE_UNSET(conn->handle)) {
5910
5867
bt_dev_err(hdev, "Ignoring HCI_Connection_Complete for existing connection");
5911
5868
goto unlock;
5912
5869
}
···
6259
6216
return;
6260
6217
}
6261
6218
6262
-
if (!ext_adv && len > HCI_MAX_AD_LENGTH) {
6263
-
bt_dev_err_ratelimited(hdev, "legacy adv larger than 31 bytes");
6219
+
if (len > max_adv_len(hdev)) {
6220
+
bt_dev_err_ratelimited(hdev,
6221
+
"adv larger than maximum supported");
6264
6222
return;
6265
6223
}
6266
6224
···
6326
6282
*/
6327
6283
conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, bdaddr_resolved,
6328
6284
type);
6329
-
if (!ext_adv && conn && type == LE_ADV_IND && len <= HCI_MAX_AD_LENGTH) {
6285
+
if (!ext_adv && conn && type == LE_ADV_IND &&
6286
+
len <= max_adv_len(hdev)) {
6330
6287
/* Store report for later inclusion by
6331
6288
* mgmt_device_connected
6332
6289
*/
···
6468
6423
info->length + 1))
6469
6424
break;
6470
6425
6471
-
if (info->length <= HCI_MAX_AD_LENGTH) {
6426
+
if (info->length <= max_adv_len(hdev)) {
6472
6427
rssi = info->data[info->length];
6473
6428
process_adv_report(hdev, info->type, &info->bdaddr,
6474
6429
info->bdaddr_type, NULL, 0, rssi,
···
6835
6790
struct hci_evt_le_cis_established *ev = data;
6836
6791
struct hci_conn *conn;
6837
6792
struct bt_iso_qos *qos;
6793
+
bool pending = false;
6838
6794
u16 handle = __le16_to_cpu(ev->handle);
6839
6795
6840
6796
bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
···
6858
6812
}
6859
6813
6860
6814
qos = &conn->iso_qos;
6815
+
6816
+
pending = test_and_clear_bit(HCI_CONN_CREATE_CIS, &conn->flags);
6861
6817
6862
6818
/* Convert ISO Interval (1.25 ms slots) to SDU Interval (us) */
6863
6819
qos->ucast.in.interval = le16_to_cpu(ev->interval) * 1250;
···
6902
6854
goto unlock;
6903
6855
}
6904
6856
6857
+
conn->state = BT_CLOSED;
6905
6858
hci_connect_cfm(conn, ev->status);
6906
6859
hci_conn_del(conn);
6907
6860
6908
6861
unlock:
6862
+
if (pending)
6863
+
hci_le_create_cis_pending(hdev);
6864
+
6909
6865
hci_dev_unlock(hdev);
6910
6866
}
6911
6867
···
6988
6936
{
6989
6937
struct hci_evt_le_create_big_complete *ev = data;
6990
6938
struct hci_conn *conn;
6939
+
__u8 i = 0;
6991
6940
6992
6941
BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
6993
6942
···
6997
6944
return;
6998
6945
6999
6946
hci_dev_lock(hdev);
6947
+
rcu_read_lock();
7000
6948
7001
-
conn = hci_conn_hash_lookup_big(hdev, ev->handle);
7002
-
if (!conn)
7003
-
goto unlock;
6949
+
/* Connect all BISes that are bound to the BIG */
6950
+
list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
6951
+
if (bacmp(&conn->dst, BDADDR_ANY) ||
6952
+
conn->type != ISO_LINK ||
6953
+
conn->iso_qos.bcast.big != ev->handle)
6954
+
continue;
7004
6955
7005
-
if (conn->type != ISO_LINK) {
7006
-
bt_dev_err(hdev,
7007
-
"Invalid connection link type handle 0x%2.2x",
7008
-
ev->handle);
7009
-
goto unlock;
6956
+
if (hci_conn_set_handle(conn,
6957
+
__le16_to_cpu(ev->bis_handle[i++])))
6958
+
continue;
6959
+
6960
+
if (!ev->status) {
6961
+
conn->state = BT_CONNECTED;
6962
+
set_bit(HCI_CONN_BIG_CREATED, &conn->flags);
6963
+
rcu_read_unlock();
6964
+
hci_debugfs_create_conn(conn);
6965
+
hci_conn_add_sysfs(conn);
6966
+
hci_iso_setup_path(conn);
6967
+
rcu_read_lock();
6968
+
continue;
6969
+
}
6970
+
6971
+
hci_connect_cfm(conn, ev->status);
6972
+
rcu_read_unlock();
6973
+
hci_conn_del(conn);
6974
+
rcu_read_lock();
7010
6975
}
7011
6976
7012
-
if (ev->num_bis)
7013
-
conn->handle = __le16_to_cpu(ev->bis_handle[0]);
6977
+
if (!ev->status && !i)
6978
+
/* If no BISes have been connected for the BIG,
6979
+
* terminate. This is in case all bound connections
6980
+
* have been closed before the BIG creation
6981
+
* has completed.
6982
+
*/
6983
+
hci_le_terminate_big_sync(hdev, ev->handle,
6984
+
HCI_ERROR_LOCAL_HOST_TERM);
7014
6985
7015
-
if (!ev->status) {
7016
-
conn->state = BT_CONNECTED;
7017
-
hci_debugfs_create_conn(conn);
7018
-
hci_conn_add_sysfs(conn);
7019
-
hci_iso_setup_path(conn);
7020
-
goto unlock;
7021
-
}
7022
-
7023
-
hci_connect_cfm(conn, ev->status);
7024
-
hci_conn_del(conn);
7025
-
7026
-
unlock:
6986
+
rcu_read_unlock();
7027
6987
hci_dev_unlock(hdev);
7028
6988
}
7029
6989
···
7051
6985
7052
6986
if (!hci_le_ev_skb_pull(hdev, skb, HCI_EVT_LE_BIG_SYNC_ESTABILISHED,
7053
6987
flex_array_size(ev, bis, ev->num_bis)))
7054
-
return;
7055
-
7056
-
if (ev->status)
7057
6988
return;
7058
6989
7059
6990
hci_dev_lock(hdev);
···
7076
7013
bis->iso_qos.bcast.in.latency = le16_to_cpu(ev->interval) * 125 / 100;
7077
7014
bis->iso_qos.bcast.in.sdu = le16_to_cpu(ev->max_pdu);
7078
7015
7079
-
hci_iso_setup_path(bis);
7016
+
if (!ev->status) {
7017
+
set_bit(HCI_CONN_BIG_SYNC, &bis->flags);
7018
+
hci_iso_setup_path(bis);
7019
+
}
7080
7020
}
7021
+
7022
+
/* In case BIG sync failed, notify each failed connection to
7023
+
* the user after all hci connections have been added
7024
+
*/
7025
+
if (ev->status)
7026
+
for (i = 0; i < ev->num_bis; i++) {
7027
+
u16 handle = le16_to_cpu(ev->bis[i]);
7028
+
7029
+
bis = hci_conn_hash_lookup_handle(hdev, handle);
7030
+
7031
+
set_bit(HCI_CONN_BIG_SYNC_FAILED, &bis->flags);
7032
+
hci_connect_cfm(bis, ev->status);
7033
+
}
7081
7034
7082
7035
hci_dev_unlock(hdev);
7083
7036
}
-21
net/bluetooth/hci_request.c
-21
net/bluetooth/hci_request.c
···
629
629
}
630
630
}
631
631
632
-
/* Returns true if an le connection is in the scanning state */
633
-
static inline bool hci_is_le_conn_scanning(struct hci_dev *hdev)
634
-
{
635
-
struct hci_conn_hash *h = &hdev->conn_hash;
636
-
struct hci_conn *c;
637
-
638
-
rcu_read_lock();
639
-
640
-
list_for_each_entry_rcu(c, &h->list, list) {
641
-
if (c->type == LE_LINK && c->state == BT_CONNECT &&
642
-
test_bit(HCI_CONN_SCANNING, &c->flags)) {
643
-
rcu_read_unlock();
644
-
return true;
645
-
}
646
-
}
647
-
648
-
rcu_read_unlock();
649
-
650
-
return false;
651
-
}
652
-
653
632
static void set_random_addr(struct hci_request *req, bdaddr_t *rpa);
654
633
static int hci_update_random_address(struct hci_request *req,
655
634
bool require_privacy, bool use_rpa,
+67
-10
net/bluetooth/hci_sock.c
+67
-10
net/bluetooth/hci_sock.c
···
264
264
kfree_skb(skb_copy);
265
265
}
266
266
267
+
static void hci_sock_copy_creds(struct sock *sk, struct sk_buff *skb)
268
+
{
269
+
struct scm_creds *creds;
270
+
271
+
if (!sk || WARN_ON(!skb))
272
+
return;
273
+
274
+
creds = &bt_cb(skb)->creds;
275
+
276
+
/* Check if peer credentials is set */
277
+
if (!sk->sk_peer_pid) {
278
+
/* Check if parent peer credentials is set */
279
+
if (bt_sk(sk)->parent && bt_sk(sk)->parent->sk_peer_pid)
280
+
sk = bt_sk(sk)->parent;
281
+
else
282
+
return;
283
+
}
284
+
285
+
/* Check if scm_creds already set */
286
+
if (creds->pid == pid_vnr(sk->sk_peer_pid))
287
+
return;
288
+
289
+
memset(creds, 0, sizeof(*creds));
290
+
291
+
creds->pid = pid_vnr(sk->sk_peer_pid);
292
+
if (sk->sk_peer_cred) {
293
+
creds->uid = sk->sk_peer_cred->uid;
294
+
creds->gid = sk->sk_peer_cred->gid;
295
+
}
296
+
}
297
+
298
+
static struct sk_buff *hci_skb_clone(struct sk_buff *skb)
299
+
{
300
+
struct sk_buff *nskb;
301
+
302
+
if (!skb)
303
+
return NULL;
304
+
305
+
nskb = skb_clone(skb, GFP_ATOMIC);
306
+
if (!nskb)
307
+
return NULL;
308
+
309
+
hci_sock_copy_creds(skb->sk, nskb);
310
+
311
+
return nskb;
312
+
}
313
+
267
314
/* Send frame to sockets with specific channel */
268
315
static void __hci_send_to_channel(unsigned short channel, struct sk_buff *skb,
269
316
int flag, struct sock *skip_sk)
···
336
289
if (hci_pi(sk)->channel != channel)
337
290
continue;
338
291
339
-
nskb = skb_clone(skb, GFP_ATOMIC);
292
+
nskb = hci_skb_clone(skb);
340
293
if (!nskb)
341
294
continue;
342
295
···
402
355
skb_copy = __pskb_copy_fclone(skb, HCI_MON_HDR_SIZE, GFP_ATOMIC, true);
403
356
if (!skb_copy)
404
357
return;
358
+
359
+
hci_sock_copy_creds(skb->sk, skb_copy);
405
360
406
361
/* Put header before the data */
407
362
hdr = skb_push(skb_copy, HCI_MON_HDR_SIZE);
···
580
531
return NULL;
581
532
}
582
533
583
-
skb = bt_skb_alloc(14 + TASK_COMM_LEN , GFP_ATOMIC);
534
+
skb = bt_skb_alloc(14 + TASK_COMM_LEN, GFP_ATOMIC);
584
535
if (!skb)
585
536
return NULL;
537
+
538
+
hci_sock_copy_creds(sk, skb);
586
539
587
540
flags = hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) ? 0x1 : 0x0;
588
541
···
631
580
if (!skb)
632
581
return NULL;
633
582
583
+
hci_sock_copy_creds(sk, skb);
584
+
634
585
put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
635
586
636
587
__net_timestamp(skb);
···
658
605
skb = bt_skb_alloc(6 + len, GFP_ATOMIC);
659
606
if (!skb)
660
607
return NULL;
608
+
609
+
hci_sock_copy_creds(sk, skb);
661
610
662
611
put_unaligned_le32(hci_pi(sk)->cookie, skb_put(skb, 4));
663
612
put_unaligned_le16(opcode, skb_put(skb, 2));
···
692
637
skb = bt_skb_alloc(len + 1, GFP_ATOMIC);
693
638
if (!skb)
694
639
return;
640
+
641
+
hci_sock_copy_creds(sk, skb);
695
642
696
643
va_start(args, fmt);
697
644
vsprintf(skb_put(skb, len), fmt, args);
···
1551
1494
static int hci_sock_recvmsg(struct socket *sock, struct msghdr *msg,
1552
1495
size_t len, int flags)
1553
1496
{
1497
+
struct scm_cookie scm;
1554
1498
struct sock *sk = sock->sk;
1555
1499
struct sk_buff *skb;
1556
1500
int copied, err;
···
1596
1538
break;
1597
1539
}
1598
1540
1541
+
memset(&scm, 0, sizeof(scm));
1542
+
scm.creds = bt_cb(skb)->creds;
1543
+
1599
1544
skb_free_datagram(sk, skb);
1600
1545
1601
1546
if (flags & MSG_TRUNC)
1602
1547
copied = skblen;
1548
+
1549
+
scm_recv(sock, msg, &scm, flags);
1603
1550
1604
1551
return err ? : copied;
1605
1552
}
···
2206
2143
2207
2144
sock->ops = &hci_sock_ops;
2208
2145
2209
-
sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, kern);
2146
+
sk = bt_sock_alloc(net, sock, &hci_sk_proto, protocol, GFP_ATOMIC,
2147
+
kern);
2210
2148
if (!sk)
2211
2149
return -ENOMEM;
2212
2150
2213
-
sock_init_data(sock, sk);
2214
-
2215
-
sock_reset_flag(sk, SOCK_ZAPPED);
2216
-
2217
-
sk->sk_protocol = protocol;
2218
-
2219
2151
sock->state = SS_UNCONNECTED;
2220
-
sk->sk_state = BT_OPEN;
2221
2152
sk->sk_destruct = hci_sock_destruct;
2222
2153
2223
2154
bt_sock_link(&hci_sk_list, sk);
+179
-84
net/bluetooth/hci_sync.c
+179
-84
net/bluetooth/hci_sync.c
···
3
3
* BlueZ - Bluetooth protocol stack for Linux
4
4
*
5
5
* Copyright (C) 2021 Intel Corporation
6
+
* Copyright 2023 NXP
6
7
*/
7
8
8
9
#include <linux/property.h>
···
1320
1319
static int hci_disable_per_advertising_sync(struct hci_dev *hdev, u8 instance)
1321
1320
{
1322
1321
struct hci_cp_le_set_per_adv_enable cp;
1322
+
struct adv_info *adv = NULL;
1323
1323
1324
1324
/* If periodic advertising already disabled there is nothing to do. */
1325
-
if (!hci_dev_test_flag(hdev, HCI_LE_PER_ADV))
1325
+
adv = hci_find_adv_instance(hdev, instance);
1326
+
if (!adv || !adv->periodic || !adv->enabled)
1326
1327
return 0;
1327
1328
1328
1329
memset(&cp, 0, sizeof(cp));
···
1389
1386
static int hci_enable_per_advertising_sync(struct hci_dev *hdev, u8 instance)
1390
1387
{
1391
1388
struct hci_cp_le_set_per_adv_enable cp;
1389
+
struct adv_info *adv = NULL;
1392
1390
1393
1391
/* If periodic advertising already enabled there is nothing to do. */
1394
-
if (hci_dev_test_flag(hdev, HCI_LE_PER_ADV))
1392
+
adv = hci_find_adv_instance(hdev, instance);
1393
+
if (adv && adv->periodic && adv->enabled)
1395
1394
return 0;
1396
1395
1397
1396
memset(&cp, 0, sizeof(cp));
···
1463
1458
sync_interval);
1464
1459
if (IS_ERR(adv))
1465
1460
return PTR_ERR(adv);
1461
+
adv->pending = false;
1466
1462
added = true;
1467
1463
}
1468
1464
}
1469
1465
1470
-
/* Only start advertising if instance 0 or if a dedicated instance has
1471
-
* been added.
1472
-
*/
1473
-
if (!adv || added) {
1474
-
err = hci_start_ext_adv_sync(hdev, instance);
1475
-
if (err < 0)
1476
-
goto fail;
1466
+
/* Start advertising */
1467
+
err = hci_start_ext_adv_sync(hdev, instance);
1468
+
if (err < 0)
1469
+
goto fail;
1477
1470
1478
-
err = hci_adv_bcast_annoucement(hdev, adv);
1479
-
if (err < 0)
1480
-
goto fail;
1481
-
}
1471
+
err = hci_adv_bcast_annoucement(hdev, adv);
1472
+
if (err < 0)
1473
+
goto fail;
1482
1474
1483
1475
err = hci_set_per_adv_params_sync(hdev, instance, min_interval,
1484
1476
max_interval);
···
2670
2668
2671
2669
/* Select filter policy to use accept list */
2672
2670
return filter_policy;
2673
-
}
2674
-
2675
-
/* Returns true if an le connection is in the scanning state */
2676
-
static inline bool hci_is_le_conn_scanning(struct hci_dev *hdev)
2677
-
{
2678
-
struct hci_conn_hash *h = &hdev->conn_hash;
2679
-
struct hci_conn *c;
2680
-
2681
-
rcu_read_lock();
2682
-
2683
-
list_for_each_entry_rcu(c, &h->list, list) {
2684
-
if (c->type == LE_LINK && c->state == BT_CONNECT &&
2685
-
test_bit(HCI_CONN_SCANNING, &c->flags)) {
2686
-
rcu_read_unlock();
2687
-
return true;
2688
-
}
2689
-
}
2690
-
2691
-
rcu_read_unlock();
2692
-
2693
-
return false;
2694
2671
}
2695
2672
2696
2673
static int hci_le_set_ext_scan_param_sync(struct hci_dev *hdev, u8 type,
···
4114
4133
}
4115
4134
4116
4135
if (bis_capable(hdev)) {
4136
+
events[1] |= 0x20; /* LE PA Report */
4137
+
events[1] |= 0x40; /* LE PA Sync Established */
4117
4138
events[3] |= 0x04; /* LE Create BIG Complete */
4118
4139
events[3] |= 0x08; /* LE Terminate BIG Complete */
4119
4140
events[3] |= 0x10; /* LE BIG Sync Established */
4120
4141
events[3] |= 0x20; /* LE BIG Sync Loss */
4142
+
events[4] |= 0x02; /* LE BIG Info Advertising Report */
4121
4143
}
4122
4144
4123
4145
return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EVENT_MASK,
···
5253
5269
}
5254
5270
5255
5271
static int hci_le_connect_cancel_sync(struct hci_dev *hdev,
5256
-
struct hci_conn *conn)
5272
+
struct hci_conn *conn, u8 reason)
5257
5273
{
5274
+
/* Return reason if scanning since the connection shall probably be
5275
+
* cleanup directly.
5276
+
*/
5258
5277
if (test_bit(HCI_CONN_SCANNING, &conn->flags))
5259
-
return 0;
5278
+
return reason;
5260
5279
5261
-
if (test_and_set_bit(HCI_CONN_CANCEL, &conn->flags))
5280
+
if (conn->role == HCI_ROLE_SLAVE ||
5281
+
test_and_set_bit(HCI_CONN_CANCEL, &conn->flags))
5262
5282
return 0;
5263
5283
5264
5284
return __hci_cmd_sync_status(hdev, HCI_OP_LE_CREATE_CONN_CANCEL,
5265
5285
0, NULL, HCI_CMD_TIMEOUT);
5266
5286
}
5267
5287
5268
-
static int hci_connect_cancel_sync(struct hci_dev *hdev, struct hci_conn *conn)
5288
+
static int hci_connect_cancel_sync(struct hci_dev *hdev, struct hci_conn *conn,
5289
+
u8 reason)
5269
5290
{
5270
5291
if (conn->type == LE_LINK)
5271
-
return hci_le_connect_cancel_sync(hdev, conn);
5292
+
return hci_le_connect_cancel_sync(hdev, conn, reason);
5293
+
5294
+
if (conn->type == ISO_LINK) {
5295
+
/* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
5296
+
* page 1857:
5297
+
*
5298
+
* If this command is issued for a CIS on the Central and the
5299
+
* CIS is successfully terminated before being established,
5300
+
* then an HCI_LE_CIS_Established event shall also be sent for
5301
+
* this CIS with the Status Operation Cancelled by Host (0x44).
5302
+
*/
5303
+
if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags))
5304
+
return hci_disconnect_sync(hdev, conn, reason);
5305
+
5306
+
/* CIS with no Create CIS sent have nothing to cancel */
5307
+
if (bacmp(&conn->dst, BDADDR_ANY))
5308
+
return HCI_ERROR_LOCAL_HOST_TERM;
5309
+
5310
+
/* There is no way to cancel a BIS without terminating the BIG
5311
+
* which is done later on connection cleanup.
5312
+
*/
5313
+
return 0;
5314
+
}
5272
5315
5273
5316
if (hdev->hci_ver < BLUETOOTH_VER_1_2)
5274
5317
return 0;
5318
+
5319
+
/* Wait for HCI_EV_CONN_COMPLETE, not HCI_EV_CMD_STATUS, when the
5320
+
* reason is anything but HCI_ERROR_REMOTE_POWER_OFF. This reason is
5321
+
* used when suspending or powering off, where we don't want to wait
5322
+
* for the peer's response.
5323
+
*/
5324
+
if (reason != HCI_ERROR_REMOTE_POWER_OFF)
5325
+
return __hci_cmd_sync_status_sk(hdev, HCI_OP_CREATE_CONN_CANCEL,
5326
+
6, &conn->dst,
5327
+
HCI_EV_CONN_COMPLETE,
5328
+
HCI_CMD_TIMEOUT, NULL);
5275
5329
5276
5330
return __hci_cmd_sync_status(hdev, HCI_OP_CREATE_CONN_CANCEL,
5277
5331
6, &conn->dst, HCI_CMD_TIMEOUT);
···
5334
5312
sizeof(cp), &cp, HCI_CMD_TIMEOUT);
5335
5313
}
5336
5314
5315
+
static int hci_le_reject_cis_sync(struct hci_dev *hdev, struct hci_conn *conn,
5316
+
u8 reason)
5317
+
{
5318
+
struct hci_cp_le_reject_cis cp;
5319
+
5320
+
memset(&cp, 0, sizeof(cp));
5321
+
cp.handle = cpu_to_le16(conn->handle);
5322
+
cp.reason = reason;
5323
+
5324
+
return __hci_cmd_sync_status(hdev, HCI_OP_LE_REJECT_CIS,
5325
+
sizeof(cp), &cp, HCI_CMD_TIMEOUT);
5326
+
}
5327
+
5337
5328
static int hci_reject_conn_sync(struct hci_dev *hdev, struct hci_conn *conn,
5338
5329
u8 reason)
5339
5330
{
5340
5331
struct hci_cp_reject_conn_req cp;
5332
+
5333
+
if (conn->type == ISO_LINK)
5334
+
return hci_le_reject_cis_sync(hdev, conn, reason);
5341
5335
5342
5336
if (conn->type == SCO_LINK || conn->type == ESCO_LINK)
5343
5337
return hci_reject_sco_sync(hdev, conn, reason);
···
5368
5330
5369
5331
int hci_abort_conn_sync(struct hci_dev *hdev, struct hci_conn *conn, u8 reason)
5370
5332
{
5371
-
int err;
5333
+
int err = 0;
5334
+
u16 handle = conn->handle;
5372
5335
5373
5336
switch (conn->state) {
5374
5337
case BT_CONNECTED:
5375
5338
case BT_CONFIG:
5376
-
return hci_disconnect_sync(hdev, conn, reason);
5339
+
err = hci_disconnect_sync(hdev, conn, reason);
5340
+
break;
5377
5341
case BT_CONNECT:
5378
-
err = hci_connect_cancel_sync(hdev, conn);
5379
-
/* Cleanup hci_conn object if it cannot be cancelled as it
5380
-
* likelly means the controller and host stack are out of sync.
5381
-
*/
5382
-
if (err) {
5383
-
hci_dev_lock(hdev);
5384
-
hci_conn_failed(conn, err);
5385
-
hci_dev_unlock(hdev);
5386
-
}
5387
-
return err;
5342
+
err = hci_connect_cancel_sync(hdev, conn, reason);
5343
+
break;
5388
5344
case BT_CONNECT2:
5389
-
return hci_reject_conn_sync(hdev, conn, reason);
5345
+
err = hci_reject_conn_sync(hdev, conn, reason);
5346
+
break;
5347
+
case BT_OPEN:
5348
+
case BT_BOUND:
5349
+
hci_dev_lock(hdev);
5350
+
hci_conn_failed(conn, reason);
5351
+
hci_dev_unlock(hdev);
5352
+
return 0;
5390
5353
default:
5391
5354
conn->state = BT_CLOSED;
5392
-
break;
5355
+
return 0;
5393
5356
}
5394
5357
5395
-
return 0;
5358
+
/* Cleanup hci_conn object if it cannot be cancelled as it
5359
+
* likelly means the controller and host stack are out of sync
5360
+
* or in case of LE it was still scanning so it can be cleanup
5361
+
* safely.
5362
+
*/
5363
+
if (err) {
5364
+
struct hci_conn *c;
5365
+
5366
+
/* Check if the connection hasn't been cleanup while waiting
5367
+
* commands to complete.
5368
+
*/
5369
+
c = hci_conn_hash_lookup_handle(hdev, handle);
5370
+
if (!c || c != conn)
5371
+
return 0;
5372
+
5373
+
hci_dev_lock(hdev);
5374
+
hci_conn_failed(conn, err);
5375
+
hci_dev_unlock(hdev);
5376
+
}
5377
+
5378
+
return err;
5396
5379
}
5397
5380
5398
5381
static int hci_disconnect_all_sync(struct hci_dev *hdev, u8 reason)
···
6312
6253
6313
6254
done:
6314
6255
if (err == -ETIMEDOUT)
6315
-
hci_le_connect_cancel_sync(hdev, conn);
6256
+
hci_le_connect_cancel_sync(hdev, conn, 0x00);
6316
6257
6317
6258
/* Re-enable advertising after the connection attempt is finished. */
6318
6259
hci_resume_advertising_sync(hdev);
6319
6260
return err;
6320
6261
}
6321
6262
6322
-
int hci_le_create_cis_sync(struct hci_dev *hdev, struct hci_conn *conn)
6263
+
int hci_le_create_cis_sync(struct hci_dev *hdev)
6323
6264
{
6324
6265
struct {
6325
6266
struct hci_cp_le_create_cis cp;
6326
6267
struct hci_cis cis[0x1f];
6327
6268
} cmd;
6328
-
u8 cig;
6329
-
struct hci_conn *hcon = conn;
6269
+
struct hci_conn *conn;
6270
+
u8 cig = BT_ISO_QOS_CIG_UNSET;
6271
+
6272
+
/* The spec allows only one pending LE Create CIS command at a time. If
6273
+
* the command is pending now, don't do anything. We check for pending
6274
+
* connections after each CIS Established event.
6275
+
*
6276
+
* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
6277
+
* page 2566:
6278
+
*
6279
+
* If the Host issues this command before all the
6280
+
* HCI_LE_CIS_Established events from the previous use of the
6281
+
* command have been generated, the Controller shall return the
6282
+
* error code Command Disallowed (0x0C).
6283
+
*
6284
+
* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
6285
+
* page 2567:
6286
+
*
6287
+
* When the Controller receives the HCI_LE_Create_CIS command, the
6288
+
* Controller sends the HCI_Command_Status event to the Host. An
6289
+
* HCI_LE_CIS_Established event will be generated for each CIS when it
6290
+
* is established or if it is disconnected or considered lost before
6291
+
* being established; until all the events are generated, the command
6292
+
* remains pending.
6293
+
*/
6330
6294
6331
6295
memset(&cmd, 0, sizeof(cmd));
6332
-
cmd.cis[0].acl_handle = cpu_to_le16(conn->parent->handle);
6333
-
cmd.cis[0].cis_handle = cpu_to_le16(conn->handle);
6334
-
cmd.cp.num_cis++;
6335
-
cig = conn->iso_qos.ucast.cig;
6336
6296
6337
6297
hci_dev_lock(hdev);
6338
6298
6339
6299
rcu_read_lock();
6340
6300
6301
+
/* Wait until previous Create CIS has completed */
6302
+
list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
6303
+
if (test_bit(HCI_CONN_CREATE_CIS, &conn->flags))
6304
+
goto done;
6305
+
}
6306
+
6307
+
/* Find CIG with all CIS ready */
6308
+
list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
6309
+
struct hci_conn *link;
6310
+
6311
+
if (hci_conn_check_create_cis(conn))
6312
+
continue;
6313
+
6314
+
cig = conn->iso_qos.ucast.cig;
6315
+
6316
+
list_for_each_entry_rcu(link, &hdev->conn_hash.list, list) {
6317
+
if (hci_conn_check_create_cis(link) > 0 &&
6318
+
link->iso_qos.ucast.cig == cig &&
6319
+
link->state != BT_CONNECTED) {
6320
+
cig = BT_ISO_QOS_CIG_UNSET;
6321
+
break;
6322
+
}
6323
+
}
6324
+
6325
+
if (cig != BT_ISO_QOS_CIG_UNSET)
6326
+
break;
6327
+
}
6328
+
6329
+
if (cig == BT_ISO_QOS_CIG_UNSET)
6330
+
goto done;
6331
+
6341
6332
list_for_each_entry_rcu(conn, &hdev->conn_hash.list, list) {
6342
6333
struct hci_cis *cis = &cmd.cis[cmd.cp.num_cis];
6343
6334
6344
-
if (conn == hcon || conn->type != ISO_LINK ||
6345
-
conn->state == BT_CONNECTED ||
6335
+
if (hci_conn_check_create_cis(conn) ||
6346
6336
conn->iso_qos.ucast.cig != cig)
6347
6337
continue;
6348
6338
6349
-
/* Check if all CIS(s) belonging to a CIG are ready */
6350
-
if (!conn->parent || conn->parent->state != BT_CONNECTED ||
6351
-
conn->state != BT_CONNECT) {
6352
-
cmd.cp.num_cis = 0;
6353
-
break;
6354
-
}
6355
-
6356
-
/* Group all CIS with state BT_CONNECT since the spec don't
6357
-
* allow to send them individually:
6358
-
*
6359
-
* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E
6360
-
* page 2566:
6361
-
*
6362
-
* If the Host issues this command before all the
6363
-
* HCI_LE_CIS_Established events from the previous use of the
6364
-
* command have been generated, the Controller shall return the
6365
-
* error code Command Disallowed (0x0C).
6366
-
*/
6339
+
set_bit(HCI_CONN_CREATE_CIS, &conn->flags);
6367
6340
cis->acl_handle = cpu_to_le16(conn->parent->handle);
6368
6341
cis->cis_handle = cpu_to_le16(conn->handle);
6369
6342
cmd.cp.num_cis++;
6343
+
6344
+
if (cmd.cp.num_cis >= ARRAY_SIZE(cmd.cis))
6345
+
break;
6370
6346
}
6371
6347
6348
+
done:
6372
6349
rcu_read_unlock();
6373
6350
6374
6351
hci_dev_unlock(hdev);
···
6528
6433
6529
6434
static int _update_adv_data_sync(struct hci_dev *hdev, void *data)
6530
6435
{
6531
-
u8 instance = PTR_ERR(data);
6436
+
u8 instance = PTR_UINT(data);
6532
6437
6533
6438
return hci_update_adv_data_sync(hdev, instance);
6534
6439
}
···
6536
6441
int hci_update_adv_data(struct hci_dev *hdev, u8 instance)
6537
6442
{
6538
6443
return hci_cmd_sync_queue(hdev, _update_adv_data_sync,
6539
-
ERR_PTR(instance), NULL);
6444
+
UINT_PTR(instance), NULL);
6540
6445
}
+1
-9
net/bluetooth/hidp/sock.c
+1
-9
net/bluetooth/hidp/sock.c
···
256
256
if (sock->type != SOCK_RAW)
257
257
return -ESOCKTNOSUPPORT;
258
258
259
-
sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hidp_proto, kern);
259
+
sk = bt_sock_alloc(net, sock, &hidp_proto, protocol, GFP_ATOMIC, kern);
260
260
if (!sk)
261
261
return -ENOMEM;
262
262
263
-
sock_init_data(sock, sk);
264
-
265
263
sock->ops = &hidp_sock_ops;
266
-
267
264
sock->state = SS_UNCONNECTED;
268
-
269
-
sock_reset_flag(sk, SOCK_ZAPPED);
270
-
271
-
sk->sk_protocol = protocol;
272
-
sk->sk_state = BT_OPEN;
273
265
274
266
bt_sock_link(&hidp_sk_list, sk);
275
267
+79
-55
net/bluetooth/iso.c
+79
-55
net/bluetooth/iso.c
···
48
48
#define EIR_SERVICE_DATA_LENGTH 4
49
49
#define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH)
50
50
51
+
/* iso_pinfo flags values */
52
+
enum {
53
+
BT_SK_BIG_SYNC,
54
+
};
55
+
51
56
struct iso_pinfo {
52
57
struct bt_sock bt;
53
58
bdaddr_t src;
···
63
58
__u8 bc_num_bis;
64
59
__u8 bc_bis[ISO_MAX_NUM_BIS];
65
60
__u16 sync_handle;
66
-
__u32 flags;
61
+
unsigned long flags;
67
62
struct bt_iso_qos qos;
68
63
bool qos_user_set;
69
64
__u8 base_len;
···
292
287
goto unlock;
293
288
}
294
289
295
-
hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
296
-
le_addr_type(iso_pi(sk)->dst_type),
297
-
&iso_pi(sk)->qos, iso_pi(sk)->base_len,
298
-
iso_pi(sk)->base);
299
-
if (IS_ERR(hcon)) {
300
-
err = PTR_ERR(hcon);
301
-
goto unlock;
290
+
/* Just bind if DEFER_SETUP has been set */
291
+
if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
292
+
hcon = hci_bind_bis(hdev, &iso_pi(sk)->dst,
293
+
&iso_pi(sk)->qos, iso_pi(sk)->base_len,
294
+
iso_pi(sk)->base);
295
+
if (IS_ERR(hcon)) {
296
+
err = PTR_ERR(hcon);
297
+
goto unlock;
298
+
}
299
+
} else {
300
+
hcon = hci_connect_bis(hdev, &iso_pi(sk)->dst,
301
+
le_addr_type(iso_pi(sk)->dst_type),
302
+
&iso_pi(sk)->qos, iso_pi(sk)->base_len,
303
+
iso_pi(sk)->base);
304
+
if (IS_ERR(hcon)) {
305
+
err = PTR_ERR(hcon);
306
+
goto unlock;
307
+
}
302
308
}
303
309
304
310
conn = iso_conn_add(hcon);
···
333
317
if (hcon->state == BT_CONNECTED) {
334
318
iso_sock_clear_timer(sk);
335
319
sk->sk_state = BT_CONNECTED;
320
+
} else if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
321
+
iso_sock_clear_timer(sk);
322
+
sk->sk_state = BT_CONNECT;
336
323
} else {
337
324
sk->sk_state = BT_CONNECT;
338
325
iso_sock_set_timer(sk, sk->sk_sndtimeo);
···
619
600
sock_put(sk);
620
601
}
621
602
622
-
static void iso_conn_defer_reject(struct hci_conn *conn)
623
-
{
624
-
struct hci_cp_le_reject_cis cp;
625
-
626
-
BT_DBG("conn %p", conn);
627
-
628
-
memset(&cp, 0, sizeof(cp));
629
-
cp.handle = cpu_to_le16(conn->handle);
630
-
cp.reason = HCI_ERROR_REJ_BAD_ADDR;
631
-
hci_send_cmd(conn->hdev, HCI_OP_LE_REJECT_CIS, sizeof(cp), &cp);
632
-
}
633
-
634
603
static void __iso_sock_close(struct sock *sk)
635
604
{
636
605
BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
···
628
621
iso_sock_cleanup_listen(sk);
629
622
break;
630
623
624
+
case BT_CONNECT:
631
625
case BT_CONNECTED:
632
626
case BT_CONFIG:
633
627
if (iso_pi(sk)->conn->hcon) {
···
644
636
break;
645
637
646
638
case BT_CONNECT2:
647
-
if (iso_pi(sk)->conn->hcon)
648
-
iso_conn_defer_reject(iso_pi(sk)->conn->hcon);
649
-
iso_chan_del(sk, ECONNRESET);
650
-
break;
651
-
case BT_CONNECT:
652
-
/* In case of DEFER_SETUP the hcon would be bound to CIG which
653
-
* needs to be removed so just call hci_conn_del so the cleanup
654
-
* callback do what is needed.
655
-
*/
656
-
if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags) &&
657
-
iso_pi(sk)->conn->hcon) {
658
-
hci_conn_del(iso_pi(sk)->conn->hcon);
659
-
iso_pi(sk)->conn->hcon = NULL;
660
-
}
661
-
662
639
iso_chan_del(sk, ECONNRESET);
663
640
break;
664
641
case BT_DISCONN:
···
717
724
{
718
725
struct sock *sk;
719
726
720
-
sk = sk_alloc(net, PF_BLUETOOTH, prio, &iso_proto, kern);
727
+
sk = bt_sock_alloc(net, sock, &iso_proto, proto, prio, kern);
721
728
if (!sk)
722
729
return NULL;
723
730
724
-
sock_init_data(sock, sk);
725
-
INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
726
-
727
731
sk->sk_destruct = iso_sock_destruct;
728
732
sk->sk_sndtimeo = ISO_CONN_TIMEOUT;
729
-
730
-
sock_reset_flag(sk, SOCK_ZAPPED);
731
-
732
-
sk->sk_protocol = proto;
733
-
sk->sk_state = BT_OPEN;
734
733
735
734
/* Set address type as public as default src address is BDADDR_ANY */
736
735
iso_pi(sk)->src_type = BDADDR_LE_PUBLIC;
···
1187
1202
1188
1203
static bool check_ucast_qos(struct bt_iso_qos *qos)
1189
1204
{
1205
+
if (qos->ucast.cig > 0xef && qos->ucast.cig != BT_ISO_QOS_CIG_UNSET)
1206
+
return false;
1207
+
1208
+
if (qos->ucast.cis > 0xef && qos->ucast.cis != BT_ISO_QOS_CIS_UNSET)
1209
+
return false;
1210
+
1190
1211
if (qos->ucast.sca > 0x07)
1191
1212
return false;
1192
1213
···
1282
1291
clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags);
1283
1292
break;
1284
1293
1294
+
case BT_PKT_STATUS:
1295
+
if (copy_from_sockptr(&opt, optval, sizeof(u32))) {
1296
+
err = -EFAULT;
1297
+
break;
1298
+
}
1299
+
1300
+
if (opt)
1301
+
set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1302
+
else
1303
+
clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
1304
+
break;
1305
+
1285
1306
case BT_ISO_QOS:
1286
1307
if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND &&
1287
1308
sk->sk_state != BT_CONNECT2) {
···
1377
1374
(u32 __user *)optval))
1378
1375
err = -EFAULT;
1379
1376
1377
+
break;
1378
+
1379
+
case BT_PKT_STATUS:
1380
+
if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1381
+
(int __user *)optval))
1382
+
err = -EFAULT;
1380
1383
break;
1381
1384
1382
1385
case BT_ISO_QOS:
···
1572
1563
hci_conn_hold(hcon);
1573
1564
iso_chan_add(conn, sk, parent);
1574
1565
1566
+
if (ev && ((struct hci_evt_le_big_sync_estabilished *)ev)->status) {
1567
+
/* Trigger error signal on child socket */
1568
+
sk->sk_err = ECONNREFUSED;
1569
+
sk->sk_error_report(sk);
1570
+
}
1571
+
1575
1572
if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(parent)->flags))
1576
1573
sk->sk_state = BT_CONNECT2;
1577
1574
else
···
1646
1631
if (ev2->num_bis < iso_pi(sk)->bc_num_bis)
1647
1632
iso_pi(sk)->bc_num_bis = ev2->num_bis;
1648
1633
1649
-
err = hci_le_big_create_sync(hdev,
1650
-
&iso_pi(sk)->qos,
1651
-
iso_pi(sk)->sync_handle,
1652
-
iso_pi(sk)->bc_num_bis,
1653
-
iso_pi(sk)->bc_bis);
1654
-
if (err) {
1655
-
bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1656
-
err);
1657
-
sk = NULL;
1634
+
if (!test_and_set_bit(BT_SK_BIG_SYNC, &iso_pi(sk)->flags)) {
1635
+
err = hci_le_big_create_sync(hdev,
1636
+
&iso_pi(sk)->qos,
1637
+
iso_pi(sk)->sync_handle,
1638
+
iso_pi(sk)->bc_num_bis,
1639
+
iso_pi(sk)->bc_bis);
1640
+
if (err) {
1641
+
bt_dev_err(hdev, "hci_le_big_create_sync: %d",
1642
+
err);
1643
+
sk = NULL;
1644
+
}
1658
1645
}
1659
1646
}
1660
1647
} else {
···
1693
1676
}
1694
1677
1695
1678
/* Create CIS if pending */
1696
-
hci_le_create_cis(hcon);
1679
+
hci_le_create_cis_pending(hcon->hdev);
1697
1680
return;
1698
1681
}
1699
1682
1700
1683
BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
1701
1684
1702
-
if (!status) {
1685
+
/* Similar to the success case, if HCI_CONN_BIG_SYNC_FAILED is set,
1686
+
* queue the failed bis connection into the accept queue of the
1687
+
* listening socket and wake up userspace, to inform the user about
1688
+
* the BIG sync failed event.
1689
+
*/
1690
+
if (!status || test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) {
1703
1691
struct iso_conn *conn;
1704
1692
1705
1693
conn = iso_conn_add(hcon);
···
1779
1757
1780
1758
if (len == skb->len) {
1781
1759
/* Complete frame received */
1760
+
hci_skb_pkt_status(skb) = flags & 0x03;
1782
1761
iso_recv_frame(conn, skb);
1783
1762
return;
1784
1763
}
···
1801
1778
if (!conn->rx_skb)
1802
1779
goto drop;
1803
1780
1781
+
hci_skb_pkt_status(conn->rx_skb) = flags & 0x03;
1804
1782
skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
1805
1783
skb->len);
1806
1784
conn->rx_len = len - skb->len;
+1
-28
net/bluetooth/l2cap_sock.c
+1
-28
net/bluetooth/l2cap_sock.c
···
178
178
return err;
179
179
}
180
180
181
-
static void l2cap_sock_init_pid(struct sock *sk)
182
-
{
183
-
struct l2cap_chan *chan = l2cap_pi(sk)->chan;
184
-
185
-
/* Only L2CAP_MODE_EXT_FLOWCTL ever need to access the PID in order to
186
-
* group the channels being requested.
187
-
*/
188
-
if (chan->mode != L2CAP_MODE_EXT_FLOWCTL)
189
-
return;
190
-
191
-
spin_lock(&sk->sk_peer_lock);
192
-
sk->sk_peer_pid = get_pid(task_tgid(current));
193
-
spin_unlock(&sk->sk_peer_lock);
194
-
}
195
-
196
181
static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr,
197
182
int alen, int flags)
198
183
{
···
253
268
chan->mode != L2CAP_MODE_EXT_FLOWCTL)
254
269
chan->mode = L2CAP_MODE_LE_FLOWCTL;
255
270
256
-
l2cap_sock_init_pid(sk);
257
-
258
271
err = l2cap_chan_connect(chan, la.l2_psm, __le16_to_cpu(la.l2_cid),
259
272
&la.l2_bdaddr, la.l2_bdaddr_type);
260
273
if (err)
···
307
324
err = -EOPNOTSUPP;
308
325
goto done;
309
326
}
310
-
311
-
l2cap_sock_init_pid(sk);
312
327
313
328
sk->sk_max_ack_backlog = backlog;
314
329
sk->sk_ack_backlog = 0;
···
1839
1858
struct sock *sk;
1840
1859
struct l2cap_chan *chan;
1841
1860
1842
-
sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, kern);
1861
+
sk = bt_sock_alloc(net, sock, &l2cap_proto, proto, prio, kern);
1843
1862
if (!sk)
1844
1863
return NULL;
1845
1864
1846
-
sock_init_data(sock, sk);
1847
-
INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
1848
-
1849
1865
sk->sk_destruct = l2cap_sock_destruct;
1850
1866
sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
1851
-
1852
-
sock_reset_flag(sk, SOCK_ZAPPED);
1853
-
1854
-
sk->sk_protocol = proto;
1855
-
sk->sk_state = BT_OPEN;
1856
1867
1857
1868
chan = l2cap_chan_create();
1858
1869
if (!chan) {
+10
-17
net/bluetooth/mgmt.c
+10
-17
net/bluetooth/mgmt.c
···
944
944
if (cis_peripheral_capable(hdev))
945
945
settings |= MGMT_SETTING_CIS_PERIPHERAL;
946
946
947
+
if (bis_capable(hdev))
948
+
settings |= MGMT_SETTING_ISO_BROADCASTER;
949
+
950
+
if (sync_recv_capable(hdev))
951
+
settings |= MGMT_SETTING_ISO_SYNC_RECEIVER;
952
+
947
953
return settings;
948
954
}
949
955
···
3586
3580
return err;
3587
3581
}
3588
3582
3589
-
static int abort_conn_sync(struct hci_dev *hdev, void *data)
3590
-
{
3591
-
struct hci_conn *conn;
3592
-
u16 handle = PTR_ERR(data);
3593
-
3594
-
conn = hci_conn_hash_lookup_handle(hdev, handle);
3595
-
if (!conn)
3596
-
return 0;
3597
-
3598
-
return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
3599
-
}
3600
-
3601
3583
static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3602
3584
u16 len)
3603
3585
{
···
3636
3642
le_addr_type(addr->type));
3637
3643
3638
3644
if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3639
-
hci_cmd_sync_queue(hdev, abort_conn_sync, ERR_PTR(conn->handle),
3640
-
NULL);
3645
+
hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3641
3646
3642
3647
unlock:
3643
3648
hci_dev_unlock(hdev);
···
8428
8435
supported_flags = get_supported_adv_flags(hdev);
8429
8436
8430
8437
rp->supported_flags = cpu_to_le32(supported_flags);
8431
-
rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
8432
-
rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
8438
+
rp->max_adv_data_len = max_adv_len(hdev);
8439
+
rp->max_scan_rsp_len = max_adv_len(hdev);
8433
8440
rp->max_instances = hdev->le_num_of_adv_sets;
8434
8441
rp->num_instances = hdev->adv_instance_cnt;
8435
8442
···
8465
8472
static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
8466
8473
bool is_adv_data)
8467
8474
{
8468
-
u8 max_len = HCI_MAX_AD_LENGTH;
8475
+
u8 max_len = max_adv_len(hdev);
8469
8476
8470
8477
if (is_adv_data) {
8471
8478
if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
+398
-16
net/bluetooth/msft.c
+398
-16
net/bluetooth/msft.c
···
91
91
struct msft_monitor_advertisement_handle_data {
92
92
__u8 msft_handle;
93
93
__u16 mgmt_handle;
94
+
__s8 rssi_high;
95
+
__s8 rssi_low;
96
+
__u8 rssi_low_interval;
97
+
__u8 rssi_sampling_period;
98
+
__u8 cond_type;
99
+
struct list_head list;
100
+
};
101
+
102
+
enum monitor_addr_filter_state {
103
+
AF_STATE_IDLE,
104
+
AF_STATE_ADDING,
105
+
AF_STATE_ADDED,
106
+
AF_STATE_REMOVING,
107
+
};
108
+
109
+
#define MSFT_MONITOR_ADVERTISEMENT_TYPE_ADDR 0x04
110
+
struct msft_monitor_addr_filter_data {
111
+
__u8 msft_handle;
112
+
__u8 pattern_handle; /* address filters pertain to */
113
+
__u16 mgmt_handle;
114
+
int state;
115
+
__s8 rssi_high;
116
+
__s8 rssi_low;
117
+
__u8 rssi_low_interval;
118
+
__u8 rssi_sampling_period;
119
+
__u8 addr_type;
120
+
bdaddr_t bdaddr;
94
121
struct list_head list;
95
122
};
96
123
···
126
99
__u8 evt_prefix_len;
127
100
__u8 *evt_prefix;
128
101
struct list_head handle_map;
102
+
struct list_head address_filters;
129
103
__u8 resuming;
130
104
__u8 suspending;
131
105
__u8 filter_enabled;
106
+
/* To synchronize add/remove address filter and monitor device event.*/
107
+
struct mutex filter_lock;
132
108
};
133
109
134
110
bool msft_monitor_supported(struct hci_dev *hdev)
···
210
180
return NULL;
211
181
}
212
182
183
+
/* This function requires the caller holds msft->filter_lock */
184
+
static struct msft_monitor_addr_filter_data *msft_find_address_data
185
+
(struct hci_dev *hdev, u8 addr_type, bdaddr_t *addr,
186
+
u8 pattern_handle)
187
+
{
188
+
struct msft_monitor_addr_filter_data *entry;
189
+
struct msft_data *msft = hdev->msft_data;
190
+
191
+
list_for_each_entry(entry, &msft->address_filters, list) {
192
+
if (entry->pattern_handle == pattern_handle &&
193
+
addr_type == entry->addr_type &&
194
+
!bacmp(addr, &entry->bdaddr))
195
+
return entry;
196
+
}
197
+
198
+
return NULL;
199
+
}
200
+
213
201
/* This function requires the caller holds hdev->lock */
214
202
static int msft_monitor_device_del(struct hci_dev *hdev, __u16 mgmt_handle,
215
203
bdaddr_t *bdaddr, __u8 addr_type,
···
288
240
289
241
handle_data->mgmt_handle = monitor->handle;
290
242
handle_data->msft_handle = rp->handle;
243
+
handle_data->cond_type = MSFT_MONITOR_ADVERTISEMENT_TYPE_PATTERN;
291
244
INIT_LIST_HEAD(&handle_data->list);
292
245
list_add(&handle_data->list, &msft->handle_map);
293
246
···
303
254
return status;
304
255
}
305
256
257
+
/* This function requires the caller holds hci_req_sync_lock */
258
+
static void msft_remove_addr_filters_sync(struct hci_dev *hdev, u8 handle)
259
+
{
260
+
struct msft_monitor_addr_filter_data *address_filter, *n;
261
+
struct msft_cp_le_cancel_monitor_advertisement cp;
262
+
struct msft_data *msft = hdev->msft_data;
263
+
struct list_head head;
264
+
struct sk_buff *skb;
265
+
266
+
INIT_LIST_HEAD(&head);
267
+
268
+
/* Cancel all corresponding address monitors */
269
+
mutex_lock(&msft->filter_lock);
270
+
271
+
list_for_each_entry_safe(address_filter, n, &msft->address_filters,
272
+
list) {
273
+
if (address_filter->pattern_handle != handle)
274
+
continue;
275
+
276
+
list_del(&address_filter->list);
277
+
278
+
/* Keep the address filter and let
279
+
* msft_add_address_filter_sync() remove and free the address
280
+
* filter.
281
+
*/
282
+
if (address_filter->state == AF_STATE_ADDING) {
283
+
address_filter->state = AF_STATE_REMOVING;
284
+
continue;
285
+
}
286
+
287
+
/* Keep the address filter and let
288
+
* msft_cancel_address_filter_sync() remove and free the address
289
+
* filter
290
+
*/
291
+
if (address_filter->state == AF_STATE_REMOVING)
292
+
continue;
293
+
294
+
list_add_tail(&address_filter->list, &head);
295
+
}
296
+
297
+
mutex_unlock(&msft->filter_lock);
298
+
299
+
list_for_each_entry_safe(address_filter, n, &head, list) {
300
+
list_del(&address_filter->list);
301
+
302
+
cp.sub_opcode = MSFT_OP_LE_CANCEL_MONITOR_ADVERTISEMENT;
303
+
cp.handle = address_filter->msft_handle;
304
+
305
+
skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp,
306
+
HCI_CMD_TIMEOUT);
307
+
if (IS_ERR_OR_NULL(skb)) {
308
+
kfree(address_filter);
309
+
continue;
310
+
}
311
+
312
+
kfree_skb(skb);
313
+
314
+
bt_dev_dbg(hdev, "MSFT: Canceled device %pMR address filter",
315
+
&address_filter->bdaddr);
316
+
317
+
kfree(address_filter);
318
+
}
319
+
}
320
+
306
321
static int msft_le_cancel_monitor_advertisement_cb(struct hci_dev *hdev,
307
322
u16 opcode,
308
323
struct adv_monitor *monitor,
···
376
263
struct msft_monitor_advertisement_handle_data *handle_data;
377
264
struct msft_data *msft = hdev->msft_data;
378
265
int status = 0;
266
+
u8 msft_handle;
379
267
380
268
rp = (struct msft_rp_le_cancel_monitor_advertisement *)skb->data;
381
269
if (skb->len < sizeof(*rp)) {
···
407
293
NULL, 0, false);
408
294
}
409
295
296
+
msft_handle = handle_data->msft_handle;
297
+
410
298
list_del(&handle_data->list);
411
299
kfree(handle_data);
412
-
}
413
300
414
-
hci_dev_unlock(hdev);
301
+
hci_dev_unlock(hdev);
302
+
303
+
msft_remove_addr_filters_sync(hdev, msft_handle);
304
+
} else {
305
+
hci_dev_unlock(hdev);
306
+
}
415
307
416
308
done:
417
309
return status;
···
514
394
{
515
395
struct msft_cp_le_monitor_advertisement *cp;
516
396
struct msft_le_monitor_advertisement_pattern_data *pattern_data;
397
+
struct msft_monitor_advertisement_handle_data *handle_data;
517
398
struct msft_le_monitor_advertisement_pattern *pattern;
518
399
struct adv_pattern *entry;
519
400
size_t total_size = sizeof(*cp) + sizeof(*pattern_data);
520
401
ptrdiff_t offset = 0;
521
402
u8 pattern_count = 0;
522
403
struct sk_buff *skb;
404
+
int err;
523
405
524
406
if (!msft_monitor_pattern_valid(monitor))
525
407
return -EINVAL;
···
558
436
559
437
skb = __hci_cmd_sync(hdev, hdev->msft_opcode, total_size, cp,
560
438
HCI_CMD_TIMEOUT);
561
-
kfree(cp);
562
439
563
440
if (IS_ERR_OR_NULL(skb)) {
564
-
if (!skb)
565
-
return -EIO;
566
-
return PTR_ERR(skb);
441
+
err = PTR_ERR(skb);
442
+
goto out_free;
567
443
}
568
444
569
-
return msft_le_monitor_advertisement_cb(hdev, hdev->msft_opcode,
570
-
monitor, skb);
445
+
err = msft_le_monitor_advertisement_cb(hdev, hdev->msft_opcode,
446
+
monitor, skb);
447
+
if (err)
448
+
goto out_free;
449
+
450
+
handle_data = msft_find_handle_data(hdev, monitor->handle, true);
451
+
if (!handle_data) {
452
+
err = -ENODATA;
453
+
goto out_free;
454
+
}
455
+
456
+
handle_data->rssi_high = cp->rssi_high;
457
+
handle_data->rssi_low = cp->rssi_low;
458
+
handle_data->rssi_low_interval = cp->rssi_low_interval;
459
+
handle_data->rssi_sampling_period = cp->rssi_sampling_period;
460
+
461
+
out_free:
462
+
kfree(cp);
463
+
return err;
571
464
}
572
465
573
466
/* This function requires the caller holds hci_req_sync_lock */
···
675
538
{
676
539
struct msft_data *msft = hdev->msft_data;
677
540
struct msft_monitor_advertisement_handle_data *handle_data, *tmp;
541
+
struct msft_monitor_addr_filter_data *address_filter, *n;
678
542
struct adv_monitor *monitor;
679
543
680
544
if (!msft)
···
697
559
kfree(handle_data);
698
560
}
699
561
562
+
mutex_lock(&msft->filter_lock);
563
+
list_for_each_entry_safe(address_filter, n, &msft->address_filters,
564
+
list) {
565
+
list_del(&address_filter->list);
566
+
kfree(address_filter);
567
+
}
568
+
mutex_unlock(&msft->filter_lock);
569
+
700
570
hci_dev_lock(hdev);
701
571
702
572
/* Clear any devices that are being monitored and notify device lost */
···
712
566
msft_monitor_device_del(hdev, 0, NULL, 0, true);
713
567
714
568
hci_dev_unlock(hdev);
569
+
}
570
+
571
+
static int msft_cancel_address_filter_sync(struct hci_dev *hdev, void *data)
572
+
{
573
+
struct msft_monitor_addr_filter_data *address_filter = data;
574
+
struct msft_cp_le_cancel_monitor_advertisement cp;
575
+
struct msft_data *msft = hdev->msft_data;
576
+
struct sk_buff *skb;
577
+
int err = 0;
578
+
579
+
if (!msft) {
580
+
bt_dev_err(hdev, "MSFT: msft data is freed");
581
+
return -EINVAL;
582
+
}
583
+
584
+
/* The address filter has been removed by hci dev close */
585
+
if (!test_bit(HCI_UP, &hdev->flags))
586
+
return 0;
587
+
588
+
mutex_lock(&msft->filter_lock);
589
+
list_del(&address_filter->list);
590
+
mutex_unlock(&msft->filter_lock);
591
+
592
+
cp.sub_opcode = MSFT_OP_LE_CANCEL_MONITOR_ADVERTISEMENT;
593
+
cp.handle = address_filter->msft_handle;
594
+
595
+
skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp,
596
+
HCI_CMD_TIMEOUT);
597
+
if (IS_ERR_OR_NULL(skb)) {
598
+
bt_dev_err(hdev, "MSFT: Failed to cancel address (%pMR) filter",
599
+
&address_filter->bdaddr);
600
+
err = -EIO;
601
+
goto done;
602
+
}
603
+
kfree_skb(skb);
604
+
605
+
bt_dev_dbg(hdev, "MSFT: Canceled device %pMR address filter",
606
+
&address_filter->bdaddr);
607
+
608
+
done:
609
+
kfree(address_filter);
610
+
611
+
return err;
715
612
}
716
613
717
614
void msft_register(struct hci_dev *hdev)
···
770
581
}
771
582
772
583
INIT_LIST_HEAD(&msft->handle_map);
584
+
INIT_LIST_HEAD(&msft->address_filters);
773
585
hdev->msft_data = msft;
586
+
mutex_init(&msft->filter_lock);
774
587
}
775
588
776
589
void msft_unregister(struct hci_dev *hdev)
···
787
596
hdev->msft_data = NULL;
788
597
789
598
kfree(msft->evt_prefix);
599
+
mutex_destroy(&msft->filter_lock);
790
600
kfree(msft);
791
601
}
792
602
···
837
645
return data;
838
646
}
839
647
648
+
static int msft_add_address_filter_sync(struct hci_dev *hdev, void *data)
649
+
{
650
+
struct msft_monitor_addr_filter_data *address_filter = data;
651
+
struct msft_rp_le_monitor_advertisement *rp;
652
+
struct msft_cp_le_monitor_advertisement *cp;
653
+
struct msft_data *msft = hdev->msft_data;
654
+
struct sk_buff *skb = NULL;
655
+
bool remove = false;
656
+
size_t size;
657
+
658
+
if (!msft) {
659
+
bt_dev_err(hdev, "MSFT: msft data is freed");
660
+
return -EINVAL;
661
+
}
662
+
663
+
/* The address filter has been removed by hci dev close */
664
+
if (!test_bit(HCI_UP, &hdev->flags))
665
+
return -ENODEV;
666
+
667
+
/* We are safe to use the address filter from now on.
668
+
* msft_monitor_device_evt() wouldn't delete this filter because it's
669
+
* not been added by now.
670
+
* And all other functions that requiring hci_req_sync_lock wouldn't
671
+
* touch this filter before this func completes because it's protected
672
+
* by hci_req_sync_lock.
673
+
*/
674
+
675
+
if (address_filter->state == AF_STATE_REMOVING) {
676
+
mutex_lock(&msft->filter_lock);
677
+
list_del(&address_filter->list);
678
+
mutex_unlock(&msft->filter_lock);
679
+
kfree(address_filter);
680
+
return 0;
681
+
}
682
+
683
+
size = sizeof(*cp) +
684
+
sizeof(address_filter->addr_type) +
685
+
sizeof(address_filter->bdaddr);
686
+
cp = kzalloc(size, GFP_KERNEL);
687
+
if (!cp) {
688
+
bt_dev_err(hdev, "MSFT: Alloc cmd param err");
689
+
remove = true;
690
+
goto done;
691
+
}
692
+
cp->sub_opcode = MSFT_OP_LE_MONITOR_ADVERTISEMENT;
693
+
cp->rssi_high = address_filter->rssi_high;
694
+
cp->rssi_low = address_filter->rssi_low;
695
+
cp->rssi_low_interval = address_filter->rssi_low_interval;
696
+
cp->rssi_sampling_period = address_filter->rssi_sampling_period;
697
+
cp->cond_type = MSFT_MONITOR_ADVERTISEMENT_TYPE_ADDR;
698
+
cp->data[0] = address_filter->addr_type;
699
+
memcpy(&cp->data[1], &address_filter->bdaddr,
700
+
sizeof(address_filter->bdaddr));
701
+
702
+
skb = __hci_cmd_sync(hdev, hdev->msft_opcode, size, cp,
703
+
HCI_CMD_TIMEOUT);
704
+
if (IS_ERR_OR_NULL(skb)) {
705
+
bt_dev_err(hdev, "Failed to enable address %pMR filter",
706
+
&address_filter->bdaddr);
707
+
skb = NULL;
708
+
remove = true;
709
+
goto done;
710
+
}
711
+
712
+
rp = skb_pull_data(skb, sizeof(*rp));
713
+
if (!rp || rp->sub_opcode != MSFT_OP_LE_MONITOR_ADVERTISEMENT ||
714
+
rp->status)
715
+
remove = true;
716
+
717
+
done:
718
+
mutex_lock(&msft->filter_lock);
719
+
720
+
if (remove) {
721
+
bt_dev_warn(hdev, "MSFT: Remove address (%pMR) filter",
722
+
&address_filter->bdaddr);
723
+
list_del(&address_filter->list);
724
+
kfree(address_filter);
725
+
} else {
726
+
address_filter->state = AF_STATE_ADDED;
727
+
address_filter->msft_handle = rp->handle;
728
+
bt_dev_dbg(hdev, "MSFT: Address %pMR filter enabled",
729
+
&address_filter->bdaddr);
730
+
}
731
+
mutex_unlock(&msft->filter_lock);
732
+
733
+
kfree_skb(skb);
734
+
735
+
return 0;
736
+
}
737
+
738
+
/* This function requires the caller holds msft->filter_lock */
739
+
static struct msft_monitor_addr_filter_data *msft_add_address_filter
740
+
(struct hci_dev *hdev, u8 addr_type, bdaddr_t *bdaddr,
741
+
struct msft_monitor_advertisement_handle_data *handle_data)
742
+
{
743
+
struct msft_monitor_addr_filter_data *address_filter = NULL;
744
+
struct msft_data *msft = hdev->msft_data;
745
+
int err;
746
+
747
+
address_filter = kzalloc(sizeof(*address_filter), GFP_KERNEL);
748
+
if (!address_filter)
749
+
return NULL;
750
+
751
+
address_filter->state = AF_STATE_ADDING;
752
+
address_filter->msft_handle = 0xff;
753
+
address_filter->pattern_handle = handle_data->msft_handle;
754
+
address_filter->mgmt_handle = handle_data->mgmt_handle;
755
+
address_filter->rssi_high = handle_data->rssi_high;
756
+
address_filter->rssi_low = handle_data->rssi_low;
757
+
address_filter->rssi_low_interval = handle_data->rssi_low_interval;
758
+
address_filter->rssi_sampling_period = handle_data->rssi_sampling_period;
759
+
address_filter->addr_type = addr_type;
760
+
bacpy(&address_filter->bdaddr, bdaddr);
761
+
762
+
/* With the above AF_STATE_ADDING, duplicated address filter can be
763
+
* avoided when receiving monitor device event (found/lost) frequently
764
+
* for the same device.
765
+
*/
766
+
list_add_tail(&address_filter->list, &msft->address_filters);
767
+
768
+
err = hci_cmd_sync_queue(hdev, msft_add_address_filter_sync,
769
+
address_filter, NULL);
770
+
if (err < 0) {
771
+
bt_dev_err(hdev, "MSFT: Add address %pMR filter err", bdaddr);
772
+
list_del(&address_filter->list);
773
+
kfree(address_filter);
774
+
return NULL;
775
+
}
776
+
777
+
bt_dev_dbg(hdev, "MSFT: Add device %pMR address filter",
778
+
&address_filter->bdaddr);
779
+
780
+
return address_filter;
781
+
}
782
+
840
783
/* This function requires the caller holds hdev->lock */
841
784
static void msft_monitor_device_evt(struct hci_dev *hdev, struct sk_buff *skb)
842
785
{
786
+
struct msft_monitor_addr_filter_data *n, *address_filter = NULL;
843
787
struct msft_ev_le_monitor_device *ev;
844
788
struct msft_monitor_advertisement_handle_data *handle_data;
789
+
struct msft_data *msft = hdev->msft_data;
790
+
u16 mgmt_handle = 0xffff;
845
791
u8 addr_type;
846
792
847
793
ev = msft_skb_pull(hdev, skb, MSFT_EV_LE_MONITOR_DEVICE, sizeof(*ev));
···
992
662
ev->monitor_state, &ev->bdaddr);
993
663
994
664
handle_data = msft_find_handle_data(hdev, ev->monitor_handle, false);
995
-
if (!handle_data)
996
-
return;
997
665
666
+
if (!test_bit(HCI_QUIRK_USE_MSFT_EXT_ADDRESS_FILTER, &hdev->quirks)) {
667
+
if (!handle_data)
668
+
return;
669
+
mgmt_handle = handle_data->mgmt_handle;
670
+
goto report_state;
671
+
}
672
+
673
+
if (handle_data) {
674
+
/* Don't report any device found/lost event from pattern
675
+
* monitors. Pattern monitor always has its address filters for
676
+
* tracking devices.
677
+
*/
678
+
679
+
address_filter = msft_find_address_data(hdev, ev->addr_type,
680
+
&ev->bdaddr,
681
+
handle_data->msft_handle);
682
+
if (address_filter)
683
+
return;
684
+
685
+
if (ev->monitor_state && handle_data->cond_type ==
686
+
MSFT_MONITOR_ADVERTISEMENT_TYPE_PATTERN)
687
+
msft_add_address_filter(hdev, ev->addr_type,
688
+
&ev->bdaddr, handle_data);
689
+
690
+
return;
691
+
}
692
+
693
+
/* This device event is not from pattern monitor.
694
+
* Report it if there is a corresponding address_filter for it.
695
+
*/
696
+
list_for_each_entry(n, &msft->address_filters, list) {
697
+
if (n->state == AF_STATE_ADDED &&
698
+
n->msft_handle == ev->monitor_handle) {
699
+
mgmt_handle = n->mgmt_handle;
700
+
address_filter = n;
701
+
break;
702
+
}
703
+
}
704
+
705
+
if (!address_filter) {
706
+
bt_dev_warn(hdev, "MSFT: Unexpected device event %pMR, %u, %u",
707
+
&ev->bdaddr, ev->monitor_handle, ev->monitor_state);
708
+
return;
709
+
}
710
+
711
+
report_state:
998
712
switch (ev->addr_type) {
999
713
case ADDR_LE_DEV_PUBLIC:
1000
714
addr_type = BDADDR_LE_PUBLIC;
···
1055
681
return;
1056
682
}
1057
683
1058
-
if (ev->monitor_state)
1059
-
msft_device_found(hdev, &ev->bdaddr, addr_type,
1060
-
handle_data->mgmt_handle);
1061
-
else
1062
-
msft_device_lost(hdev, &ev->bdaddr, addr_type,
1063
-
handle_data->mgmt_handle);
684
+
if (ev->monitor_state) {
685
+
msft_device_found(hdev, &ev->bdaddr, addr_type, mgmt_handle);
686
+
} else {
687
+
if (address_filter && address_filter->state == AF_STATE_ADDED) {
688
+
address_filter->state = AF_STATE_REMOVING;
689
+
hci_cmd_sync_queue(hdev,
690
+
msft_cancel_address_filter_sync,
691
+
address_filter,
692
+
NULL);
693
+
}
694
+
msft_device_lost(hdev, &ev->bdaddr, addr_type, mgmt_handle);
695
+
}
1064
696
}
1065
697
1066
698
void msft_vendor_evt(struct hci_dev *hdev, void *data, struct sk_buff *skb)
···
1104
724
1105
725
switch (*evt) {
1106
726
case MSFT_EV_LE_MONITOR_DEVICE:
727
+
mutex_lock(&msft->filter_lock);
1107
728
msft_monitor_device_evt(hdev, skb);
729
+
mutex_unlock(&msft->filter_lock);
1108
730
break;
1109
731
1110
732
default:
+3
-10
net/bluetooth/rfcomm/sock.c
+3
-10
net/bluetooth/rfcomm/sock.c
···
268
268
.obj_size = sizeof(struct rfcomm_pinfo)
269
269
};
270
270
271
-
static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio, int kern)
271
+
static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock,
272
+
int proto, gfp_t prio, int kern)
272
273
{
273
274
struct rfcomm_dlc *d;
274
275
struct sock *sk;
275
276
276
-
sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, kern);
277
+
sk = bt_sock_alloc(net, sock, &rfcomm_proto, proto, prio, kern);
277
278
if (!sk)
278
279
return NULL;
279
-
280
-
sock_init_data(sock, sk);
281
-
INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
282
280
283
281
d = rfcomm_dlc_alloc(prio);
284
282
if (!d) {
···
295
297
296
298
sk->sk_sndbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
297
299
sk->sk_rcvbuf = RFCOMM_MAX_CREDITS * RFCOMM_DEFAULT_MTU * 10;
298
-
299
-
sock_reset_flag(sk, SOCK_ZAPPED);
300
-
301
-
sk->sk_protocol = proto;
302
-
sk->sk_state = BT_OPEN;
303
300
304
301
bt_sock_link(&rfcomm_sk_list, sk);
305
302
+5
-27
net/bluetooth/sco.c
+5
-27
net/bluetooth/sco.c
···
68
68
bdaddr_t dst;
69
69
__u32 flags;
70
70
__u16 setting;
71
-
__u8 cmsg_mask;
72
71
struct bt_codec codec;
73
72
struct sco_conn *conn;
74
73
};
···
470
471
release_sock(sk);
471
472
}
472
473
473
-
static void sco_skb_put_cmsg(struct sk_buff *skb, struct msghdr *msg,
474
-
struct sock *sk)
475
-
{
476
-
if (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS)
477
-
put_cmsg(msg, SOL_BLUETOOTH, BT_SCM_PKT_STATUS,
478
-
sizeof(bt_cb(skb)->sco.pkt_status),
479
-
&bt_cb(skb)->sco.pkt_status);
480
-
}
481
-
482
474
static void sco_sock_init(struct sock *sk, struct sock *parent)
483
475
{
484
476
BT_DBG("sk %p", sk);
···
478
488
sk->sk_type = parent->sk_type;
479
489
bt_sk(sk)->flags = bt_sk(parent)->flags;
480
490
security_sk_clone(parent, sk);
481
-
} else {
482
-
bt_sk(sk)->skb_put_cmsg = sco_skb_put_cmsg;
483
491
}
484
492
}
485
493
···
492
504
{
493
505
struct sock *sk;
494
506
495
-
sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, kern);
507
+
sk = bt_sock_alloc(net, sock, &sco_proto, proto, prio, kern);
496
508
if (!sk)
497
509
return NULL;
498
510
499
-
sock_init_data(sock, sk);
500
-
INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
501
-
502
511
sk->sk_destruct = sco_sock_destruct;
503
512
sk->sk_sndtimeo = SCO_CONN_TIMEOUT;
504
-
505
-
sock_reset_flag(sk, SOCK_ZAPPED);
506
-
507
-
sk->sk_protocol = proto;
508
-
sk->sk_state = BT_OPEN;
509
513
510
514
sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT;
511
515
sco_pi(sk)->codec.id = BT_CODEC_CVSD;
···
895
915
}
896
916
897
917
if (opt)
898
-
sco_pi(sk)->cmsg_mask |= SCO_CMSG_PKT_STATUS;
918
+
set_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
899
919
else
900
-
sco_pi(sk)->cmsg_mask &= SCO_CMSG_PKT_STATUS;
920
+
clear_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags);
901
921
break;
902
922
903
923
case BT_CODEC:
···
1028
1048
int len, err = 0;
1029
1049
struct bt_voice voice;
1030
1050
u32 phys;
1031
-
int pkt_status;
1032
1051
int buf_len;
1033
1052
struct codec_list *c;
1034
1053
u8 num_codecs, i, __user *ptr;
···
1081
1102
break;
1082
1103
1083
1104
case BT_PKT_STATUS:
1084
-
pkt_status = (sco_pi(sk)->cmsg_mask & SCO_CMSG_PKT_STATUS);
1085
-
1086
-
if (put_user(pkt_status, (int __user *)optval))
1105
+
if (put_user(test_bit(BT_SK_PKT_STATUS, &bt_sk(sk)->flags),
1106
+
(int __user *)optval))
1087
1107
err = -EFAULT;
1088
1108
break;
1089
1109