Merge tag 'for-net-next-2025-12-01' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next

+79

Documentation/devicetree/bindings/net/bluetooth/marvell,sd8897-bt.yaml

··· 1 + # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause) 2 + %YAML 1.2 3 + --- 4 + $id: http://devicetree.org/schemas/net/bluetooth/marvell,sd8897-bt.yaml# 5 + $schema: http://devicetree.org/meta-schemas/core.yaml# 6 + 7 + title: Marvell 8897/8997 (sd8897/sd8997) bluetooth devices (SDIO) 8 + 9 + maintainers: 10 + - Ariel D'Alessandro <ariel.dalessandro@collabora.com> 11 + 12 + allOf: 13 + - $ref: /schemas/net/bluetooth/bluetooth-controller.yaml# 14 + 15 + properties: 16 + compatible: 17 + enum: 18 + - marvell,sd8897-bt 19 + - marvell,sd8997-bt 20 + 21 + reg: 22 + maxItems: 1 23 + 24 + interrupts: 25 + maxItems: 1 26 + 27 + marvell,cal-data: 28 + $ref: /schemas/types.yaml#/definitions/uint8-array 29 + description: 30 + Calibration data downloaded to the device during initialization. 31 + maxItems: 28 32 + 33 + marvell,wakeup-pin: 34 + $ref: /schemas/types.yaml#/definitions/uint16 35 + description: 36 + Wakeup pin number of the bluetooth chip. Used by firmware to wakeup host 37 + system. 38 + 39 + marvell,wakeup-gap-ms: 40 + $ref: /schemas/types.yaml#/definitions/uint16 41 + description: 42 + Wakeup latency of the host platform. Required by the chip sleep feature. 43 + 44 + required: 45 + - compatible 46 + - reg 47 + - interrupts 48 + 49 + additionalProperties: false 50 + 51 + examples: 52 + - | 53 + #include <dt-bindings/interrupt-controller/irq.h> 54 + 55 + mmc { 56 + vmmc-supply = <&wlan_en_reg>; 57 + bus-width = <4>; 58 + cap-power-off-card; 59 + keep-power-in-suspend; 60 + 61 + #address-cells = <1>; 62 + #size-cells = <0>; 63 + 64 + bluetooth@2 { 65 + compatible = "marvell,sd8897-bt"; 66 + reg = <2>; 67 + interrupt-parent = <&pio>; 68 + interrupts = <119 IRQ_TYPE_LEVEL_LOW>; 69 + 70 + marvell,cal-data = /bits/ 8 < 71 + 0x37 0x01 0x1c 0x00 0xff 0xff 0xff 0xff 0x01 0x7f 0x04 0x02 72 + 0x00 0x00 0xba 0xce 0xc0 0xc6 0x2d 0x00 0x00 0x00 0x00 0x00 73 + 0x00 0x00 0xf0 0x00>; 74 + marvell,wakeup-pin = /bits/ 16 <0x0d>; 75 + marvell,wakeup-gap-ms = /bits/ 16 <0x64>; 76 + }; 77 + }; 78 + 79 + ...

+1 -1

Documentation/devicetree/bindings/net/btusb.txt

··· 14 14 15 15 16 16 Also, vendors that use btusb may have device additional properties, e.g: 17 - Documentation/devicetree/bindings/net/marvell-bt-8xxx.txt 17 + Documentation/devicetree/bindings/net/bluetooth/marvell,sd8897-bt.yaml 18 18 19 19 Optional properties: 20 20

-83

Documentation/devicetree/bindings/net/marvell-bt-8xxx.txt

··· 1 - Marvell 8897/8997 (sd8897/sd8997) bluetooth devices (SDIO or USB based) 2 - ------ 3 - The 8997 devices supports multiple interfaces. When used on SDIO interfaces, 4 - the btmrvl driver is used and when used on USB interface, the btusb driver is 5 - used. 6 - 7 - Required properties: 8 - 9 - - compatible : should be one of the following: 10 - * "marvell,sd8897-bt" (for SDIO) 11 - * "marvell,sd8997-bt" (for SDIO) 12 - * "usb1286,204e" (for USB) 13 - 14 - Optional properties: 15 - 16 - - marvell,cal-data: Calibration data downloaded to the device during 17 - initialization. This is an array of 28 values(u8). 18 - This is only applicable to SDIO devices. 19 - 20 - - marvell,wakeup-pin: It represents wakeup pin number of the bluetooth chip. 21 - firmware will use the pin to wakeup host system (u16). 22 - - marvell,wakeup-gap-ms: wakeup gap represents wakeup latency of the host 23 - platform. The value will be configured to firmware. This 24 - is needed to work chip's sleep feature as expected (u16). 25 - - interrupt-names: Used only for USB based devices (See below) 26 - - interrupts : specifies the interrupt pin number to the cpu. For SDIO, the 27 - driver will use the first interrupt specified in the interrupt 28 - array. For USB based devices, the driver will use the interrupt 29 - named "wakeup" from the interrupt-names and interrupt arrays. 30 - The driver will request an irq based on this interrupt number. 31 - During system suspend, the irq will be enabled so that the 32 - bluetooth chip can wakeup host platform under certain 33 - conditions. During system resume, the irq will be disabled 34 - to make sure unnecessary interrupt is not received. 35 - 36 - Example: 37 - 38 - IRQ pin 119 is used as system wakeup source interrupt. 39 - wakeup pin 13 and gap 100ms are configured so that firmware can wakeup host 40 - using this device side pin and wakeup latency. 41 - 42 - Example for SDIO device follows (calibration data is also available in 43 - below example). 44 - 45 - &mmc3 { 46 - vmmc-supply = <&wlan_en_reg>; 47 - bus-width = <4>; 48 - cap-power-off-card; 49 - keep-power-in-suspend; 50 - 51 - #address-cells = <1>; 52 - #size-cells = <0>; 53 - btmrvl: bluetooth@2 { 54 - compatible = "marvell,sd8897-bt"; 55 - reg = <2>; 56 - interrupt-parent = <&pio>; 57 - interrupts = <119 IRQ_TYPE_LEVEL_LOW>; 58 - 59 - marvell,cal-data = /bits/ 8 < 60 - 0x37 0x01 0x1c 0x00 0xff 0xff 0xff 0xff 0x01 0x7f 0x04 0x02 61 - 0x00 0x00 0xba 0xce 0xc0 0xc6 0x2d 0x00 0x00 0x00 0x00 0x00 62 - 0x00 0x00 0xf0 0x00>; 63 - marvell,wakeup-pin = /bits/ 16 <0x0d>; 64 - marvell,wakeup-gap-ms = /bits/ 16 <0x64>; 65 - }; 66 - }; 67 - 68 - Example for USB device: 69 - 70 - &usb_host1_ohci { 71 - #address-cells = <1>; 72 - #size-cells = <0>; 73 - 74 - mvl_bt1: bt@1 { 75 - compatible = "usb1286,204e"; 76 - reg = <1>; 77 - interrupt-parent = <&gpio0>; 78 - interrupt-names = "wakeup"; 79 - interrupts = <119 IRQ_TYPE_LEVEL_LOW>; 80 - marvell,wakeup-pin = /bits/ 16 <0x0d>; 81 - marvell,wakeup-gap-ms = /bits/ 16 <0x64>; 82 - }; 83 - };

+1

MAINTAINERS

··· 21071 21071 F: drivers/net/wwan/qcom_bam_dmux.c 21072 21072 21073 21073 QUALCOMM BLUETOOTH DRIVER 21074 + M: Bartosz Golaszewski <brgl@bgdev.pl> 21074 21075 L: linux-arm-msm@vger.kernel.org 21075 21076 S: Maintained 21076 21077 F: drivers/bluetooth/btqca.[ch]

+1

drivers/bluetooth/Kconfig

··· 188 188 bool "Three-wire UART (H5) protocol support" 189 189 depends on BT_HCIUART 190 190 depends on BT_HCIUART_SERDEV 191 + select CRC_CCITT 191 192 help 192 193 The HCI Three-wire UART Transport Layer makes it possible to 193 194 user the Bluetooth HCI over a serial port interface. The HCI

+3 -1

drivers/bluetooth/btbcm.c

··· 642 642 snprintf(postfix, sizeof(postfix), "-%4.4x-%4.4x", vid, pid); 643 643 } 644 644 645 - fw_name = kmalloc(BCM_FW_NAME_COUNT_MAX * BCM_FW_NAME_LEN, GFP_KERNEL); 645 + fw_name = kmalloc_array(BCM_FW_NAME_COUNT_MAX, 646 + sizeof(*fw_name), 647 + GFP_KERNEL); 646 648 if (!fw_name) 647 649 return -ENOMEM; 648 650

+154 -25

drivers/bluetooth/btintel_pcie.c

··· 19 19 20 20 #include <net/bluetooth/bluetooth.h> 21 21 #include <net/bluetooth/hci_core.h> 22 + #include <net/bluetooth/hci_drv.h> 22 23 23 24 #include "btintel.h" 24 25 #include "btintel_pcie.h" ··· 824 823 static inline bool btintel_pcie_in_d0(struct btintel_pcie_data *data) 825 824 { 826 825 return !(data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_D3_STATE_READY); 826 + } 827 + 828 + static inline bool btintel_pcie_in_device_halt(struct btintel_pcie_data *data) 829 + { 830 + return data->boot_stage_cache & BTINTEL_PCIE_CSR_BOOT_STAGE_DEVICE_HALTED; 827 831 } 828 832 829 833 static void btintel_pcie_wr_sleep_cntrl(struct btintel_pcie_data *data, ··· 2361 2355 return device_may_wakeup(&data->pdev->dev); 2362 2356 } 2363 2357 2358 + static const struct { 2359 + u16 opcode; 2360 + const char *desc; 2361 + } btintel_pcie_hci_drv_supported_commands[] = { 2362 + /* Common commands */ 2363 + { HCI_DRV_OP_READ_INFO, "Read Info" }, 2364 + }; 2365 + 2366 + static int btintel_pcie_hci_drv_read_info(struct hci_dev *hdev, void *data, 2367 + u16 data_len) 2368 + { 2369 + struct hci_drv_rp_read_info *rp; 2370 + size_t rp_size; 2371 + int err, i; 2372 + u16 opcode, num_supported_commands = 2373 + ARRAY_SIZE(btintel_pcie_hci_drv_supported_commands); 2374 + 2375 + rp_size = sizeof(*rp) + num_supported_commands * 2; 2376 + 2377 + rp = kmalloc(rp_size, GFP_KERNEL); 2378 + if (!rp) 2379 + return -ENOMEM; 2380 + 2381 + strscpy_pad(rp->driver_name, KBUILD_MODNAME); 2382 + 2383 + rp->num_supported_commands = cpu_to_le16(num_supported_commands); 2384 + for (i = 0; i < num_supported_commands; i++) { 2385 + opcode = btintel_pcie_hci_drv_supported_commands[i].opcode; 2386 + bt_dev_dbg(hdev, 2387 + "Supported HCI Drv command (0x%02x|0x%04x): %s", 2388 + hci_opcode_ogf(opcode), 2389 + hci_opcode_ocf(opcode), 2390 + btintel_pcie_hci_drv_supported_commands[i].desc); 2391 + rp->supported_commands[i] = cpu_to_le16(opcode); 2392 + } 2393 + 2394 + err = hci_drv_cmd_complete(hdev, HCI_DRV_OP_READ_INFO, 2395 + HCI_DRV_STATUS_SUCCESS, 2396 + rp, rp_size); 2397 + 2398 + kfree(rp); 2399 + return err; 2400 + } 2401 + 2402 + static const struct hci_drv_handler btintel_pcie_hci_drv_common_handlers[] = { 2403 + { btintel_pcie_hci_drv_read_info, HCI_DRV_READ_INFO_SIZE }, 2404 + }; 2405 + 2406 + static const struct hci_drv_handler btintel_pcie_hci_drv_specific_handlers[] = {}; 2407 + 2408 + static struct hci_drv btintel_pcie_hci_drv = { 2409 + .common_handler_count = ARRAY_SIZE(btintel_pcie_hci_drv_common_handlers), 2410 + .common_handlers = btintel_pcie_hci_drv_common_handlers, 2411 + .specific_handler_count = ARRAY_SIZE(btintel_pcie_hci_drv_specific_handlers), 2412 + .specific_handlers = btintel_pcie_hci_drv_specific_handlers, 2413 + }; 2414 + 2364 2415 static int btintel_pcie_setup_hdev(struct btintel_pcie_data *data) 2365 2416 { 2366 2417 int err; ··· 2444 2381 hdev->set_bdaddr = btintel_set_bdaddr; 2445 2382 hdev->reset = btintel_pcie_reset; 2446 2383 hdev->wakeup = btintel_pcie_wakeup; 2384 + hdev->hci_drv = &btintel_pcie_hci_drv; 2447 2385 2448 2386 err = hci_register_dev(hdev); 2449 2387 if (err < 0) { ··· 2583 2519 } 2584 2520 #endif 2585 2521 2522 + static int btintel_pcie_set_dxstate(struct btintel_pcie_data *data, u32 dxstate) 2523 + { 2524 + int retry = 0, status; 2525 + u32 dx_intr_timeout_ms = 200; 2526 + 2527 + do { 2528 + data->gp0_received = false; 2529 + 2530 + btintel_pcie_wr_sleep_cntrl(data, dxstate); 2531 + 2532 + status = wait_event_timeout(data->gp0_wait_q, data->gp0_received, 2533 + msecs_to_jiffies(dx_intr_timeout_ms)); 2534 + 2535 + if (status) 2536 + return 0; 2537 + 2538 + bt_dev_warn(data->hdev, 2539 + "Timeout (%u ms) on alive interrupt for D%d entry, retry count %d", 2540 + dx_intr_timeout_ms, dxstate, retry); 2541 + 2542 + /* clear gp0 cause */ 2543 + btintel_pcie_clr_reg_bits(data, 2544 + BTINTEL_PCIE_CSR_MSIX_HW_INT_CAUSES, 2545 + BTINTEL_PCIE_MSIX_HW_INT_CAUSES_GP0); 2546 + 2547 + /* A hardware bug may cause the alive interrupt to be missed. 2548 + * Check if the controller reached the expected state and retry 2549 + * the operation only if it hasn't. 2550 + */ 2551 + if (dxstate == BTINTEL_PCIE_STATE_D0) { 2552 + if (btintel_pcie_in_d0(data)) 2553 + return 0; 2554 + } else { 2555 + if (btintel_pcie_in_d3(data)) 2556 + return 0; 2557 + } 2558 + 2559 + } while (++retry < BTINTEL_PCIE_DX_TRANSITION_MAX_RETRIES); 2560 + 2561 + return -EBUSY; 2562 + } 2563 + 2586 2564 static int btintel_pcie_suspend_late(struct device *dev, pm_message_t mesg) 2587 2565 { 2588 2566 struct pci_dev *pdev = to_pci_dev(dev); ··· 2638 2532 dxstate = (mesg.event == PM_EVENT_SUSPEND ? 2639 2533 BTINTEL_PCIE_STATE_D3_HOT : BTINTEL_PCIE_STATE_D3_COLD); 2640 2534 2641 - data->gp0_received = false; 2535 + data->pm_sx_event = mesg.event; 2642 2536 2643 2537 start = ktime_get(); 2644 2538 2645 2539 /* Refer: 6.4.11.7 -> Platform power management */ 2646 - btintel_pcie_wr_sleep_cntrl(data, dxstate); 2647 - err = wait_event_timeout(data->gp0_wait_q, data->gp0_received, 2648 - msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS)); 2649 - if (err == 0) { 2650 - bt_dev_err(data->hdev, 2651 - "Timeout (%u ms) on alive interrupt for D3 entry", 2652 - BTINTEL_DEFAULT_INTR_TIMEOUT_MS); 2653 - return -EBUSY; 2654 - } 2540 + err = btintel_pcie_set_dxstate(data, dxstate); 2541 + 2542 + if (err) 2543 + return err; 2655 2544 2656 2545 bt_dev_dbg(data->hdev, 2657 2546 "device entered into d3 state from d0 in %lld us", 2658 2547 ktime_to_us(ktime_get() - start)); 2659 - 2660 - return 0; 2548 + return err; 2661 2549 } 2662 2550 2663 2551 static int btintel_pcie_suspend(struct device *dev) ··· 2681 2581 2682 2582 start = ktime_get(); 2683 2583 2684 - /* Refer: 6.4.11.7 -> Platform power management */ 2685 - btintel_pcie_wr_sleep_cntrl(data, BTINTEL_PCIE_STATE_D0); 2686 - err = wait_event_timeout(data->gp0_wait_q, data->gp0_received, 2687 - msecs_to_jiffies(BTINTEL_DEFAULT_INTR_TIMEOUT_MS)); 2688 - if (err == 0) { 2689 - bt_dev_err(data->hdev, 2690 - "Timeout (%u ms) on alive interrupt for D0 entry", 2691 - BTINTEL_DEFAULT_INTR_TIMEOUT_MS); 2692 - return -EBUSY; 2584 + /* When the system enters S4 (hibernate) mode, bluetooth device loses 2585 + * power, which results in the erasure of its loaded firmware. 2586 + * Consequently, function level reset (flr) is required on system 2587 + * resume to bring the controller back into an operational state by 2588 + * initiating a new firmware download. 2589 + */ 2590 + 2591 + if (data->pm_sx_event == PM_EVENT_FREEZE || 2592 + data->pm_sx_event == PM_EVENT_HIBERNATE) { 2593 + set_bit(BTINTEL_PCIE_CORE_HALTED, &data->flags); 2594 + btintel_pcie_reset(data->hdev); 2595 + return 0; 2693 2596 } 2694 2597 2695 - bt_dev_dbg(data->hdev, 2696 - "device entered into d0 state from d3 in %lld us", 2697 - ktime_to_us(ktime_get() - start)); 2698 - return 0; 2598 + /* Refer: 6.4.11.7 -> Platform power management */ 2599 + err = btintel_pcie_set_dxstate(data, BTINTEL_PCIE_STATE_D0); 2600 + 2601 + if (err == 0) { 2602 + bt_dev_dbg(data->hdev, 2603 + "device entered into d0 state from d3 in %lld us", 2604 + ktime_to_us(ktime_get() - start)); 2605 + return err; 2606 + } 2607 + 2608 + /* Trigger function level reset if the controller is in error 2609 + * state during resume() to bring back the controller to 2610 + * operational mode 2611 + */ 2612 + 2613 + data->boot_stage_cache = btintel_pcie_rd_reg32(data, 2614 + BTINTEL_PCIE_CSR_BOOT_STAGE_REG); 2615 + if (btintel_pcie_in_error(data) || 2616 + btintel_pcie_in_device_halt(data)) { 2617 + bt_dev_err(data->hdev, "Controller in error state for D0 entry"); 2618 + if (!test_and_set_bit(BTINTEL_PCIE_COREDUMP_INPROGRESS, 2619 + &data->flags)) { 2620 + data->dmp_hdr.trigger_reason = 2621 + BTINTEL_PCIE_TRIGGER_REASON_FW_ASSERT; 2622 + queue_work(data->workqueue, &data->rx_work); 2623 + } 2624 + set_bit(BTINTEL_PCIE_CORE_HALTED, &data->flags); 2625 + btintel_pcie_reset(data->hdev); 2626 + } 2627 + return err; 2699 2628 } 2700 2629 2701 2630 static const struct dev_pm_ops btintel_pcie_pm_ops = {

+4

drivers/bluetooth/btintel_pcie.h

··· 158 158 /* Default interrupt timeout in msec */ 159 159 #define BTINTEL_DEFAULT_INTR_TIMEOUT_MS 3000 160 160 161 + #define BTINTEL_PCIE_DX_TRANSITION_MAX_RETRIES 3 162 + 161 163 /* The number of descriptors in TX queues */ 162 164 #define BTINTEL_PCIE_TX_DESCS_COUNT 32 163 165 ··· 466 464 * @txq: TX Queue struct 467 465 * @rxq: RX Queue struct 468 466 * @alive_intr_ctxt: Alive interrupt context 467 + * @pm_sx_event: PM event on which system got suspended 469 468 */ 470 469 struct btintel_pcie_data { 471 470 struct pci_dev *pdev; ··· 516 513 u32 alive_intr_ctxt; 517 514 struct btintel_pcie_dbgc dbgc; 518 515 struct btintel_pcie_dump_header dmp_hdr; 516 + u8 pm_sx_event; 519 517 }; 520 518 521 519 static inline u32 btintel_pcie_rd_reg32(struct btintel_pcie_data *data,

-1

drivers/bluetooth/btmtksdio.c

··· 615 615 616 616 sdio_release_host(bdev->func); 617 617 618 - pm_runtime_mark_last_busy(bdev->dev); 619 618 pm_runtime_put_autosuspend(bdev->dev); 620 619 } 621 620

+15 -1

drivers/bluetooth/btrtl.c

··· 72 72 CHIP_ID_8851B = 36, 73 73 CHIP_ID_8922A = 44, 74 74 CHIP_ID_8852BT = 47, 75 + CHIP_ID_8761C = 51, 75 76 }; 76 77 77 78 struct id_table { ··· 231 230 .cfg_name = "rtl_bt/rtl8761bu_config", 232 231 .hw_info = "rtl8761bu" }, 233 232 233 + /* 8761CU */ 234 + { IC_INFO(RTL_ROM_LMP_8761A, 0x0e, 0, HCI_USB), 235 + .config_needed = false, 236 + .has_rom_version = true, 237 + .fw_name = "rtl_bt/rtl8761cu_fw", 238 + .cfg_name = "rtl_bt/rtl8761cu_config", 239 + .hw_info = "rtl8761cu" }, 240 + 234 241 /* 8822C with UART interface */ 235 242 { IC_INFO(RTL_ROM_LMP_8822B, 0xc, 0x8, HCI_UART), 236 243 .config_needed = true, ··· 353 344 (ic_id_table[i].hci_rev != hci_rev)) 354 345 continue; 355 346 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) && 356 - (ic_id_table[i].hci_ver != hci_ver)) 347 + (ic_id_table[i].hci_ver != hci_ver) && 348 + (ic_id_table[i].hci_ver != 0)) 357 349 continue; 358 350 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) && 359 351 (ic_id_table[i].hci_bus != hci_bus)) ··· 672 662 { RTL_ROM_LMP_8851B, 36 }, /* 8851B */ 673 663 { RTL_ROM_LMP_8922A, 44 }, /* 8922A */ 674 664 { RTL_ROM_LMP_8852A, 47 }, /* 8852BT */ 665 + { RTL_ROM_LMP_8761A, 51 }, /* 8761C */ 675 666 }; 676 667 677 668 if (btrtl_dev->fw_len <= 8) ··· 1316 1305 case CHIP_ID_8851B: 1317 1306 case CHIP_ID_8922A: 1318 1307 case CHIP_ID_8852BT: 1308 + case CHIP_ID_8761C: 1319 1309 hci_set_quirk(hdev, HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED); 1320 1310 1321 1311 /* RTL8852C needs to transmit mSBC data continuously without ··· 1536 1524 MODULE_FIRMWARE("rtl_bt/rtl8761b_config.bin"); 1537 1525 MODULE_FIRMWARE("rtl_bt/rtl8761bu_fw.bin"); 1538 1526 MODULE_FIRMWARE("rtl_bt/rtl8761bu_config.bin"); 1527 + MODULE_FIRMWARE("rtl_bt/rtl8761cu_fw.bin"); 1528 + MODULE_FIRMWARE("rtl_bt/rtl8761cu_config.bin"); 1539 1529 MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin"); 1540 1530 MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin"); 1541 1531 MODULE_FIRMWARE("rtl_bt/rtl8821c_fw.bin");

+47

drivers/bluetooth/btusb.c

··· 504 504 /* Realtek 8821CE Bluetooth devices */ 505 505 { USB_DEVICE(0x13d3, 0x3529), .driver_info = BTUSB_REALTEK | 506 506 BTUSB_WIDEBAND_SPEECH }, 507 + { USB_DEVICE(0x13d3, 0x3533), .driver_info = BTUSB_REALTEK | 508 + BTUSB_WIDEBAND_SPEECH }, 507 509 508 510 /* Realtek 8822CE Bluetooth devices */ 509 511 { USB_DEVICE(0x0bda, 0xb00c), .driver_info = BTUSB_REALTEK | ··· 587 585 /* Realtek 8852BT/8852BE-VT Bluetooth devices */ 588 586 { USB_DEVICE(0x0bda, 0x8520), .driver_info = BTUSB_REALTEK | 589 587 BTUSB_WIDEBAND_SPEECH }, 588 + { USB_DEVICE(0x0489, 0xe12f), .driver_info = BTUSB_REALTEK | 589 + BTUSB_WIDEBAND_SPEECH }, 590 + { USB_DEVICE(0x13d3, 0x3618), .driver_info = BTUSB_REALTEK | 591 + BTUSB_WIDEBAND_SPEECH }, 592 + { USB_DEVICE(0x13d3, 0x3619), .driver_info = BTUSB_REALTEK | 593 + BTUSB_WIDEBAND_SPEECH }, 590 594 591 595 /* Realtek 8922AE Bluetooth devices */ 592 596 { USB_DEVICE(0x0bda, 0x8922), .driver_info = BTUSB_REALTEK | ··· 628 620 629 621 /* Additional MediaTek MT7920 Bluetooth devices */ 630 622 { USB_DEVICE(0x0489, 0xe134), .driver_info = BTUSB_MEDIATEK | 623 + BTUSB_WIDEBAND_SPEECH }, 624 + { USB_DEVICE(0x0489, 0xe135), .driver_info = BTUSB_MEDIATEK | 631 625 BTUSB_WIDEBAND_SPEECH }, 632 626 { USB_DEVICE(0x13d3, 0x3620), .driver_info = BTUSB_MEDIATEK | 633 627 BTUSB_WIDEBAND_SPEECH }, ··· 694 684 { USB_DEVICE(0x0489, 0xe152), .driver_info = BTUSB_MEDIATEK | 695 685 BTUSB_WIDEBAND_SPEECH }, 696 686 { USB_DEVICE(0x0489, 0xe153), .driver_info = BTUSB_MEDIATEK | 687 + BTUSB_WIDEBAND_SPEECH }, 688 + { USB_DEVICE(0x0489, 0xe170), .driver_info = BTUSB_MEDIATEK | 697 689 BTUSB_WIDEBAND_SPEECH }, 698 690 { USB_DEVICE(0x04ca, 0x3804), .driver_info = BTUSB_MEDIATEK | 699 691 BTUSB_WIDEBAND_SPEECH }, ··· 792 780 { USB_DEVICE(0x7392, 0xc611), .driver_info = BTUSB_REALTEK | 793 781 BTUSB_WIDEBAND_SPEECH }, 794 782 { USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK | 783 + BTUSB_WIDEBAND_SPEECH }, 784 + { USB_DEVICE(0x2b89, 0x6275), .driver_info = BTUSB_REALTEK | 795 785 BTUSB_WIDEBAND_SPEECH }, 796 786 797 787 /* Additional Realtek 8821AE Bluetooth devices */ ··· 1143 1129 } 1144 1130 1145 1131 btusb_reset(hdev); 1132 + } 1133 + 1134 + static u8 btusb_classify_qca_pkt_type(struct hci_dev *hdev, struct sk_buff *skb) 1135 + { 1136 + /* Some Qualcomm controllers, e.g., QCNFA765 with WCN6855 chip, send debug 1137 + * packets as ACL frames with connection handle 0x2EDC. These are not real 1138 + * ACL packets and should be reclassified as HCI_DIAG_PKT to prevent 1139 + * "ACL packet for unknown connection handle 3804" errors. 1140 + */ 1141 + if (skb->len >= 2) { 1142 + u16 handle = get_unaligned_le16(skb->data); 1143 + 1144 + if (handle == 0x2EDC) 1145 + return HCI_DIAG_PKT; 1146 + } 1147 + 1148 + /* Use default packet type for other packets */ 1149 + return hci_skb_pkt_type(skb); 1146 1150 } 1147 1151 1148 1152 static inline void btusb_free_frags(struct btusb_data *data) ··· 2840 2808 btusb_stop_traffic(data); 2841 2809 usb_kill_anchored_urbs(&data->tx_anchor); 2842 2810 2811 + /* Toggle the hard reset line. The MediaTek device is going to 2812 + * yank itself off the USB and then replug. The cleanup is handled 2813 + * correctly on the way out (standard USB disconnect), and the new 2814 + * device is detected cleanly and bound to the driver again like 2815 + * it should be. 2816 + */ 2817 + if (data->reset_gpio) { 2818 + gpiod_set_value_cansleep(data->reset_gpio, 1); 2819 + msleep(200); 2820 + gpiod_set_value_cansleep(data->reset_gpio, 0); 2821 + return 0; 2822 + } 2823 + 2843 2824 err = btmtk_usb_subsys_reset(hdev, btmtk_data->dev_id); 2844 2825 2845 2826 usb_queue_reset_device(data->intf); ··· 3306 3261 3307 3262 static const struct qca_custom_firmware qca_custom_btfws[] = { 3308 3263 { 0x00130201, 0x030A, "QCA2066" }, 3264 + { 0x00130201, 0x030B, "QCA2066" }, 3309 3265 { }, 3310 3266 }; 3311 3267 ··· 4272 4226 data->recv_acl = btusb_recv_acl_qca; 4273 4227 hci_devcd_register(hdev, btusb_coredump_qca, btusb_dump_hdr_qca, NULL); 4274 4228 data->setup_on_usb = btusb_setup_qca; 4229 + hdev->classify_pkt_type = btusb_classify_qca_pkt_type; 4275 4230 hdev->shutdown = btusb_shutdown_qca; 4276 4231 hdev->set_bdaddr = btusb_set_bdaddr_wcn6855; 4277 4232 hdev->reset = btusb_qca_reset;

+1 -5

drivers/bluetooth/hci_bcm.c

··· 326 326 bt_dev_dbg(bdev, "Host wake IRQ"); 327 327 328 328 pm_runtime_get(bdev->dev); 329 - pm_runtime_mark_last_busy(bdev->dev); 330 329 pm_runtime_put_autosuspend(bdev->dev); 331 330 332 331 return IRQ_HANDLED; ··· 709 710 mutex_lock(&bcm_device_lock); 710 711 if (bcm->dev && bcm_device_exists(bcm->dev)) { 711 712 pm_runtime_get(bcm->dev->dev); 712 - pm_runtime_mark_last_busy(bcm->dev->dev); 713 713 pm_runtime_put_autosuspend(bcm->dev->dev); 714 714 } 715 715 mutex_unlock(&bcm_device_lock); ··· 746 748 747 749 skb = skb_dequeue(&bcm->txq); 748 750 749 - if (bdev) { 750 - pm_runtime_mark_last_busy(bdev->dev); 751 + if (bdev) 751 752 pm_runtime_put_autosuspend(bdev->dev); 752 - } 753 753 754 754 mutex_unlock(&bcm_device_lock); 755 755

+43 -10

drivers/bluetooth/hci_h5.c

··· 7 7 */ 8 8 9 9 #include <linux/acpi.h> 10 + #include <linux/bitrev.h> 11 + #include <linux/crc-ccitt.h> 10 12 #include <linux/errno.h> 11 13 #include <linux/gpio/consumer.h> 12 14 #include <linux/kernel.h> ··· 60 58 H5_TX_ACK_REQ, /* Pending ack to send */ 61 59 H5_WAKEUP_DISABLE, /* Device cannot wake host */ 62 60 H5_HW_FLOW_CONTROL, /* Use HW flow control */ 61 + H5_CRC, /* Use CRC */ 63 62 }; 64 63 65 64 struct h5 { ··· 144 141 145 142 static u8 h5_cfg_field(struct h5 *h5) 146 143 { 147 - /* Sliding window size (first 3 bits) */ 148 - return h5->tx_win & 0x07; 144 + /* Sliding window size (first 3 bits) and CRC request (fifth bit). */ 145 + return (h5->tx_win & 0x07) | 0x10; 149 146 } 150 147 151 148 static void h5_timed_event(struct timer_list *t) ··· 216 213 static int h5_open(struct hci_uart *hu) 217 214 { 218 215 struct h5 *h5; 219 - const unsigned char sync[] = { 0x01, 0x7e }; 220 216 221 217 BT_DBG("hu %p", hu); 222 218 ··· 245 243 246 244 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags); 247 245 248 - /* Send initial sync request */ 249 - h5_link_control(hu, sync, sizeof(sync)); 250 - mod_timer(&h5->timer, jiffies + H5_SYNC_TIMEOUT); 246 + /* 247 + * Wait one jiffy because the UART layer won't set HCI_UART_PROTO_READY, 248 + * which allows us to send link packets, until this function returns. 249 + */ 250 + mod_timer(&h5->timer, jiffies + 1); 251 251 252 252 return 0; 253 253 } ··· 364 360 h5_link_control(hu, conf_rsp, 2); 365 361 h5_link_control(hu, conf_req, 3); 366 362 } else if (memcmp(data, conf_rsp, 2) == 0) { 367 - if (H5_HDR_LEN(hdr) > 2) 363 + if (H5_HDR_LEN(hdr) > 2) { 368 364 h5->tx_win = (data[2] & 0x07); 365 + assign_bit(H5_CRC, &h5->flags, data[2] & 0x10); 366 + } 369 367 BT_DBG("Three-wire init complete. tx_win %u", h5->tx_win); 370 368 h5->state = H5_ACTIVE; 371 369 hci_uart_init_ready(hu); ··· 431 425 432 426 static int h5_rx_crc(struct hci_uart *hu, unsigned char c) 433 427 { 434 - h5_complete_rx_pkt(hu); 428 + struct h5 *h5 = hu->priv; 429 + const unsigned char *hdr = h5->rx_skb->data; 430 + u16 crc; 431 + __be16 crc_be; 432 + 433 + crc = crc_ccitt(0xffff, hdr, 4 + H5_HDR_LEN(hdr)); 434 + crc = bitrev16(crc); 435 + 436 + crc_be = cpu_to_be16(crc); 437 + 438 + if (memcmp(&crc_be, hdr + 4 + H5_HDR_LEN(hdr), 2) != 0) { 439 + bt_dev_err(hu->hdev, "Received packet with invalid CRC"); 440 + h5_reset_rx(h5); 441 + } else { 442 + /* Remove CRC bytes */ 443 + skb_trim(h5->rx_skb, 4 + H5_HDR_LEN(hdr)); 444 + h5_complete_rx_pkt(hu); 445 + } 435 446 436 447 return 0; 437 448 } ··· 579 556 h5->rx_func = h5_rx_delimiter; 580 557 h5->rx_pending = 0; 581 558 clear_bit(H5_RX_ESC, &h5->flags); 559 + clear_bit(H5_CRC, &h5->flags); 582 560 } 583 561 584 562 static int h5_recv(struct hci_uart *hu, const void *data, int count) ··· 616 592 617 593 if (hu->serdev) { 618 594 pm_runtime_get(&hu->serdev->dev); 619 - pm_runtime_mark_last_busy(&hu->serdev->dev); 620 595 pm_runtime_put_autosuspend(&hu->serdev->dev); 621 596 } 622 597 ··· 657 634 658 635 if (hu->serdev) { 659 636 pm_runtime_get_sync(&hu->serdev->dev); 660 - pm_runtime_mark_last_busy(&hu->serdev->dev); 661 637 pm_runtime_put_autosuspend(&hu->serdev->dev); 662 638 } 663 639 ··· 708 686 struct h5 *h5 = hu->priv; 709 687 struct sk_buff *nskb; 710 688 u8 hdr[4]; 689 + u16 crc; 711 690 int i; 712 691 713 692 if (!valid_packet_type(pkt_type)) { ··· 736 713 /* Reliable packet? */ 737 714 if (pkt_type == HCI_ACLDATA_PKT || pkt_type == HCI_COMMAND_PKT) { 738 715 hdr[0] |= 1 << 7; 716 + hdr[0] |= (test_bit(H5_CRC, &h5->flags) && 1) << 6; 739 717 hdr[0] |= h5->tx_seq; 740 718 h5->tx_seq = (h5->tx_seq + 1) % 8; 741 719 } ··· 755 731 756 732 for (i = 0; i < len; i++) 757 733 h5_slip_one_byte(nskb, data[i]); 734 + 735 + if (H5_HDR_CRC(hdr)) { 736 + crc = crc_ccitt(0xffff, hdr, 4); 737 + crc = crc_ccitt(crc, data, len); 738 + crc = bitrev16(crc); 739 + 740 + h5_slip_one_byte(nskb, (crc >> 8) & 0xff); 741 + h5_slip_one_byte(nskb, crc & 0xff); 742 + } 758 743 759 744 h5_slip_delim(nskb); 760 745

-3

drivers/bluetooth/hci_intel.c

··· 280 280 281 281 /* Host/Controller are now LPM resumed, trigger a new delayed suspend */ 282 282 pm_runtime_get(&idev->pdev->dev); 283 - pm_runtime_mark_last_busy(&idev->pdev->dev); 284 283 pm_runtime_put_autosuspend(&idev->pdev->dev); 285 284 286 285 return IRQ_HANDLED; ··· 370 371 list_for_each_entry(idev, &intel_device_list, list) { 371 372 if (intel->hu->tty->dev->parent == idev->pdev->dev.parent) { 372 373 pm_runtime_get(&idev->pdev->dev); 373 - pm_runtime_mark_last_busy(&idev->pdev->dev); 374 374 pm_runtime_put_autosuspend(&idev->pdev->dev); 375 375 break; 376 376 } ··· 1001 1003 list_for_each_entry(idev, &intel_device_list, list) { 1002 1004 if (hu->tty->dev->parent == idev->pdev->dev.parent) { 1003 1005 pm_runtime_get_sync(&idev->pdev->dev); 1004 - pm_runtime_mark_last_busy(&idev->pdev->dev); 1005 1006 pm_runtime_put_autosuspend(&idev->pdev->dev); 1006 1007 break; 1007 1008 }

+77

include/net/bluetooth/hci.h

··· 647 647 #define HCI_LE_EXT_ADV 0x10 648 648 #define HCI_LE_PERIODIC_ADV 0x20 649 649 #define HCI_LE_CHAN_SEL_ALG2 0x40 650 + #define HCI_LE_PAST_SENDER 0x01 651 + #define HCI_LE_PAST_RECEIVER 0x02 650 652 #define HCI_LE_CIS_CENTRAL 0x10 651 653 #define HCI_LE_CIS_PERIPHERAL 0x20 652 654 #define HCI_LE_ISO_BROADCASTER 0x40 653 655 #define HCI_LE_ISO_SYNC_RECEIVER 0x80 656 + #define HCI_LE_LL_EXT_FEATURE 0x80 654 657 655 658 /* Connection modes */ 656 659 #define HCI_CM_ACTIVE 0x0000 ··· 2071 2068 __u8 mode; 2072 2069 } __packed; 2073 2070 2071 + #define HCI_OP_LE_PAST 0x205a 2072 + struct hci_cp_le_past { 2073 + __le16 handle; 2074 + __le16 service_data; 2075 + __le16 sync_handle; 2076 + } __packed; 2077 + 2078 + struct hci_rp_le_past { 2079 + __u8 status; 2080 + __le16 handle; 2081 + } __packed; 2082 + 2083 + #define HCI_OP_LE_PAST_SET_INFO 0x205b 2084 + struct hci_cp_le_past_set_info { 2085 + __le16 handle; 2086 + __le16 service_data; 2087 + __u8 adv_handle; 2088 + } __packed; 2089 + 2090 + struct hci_rp_le_past_set_info { 2091 + __u8 status; 2092 + __le16 handle; 2093 + } __packed; 2094 + 2095 + #define HCI_OP_LE_PAST_PARAMS 0x205c 2096 + struct hci_cp_le_past_params { 2097 + __le16 handle; 2098 + __u8 mode; 2099 + __le16 skip; 2100 + __le16 sync_timeout; 2101 + __u8 cte_type; 2102 + } __packed; 2103 + 2104 + struct hci_rp_le_past_params { 2105 + __u8 status; 2106 + __le16 handle; 2107 + } __packed; 2108 + 2074 2109 #define HCI_OP_LE_READ_BUFFER_SIZE_V2 0x2060 2075 2110 struct hci_rp_le_read_buffer_size_v2 { 2076 2111 __u8 status; ··· 2254 2213 struct hci_cp_le_set_host_feature { 2255 2214 __u8 bit_number; 2256 2215 __u8 bit_value; 2216 + } __packed; 2217 + 2218 + #define HCI_OP_LE_READ_ALL_LOCAL_FEATURES 0x2087 2219 + struct hci_rp_le_read_all_local_features { 2220 + __u8 status; 2221 + __u8 page; 2222 + __u8 features[248]; 2223 + } __packed; 2224 + 2225 + #define HCI_OP_LE_READ_ALL_REMOTE_FEATURES 0x2088 2226 + struct hci_cp_le_read_all_remote_features { 2227 + __le16 handle; 2228 + __u8 pages; 2257 2229 } __packed; 2258 2230 2259 2231 /* ---- HCI Events ---- */ ··· 2854 2800 __u8 num_evts; 2855 2801 } __packed; 2856 2802 2803 + #define HCI_EV_LE_PAST_RECEIVED 0x18 2804 + struct hci_ev_le_past_received { 2805 + __u8 status; 2806 + __le16 handle; 2807 + __le16 service_data; 2808 + __le16 sync_handle; 2809 + __u8 sid; 2810 + __u8 bdaddr_type; 2811 + bdaddr_t bdaddr; 2812 + __u8 phy; 2813 + __le16 interval; 2814 + __u8 clock_accuracy; 2815 + } __packed; 2816 + 2857 2817 #define HCI_EVT_LE_CIS_ESTABLISHED 0x19 2858 2818 struct hci_evt_le_cis_established { 2859 2819 __u8 status; ··· 2949 2881 __u8 phy; 2950 2882 __u8 framing; 2951 2883 __u8 encryption; 2884 + } __packed; 2885 + 2886 + #define HCI_EVT_LE_ALL_REMOTE_FEATURES_COMPLETE 0x2b 2887 + struct hci_evt_le_read_all_remote_features_complete { 2888 + __u8 status; 2889 + __le16 handle; 2890 + __u8 max_pages; 2891 + __u8 valid_pages; 2892 + __u8 features[248]; 2952 2893 } __packed; 2953 2894 2954 2895 #define HCI_EV_VENDOR 0xff

+20 -3

include/net/bluetooth/hci_core.h

··· 166 166 HCI_CONN_FLAG_REMOTE_WAKEUP = BIT(0), 167 167 HCI_CONN_FLAG_DEVICE_PRIVACY = BIT(1), 168 168 HCI_CONN_FLAG_ADDRESS_RESOLUTION = BIT(2), 169 + HCI_CONN_FLAG_PAST = BIT(3), 169 170 }; 170 171 typedef u8 hci_conn_flags_t; 171 172 ··· 378 377 __u8 minor_class; 379 378 __u8 max_page; 380 379 __u8 features[HCI_MAX_PAGES][8]; 381 - __u8 le_features[8]; 380 + __u8 le_features[248]; 382 381 __u8 le_accept_list_size; 383 382 __u8 le_resolv_list_size; 384 383 __u8 le_num_of_adv_sets; ··· 702 701 __u8 attempt; 703 702 __u8 dev_class[3]; 704 703 __u8 features[HCI_MAX_PAGES][8]; 704 + __u8 le_features[248]; 705 705 __u16 pkt_type; 706 706 __u16 link_policy; 707 707 __u8 key_type; ··· 1572 1570 int hci_conn_check_create_cis(struct hci_conn *conn); 1573 1571 1574 1572 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, 1575 - u8 role, u16 handle); 1573 + u8 dst_type, u8 role, u16 handle); 1576 1574 struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, 1577 - bdaddr_t *dst, u8 role); 1575 + bdaddr_t *dst, u8 dst_type, u8 role); 1578 1576 void hci_conn_del(struct hci_conn *conn); 1579 1577 void hci_conn_hash_flush(struct hci_dev *hdev); 1580 1578 ··· 1603 1601 struct hci_conn *hci_bind_bis(struct hci_dev *hdev, bdaddr_t *dst, __u8 sid, 1604 1602 struct bt_iso_qos *qos, 1605 1603 __u8 base_len, __u8 *base, u16 timeout); 1604 + int hci_past_bis(struct hci_conn *conn, bdaddr_t *dst, __u8 dst_type); 1606 1605 struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst, 1607 1606 __u8 dst_type, struct bt_iso_qos *qos, 1608 1607 u16 timeout); ··· 2056 2053 #define sync_recv_capable(dev) \ 2057 2054 ((dev)->le_features[3] & HCI_LE_ISO_SYNC_RECEIVER) 2058 2055 #define sync_recv_enabled(dev) (le_enabled(dev) && sync_recv_capable(dev)) 2056 + #define past_sender_capable(dev) \ 2057 + ((dev)->le_features[3] & HCI_LE_PAST_SENDER) 2058 + #define past_receiver_capable(dev) \ 2059 + ((dev)->le_features[3] & HCI_LE_PAST_RECEIVER) 2060 + #define past_capable(dev) \ 2061 + (past_sender_capable(dev) || past_receiver_capable(dev)) 2062 + #define past_sender_enabled(dev) \ 2063 + (le_enabled(dev) && past_sender_capable(dev)) 2064 + #define past_receiver_enabled(dev) \ 2065 + (le_enabled(dev) && past_receiver_capable(dev)) 2066 + #define past_enabled(dev) \ 2067 + (past_sender_enabled(dev) || past_receiver_enabled(dev)) 2068 + #define ll_ext_feature_capable(dev) \ 2069 + ((dev)->le_features[7] & HCI_LE_LL_EXT_FEATURE) 2059 2070 2060 2071 #define mws_transport_config_capable(dev) (((dev)->commands[30] & 0x08) && \ 2061 2072 (!hci_test_quirk((dev), HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG)))

+3

include/net/bluetooth/hci_sync.h

··· 188 188 189 189 int hci_connect_pa_sync(struct hci_dev *hdev, struct hci_conn *conn); 190 190 int hci_connect_big_sync(struct hci_dev *hdev, struct hci_conn *conn); 191 + int hci_past_sync(struct hci_conn *conn, struct hci_conn *le); 192 + 193 + int hci_le_read_remote_features(struct hci_conn *conn);

+2

include/net/bluetooth/mgmt.h

··· 119 119 #define MGMT_SETTING_ISO_BROADCASTER BIT(20) 120 120 #define MGMT_SETTING_ISO_SYNC_RECEIVER BIT(21) 121 121 #define MGMT_SETTING_LL_PRIVACY BIT(22) 122 + #define MGMT_SETTING_PAST_SENDER BIT(23) 123 + #define MGMT_SETTING_PAST_RECEIVER BIT(24) 122 124 123 125 #define MGMT_OP_READ_INFO 0x0004 124 126 #define MGMT_READ_INFO_SIZE 0

+39 -16

net/bluetooth/hci_conn.c

··· 922 922 U16_MAX, GFP_ATOMIC); 923 923 } 924 924 925 - static struct hci_conn *__hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, 925 + static struct hci_conn *__hci_conn_add(struct hci_dev *hdev, int type, 926 + bdaddr_t *dst, u8 dst_type, 926 927 u8 role, u16 handle) 927 928 { 928 929 struct hci_conn *conn; 930 + struct smp_irk *irk = NULL; 929 931 930 932 switch (type) { 931 933 case ACL_LINK: ··· 939 937 case PA_LINK: 940 938 if (!hdev->iso_mtu) 941 939 return ERR_PTR(-ECONNREFUSED); 940 + irk = hci_get_irk(hdev, dst, dst_type); 942 941 break; 943 942 case LE_LINK: 944 943 if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) 945 944 return ERR_PTR(-ECONNREFUSED); 946 945 if (!hdev->le_mtu && hdev->acl_mtu < HCI_MIN_LE_MTU) 947 946 return ERR_PTR(-ECONNREFUSED); 947 + irk = hci_get_irk(hdev, dst, dst_type); 948 948 break; 949 949 case SCO_LINK: 950 950 case ESCO_LINK: ··· 964 960 if (!conn) 965 961 return ERR_PTR(-ENOMEM); 966 962 967 - bacpy(&conn->dst, dst); 963 + /* If and IRK exists use its identity address */ 964 + if (!irk) { 965 + bacpy(&conn->dst, dst); 966 + conn->dst_type = dst_type; 967 + } else { 968 + bacpy(&conn->dst, &irk->bdaddr); 969 + conn->dst_type = irk->addr_type; 970 + } 971 + 968 972 bacpy(&conn->src, &hdev->bdaddr); 969 973 conn->handle = handle; 970 974 conn->hdev = hdev; ··· 1071 1059 } 1072 1060 1073 1061 struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, 1074 - bdaddr_t *dst, u8 role) 1062 + bdaddr_t *dst, u8 dst_type, u8 role) 1075 1063 { 1076 1064 int handle; 1077 1065 ··· 1081 1069 if (unlikely(handle < 0)) 1082 1070 return ERR_PTR(-ECONNREFUSED); 1083 1071 1084 - return __hci_conn_add(hdev, type, dst, role, handle); 1072 + return __hci_conn_add(hdev, type, dst, dst_type, role, handle); 1085 1073 } 1086 1074 1087 1075 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, 1088 - u8 role, u16 handle) 1076 + u8 dst_type, u8 role, u16 handle) 1089 1077 { 1090 1078 if (handle > HCI_CONN_HANDLE_MAX) 1091 1079 return ERR_PTR(-EINVAL); 1092 1080 1093 - return __hci_conn_add(hdev, type, dst, role, handle); 1081 + return __hci_conn_add(hdev, type, dst, dst_type, role, handle); 1094 1082 } 1095 1083 1096 1084 static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason) ··· 1422 1410 if (conn) { 1423 1411 bacpy(&conn->dst, dst); 1424 1412 } else { 1425 - conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); 1413 + conn = hci_conn_add_unset(hdev, LE_LINK, dst, dst_type, role); 1426 1414 if (IS_ERR(conn)) 1427 1415 return conn; 1428 1416 hci_conn_hold(conn); 1429 1417 conn->pending_sec_level = sec_level; 1430 1418 } 1431 1419 1432 - conn->dst_type = dst_type; 1433 1420 conn->sec_level = BT_SECURITY_LOW; 1434 1421 conn->conn_timeout = conn_timeout; 1435 1422 conn->le_adv_phy = phy; ··· 1598 1587 memcmp(conn->le_per_adv_data, base, base_len))) 1599 1588 return ERR_PTR(-EADDRINUSE); 1600 1589 1601 - conn = hci_conn_add_unset(hdev, BIS_LINK, dst, HCI_ROLE_MASTER); 1590 + conn = hci_conn_add_unset(hdev, BIS_LINK, dst, 0, HCI_ROLE_MASTER); 1602 1591 if (IS_ERR(conn)) 1603 1592 return conn; 1604 1593 ··· 1644 1633 1645 1634 BT_DBG("requesting refresh of dst_addr"); 1646 1635 1647 - conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); 1636 + conn = hci_conn_add_unset(hdev, LE_LINK, dst, dst_type, 1637 + HCI_ROLE_MASTER); 1648 1638 if (IS_ERR(conn)) 1649 1639 return conn; 1650 1640 ··· 1656 1644 1657 1645 conn->state = BT_CONNECT; 1658 1646 set_bit(HCI_CONN_SCANNING, &conn->flags); 1659 - conn->dst_type = dst_type; 1660 1647 conn->sec_level = BT_SECURITY_LOW; 1661 1648 conn->pending_sec_level = sec_level; 1662 1649 conn->conn_timeout = conn_timeout; ··· 1692 1681 1693 1682 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 1694 1683 if (!acl) { 1695 - acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); 1684 + acl = hci_conn_add_unset(hdev, ACL_LINK, dst, 0, 1685 + HCI_ROLE_MASTER); 1696 1686 if (IS_ERR(acl)) 1697 1687 return acl; 1698 1688 } ··· 1762 1750 1763 1751 sco = hci_conn_hash_lookup_ba(hdev, type, dst); 1764 1752 if (!sco) { 1765 - sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); 1753 + sco = hci_conn_add_unset(hdev, type, dst, 0, HCI_ROLE_MASTER); 1766 1754 if (IS_ERR(sco)) { 1767 1755 hci_conn_drop(acl); 1768 1756 return sco; ··· 1954 1942 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig, 1955 1943 qos->ucast.cis); 1956 1944 if (!cis) { 1957 - cis = hci_conn_add_unset(hdev, CIS_LINK, dst, 1945 + cis = hci_conn_add_unset(hdev, CIS_LINK, dst, dst_type, 1958 1946 HCI_ROLE_MASTER); 1959 1947 if (IS_ERR(cis)) 1960 1948 return cis; ··· 2145 2133 2146 2134 bt_dev_dbg(hdev, "dst %pMR type %d sid %d", dst, dst_type, sid); 2147 2135 2148 - conn = hci_conn_add_unset(hdev, PA_LINK, dst, HCI_ROLE_SLAVE); 2136 + conn = hci_conn_add_unset(hdev, PA_LINK, dst, dst_type, HCI_ROLE_SLAVE); 2149 2137 if (IS_ERR(conn)) 2150 2138 return conn; 2151 2139 2152 2140 conn->iso_qos = *qos; 2153 - conn->dst_type = dst_type; 2154 2141 conn->sid = sid; 2155 2142 conn->state = BT_LISTEN; 2156 2143 conn->conn_timeout = msecs_to_jiffies(qos->bcast.sync_timeout * 10); ··· 2254 2243 } 2255 2244 2256 2245 return conn; 2246 + } 2247 + 2248 + int hci_past_bis(struct hci_conn *conn, bdaddr_t *dst, __u8 dst_type) 2249 + { 2250 + struct hci_conn *le; 2251 + 2252 + /* Lookup existing LE connection to rebind to */ 2253 + le = hci_conn_hash_lookup_le(conn->hdev, dst, dst_type); 2254 + if (!le) 2255 + return -EINVAL; 2256 + 2257 + return hci_past_sync(conn, le); 2257 2258 } 2258 2259 2259 2260 static void bis_mark_per_adv(struct hci_conn *conn, void *data)

+176 -46

net/bluetooth/hci_event.c

··· 2267 2267 } else { 2268 2268 if (!conn) { 2269 2269 conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr, 2270 - HCI_ROLE_MASTER); 2270 + 0, HCI_ROLE_MASTER); 2271 2271 if (IS_ERR(conn)) 2272 2272 bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); 2273 2273 } ··· 2886 2886 hci_dev_lock(hdev); 2887 2887 2888 2888 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 2889 - if (conn) { 2890 - if (conn->state == BT_CONFIG) { 2891 - hci_connect_cfm(conn, status); 2892 - hci_conn_drop(conn); 2893 - } 2894 - } 2889 + if (conn && conn->state == BT_CONFIG) 2890 + hci_connect_cfm(conn, status); 2895 2891 2896 2892 hci_dev_unlock(hdev); 2897 2893 } ··· 3119 3123 &ev->bdaddr, 3120 3124 BDADDR_BREDR)) { 3121 3125 conn = hci_conn_add_unset(hdev, ev->link_type, 3122 - &ev->bdaddr, HCI_ROLE_SLAVE); 3126 + &ev->bdaddr, 0, 3127 + HCI_ROLE_SLAVE); 3123 3128 if (IS_ERR(conn)) { 3124 3129 bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); 3125 3130 goto unlock; ··· 3296 3299 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, 3297 3300 &ev->bdaddr); 3298 3301 if (!conn) { 3299 - conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, 3302 + conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, 0, 3300 3303 HCI_ROLE_SLAVE); 3301 3304 if (IS_ERR(conn)) { 3302 3305 bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); ··· 3911 3914 return rp->status; 3912 3915 } 3913 3916 3917 + static u8 hci_cc_le_read_all_local_features(struct hci_dev *hdev, void *data, 3918 + struct sk_buff *skb) 3919 + { 3920 + struct hci_rp_le_read_all_local_features *rp = data; 3921 + 3922 + bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); 3923 + 3924 + if (rp->status) 3925 + return rp->status; 3926 + 3927 + memcpy(hdev->le_features, rp->features, 248); 3928 + 3929 + return rp->status; 3930 + } 3931 + 3914 3932 static void hci_cs_le_create_big(struct hci_dev *hdev, u8 status) 3915 3933 { 3916 3934 bt_dev_dbg(hdev, "status 0x%2.2x", status); 3935 + } 3936 + 3937 + static void hci_cs_le_read_all_remote_features(struct hci_dev *hdev, u8 status) 3938 + { 3939 + struct hci_cp_le_read_remote_features *cp; 3940 + struct hci_conn *conn; 3941 + 3942 + bt_dev_dbg(hdev, "status 0x%2.2x", status); 3943 + 3944 + if (!status) 3945 + return; 3946 + 3947 + cp = hci_sent_cmd_data(hdev, HCI_OP_LE_READ_ALL_REMOTE_FEATURES); 3948 + if (!cp) 3949 + return; 3950 + 3951 + hci_dev_lock(hdev); 3952 + 3953 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle)); 3954 + if (conn && conn->state == BT_CONFIG) 3955 + hci_connect_cfm(conn, status); 3956 + 3957 + hci_dev_unlock(hdev); 3917 3958 } 3918 3959 3919 3960 static u8 hci_cc_set_per_adv_param(struct hci_dev *hdev, void *data, ··· 4205 4170 sizeof(struct hci_rp_le_set_cig_params), HCI_MAX_EVENT_SIZE), 4206 4171 HCI_CC(HCI_OP_LE_SETUP_ISO_PATH, hci_cc_le_setup_iso_path, 4207 4172 sizeof(struct hci_rp_le_setup_iso_path)), 4173 + HCI_CC(HCI_OP_LE_READ_ALL_LOCAL_FEATURES, 4174 + hci_cc_le_read_all_local_features, 4175 + sizeof(struct hci_rp_le_read_all_local_features)), 4208 4176 }; 4209 4177 4210 4178 static u8 hci_cc_func(struct hci_dev *hdev, const struct hci_cc *cc, ··· 4362 4324 HCI_CS(HCI_OP_LE_EXT_CREATE_CONN, hci_cs_le_ext_create_conn), 4363 4325 HCI_CS(HCI_OP_LE_CREATE_CIS, hci_cs_le_create_cis), 4364 4326 HCI_CS(HCI_OP_LE_CREATE_BIG, hci_cs_le_create_big), 4327 + HCI_CS(HCI_OP_LE_READ_ALL_REMOTE_FEATURES, 4328 + hci_cs_le_read_all_remote_features), 4365 4329 }; 4366 4330 4367 4331 static void hci_cmd_status_evt(struct hci_dev *hdev, void *data, ··· 5684 5644 struct hci_conn *conn; 5685 5645 struct smp_irk *irk; 5686 5646 u8 addr_type; 5647 + int err; 5687 5648 5688 5649 hci_dev_lock(hdev); 5689 5650 ··· 5711 5670 if (status) 5712 5671 goto unlock; 5713 5672 5714 - conn = hci_conn_add_unset(hdev, LE_LINK, bdaddr, role); 5673 + conn = hci_conn_add_unset(hdev, LE_LINK, bdaddr, bdaddr_type, 5674 + role); 5715 5675 if (IS_ERR(conn)) { 5716 5676 bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); 5717 5677 goto unlock; 5718 5678 } 5719 - 5720 - conn->dst_type = bdaddr_type; 5721 5679 5722 5680 /* If we didn't have a hci_conn object previously 5723 5681 * but we're in central role this must be something ··· 5815 5775 hci_debugfs_create_conn(conn); 5816 5776 hci_conn_add_sysfs(conn); 5817 5777 5818 - /* The remote features procedure is defined for central 5819 - * role only. So only in case of an initiated connection 5820 - * request the remote features. 5821 - * 5822 - * If the local controller supports peripheral-initiated features 5823 - * exchange, then requesting the remote features in peripheral 5824 - * role is possible. Otherwise just transition into the 5825 - * connected state without requesting the remote features. 5826 - */ 5827 - if (conn->out || 5828 - (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES)) { 5829 - struct hci_cp_le_read_remote_features cp; 5830 - 5831 - cp.handle = __cpu_to_le16(conn->handle); 5832 - 5833 - hci_send_cmd(hdev, HCI_OP_LE_READ_REMOTE_FEATURES, 5834 - sizeof(cp), &cp); 5835 - 5836 - hci_conn_hold(conn); 5837 - } else { 5778 + err = hci_le_read_remote_features(conn); 5779 + if (err) { 5838 5780 conn->state = BT_CONNECTED; 5839 5781 hci_connect_cfm(conn, status); 5840 5782 } ··· 5952 5930 5953 5931 if (adv) 5954 5932 bacpy(&conn->resp_addr, &adv->random_addr); 5933 + } 5934 + 5935 + unlock: 5936 + hci_dev_unlock(hdev); 5937 + } 5938 + 5939 + static int hci_le_pa_term_sync(struct hci_dev *hdev, __le16 handle) 5940 + { 5941 + struct hci_cp_le_pa_term_sync cp; 5942 + 5943 + memset(&cp, 0, sizeof(cp)); 5944 + cp.handle = handle; 5945 + 5946 + return hci_send_cmd(hdev, HCI_OP_LE_PA_TERM_SYNC, sizeof(cp), &cp); 5947 + } 5948 + 5949 + static void hci_le_past_received_evt(struct hci_dev *hdev, void *data, 5950 + struct sk_buff *skb) 5951 + { 5952 + struct hci_ev_le_past_received *ev = data; 5953 + int mask = hdev->link_mode; 5954 + __u8 flags = 0; 5955 + struct hci_conn *pa_sync, *conn; 5956 + 5957 + bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); 5958 + 5959 + hci_dev_lock(hdev); 5960 + 5961 + hci_dev_clear_flag(hdev, HCI_PA_SYNC); 5962 + 5963 + conn = hci_conn_hash_lookup_create_pa_sync(hdev); 5964 + if (!conn) { 5965 + bt_dev_err(hdev, 5966 + "Unable to find connection for dst %pMR sid 0x%2.2x", 5967 + &ev->bdaddr, ev->sid); 5968 + goto unlock; 5969 + } 5970 + 5971 + conn->sync_handle = le16_to_cpu(ev->sync_handle); 5972 + conn->sid = HCI_SID_INVALID; 5973 + 5974 + mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, PA_LINK, 5975 + &flags); 5976 + if (!(mask & HCI_LM_ACCEPT)) { 5977 + hci_le_pa_term_sync(hdev, ev->sync_handle); 5978 + goto unlock; 5979 + } 5980 + 5981 + if (!(flags & HCI_PROTO_DEFER)) 5982 + goto unlock; 5983 + 5984 + /* Add connection to indicate PA sync event */ 5985 + pa_sync = hci_conn_add_unset(hdev, PA_LINK, BDADDR_ANY, 0, 5986 + HCI_ROLE_SLAVE); 5987 + 5988 + if (IS_ERR(pa_sync)) 5989 + goto unlock; 5990 + 5991 + pa_sync->sync_handle = le16_to_cpu(ev->sync_handle); 5992 + 5993 + if (ev->status) { 5994 + set_bit(HCI_CONN_PA_SYNC_FAILED, &pa_sync->flags); 5995 + 5996 + /* Notify iso layer */ 5997 + hci_connect_cfm(pa_sync, ev->status); 5955 5998 } 5956 5999 5957 6000 unlock: ··· 6499 6412 hci_dev_unlock(hdev); 6500 6413 } 6501 6414 6502 - static int hci_le_pa_term_sync(struct hci_dev *hdev, __le16 handle) 6503 - { 6504 - struct hci_cp_le_pa_term_sync cp; 6505 - 6506 - memset(&cp, 0, sizeof(cp)); 6507 - cp.handle = handle; 6508 - 6509 - return hci_send_cmd(hdev, HCI_OP_LE_PA_TERM_SYNC, sizeof(cp), &cp); 6510 - } 6511 - 6512 6415 static void hci_le_pa_sync_established_evt(struct hci_dev *hdev, void *data, 6513 6416 struct sk_buff *skb) 6514 6417 { ··· 6537 6460 goto unlock; 6538 6461 6539 6462 /* Add connection to indicate PA sync event */ 6540 - pa_sync = hci_conn_add_unset(hdev, PA_LINK, BDADDR_ANY, 6463 + pa_sync = hci_conn_add_unset(hdev, PA_LINK, BDADDR_ANY, 0, 6541 6464 HCI_ROLE_SLAVE); 6542 6465 6543 6466 if (IS_ERR(pa_sync)) ··· 6630 6553 6631 6554 conn->state = BT_CONNECTED; 6632 6555 hci_connect_cfm(conn, status); 6633 - hci_conn_drop(conn); 6634 6556 } 6635 6557 } 6636 6558 ··· 6977 6901 6978 6902 cis = hci_conn_hash_lookup_handle(hdev, cis_handle); 6979 6903 if (!cis) { 6980 - cis = hci_conn_add(hdev, CIS_LINK, &acl->dst, 6904 + cis = hci_conn_add(hdev, CIS_LINK, &acl->dst, acl->dst_type, 6981 6905 HCI_ROLE_SLAVE, cis_handle); 6982 6906 if (IS_ERR(cis)) { 6983 6907 hci_le_reject_cis(hdev, ev->cis_handle); ··· 7094 7018 bt_dev_dbg(hdev, "ignore too large handle %u", handle); 7095 7019 continue; 7096 7020 } 7097 - bis = hci_conn_add(hdev, BIS_LINK, BDADDR_ANY, 7021 + bis = hci_conn_add(hdev, BIS_LINK, BDADDR_ANY, 0, 7098 7022 HCI_ROLE_SLAVE, handle); 7099 7023 if (IS_ERR(bis)) 7100 7024 continue; ··· 7207 7131 hci_dev_unlock(hdev); 7208 7132 } 7209 7133 7134 + static void hci_le_read_all_remote_features_evt(struct hci_dev *hdev, 7135 + void *data, struct sk_buff *skb) 7136 + { 7137 + struct hci_evt_le_read_all_remote_features_complete *ev = data; 7138 + struct hci_conn *conn; 7139 + 7140 + bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); 7141 + 7142 + hci_dev_lock(hdev); 7143 + 7144 + conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); 7145 + if (!conn) 7146 + goto unlock; 7147 + 7148 + if (!ev->status) 7149 + memcpy(conn->le_features, ev->features, 248); 7150 + 7151 + if (conn->state == BT_CONFIG) { 7152 + __u8 status; 7153 + 7154 + /* If the local controller supports peripheral-initiated 7155 + * features exchange, but the remote controller does 7156 + * not, then it is possible that the error code 0x1a 7157 + * for unsupported remote feature gets returned. 7158 + * 7159 + * In this specific case, allow the connection to 7160 + * transition into connected state and mark it as 7161 + * successful. 7162 + */ 7163 + if (!conn->out && 7164 + ev->status == HCI_ERROR_UNSUPPORTED_REMOTE_FEATURE && 7165 + (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES)) 7166 + status = 0x00; 7167 + else 7168 + status = ev->status; 7169 + 7170 + conn->state = BT_CONNECTED; 7171 + hci_connect_cfm(conn, status); 7172 + } 7173 + 7174 + unlock: 7175 + hci_dev_unlock(hdev); 7176 + } 7177 + 7210 7178 #define HCI_LE_EV_VL(_op, _func, _min_len, _max_len) \ 7211 7179 [_op] = { \ 7212 7180 .func = _func, \ ··· 7326 7206 /* [0x12 = HCI_EV_LE_EXT_ADV_SET_TERM] */ 7327 7207 HCI_LE_EV(HCI_EV_LE_EXT_ADV_SET_TERM, hci_le_ext_adv_term_evt, 7328 7208 sizeof(struct hci_evt_le_ext_adv_set_term)), 7209 + /* [0x18 = HCI_EVT_LE_PAST_RECEIVED] */ 7210 + HCI_LE_EV(HCI_EV_LE_PAST_RECEIVED, 7211 + hci_le_past_received_evt, 7212 + sizeof(struct hci_ev_le_past_received)), 7329 7213 /* [0x19 = HCI_EVT_LE_CIS_ESTABLISHED] */ 7330 7214 HCI_LE_EV(HCI_EVT_LE_CIS_ESTABLISHED, hci_le_cis_established_evt, 7331 7215 sizeof(struct hci_evt_le_cis_established)), ··· 7355 7231 HCI_LE_EV_VL(HCI_EVT_LE_BIG_INFO_ADV_REPORT, 7356 7232 hci_le_big_info_adv_report_evt, 7357 7233 sizeof(struct hci_evt_le_big_info_adv_report), 7234 + HCI_MAX_EVENT_SIZE), 7235 + /* [0x2b = HCI_EVT_LE_ALL_REMOTE_FEATURES_COMPLETE] */ 7236 + HCI_LE_EV_VL(HCI_EVT_LE_ALL_REMOTE_FEATURES_COMPLETE, 7237 + hci_le_read_all_remote_features_evt, 7238 + sizeof(struct 7239 + hci_evt_le_read_all_remote_features_complete), 7358 7240 HCI_MAX_EVENT_SIZE), 7359 7241 }; 7360 7242

+250 -4

net/bluetooth/hci_sync.c

··· 4011 4011 /* Read LE Local Supported Features */ 4012 4012 static int hci_le_read_local_features_sync(struct hci_dev *hdev) 4013 4013 { 4014 - return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, 4015 - 0, NULL, HCI_CMD_TIMEOUT); 4014 + int err; 4015 + 4016 + err = __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, 4017 + 0, NULL, HCI_CMD_TIMEOUT); 4018 + if (err) 4019 + return err; 4020 + 4021 + if (ll_ext_feature_capable(hdev) && hdev->commands[47] & BIT(2)) 4022 + return __hci_cmd_sync_status(hdev, 4023 + HCI_OP_LE_READ_ALL_LOCAL_FEATURES, 4024 + 0, NULL, HCI_CMD_TIMEOUT); 4025 + 4026 + return err; 4016 4027 } 4017 4028 4018 4029 /* Read LE Supported States */ ··· 4335 4324 if (ll_privacy_capable(hdev)) 4336 4325 hdev->conn_flags |= HCI_CONN_FLAG_ADDRESS_RESOLUTION; 4337 4326 4327 + /* Mark PAST if supported */ 4328 + if (past_capable(hdev)) 4329 + hdev->conn_flags |= HCI_CONN_FLAG_PAST; 4330 + 4338 4331 /* If the controller supports Extended Scanner Filter 4339 4332 * Policies, enable the corresponding event. 4340 4333 */ ··· 4407 4392 */ 4408 4393 if (ext_adv_capable(hdev)) 4409 4394 events[2] |= 0x02; /* LE Advertising Set Terminated */ 4395 + 4396 + if (past_receiver_capable(hdev)) 4397 + events[2] |= 0x80; /* LE PAST Received */ 4410 4398 4411 4399 if (cis_capable(hdev)) { 4412 4400 events[3] |= 0x01; /* LE CIS Established */ ··· 7024 7006 goto unlock; 7025 7007 7026 7008 /* Add connection to indicate PA sync error */ 7027 - pa_sync = hci_conn_add_unset(hdev, PA_LINK, BDADDR_ANY, 7009 + pa_sync = hci_conn_add_unset(hdev, PA_LINK, BDADDR_ANY, 0, 7028 7010 HCI_ROLE_SLAVE); 7029 7011 7030 7012 if (IS_ERR(pa_sync)) ··· 7039 7021 hci_dev_unlock(hdev); 7040 7022 } 7041 7023 7024 + static int hci_le_past_params_sync(struct hci_dev *hdev, struct hci_conn *conn, 7025 + struct hci_conn *acl, struct bt_iso_qos *qos) 7026 + { 7027 + struct hci_cp_le_past_params cp; 7028 + int err; 7029 + 7030 + memset(&cp, 0, sizeof(cp)); 7031 + cp.handle = cpu_to_le16(acl->handle); 7032 + /* An HCI_LE_Periodic_Advertising_Sync_Transfer_Received event is sent 7033 + * to the Host. HCI_LE_Periodic_Advertising_Report events will be 7034 + * enabled with duplicate filtering enabled. 7035 + */ 7036 + cp.mode = 0x03; 7037 + cp.skip = cpu_to_le16(qos->bcast.skip); 7038 + cp.sync_timeout = cpu_to_le16(qos->bcast.sync_timeout); 7039 + cp.cte_type = qos->bcast.sync_cte_type; 7040 + 7041 + /* HCI_LE_PAST_PARAMS command returns a command complete event so it 7042 + * cannot wait for HCI_EV_LE_PAST_RECEIVED. 7043 + */ 7044 + err = __hci_cmd_sync_status(hdev, HCI_OP_LE_PAST_PARAMS, 7045 + sizeof(cp), &cp, HCI_CMD_TIMEOUT); 7046 + if (err) 7047 + return err; 7048 + 7049 + /* Wait for HCI_EV_LE_PAST_RECEIVED event */ 7050 + return __hci_cmd_sync_status_sk(hdev, HCI_OP_NOP, 0, NULL, 7051 + HCI_EV_LE_PAST_RECEIVED, 7052 + conn->conn_timeout, NULL); 7053 + } 7054 + 7042 7055 static int hci_le_pa_create_sync(struct hci_dev *hdev, void *data) 7043 7056 { 7044 7057 struct hci_cp_le_pa_create_sync cp; 7045 - struct hci_conn *conn = data; 7058 + struct hci_conn *conn = data, *le; 7046 7059 struct bt_iso_qos *qos = &conn->iso_qos; 7047 7060 int err; 7048 7061 ··· 7104 7055 set_bit(HCI_CONN_CREATE_PA_SYNC, &conn->flags); 7105 7056 7106 7057 hci_update_passive_scan_sync(hdev); 7058 + 7059 + /* Check if PAST is possible: 7060 + * 7061 + * 1. Check if an ACL connection with the destination address exists 7062 + * 2. Check if that HCI_CONN_FLAG_PAST has been set which indicates that 7063 + * user really intended to use PAST. 7064 + */ 7065 + le = hci_conn_hash_lookup_le(hdev, &conn->dst, conn->dst_type); 7066 + if (le) { 7067 + struct hci_conn_params *params; 7068 + 7069 + params = hci_conn_params_lookup(hdev, &le->dst, le->dst_type); 7070 + if (params && params->flags & HCI_CONN_FLAG_PAST) { 7071 + err = hci_le_past_params_sync(hdev, conn, le, qos); 7072 + if (!err) 7073 + goto done; 7074 + } 7075 + } 7107 7076 7108 7077 /* SID has not been set listen for HCI_EV_LE_EXT_ADV_REPORT to update 7109 7078 * it. ··· 7238 7171 { 7239 7172 return hci_cmd_sync_queue_once(hdev, hci_le_big_create_sync, conn, 7240 7173 create_big_complete); 7174 + } 7175 + 7176 + struct past_data { 7177 + struct hci_conn *conn; 7178 + struct hci_conn *le; 7179 + }; 7180 + 7181 + static void past_complete(struct hci_dev *hdev, void *data, int err) 7182 + { 7183 + struct past_data *past = data; 7184 + 7185 + bt_dev_dbg(hdev, "err %d", err); 7186 + 7187 + kfree(past); 7188 + } 7189 + 7190 + static int hci_le_past_set_info_sync(struct hci_dev *hdev, void *data) 7191 + { 7192 + struct past_data *past = data; 7193 + struct hci_cp_le_past_set_info cp; 7194 + 7195 + hci_dev_lock(hdev); 7196 + 7197 + if (!hci_conn_valid(hdev, past->conn) || 7198 + !hci_conn_valid(hdev, past->le)) { 7199 + hci_dev_unlock(hdev); 7200 + return -ECANCELED; 7201 + } 7202 + 7203 + memset(&cp, 0, sizeof(cp)); 7204 + cp.handle = cpu_to_le16(past->le->handle); 7205 + cp.adv_handle = past->conn->iso_qos.bcast.bis; 7206 + 7207 + hci_dev_unlock(hdev); 7208 + 7209 + return __hci_cmd_sync_status(hdev, HCI_OP_LE_PAST_SET_INFO, 7210 + sizeof(cp), &cp, HCI_CMD_TIMEOUT); 7211 + } 7212 + 7213 + static int hci_le_past_sync(struct hci_dev *hdev, void *data) 7214 + { 7215 + struct past_data *past = data; 7216 + struct hci_cp_le_past cp; 7217 + 7218 + hci_dev_lock(hdev); 7219 + 7220 + if (!hci_conn_valid(hdev, past->conn) || 7221 + !hci_conn_valid(hdev, past->le)) { 7222 + hci_dev_unlock(hdev); 7223 + return -ECANCELED; 7224 + } 7225 + 7226 + memset(&cp, 0, sizeof(cp)); 7227 + cp.handle = cpu_to_le16(past->le->handle); 7228 + cp.sync_handle = cpu_to_le16(past->conn->sync_handle); 7229 + 7230 + hci_dev_unlock(hdev); 7231 + 7232 + return __hci_cmd_sync_status(hdev, HCI_OP_LE_PAST, 7233 + sizeof(cp), &cp, HCI_CMD_TIMEOUT); 7234 + } 7235 + 7236 + int hci_past_sync(struct hci_conn *conn, struct hci_conn *le) 7237 + { 7238 + struct past_data *data; 7239 + int err; 7240 + 7241 + if (conn->type != BIS_LINK && conn->type != PA_LINK) 7242 + return -EINVAL; 7243 + 7244 + if (!past_sender_capable(conn->hdev)) 7245 + return -EOPNOTSUPP; 7246 + 7247 + data = kmalloc(sizeof(*data), GFP_KERNEL); 7248 + if (!data) 7249 + return -ENOMEM; 7250 + 7251 + data->conn = conn; 7252 + data->le = le; 7253 + 7254 + if (conn->role == HCI_ROLE_MASTER) 7255 + err = hci_cmd_sync_queue_once(conn->hdev, 7256 + hci_le_past_set_info_sync, data, 7257 + past_complete); 7258 + else 7259 + err = hci_cmd_sync_queue_once(conn->hdev, hci_le_past_sync, 7260 + data, past_complete); 7261 + 7262 + if (err) 7263 + kfree(data); 7264 + 7265 + return err; 7266 + } 7267 + 7268 + static void le_read_features_complete(struct hci_dev *hdev, void *data, int err) 7269 + { 7270 + struct hci_conn *conn = data; 7271 + 7272 + bt_dev_dbg(hdev, "err %d", err); 7273 + 7274 + if (err == -ECANCELED) 7275 + return; 7276 + 7277 + hci_conn_drop(conn); 7278 + } 7279 + 7280 + static int hci_le_read_all_remote_features_sync(struct hci_dev *hdev, 7281 + void *data) 7282 + { 7283 + struct hci_conn *conn = data; 7284 + struct hci_cp_le_read_all_remote_features cp; 7285 + 7286 + memset(&cp, 0, sizeof(cp)); 7287 + cp.handle = cpu_to_le16(conn->handle); 7288 + cp.pages = 10; /* Attempt to read all pages */ 7289 + 7290 + /* Wait for HCI_EVT_LE_ALL_REMOTE_FEATURES_COMPLETE event otherwise 7291 + * hci_conn_drop may run prematurely causing a disconnection. 7292 + */ 7293 + return __hci_cmd_sync_status_sk(hdev, 7294 + HCI_OP_LE_READ_ALL_REMOTE_FEATURES, 7295 + sizeof(cp), &cp, 7296 + HCI_EVT_LE_ALL_REMOTE_FEATURES_COMPLETE, 7297 + HCI_CMD_TIMEOUT, NULL); 7298 + 7299 + return __hci_cmd_sync_status(hdev, HCI_OP_LE_READ_ALL_REMOTE_FEATURES, 7300 + sizeof(cp), &cp, HCI_CMD_TIMEOUT); 7301 + } 7302 + 7303 + static int hci_le_read_remote_features_sync(struct hci_dev *hdev, void *data) 7304 + { 7305 + struct hci_conn *conn = data; 7306 + struct hci_cp_le_read_remote_features cp; 7307 + 7308 + if (!hci_conn_valid(hdev, conn)) 7309 + return -ECANCELED; 7310 + 7311 + /* Check if LL Extended Feature Set is supported and 7312 + * HCI_OP_LE_READ_ALL_REMOTE_FEATURES is supported then use that to read 7313 + * all features. 7314 + */ 7315 + if (ll_ext_feature_capable(hdev) && hdev->commands[47] & BIT(3)) 7316 + return hci_le_read_all_remote_features_sync(hdev, data); 7317 + 7318 + memset(&cp, 0, sizeof(cp)); 7319 + cp.handle = cpu_to_le16(conn->handle); 7320 + 7321 + /* Wait for HCI_EV_LE_REMOTE_FEAT_COMPLETE event otherwise 7322 + * hci_conn_drop may run prematurely causing a disconnection. 7323 + */ 7324 + return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_READ_REMOTE_FEATURES, 7325 + sizeof(cp), &cp, 7326 + HCI_EV_LE_REMOTE_FEAT_COMPLETE, 7327 + HCI_CMD_TIMEOUT, NULL); 7328 + } 7329 + 7330 + int hci_le_read_remote_features(struct hci_conn *conn) 7331 + { 7332 + struct hci_dev *hdev = conn->hdev; 7333 + int err; 7334 + 7335 + /* The remote features procedure is defined for central 7336 + * role only. So only in case of an initiated connection 7337 + * request the remote features. 7338 + * 7339 + * If the local controller supports peripheral-initiated features 7340 + * exchange, then requesting the remote features in peripheral 7341 + * role is possible. Otherwise just transition into the 7342 + * connected state without requesting the remote features. 7343 + */ 7344 + if (conn->out || (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES)) 7345 + err = hci_cmd_sync_queue_once(hdev, 7346 + hci_le_read_remote_features_sync, 7347 + hci_conn_hold(conn), 7348 + le_read_features_complete); 7349 + else 7350 + err = -EOPNOTSUPP; 7351 + 7352 + return err; 7241 7353 }

+170 -37

net/bluetooth/iso.c

··· 80 80 static bool check_ucast_qos(struct bt_iso_qos *qos); 81 81 static bool check_bcast_qos(struct bt_iso_qos *qos); 82 82 static bool iso_match_sid(struct sock *sk, void *data); 83 + static bool iso_match_sid_past(struct sock *sk, void *data); 83 84 static bool iso_match_sync_handle(struct sock *sk, void *data); 84 85 static bool iso_match_sync_handle_pa_report(struct sock *sk, void *data); 85 86 static void iso_sock_disconn(struct sock *sk); 86 87 87 88 typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 88 89 89 - static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst, 90 - enum bt_sock_state state, 90 + static struct sock *iso_get_sock(struct hci_dev *hdev, bdaddr_t *src, 91 + bdaddr_t *dst, enum bt_sock_state state, 91 92 iso_sock_match_t match, void *data); 92 93 93 94 /* ---- ISO timers ---- */ ··· 638 637 * match func data - pass -1 to ignore 639 638 * Returns closest match. 640 639 */ 641 - static struct sock *iso_get_sock(bdaddr_t *src, bdaddr_t *dst, 642 - enum bt_sock_state state, 640 + static struct sock *iso_get_sock(struct hci_dev *hdev, bdaddr_t *src, 641 + bdaddr_t *dst, enum bt_sock_state state, 643 642 iso_sock_match_t match, void *data) 644 643 { 645 644 struct sock *sk = NULL, *sk1 = NULL; ··· 651 650 continue; 652 651 653 652 /* Match Broadcast destination */ 654 - if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) 655 - continue; 653 + if (bacmp(dst, BDADDR_ANY) && bacmp(&iso_pi(sk)->dst, dst)) { 654 + struct smp_irk *irk1, *irk2; 655 + 656 + /* Check if destination is an RPA that we can resolve */ 657 + irk1 = hci_find_irk_by_rpa(hdev, dst); 658 + if (!irk1) 659 + continue; 660 + 661 + /* Match with identity address */ 662 + if (bacmp(&iso_pi(sk)->dst, &irk1->bdaddr)) { 663 + /* Check if socket destination address is also 664 + * an RPA and if the IRK matches. 665 + */ 666 + irk2 = hci_find_irk_by_rpa(hdev, 667 + &iso_pi(sk)->dst); 668 + if (!irk2 || irk1 != irk2) 669 + continue; 670 + } 671 + } 656 672 657 673 /* Use Match function if provided */ 658 674 if (match && !match(sk, data)) ··· 1004 986 return 0; 1005 987 } 1006 988 1007 - static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa, 989 + /* Must be called on the locked socket. */ 990 + static int iso_sock_rebind_bis(struct sock *sk, struct sockaddr_iso *sa, 1008 991 int addr_len) 1009 992 { 1010 993 int err = 0; 1011 994 1012 - if (sk->sk_type != SOCK_SEQPACKET) { 1013 - err = -EINVAL; 1014 - goto done; 1015 - } 1016 - 1017 - if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) { 1018 - err = -EINVAL; 1019 - goto done; 1020 - } 995 + if (!test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) 996 + return -EBADFD; 1021 997 1022 998 if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) { 1023 999 err = -EINVAL; ··· 1034 1022 return err; 1035 1023 } 1036 1024 1025 + static struct hci_dev *iso_conn_get_hdev(struct iso_conn *conn) 1026 + { 1027 + struct hci_dev *hdev = NULL; 1028 + 1029 + iso_conn_lock(conn); 1030 + if (conn->hcon) 1031 + hdev = hci_dev_hold(conn->hcon->hdev); 1032 + iso_conn_unlock(conn); 1033 + 1034 + return hdev; 1035 + } 1036 + 1037 + /* Must be called on the locked socket. */ 1038 + static int iso_sock_rebind_bc(struct sock *sk, struct sockaddr_iso *sa, 1039 + int addr_len) 1040 + { 1041 + struct hci_dev *hdev; 1042 + struct hci_conn *bis; 1043 + int err; 1044 + 1045 + if (sk->sk_type != SOCK_SEQPACKET || !iso_pi(sk)->conn) 1046 + return -EINVAL; 1047 + 1048 + /* Check if it is really a Broadcast address being requested */ 1049 + if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) 1050 + return -EINVAL; 1051 + 1052 + /* Check if the address hasn't changed then perhaps only the number of 1053 + * bis has changed. 1054 + */ 1055 + if (!bacmp(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr) || 1056 + !bacmp(&sa->iso_bc->bc_bdaddr, BDADDR_ANY)) 1057 + return iso_sock_rebind_bis(sk, sa, addr_len); 1058 + 1059 + /* Check if the address type is of LE type */ 1060 + if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type)) 1061 + return -EINVAL; 1062 + 1063 + hdev = iso_conn_get_hdev(iso_pi(sk)->conn); 1064 + if (!hdev) 1065 + return -EINVAL; 1066 + 1067 + bis = iso_pi(sk)->conn->hcon; 1068 + 1069 + /* Release the socket before lookups since that requires hci_dev_lock 1070 + * which shall not be acquired while holding sock_lock for proper 1071 + * ordering. 1072 + */ 1073 + release_sock(sk); 1074 + hci_dev_lock(bis->hdev); 1075 + lock_sock(sk); 1076 + 1077 + if (!iso_pi(sk)->conn || iso_pi(sk)->conn->hcon != bis) { 1078 + /* raced with iso_conn_del() or iso_disconn_sock() */ 1079 + err = -ENOTCONN; 1080 + goto unlock; 1081 + } 1082 + 1083 + BT_DBG("sk %p %pMR type %u", sk, &sa->iso_bc->bc_bdaddr, 1084 + sa->iso_bc->bc_bdaddr_type); 1085 + 1086 + err = hci_past_bis(bis, &sa->iso_bc->bc_bdaddr, 1087 + le_addr_type(sa->iso_bc->bc_bdaddr_type)); 1088 + 1089 + unlock: 1090 + hci_dev_unlock(hdev); 1091 + hci_dev_put(hdev); 1092 + 1093 + return err; 1094 + } 1095 + 1037 1096 static int iso_sock_bind(struct socket *sock, struct sockaddr_unsized *addr, 1038 1097 int addr_len) 1039 1098 { ··· 1120 1037 1121 1038 lock_sock(sk); 1122 1039 1123 - /* Allow the user to bind a PA sync socket to a number 1124 - * of BISes to sync to. 1125 - */ 1126 - if ((sk->sk_state == BT_CONNECT2 || 1127 - sk->sk_state == BT_CONNECTED) && 1128 - test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { 1129 - err = iso_sock_bind_pa_sk(sk, sa, addr_len); 1040 + if ((sk->sk_state == BT_CONNECT2 || sk->sk_state == BT_CONNECTED) && 1041 + addr_len > sizeof(*sa)) { 1042 + /* Allow the user to rebind to a different address using 1043 + * PAST procedures. 1044 + */ 1045 + err = iso_sock_rebind_bc(sk, sa, addr_len); 1130 1046 goto done; 1131 1047 } 1132 1048 ··· 2021 1939 return test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 2022 1940 } 2023 1941 1942 + static bool iso_match_dst(struct sock *sk, void *data) 1943 + { 1944 + return !bacmp(&iso_pi(sk)->dst, (bdaddr_t *)data); 1945 + } 1946 + 2024 1947 static void iso_conn_ready(struct iso_conn *conn) 2025 1948 { 2026 1949 struct sock *parent = NULL; ··· 2034 1947 struct hci_ev_le_pa_sync_established *ev2 = NULL; 2035 1948 struct hci_ev_le_per_adv_report *ev3 = NULL; 2036 1949 struct hci_conn *hcon; 1950 + struct hci_dev *hdev; 2037 1951 2038 1952 BT_DBG("conn %p", conn); 2039 1953 2040 1954 if (sk) { 1955 + /* Attempt to update source address in case of BIS Sender if 1956 + * the advertisement is using a random address. 1957 + */ 1958 + if (conn->hcon->type == BIS_LINK && 1959 + conn->hcon->role == HCI_ROLE_MASTER && 1960 + !bacmp(&conn->hcon->dst, BDADDR_ANY)) { 1961 + struct hci_conn *bis = conn->hcon; 1962 + struct adv_info *adv; 1963 + 1964 + adv = hci_find_adv_instance(bis->hdev, 1965 + bis->iso_qos.bcast.bis); 1966 + if (adv && bacmp(&adv->random_addr, BDADDR_ANY)) { 1967 + lock_sock(sk); 1968 + iso_pi(sk)->src_type = BDADDR_LE_RANDOM; 1969 + bacpy(&iso_pi(sk)->src, &adv->random_addr); 1970 + release_sock(sk); 1971 + } 1972 + } 1973 + 2041 1974 iso_sock_ready(conn->sk); 2042 1975 } else { 2043 1976 hcon = conn->hcon; 2044 1977 if (!hcon) 2045 1978 return; 1979 + 1980 + hdev = hcon->hdev; 2046 1981 2047 1982 if (test_bit(HCI_CONN_BIG_SYNC, &hcon->flags)) { 2048 1983 /* A BIS slave hcon is notified to the ISO layer ··· 2072 1963 * ISO Data Path command is received. Get the 2073 1964 * parent socket that matches the hcon BIG handle. 2074 1965 */ 2075 - parent = iso_get_sock(&hcon->src, &hcon->dst, 1966 + parent = iso_get_sock(hdev, &hcon->src, &hcon->dst, 2076 1967 BT_LISTEN, iso_match_big_hcon, 2077 1968 hcon); 2078 1969 } else if (test_bit(HCI_CONN_BIG_SYNC_FAILED, &hcon->flags)) { ··· 2080 1971 HCI_EVT_LE_BIG_SYNC_ESTABLISHED); 2081 1972 2082 1973 /* Get reference to PA sync parent socket, if it exists */ 2083 - parent = iso_get_sock(&hcon->src, &hcon->dst, 1974 + parent = iso_get_sock(hdev, &hcon->src, &hcon->dst, 2084 1975 BT_LISTEN, 2085 1976 iso_match_pa_sync_flag, 2086 1977 NULL); 2087 1978 if (!parent && ev) 2088 - parent = iso_get_sock(&hcon->src, 1979 + parent = iso_get_sock(hdev, &hcon->src, 2089 1980 &hcon->dst, 2090 1981 BT_LISTEN, 2091 1982 iso_match_big, ev); ··· 2093 1984 ev2 = hci_recv_event_data(hcon->hdev, 2094 1985 HCI_EV_LE_PA_SYNC_ESTABLISHED); 2095 1986 if (ev2) 2096 - parent = iso_get_sock(&hcon->src, 1987 + parent = iso_get_sock(hdev, &hcon->src, 2097 1988 &hcon->dst, 2098 1989 BT_LISTEN, 2099 1990 iso_match_sid, ev2); ··· 2101 1992 ev3 = hci_recv_event_data(hcon->hdev, 2102 1993 HCI_EV_LE_PER_ADV_REPORT); 2103 1994 if (ev3) 2104 - parent = iso_get_sock(&hcon->src, 1995 + parent = iso_get_sock(hdev, &hcon->src, 2105 1996 &hcon->dst, 2106 1997 BT_LISTEN, 2107 1998 iso_match_sync_handle_pa_report, ··· 2109 2000 } 2110 2001 2111 2002 if (!parent) 2112 - parent = iso_get_sock(&hcon->src, BDADDR_ANY, 2113 - BT_LISTEN, NULL, NULL); 2003 + parent = iso_get_sock(hdev, &hcon->src, BDADDR_ANY, 2004 + BT_LISTEN, iso_match_dst, BDADDR_ANY); 2114 2005 2115 2006 if (!parent) 2116 2007 return; ··· 2199 2090 return ev->sid == iso_pi(sk)->bc_sid; 2200 2091 } 2201 2092 2093 + static bool iso_match_sid_past(struct sock *sk, void *data) 2094 + { 2095 + struct hci_ev_le_past_received *ev = data; 2096 + 2097 + if (iso_pi(sk)->bc_sid == HCI_SID_INVALID) 2098 + return true; 2099 + 2100 + return ev->sid == iso_pi(sk)->bc_sid; 2101 + } 2102 + 2202 2103 static bool iso_match_sync_handle(struct sock *sk, void *data) 2203 2104 { 2204 2105 struct hci_evt_le_big_info_adv_report *ev = data; ··· 2228 2109 int iso_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 *flags) 2229 2110 { 2230 2111 struct hci_ev_le_pa_sync_established *ev1; 2112 + struct hci_ev_le_past_received *ev1a; 2231 2113 struct hci_evt_le_big_info_adv_report *ev2; 2232 2114 struct hci_ev_le_per_adv_report *ev3; 2233 2115 struct sock *sk; ··· 2242 2122 * SID to listen to and once sync is established its handle needs to 2243 2123 * be stored in iso_pi(sk)->sync_handle so it can be matched once 2244 2124 * receiving the BIG Info. 2125 + * 1a. HCI_EV_LE_PAST_RECEIVED: alternative to 1. 2245 2126 * 2. HCI_EVT_LE_BIG_INFO_ADV_REPORT: When connect_ind is triggered by a 2246 2127 * a BIG Info it attempts to check if there any listening socket with 2247 2128 * the same sync_handle and if it does then attempt to create a sync. ··· 2252 2131 */ 2253 2132 ev1 = hci_recv_event_data(hdev, HCI_EV_LE_PA_SYNC_ESTABLISHED); 2254 2133 if (ev1) { 2255 - sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN, 2134 + sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN, 2256 2135 iso_match_sid, ev1); 2257 2136 if (sk && !ev1->status) { 2258 2137 iso_pi(sk)->sync_handle = le16_to_cpu(ev1->handle); ··· 2262 2141 goto done; 2263 2142 } 2264 2143 2144 + ev1a = hci_recv_event_data(hdev, HCI_EV_LE_PAST_RECEIVED); 2145 + if (ev1a) { 2146 + sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN, 2147 + iso_match_sid_past, ev1a); 2148 + if (sk && !ev1a->status) { 2149 + iso_pi(sk)->sync_handle = le16_to_cpu(ev1a->sync_handle); 2150 + iso_pi(sk)->bc_sid = ev1a->sid; 2151 + } 2152 + 2153 + goto done; 2154 + } 2155 + 2265 2156 ev2 = hci_recv_event_data(hdev, HCI_EVT_LE_BIG_INFO_ADV_REPORT); 2266 2157 if (ev2) { 2267 2158 /* Check if BIGInfo report has already been handled */ 2268 - sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECTED, 2159 + sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_CONNECTED, 2269 2160 iso_match_sync_handle, ev2); 2270 2161 if (sk) { 2271 2162 sock_put(sk); ··· 2286 2153 } 2287 2154 2288 2155 /* Try to get PA sync socket, if it exists */ 2289 - sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_CONNECT2, 2156 + sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_CONNECT2, 2290 2157 iso_match_sync_handle, ev2); 2291 2158 if (!sk) 2292 - sk = iso_get_sock(&hdev->bdaddr, bdaddr, 2159 + sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, 2293 2160 BT_LISTEN, 2294 2161 iso_match_sync_handle, 2295 2162 ev2); ··· 2328 2195 u8 *base; 2329 2196 struct hci_conn *hcon; 2330 2197 2331 - sk = iso_get_sock(&hdev->bdaddr, bdaddr, BT_LISTEN, 2198 + sk = iso_get_sock(hdev, &hdev->bdaddr, bdaddr, BT_LISTEN, 2332 2199 iso_match_sync_handle_pa_report, ev3); 2333 2200 if (!sk) 2334 2201 goto done; ··· 2378 2245 hcon->le_per_adv_data_len = 0; 2379 2246 } 2380 2247 } else { 2381 - sk = iso_get_sock(&hdev->bdaddr, BDADDR_ANY, 2382 - BT_LISTEN, NULL, NULL); 2248 + sk = iso_get_sock(hdev, &hdev->bdaddr, BDADDR_ANY, 2249 + BT_LISTEN, iso_match_dst, BDADDR_ANY); 2383 2250 } 2384 2251 2385 2252 done:

+88 -72

net/bluetooth/mgmt.c

··· 852 852 if (ll_privacy_capable(hdev)) 853 853 settings |= MGMT_SETTING_LL_PRIVACY; 854 854 855 + if (past_sender_capable(hdev)) 856 + settings |= MGMT_SETTING_PAST_SENDER; 857 + 858 + if (past_receiver_capable(hdev)) 859 + settings |= MGMT_SETTING_PAST_RECEIVER; 860 + 855 861 settings |= MGMT_SETTING_PHY_CONFIGURATION; 856 862 857 863 return settings; ··· 942 936 943 937 if (ll_privacy_enabled(hdev)) 944 938 settings |= MGMT_SETTING_LL_PRIVACY; 939 + 940 + if (past_sender_enabled(hdev)) 941 + settings |= MGMT_SETTING_PAST_SENDER; 942 + 943 + if (past_receiver_enabled(hdev)) 944 + settings |= MGMT_SETTING_PAST_RECEIVER; 945 945 946 946 return settings; 947 947 } ··· 5122 5110 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk); 5123 5111 } 5124 5112 5113 + static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 5114 + { 5115 + struct hci_conn *conn; 5116 + 5117 + conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 5118 + if (!conn) 5119 + return false; 5120 + 5121 + if (conn->dst_type != type) 5122 + return false; 5123 + 5124 + if (conn->state != BT_CONNECTED) 5125 + return false; 5126 + 5127 + return true; 5128 + } 5129 + 5130 + /* This function requires the caller holds hdev->lock */ 5131 + static struct hci_conn_params *hci_conn_params_set(struct hci_dev *hdev, 5132 + bdaddr_t *addr, u8 addr_type, 5133 + u8 auto_connect) 5134 + { 5135 + struct hci_conn_params *params; 5136 + 5137 + params = hci_conn_params_add(hdev, addr, addr_type); 5138 + if (!params) 5139 + return NULL; 5140 + 5141 + if (params->auto_connect == auto_connect) 5142 + return params; 5143 + 5144 + hci_pend_le_list_del_init(params); 5145 + 5146 + switch (auto_connect) { 5147 + case HCI_AUTO_CONN_DISABLED: 5148 + case HCI_AUTO_CONN_LINK_LOSS: 5149 + /* If auto connect is being disabled when we're trying to 5150 + * connect to device, keep connecting. 5151 + */ 5152 + if (params->explicit_connect) 5153 + hci_pend_le_list_add(params, &hdev->pend_le_conns); 5154 + break; 5155 + case HCI_AUTO_CONN_REPORT: 5156 + if (params->explicit_connect) 5157 + hci_pend_le_list_add(params, &hdev->pend_le_conns); 5158 + else 5159 + hci_pend_le_list_add(params, &hdev->pend_le_reports); 5160 + break; 5161 + case HCI_AUTO_CONN_DIRECT: 5162 + case HCI_AUTO_CONN_ALWAYS: 5163 + if (!is_connected(hdev, addr, addr_type)) 5164 + hci_pend_le_list_add(params, &hdev->pend_le_conns); 5165 + break; 5166 + } 5167 + 5168 + params->auto_connect = auto_connect; 5169 + 5170 + bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u", 5171 + addr, addr_type, auto_connect); 5172 + 5173 + return params; 5174 + } 5175 + 5125 5176 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data, 5126 5177 u16 len) 5127 5178 { ··· 5228 5153 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 5229 5154 le_addr_type(cp->addr.type)); 5230 5155 if (!params) { 5231 - bt_dev_warn(hdev, "No such LE device %pMR (0x%x)", 5232 - &cp->addr.bdaddr, le_addr_type(cp->addr.type)); 5233 - goto unlock; 5156 + /* Create a new hci_conn_params if it doesn't exist */ 5157 + params = hci_conn_params_set(hdev, &cp->addr.bdaddr, 5158 + le_addr_type(cp->addr.type), 5159 + HCI_AUTO_CONN_DISABLED); 5160 + if (!params) { 5161 + bt_dev_warn(hdev, "No such LE device %pMR (0x%x)", 5162 + &cp->addr.bdaddr, 5163 + le_addr_type(cp->addr.type)); 5164 + goto unlock; 5165 + } 5234 5166 } 5235 5167 5236 5168 supported_flags = hdev->conn_flags; ··· 7624 7542 return err; 7625 7543 } 7626 7544 7627 - static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type) 7628 - { 7629 - struct hci_conn *conn; 7630 - 7631 - conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr); 7632 - if (!conn) 7633 - return false; 7634 - 7635 - if (conn->dst_type != type) 7636 - return false; 7637 - 7638 - if (conn->state != BT_CONNECTED) 7639 - return false; 7640 - 7641 - return true; 7642 - } 7643 - 7644 - /* This function requires the caller holds hdev->lock */ 7645 - static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, 7646 - u8 addr_type, u8 auto_connect) 7647 - { 7648 - struct hci_conn_params *params; 7649 - 7650 - params = hci_conn_params_add(hdev, addr, addr_type); 7651 - if (!params) 7652 - return -EIO; 7653 - 7654 - if (params->auto_connect == auto_connect) 7655 - return 0; 7656 - 7657 - hci_pend_le_list_del_init(params); 7658 - 7659 - switch (auto_connect) { 7660 - case HCI_AUTO_CONN_DISABLED: 7661 - case HCI_AUTO_CONN_LINK_LOSS: 7662 - /* If auto connect is being disabled when we're trying to 7663 - * connect to device, keep connecting. 7664 - */ 7665 - if (params->explicit_connect) 7666 - hci_pend_le_list_add(params, &hdev->pend_le_conns); 7667 - break; 7668 - case HCI_AUTO_CONN_REPORT: 7669 - if (params->explicit_connect) 7670 - hci_pend_le_list_add(params, &hdev->pend_le_conns); 7671 - else 7672 - hci_pend_le_list_add(params, &hdev->pend_le_reports); 7673 - break; 7674 - case HCI_AUTO_CONN_DIRECT: 7675 - case HCI_AUTO_CONN_ALWAYS: 7676 - if (!is_connected(hdev, addr, addr_type)) 7677 - hci_pend_le_list_add(params, &hdev->pend_le_conns); 7678 - break; 7679 - } 7680 - 7681 - params->auto_connect = auto_connect; 7682 - 7683 - bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u", 7684 - addr, addr_type, auto_connect); 7685 - 7686 - return 0; 7687 - } 7688 - 7689 7545 static void device_added(struct sock *sk, struct hci_dev *hdev, 7690 7546 bdaddr_t *bdaddr, u8 type, u8 action) 7691 7547 { ··· 7735 7715 /* If the connection parameters don't exist for this device, 7736 7716 * they will be created and configured with defaults. 7737 7717 */ 7738 - if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 7739 - auto_conn) < 0) { 7718 + params = hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type, 7719 + auto_conn); 7720 + if (!params) { 7740 7721 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE, 7741 7722 MGMT_STATUS_FAILED, &cp->addr, 7742 7723 sizeof(cp->addr)); 7743 7724 goto unlock; 7744 - } else { 7745 - params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7746 - addr_type); 7747 - if (params) 7748 - current_flags = params->flags; 7749 7725 } 7750 7726 7751 7727 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);

Configure Feed

Configure Feed