Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-net-next-2023-12-22' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next

Luiz Augusto von Dentz says:

====================
bluetooth-next pull request for net-next:

- btnxpuart: Fix recv_buf return value
- L2CAP: Fix responding with multiple rejects
- Fix atomicity violation in {min,max}_key_size_set
- ISO: Allow binding a PA sync socket
- ISO: Reassociate a socket with an active BIS
- ISO: Avoid creating child socket if PA sync is terminating
- Add device 13d3:3572 IMC Networks Bluetooth Radio
- Don't suspend when there are connections
- Remove le_restart_scan work
- Fix bogus check for re-auth not supported with non-ssp
- lib: Add documentation to exported functions
- Support HFP offload for QCA2066
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

+388 -165
+5
drivers/bluetooth/btintel.c
··· 535 535 bt_dev_info(hdev, "%s timestamp %u.%u buildtype %u build %u", variant, 536 536 2000 + (version->timestamp >> 8), version->timestamp & 0xff, 537 537 version->build_type, version->build_num); 538 + if (version->img_type == 0x03) 539 + bt_dev_info(hdev, "Firmware SHA1: 0x%8.8x", version->git_sha1); 538 540 539 541 return 0; 540 542 } ··· 631 629 case INTEL_TLV_OTP_BDADDR: 632 630 memcpy(&version->otp_bd_addr, tlv->val, 633 631 sizeof(bdaddr_t)); 632 + break; 633 + case INTEL_TLV_GIT_SHA1: 634 + version->git_sha1 = get_unaligned_le32(tlv->val); 634 635 break; 635 636 default: 636 637 /* Ignore rest of information */
+3 -1
drivers/bluetooth/btintel.h
··· 41 41 INTEL_TLV_LIMITED_CCE, 42 42 INTEL_TLV_SBE_TYPE, 43 43 INTEL_TLV_OTP_BDADDR, 44 - INTEL_TLV_UNLOCKED_STATE 44 + INTEL_TLV_UNLOCKED_STATE, 45 + INTEL_TLV_GIT_SHA1 45 46 }; 46 47 47 48 struct intel_tlv { ··· 70 69 u8 min_fw_build_yy; 71 70 u8 limited_cce; 72 71 u8 sbe_type; 72 + u32 git_sha1; 73 73 bdaddr_t otp_bd_addr; 74 74 }; 75 75
+3 -8
drivers/bluetooth/btmtkuart.c
··· 336 336 return data; 337 337 } 338 338 339 - static int btmtkuart_recv(struct hci_dev *hdev, const u8 *data, size_t count) 339 + static void btmtkuart_recv(struct hci_dev *hdev, const u8 *data, size_t count) 340 340 { 341 341 struct btmtkuart_dev *bdev = hci_get_drvdata(hdev); 342 342 const unsigned char *p_left = data, *p_h4; ··· 375 375 bt_dev_err(bdev->hdev, 376 376 "Frame reassembly failed (%d)", err); 377 377 bdev->rx_skb = NULL; 378 - return err; 378 + return; 379 379 } 380 380 381 381 sz_left -= sz_h4; 382 382 p_left += sz_h4; 383 383 } 384 - 385 - return 0; 386 384 } 387 385 388 386 static int btmtkuart_receive_buf(struct serdev_device *serdev, const u8 *data, 389 387 size_t count) 390 388 { 391 389 struct btmtkuart_dev *bdev = serdev_device_get_drvdata(serdev); 392 - int err; 393 390 394 - err = btmtkuart_recv(bdev->hdev, data, count); 395 - if (err < 0) 396 - return err; 391 + btmtkuart_recv(bdev->hdev, data, count); 397 392 398 393 bdev->hdev->stat.byte_rx += count; 399 394
+3 -5
drivers/bluetooth/btnxpuart.c
··· 1276 1276 if (IS_ERR(nxpdev->rx_skb)) { 1277 1277 int err = PTR_ERR(nxpdev->rx_skb); 1278 1278 /* Safe to ignore out-of-sync bootloader signatures */ 1279 - if (is_fw_downloading(nxpdev)) 1280 - return count; 1281 - bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err); 1282 - nxpdev->rx_skb = NULL; 1283 - return err; 1279 + if (!is_fw_downloading(nxpdev)) 1280 + bt_dev_err(nxpdev->hdev, "Frame reassembly failed (%d)", err); 1281 + return count; 1284 1282 } 1285 1283 if (!is_fw_downloading(nxpdev)) 1286 1284 nxpdev->hdev->stat.byte_rx += count;
+6
drivers/bluetooth/btusb.c
··· 550 550 BTUSB_WIDEBAND_SPEECH }, 551 551 { USB_DEVICE(0x13d3, 0x3571), .driver_info = BTUSB_REALTEK | 552 552 BTUSB_WIDEBAND_SPEECH }, 553 + { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | 554 + BTUSB_WIDEBAND_SPEECH }, 553 555 554 556 /* Realtek Bluetooth devices */ 555 557 { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), ··· 4630 4628 struct btusb_data *data = usb_get_intfdata(intf); 4631 4629 4632 4630 BT_DBG("intf %p", intf); 4631 + 4632 + /* Don't suspend if there are connections */ 4633 + if (hci_conn_count(data->hdev)) 4634 + return -EBUSY; 4633 4635 4634 4636 if (data->suspend_count++) 4635 4637 return 0;
+23
drivers/bluetooth/hci_qca.c
··· 1815 1815 kfree_skb(skb); 1816 1816 } 1817 1817 1818 + static int qca_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id) 1819 + { 1820 + /* QCA uses 1 as non-HCI data path id for HFP */ 1821 + *data_path_id = 1; 1822 + return 0; 1823 + } 1824 + 1825 + static int qca_configure_hfp_offload(struct hci_dev *hdev) 1826 + { 1827 + bt_dev_info(hdev, "HFP non-HCI data transport is supported"); 1828 + hdev->get_data_path_id = qca_get_data_path_id; 1829 + /* Do not need to send HCI_Configure_Data_Path to configure non-HCI 1830 + * data transport path for QCA controllers, so set below field as NULL. 1831 + */ 1832 + hdev->get_codec_config_data = NULL; 1833 + return 0; 1834 + } 1835 + 1818 1836 static int qca_setup(struct hci_uart *hu) 1819 1837 { 1820 1838 struct hci_dev *hdev = hu->hdev; ··· 1987 1969 hu->hdev->set_bdaddr = qca_set_bdaddr_rome; 1988 1970 else 1989 1971 hu->hdev->set_bdaddr = qca_set_bdaddr; 1972 + 1973 + if (soc_type == QCA_QCA2066) 1974 + qca_configure_hfp_offload(hdev); 1975 + 1990 1976 qca->fw_version = le16_to_cpu(ver.patch_ver); 1991 1977 qca->controller_id = le16_to_cpu(ver.rom_ver); 1992 1978 hci_devcd_register(hdev, hci_coredump_qca, qca_dmp_hdr, NULL); ··· 2061 2039 static const struct qca_device_data qca_soc_data_qca2066 __maybe_unused = { 2062 2040 .soc_type = QCA_QCA2066, 2063 2041 .num_vregs = 0, 2042 + .capabilities = QCA_CAP_WIDEBAND_SPEECH | QCA_CAP_VALID_LE_STATES, 2064 2043 }; 2065 2044 2066 2045 static const struct qca_device_data qca_soc_data_qca6390 __maybe_unused = {
+24 -2
include/net/bluetooth/hci_core.h
··· 539 539 struct work_struct tx_work; 540 540 541 541 struct delayed_work le_scan_disable; 542 - struct delayed_work le_scan_restart; 543 542 544 543 struct sk_buff_head rx_q; 545 544 struct sk_buff_head raw_q; ··· 956 957 /* ----- HCI Connections ----- */ 957 958 enum { 958 959 HCI_CONN_AUTH_PEND, 959 - HCI_CONN_REAUTH_PEND, 960 960 HCI_CONN_ENCRYPT_PEND, 961 961 HCI_CONN_RSWITCH_PEND, 962 962 HCI_CONN_MODE_CHANGE_PEND, ··· 1282 1284 1283 1285 list_for_each_entry_rcu(c, &h->list, list) { 1284 1286 if (bacmp(&c->dst, BDADDR_ANY) || c->type != ISO_LINK) 1287 + continue; 1288 + 1289 + if (handle == c->iso_qos.bcast.big) { 1290 + rcu_read_unlock(); 1291 + return c; 1292 + } 1293 + } 1294 + 1295 + rcu_read_unlock(); 1296 + 1297 + return NULL; 1298 + } 1299 + 1300 + static inline struct hci_conn * 1301 + hci_conn_hash_lookup_big_state(struct hci_dev *hdev, __u8 handle, __u16 state) 1302 + { 1303 + struct hci_conn_hash *h = &hdev->conn_hash; 1304 + struct hci_conn *c; 1305 + 1306 + rcu_read_lock(); 1307 + 1308 + list_for_each_entry_rcu(c, &h->list, list) { 1309 + if (bacmp(&c->dst, BDADDR_ANY) || c->type != ISO_LINK || 1310 + c->state != state) 1285 1311 continue; 1286 1312 1287 1313 if (handle == c->iso_qos.bcast.big) {
+41 -10
net/bluetooth/hci_conn.c
··· 300 300 __u8 vnd_len, *vnd_data = NULL; 301 301 struct hci_op_configure_data_path *cmd = NULL; 302 302 303 + if (!codec->data_path || !hdev->get_codec_config_data) 304 + return 0; 305 + 306 + /* Do not take me as error */ 307 + if (!hdev->get_codec_config_data) 308 + return 0; 309 + 303 310 err = hdev->get_codec_config_data(hdev, ESCO_LINK, codec, &vnd_len, 304 311 &vnd_data); 305 312 if (err < 0) ··· 352 345 353 346 bt_dev_dbg(hdev, "hcon %p", conn); 354 347 355 - /* for offload use case, codec needs to configured before opening SCO */ 356 - if (conn->codec.data_path) 357 - configure_datapath_sync(hdev, &conn->codec); 348 + configure_datapath_sync(hdev, &conn->codec); 358 349 359 350 conn->state = BT_CONNECT; 360 351 conn->out = true; ··· 1091 1086 hci_conn_failed(conn, reason); 1092 1087 break; 1093 1088 case ISO_LINK: 1094 - if (conn->state != BT_CONNECTED && 1095 - !test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) 1089 + if ((conn->state != BT_CONNECTED && 1090 + !test_bit(HCI_CONN_CREATE_CIS, &conn->flags)) || 1091 + test_bit(HCI_CONN_BIG_CREATED, &conn->flags)) 1096 1092 hci_conn_failed(conn, reason); 1097 1093 break; 1098 1094 } ··· 2234 2228 __u8 base_len, __u8 *base) 2235 2229 { 2236 2230 struct hci_conn *conn; 2231 + struct hci_conn *parent; 2237 2232 __u8 eir[HCI_MAX_PER_AD_LENGTH]; 2233 + struct hci_link *link; 2234 + 2235 + /* Look for any BIS that is open for rebinding */ 2236 + conn = hci_conn_hash_lookup_big_state(hdev, qos->bcast.big, BT_OPEN); 2237 + if (conn) { 2238 + memcpy(qos, &conn->iso_qos, sizeof(*qos)); 2239 + conn->state = BT_CONNECTED; 2240 + return conn; 2241 + } 2238 2242 2239 2243 if (base_len && base) 2240 2244 base_len = eir_append_service_data(eir, 0, 0x1851, ··· 2271 2255 2272 2256 conn->iso_qos = *qos; 2273 2257 conn->state = BT_BOUND; 2258 + 2259 + /* Link BISes together */ 2260 + parent = hci_conn_hash_lookup_big(hdev, 2261 + conn->iso_qos.bcast.big); 2262 + if (parent && parent != conn) { 2263 + link = hci_conn_link(parent, conn); 2264 + if (!link) { 2265 + hci_conn_drop(conn); 2266 + return ERR_PTR(-ENOLINK); 2267 + } 2268 + 2269 + /* Link takes the refcount */ 2270 + hci_conn_drop(conn); 2271 + } 2274 2272 2275 2273 return conn; 2276 2274 } ··· 2315 2285 2316 2286 conn = hci_bind_bis(hdev, dst, qos, base_len, base); 2317 2287 if (IS_ERR(conn)) 2288 + return conn; 2289 + 2290 + if (conn->state == BT_CONNECTED) 2318 2291 return conn; 2319 2292 2320 2293 data.big = qos->bcast.big; ··· 2454 2421 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 2455 2422 sizeof(cp), &cp); 2456 2423 2457 - /* If we're already encrypted set the REAUTH_PEND flag, 2458 - * otherwise set the ENCRYPT_PEND. 2424 + /* Set the ENCRYPT_PEND to trigger encryption after 2425 + * authentication. 2459 2426 */ 2460 - if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) 2461 - set_bit(HCI_CONN_REAUTH_PEND, &conn->flags); 2462 - else 2427 + if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) 2463 2428 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 2464 2429 } 2465 2430
+10 -6
net/bluetooth/hci_debugfs.c
··· 1046 1046 { 1047 1047 struct hci_dev *hdev = data; 1048 1048 1049 - if (val > hdev->le_max_key_size || val < SMP_MIN_ENC_KEY_SIZE) 1050 - return -EINVAL; 1051 - 1052 1049 hci_dev_lock(hdev); 1050 + if (val > hdev->le_max_key_size || val < SMP_MIN_ENC_KEY_SIZE) { 1051 + hci_dev_unlock(hdev); 1052 + return -EINVAL; 1053 + } 1054 + 1053 1055 hdev->le_min_key_size = val; 1054 1056 hci_dev_unlock(hdev); 1055 1057 ··· 1076 1074 { 1077 1075 struct hci_dev *hdev = data; 1078 1076 1079 - if (val > SMP_MAX_ENC_KEY_SIZE || val < hdev->le_min_key_size) 1080 - return -EINVAL; 1081 - 1082 1077 hci_dev_lock(hdev); 1078 + if (val > SMP_MAX_ENC_KEY_SIZE || val < hdev->le_min_key_size) { 1079 + hci_dev_unlock(hdev); 1080 + return -EINVAL; 1081 + } 1082 + 1083 1083 hdev->le_max_key_size = val; 1084 1084 hci_dev_unlock(hdev); 1085 1085
+2 -9
net/bluetooth/hci_event.c
··· 3500 3500 3501 3501 if (!ev->status) { 3502 3502 clear_bit(HCI_CONN_AUTH_FAILURE, &conn->flags); 3503 - 3504 - if (!hci_conn_ssp_enabled(conn) && 3505 - test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) { 3506 - bt_dev_info(hdev, "re-auth of legacy device is not possible."); 3507 - } else { 3508 - set_bit(HCI_CONN_AUTH, &conn->flags); 3509 - conn->sec_level = conn->pending_sec_level; 3510 - } 3503 + set_bit(HCI_CONN_AUTH, &conn->flags); 3504 + conn->sec_level = conn->pending_sec_level; 3511 3505 } else { 3512 3506 if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING) 3513 3507 set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags); ··· 3510 3516 } 3511 3517 3512 3518 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags); 3513 - clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags); 3514 3519 3515 3520 if (conn->state == BT_CONFIG) { 3516 3521 if (!ev->status && hci_conn_ssp_enabled(conn)) {
+13 -93
net/bluetooth/hci_sync.c
··· 348 348 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 349 349 goto _return; 350 350 351 - cancel_delayed_work(&hdev->le_scan_restart); 352 - 353 351 status = hci_cmd_sync_queue(hdev, scan_disable_sync, NULL, NULL); 354 352 if (status) { 355 353 bt_dev_err(hdev, "failed to disable LE scan: %d", status); ··· 395 397 396 398 static int hci_le_set_scan_enable_sync(struct hci_dev *hdev, u8 val, 397 399 u8 filter_dup); 398 - static int hci_le_scan_restart_sync(struct hci_dev *hdev) 399 - { 400 - /* If controller is not scanning we are done. */ 401 - if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 402 - return 0; 403 - 404 - if (hdev->scanning_paused) { 405 - bt_dev_dbg(hdev, "Scanning is paused for suspend"); 406 - return 0; 407 - } 408 - 409 - hci_le_set_scan_enable_sync(hdev, LE_SCAN_DISABLE, 0x00); 410 - return hci_le_set_scan_enable_sync(hdev, LE_SCAN_ENABLE, 411 - LE_SCAN_FILTER_DUP_ENABLE); 412 - } 413 - 414 - static void le_scan_restart(struct work_struct *work) 415 - { 416 - struct hci_dev *hdev = container_of(work, struct hci_dev, 417 - le_scan_restart.work); 418 - unsigned long timeout, duration, scan_start, now; 419 - int status; 420 - 421 - bt_dev_dbg(hdev, ""); 422 - 423 - status = hci_le_scan_restart_sync(hdev); 424 - if (status) { 425 - bt_dev_err(hdev, "failed to restart LE scan: status %d", 426 - status); 427 - return; 428 - } 429 - 430 - hci_dev_lock(hdev); 431 - 432 - if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) || 433 - !hdev->discovery.scan_start) 434 - goto unlock; 435 - 436 - /* When the scan was started, hdev->le_scan_disable has been queued 437 - * after duration from scan_start. During scan restart this job 438 - * has been canceled, and we need to queue it again after proper 439 - * timeout, to make sure that scan does not run indefinitely. 440 - */ 441 - duration = hdev->discovery.scan_duration; 442 - scan_start = hdev->discovery.scan_start; 443 - now = jiffies; 444 - if (now - scan_start <= duration) { 445 - int elapsed; 446 - 447 - if (now >= scan_start) 448 - elapsed = now - scan_start; 449 - else 450 - elapsed = ULONG_MAX - scan_start + now; 451 - 452 - timeout = duration - elapsed; 453 - } else { 454 - timeout = 0; 455 - } 456 - 457 - queue_delayed_work(hdev->req_workqueue, 458 - &hdev->le_scan_disable, timeout); 459 - 460 - unlock: 461 - hci_dev_unlock(hdev); 462 - } 463 400 464 401 static int reenable_adv_sync(struct hci_dev *hdev, void *data) 465 402 { ··· 563 630 INIT_WORK(&hdev->cmd_sync_cancel_work, hci_cmd_sync_cancel_work); 564 631 INIT_WORK(&hdev->reenable_adv_work, reenable_adv); 565 632 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable); 566 - INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart); 567 633 INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire); 568 634 } 569 635 ··· 3732 3800 if (lmp_bredr_capable(hdev)) { 3733 3801 events[4] |= 0x01; /* Flow Specification Complete */ 3734 3802 3735 - /* Don't set Disconnect Complete when suspended as that 3736 - * would wakeup the host when disconnecting due to 3737 - * suspend. 3803 + /* Don't set Disconnect Complete and mode change when 3804 + * suspended as that would wakeup the host when disconnecting 3805 + * due to suspend. 3738 3806 */ 3739 - if (hdev->suspended) 3807 + if (hdev->suspended) { 3740 3808 events[0] &= 0xef; 3809 + events[2] &= 0xf7; 3810 + } 3741 3811 } else { 3742 3812 /* Use a different default for LE-only devices */ 3743 3813 memset(events, 0, sizeof(events)); ··· 4894 4960 cancel_delayed_work(&hdev->power_off); 4895 4961 cancel_delayed_work(&hdev->ncmd_timer); 4896 4962 cancel_delayed_work(&hdev->le_scan_disable); 4897 - cancel_delayed_work(&hdev->le_scan_restart); 4898 4963 4899 4964 hci_request_cancel_all(hdev); 4900 4965 ··· 5111 5178 5112 5179 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) { 5113 5180 cancel_delayed_work(&hdev->le_scan_disable); 5114 - cancel_delayed_work(&hdev->le_scan_restart); 5115 5181 5116 5182 err = hci_scan_disable_sync(hdev); 5117 5183 if (err) ··· 5618 5686 if (err < 0) 5619 5687 own_addr_type = ADDR_LE_DEV_PUBLIC; 5620 5688 5621 - if (hci_is_adv_monitoring(hdev)) { 5689 + if (hci_is_adv_monitoring(hdev) || 5690 + (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) && 5691 + hdev->discovery.result_filtering)) { 5622 5692 /* Duplicate filter should be disabled when some advertisement 5623 5693 * monitor is activated, otherwise AdvMon can only receive one 5624 5694 * advertisement for one peer(*) during active scanning, and 5625 5695 * might report loss to these peers. 5626 5696 * 5627 - * Note that different controllers have different meanings of 5628 - * |duplicate|. Some of them consider packets with the same 5629 - * address as duplicate, and others consider packets with the 5630 - * same address and the same RSSI as duplicate. Although in the 5631 - * latter case we don't need to disable duplicate filter, but 5632 - * it is common to have active scanning for a short period of 5633 - * time, the power impact should be neglectable. 5697 + * If controller does strict duplicate filtering and the 5698 + * discovery requires result filtering disables controller based 5699 + * filtering since that can cause reports that would match the 5700 + * host filter to not be reported. 5634 5701 */ 5635 5702 filter_dup = LE_SCAN_FILTER_DUP_DISABLE; 5636 5703 } ··· 5708 5777 return err; 5709 5778 5710 5779 bt_dev_dbg(hdev, "timeout %u ms", jiffies_to_msecs(timeout)); 5711 - 5712 - /* When service discovery is used and the controller has a 5713 - * strict duplicate filter, it is important to remember the 5714 - * start and duration of the scan. This is required for 5715 - * restarting scanning during the discovery phase. 5716 - */ 5717 - if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) && 5718 - hdev->discovery.result_filtering) { 5719 - hdev->discovery.scan_start = jiffies; 5720 - hdev->discovery.scan_duration = timeout; 5721 - } 5722 5780 5723 5781 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_disable, 5724 5782 timeout);
+187 -10
net/bluetooth/iso.c
··· 54 54 enum { 55 55 BT_SK_BIG_SYNC, 56 56 BT_SK_PA_SYNC, 57 + BT_SK_PA_SYNC_TERM, 57 58 }; 58 59 59 60 struct iso_pinfo { ··· 82 81 static bool iso_match_sid(struct sock *sk, void *data); 83 82 static bool iso_match_sync_handle(struct sock *sk, void *data); 84 83 static void iso_sock_disconn(struct sock *sk); 84 + 85 + typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 86 + 87 + static struct sock *iso_get_sock_listen(bdaddr_t *src, bdaddr_t *dst, 88 + iso_sock_match_t match, void *data); 85 89 86 90 /* ---- ISO timers ---- */ 87 91 #define ISO_CONN_TIMEOUT (HZ * 40) ··· 196 190 sock_set_flag(sk, SOCK_ZAPPED); 197 191 } 198 192 193 + static bool iso_match_conn_sync_handle(struct sock *sk, void *data) 194 + { 195 + struct hci_conn *hcon = data; 196 + 197 + if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) 198 + return false; 199 + 200 + return hcon->sync_handle == iso_pi(sk)->sync_handle; 201 + } 202 + 199 203 static void iso_conn_del(struct hci_conn *hcon, int err) 200 204 { 201 205 struct iso_conn *conn = hcon->iso_data; 202 206 struct sock *sk; 207 + struct sock *parent; 203 208 204 209 if (!conn) 205 210 return; ··· 226 209 227 210 if (sk) { 228 211 lock_sock(sk); 212 + 213 + /* While a PA sync hcon is in the process of closing, 214 + * mark parent socket with a flag, so that any residual 215 + * BIGInfo adv reports that arrive before PA sync is 216 + * terminated are not processed anymore. 217 + */ 218 + if (test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { 219 + parent = iso_get_sock_listen(&hcon->src, 220 + &hcon->dst, 221 + iso_match_conn_sync_handle, 222 + hcon); 223 + 224 + if (parent) { 225 + set_bit(BT_SK_PA_SYNC_TERM, 226 + &iso_pi(parent)->flags); 227 + sock_put(parent); 228 + } 229 + } 230 + 229 231 iso_sock_clear_timer(sk); 230 232 iso_chan_del(sk, err); 231 233 release_sock(sk); ··· 581 545 return NULL; 582 546 } 583 547 584 - typedef bool (*iso_sock_match_t)(struct sock *sk, void *data); 585 - 586 548 /* Find socket listening: 587 549 * source bdaddr (Unicast) 588 550 * destination bdaddr (Broadcast only) ··· 608 574 continue; 609 575 610 576 /* Exact match. */ 611 - if (!bacmp(&iso_pi(sk)->src, src)) 577 + if (!bacmp(&iso_pi(sk)->src, src)) { 578 + sock_hold(sk); 612 579 break; 580 + } 613 581 614 582 /* Closest match */ 615 - if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) 583 + if (!bacmp(&iso_pi(sk)->src, BDADDR_ANY)) { 584 + if (sk1) 585 + sock_put(sk1); 586 + 616 587 sk1 = sk; 588 + sock_hold(sk1); 589 + } 617 590 } 591 + 592 + if (sk && sk1) 593 + sock_put(sk1); 618 594 619 595 read_unlock(&iso_sk_list.lock); 620 596 621 597 return sk ? sk : sk1; 598 + } 599 + 600 + static struct sock *iso_get_sock_big(struct sock *match_sk, bdaddr_t *src, 601 + bdaddr_t *dst, uint8_t big) 602 + { 603 + struct sock *sk = NULL; 604 + 605 + read_lock(&iso_sk_list.lock); 606 + 607 + sk_for_each(sk, &iso_sk_list.head) { 608 + if (match_sk == sk) 609 + continue; 610 + 611 + /* Look for sockets that have already been 612 + * connected to the BIG 613 + */ 614 + if (sk->sk_state != BT_CONNECTED && 615 + sk->sk_state != BT_CONNECT) 616 + continue; 617 + 618 + /* Match Broadcast destination */ 619 + if (bacmp(&iso_pi(sk)->dst, dst)) 620 + continue; 621 + 622 + /* Match BIG handle */ 623 + if (iso_pi(sk)->qos.bcast.big != big) 624 + continue; 625 + 626 + /* Match source address */ 627 + if (bacmp(&iso_pi(sk)->src, src)) 628 + continue; 629 + 630 + sock_hold(sk); 631 + break; 632 + } 633 + 634 + read_unlock(&iso_sk_list.lock); 635 + 636 + return sk; 622 637 } 623 638 624 639 static void iso_sock_destruct(struct sock *sk) ··· 722 639 723 640 static void iso_sock_disconn(struct sock *sk) 724 641 { 642 + struct sock *bis_sk; 643 + struct hci_conn *hcon = iso_pi(sk)->conn->hcon; 644 + 645 + if (test_bit(HCI_CONN_BIG_CREATED, &hcon->flags)) { 646 + bis_sk = iso_get_sock_big(sk, &iso_pi(sk)->src, 647 + &iso_pi(sk)->dst, 648 + iso_pi(sk)->qos.bcast.big); 649 + 650 + /* If there are any other connected sockets for the 651 + * same BIG, just delete the sk and leave the bis 652 + * hcon active, in case later rebinding is needed. 653 + */ 654 + if (bis_sk) { 655 + hcon->state = BT_OPEN; 656 + iso_pi(sk)->conn->hcon = NULL; 657 + iso_sock_clear_timer(sk); 658 + iso_chan_del(sk, bt_to_errno(hcon->abort_reason)); 659 + sock_put(bis_sk); 660 + return; 661 + } 662 + } 663 + 725 664 sk->sk_state = BT_DISCONN; 726 665 iso_sock_set_timer(sk, ISO_DISCONN_TIMEOUT); 727 666 iso_conn_lock(iso_pi(sk)->conn); ··· 897 792 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 898 793 sa->iso_bc->bc_num_bis); 899 794 900 - if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc)) 795 + if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) 901 796 return -EINVAL; 902 797 903 798 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); 799 + 800 + /* Check if the address type is of LE type */ 801 + if (!bdaddr_type_is_le(sa->iso_bc->bc_bdaddr_type)) 802 + return -EINVAL; 803 + 904 804 iso_pi(sk)->dst_type = sa->iso_bc->bc_bdaddr_type; 905 805 iso_pi(sk)->sync_handle = -1; 806 + 807 + if (sa->iso_bc->bc_sid > 0x0f) 808 + return -EINVAL; 809 + 906 810 iso_pi(sk)->bc_sid = sa->iso_bc->bc_sid; 811 + 812 + if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) 813 + return -EINVAL; 814 + 907 815 iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 908 816 909 - for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) { 817 + for (i = 0; i < iso_pi(sk)->bc_num_bis; i++) 910 818 if (sa->iso_bc->bc_bis[i] < 0x01 || 911 819 sa->iso_bc->bc_bis[i] > 0x1f) 912 820 return -EINVAL; 913 821 914 - memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 915 - iso_pi(sk)->bc_num_bis); 916 - } 822 + memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 823 + iso_pi(sk)->bc_num_bis); 917 824 918 825 return 0; 826 + } 827 + 828 + static int iso_sock_bind_pa_sk(struct sock *sk, struct sockaddr_iso *sa, 829 + int addr_len) 830 + { 831 + int err = 0; 832 + 833 + if (sk->sk_type != SOCK_SEQPACKET) { 834 + err = -EINVAL; 835 + goto done; 836 + } 837 + 838 + if (addr_len != sizeof(*sa) + sizeof(*sa->iso_bc)) { 839 + err = -EINVAL; 840 + goto done; 841 + } 842 + 843 + if (sa->iso_bc->bc_num_bis > ISO_MAX_NUM_BIS) { 844 + err = -EINVAL; 845 + goto done; 846 + } 847 + 848 + iso_pi(sk)->bc_num_bis = sa->iso_bc->bc_num_bis; 849 + 850 + for (int i = 0; i < iso_pi(sk)->bc_num_bis; i++) 851 + if (sa->iso_bc->bc_bis[i] < 0x01 || 852 + sa->iso_bc->bc_bis[i] > 0x1f) { 853 + err = -EINVAL; 854 + goto done; 855 + } 856 + 857 + memcpy(iso_pi(sk)->bc_bis, sa->iso_bc->bc_bis, 858 + iso_pi(sk)->bc_num_bis); 859 + 860 + done: 861 + return err; 919 862 } 920 863 921 864 static int iso_sock_bind(struct socket *sock, struct sockaddr *addr, ··· 980 827 return -EINVAL; 981 828 982 829 lock_sock(sk); 830 + 831 + /* Allow the user to bind a PA sync socket to a number 832 + * of BISes to sync to. 833 + */ 834 + if (sk->sk_state == BT_CONNECT2 && 835 + test_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags)) { 836 + err = iso_sock_bind_pa_sk(sk, sa, addr_len); 837 + goto done; 838 + } 983 839 984 840 if (sk->sk_state != BT_OPEN) { 985 841 err = -EBADFD; ··· 1856 1694 parent->sk_data_ready(parent); 1857 1695 1858 1696 release_sock(parent); 1697 + sock_put(parent); 1859 1698 } 1860 1699 } 1861 1700 ··· 1922 1759 /* Try to get PA sync listening socket, if it exists */ 1923 1760 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1924 1761 iso_match_pa_sync_flag, NULL); 1925 - if (!sk) 1762 + 1763 + if (!sk) { 1926 1764 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1927 1765 iso_match_sync_handle, ev2); 1766 + 1767 + /* If PA Sync is in process of terminating, 1768 + * do not handle any more BIGInfo adv reports. 1769 + */ 1770 + 1771 + if (sk && test_bit(BT_SK_PA_SYNC_TERM, 1772 + &iso_pi(sk)->flags)) 1773 + return lm; 1774 + } 1775 + 1928 1776 if (sk) { 1929 1777 int err; 1930 1778 ··· 1952 1778 if (err) { 1953 1779 bt_dev_err(hdev, "hci_le_big_create_sync: %d", 1954 1780 err); 1781 + sock_put(sk); 1955 1782 sk = NULL; 1956 1783 } 1957 1784 } ··· 1984 1809 1985 1810 if (test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) 1986 1811 *flags |= HCI_PROTO_DEFER; 1812 + 1813 + sock_put(sk); 1987 1814 1988 1815 return lm; 1989 1816 }
+2 -1
net/bluetooth/l2cap_core.c
··· 6526 6526 if (len > skb->len || !cmd->ident) { 6527 6527 BT_DBG("corrupted command"); 6528 6528 l2cap_sig_send_rej(conn, cmd->ident); 6529 - break; 6529 + skb_pull(skb, len > skb->len ? skb->len : len); 6530 + continue; 6530 6531 } 6531 6532 6532 6533 err = l2cap_bredr_sig_cmd(conn, cmd, len, skb->data);
+66 -3
net/bluetooth/lib.c
··· 30 30 31 31 #include <net/bluetooth/bluetooth.h> 32 32 33 + /** 34 + * baswap() - Swaps the order of a bd address 35 + * @dst: Pointer to a bdaddr_t struct that will store the swapped 36 + * bd address. 37 + * @src: Pointer to the bdaddr_t struct to be swapped. 38 + * 39 + * This function reverses the byte order of a Bluetooth device 40 + * address. 41 + */ 33 42 void baswap(bdaddr_t *dst, const bdaddr_t *src) 34 43 { 35 44 const unsigned char *s = (const unsigned char *)src; ··· 50 41 } 51 42 EXPORT_SYMBOL(baswap); 52 43 53 - /* Bluetooth error codes to Unix errno mapping */ 44 + /** 45 + * bt_to_errno() - Bluetooth error codes to standard errno 46 + * @code: Bluetooth error code to be converted 47 + * 48 + * This function takes a Bluetooth error code as input and convets 49 + * it to an equivalent Unix/standard errno value. 50 + * 51 + * Return: 52 + * 53 + * If the bt error code is known, an equivalent Unix errno value 54 + * is returned. 55 + * If the given bt error code is not known, ENOSYS is returned. 56 + */ 54 57 int bt_to_errno(__u16 code) 55 58 { 56 59 switch (code) { ··· 156 135 } 157 136 EXPORT_SYMBOL(bt_to_errno); 158 137 159 - /* Unix errno to Bluetooth error codes mapping */ 138 + /** 139 + * bt_status() - Standard errno value to Bluetooth error code 140 + * @err: Unix/standard errno value to be converted 141 + * 142 + * This function converts a standard/Unix errno value to an 143 + * equivalent Bluetooth error code. 144 + * 145 + * Return: Bluetooth error code. 146 + * 147 + * If the given errno is not found, 0x1f is returned by default 148 + * which indicates an unspecified error. 149 + * For err >= 0, no conversion is performed, and the same value 150 + * is immediately returned. 151 + */ 160 152 __u8 bt_status(int err) 161 153 { 162 - /* Don't convert if already positive value */ 163 154 if (err >= 0) 164 155 return err; 165 156 ··· 239 206 } 240 207 EXPORT_SYMBOL(bt_status); 241 208 209 + /** 210 + * bt_info() - Log Bluetooth information message 211 + * @format: Message's format string 212 + */ 242 213 void bt_info(const char *format, ...) 243 214 { 244 215 struct va_format vaf; ··· 259 222 } 260 223 EXPORT_SYMBOL(bt_info); 261 224 225 + /** 226 + * bt_warn() - Log Bluetooth warning message 227 + * @format: Message's format string 228 + */ 262 229 void bt_warn(const char *format, ...) 263 230 { 264 231 struct va_format vaf; ··· 279 238 } 280 239 EXPORT_SYMBOL(bt_warn); 281 240 241 + /** 242 + * bt_err() - Log Bluetooth error message 243 + * @format: Message's format string 244 + */ 282 245 void bt_err(const char *format, ...) 283 246 { 284 247 struct va_format vaf; ··· 312 267 return debug_enable; 313 268 } 314 269 270 + /** 271 + * bt_dbg() - Log Bluetooth debugging message 272 + * @format: Message's format string 273 + */ 315 274 void bt_dbg(const char *format, ...) 316 275 { 317 276 struct va_format vaf; ··· 336 287 EXPORT_SYMBOL(bt_dbg); 337 288 #endif 338 289 290 + /** 291 + * bt_warn_ratelimited() - Log rate-limited Bluetooth warning message 292 + * @format: Message's format string 293 + * 294 + * This functions works like bt_warn, but it uses rate limiting 295 + * to prevent the message from being logged too often. 296 + */ 339 297 void bt_warn_ratelimited(const char *format, ...) 340 298 { 341 299 struct va_format vaf; ··· 359 303 } 360 304 EXPORT_SYMBOL(bt_warn_ratelimited); 361 305 306 + /** 307 + * bt_err_ratelimited() - Log rate-limited Bluetooth error message 308 + * @format: Message's format string 309 + * 310 + * This functions works like bt_err, but it uses rate limiting 311 + * to prevent the message from being logged too often. 312 + */ 362 313 void bt_err_ratelimited(const char *format, ...) 363 314 { 364 315 struct va_format vaf;
-17
net/bluetooth/mgmt.c
··· 10145 10145 return false; 10146 10146 } 10147 10147 10148 - static void restart_le_scan(struct hci_dev *hdev) 10149 - { 10150 - /* If controller is not scanning we are done. */ 10151 - if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 10152 - return; 10153 - 10154 - if (time_after(jiffies + DISCOV_LE_RESTART_DELAY, 10155 - hdev->discovery.scan_start + 10156 - hdev->discovery.scan_duration)) 10157 - return; 10158 - 10159 - queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart, 10160 - DISCOV_LE_RESTART_DELAY); 10161 - } 10162 - 10163 10148 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir, 10164 10149 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len) 10165 10150 { ··· 10179 10194 * scanning to ensure updated result with updated RSSI values. 10180 10195 */ 10181 10196 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) { 10182 - restart_le_scan(hdev); 10183 - 10184 10197 /* Validate RSSI value against the RSSI threshold once more. */ 10185 10198 if (hdev->discovery.rssi != HCI_RSSI_INVALID && 10186 10199 rssi < hdev->discovery.rssi)