tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-net-next-2023-10-23' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next

Luiz Augusto von Dentz says:

====================
bluetooth-next pull request for net-next:

- Add 0bda:b85b for Fn-Link RTL8852BE
- ISO: Many fixes for broadcast support
- Mark bcm4378/bcm4387 as BROKEN_LE_CODED
- Add support ITTIM PE50-M75C
- Add RTW8852BE device 13d3:3570
- Add support for QCA2066
- Add support for Intel Misty Peak - 8087:0038

* tag 'for-net-next-2023-10-23' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next:
Bluetooth: hci_sync: Fix Opcode prints in bt_dev_dbg/err
Bluetooth: Fix double free in hci_conn_cleanup
Bluetooth: btmtksdio: enable bluetooth wakeup in system suspend
Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
Bluetooth: hci_bcm4377: Mark bcm4378/bcm4387 as BROKEN_LE_CODED
Bluetooth: ISO: Copy BASE if service data matches EIR_BAA_SERVICE_UUID
Bluetooth: Make handle of hci_conn be unique
Bluetooth: btusb: Add date->evt_skb is NULL check
Bluetooth: ISO: Fix bcast listener cleanup
Bluetooth: msft: __hci_cmd_sync() doesn't return NULL
Bluetooth: ISO: Match QoS adv handle with BIG handle
Bluetooth: ISO: Allow binding a bcast listener to 0 bises
Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
Bluetooth: qca: add support for QCA2066
Bluetooth: ISO: Set CIS bit only for devices with CIS support
Bluetooth: Add support for Intel Misty Peak - 8087:0038
Bluetooth: Add support ITTIM PE50-M75C
Bluetooth: ISO: Pass BIG encryption info through QoS
Bluetooth: ISO: Fix BIS cleanup
====================

Link: https://lore.kernel.org/r/20231023182119.3629194-1-luiz.dentz@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski f4dbc2bb 4fb56e3e

+392 -169
+38 -6
drivers/bluetooth/btmtksdio.c
··· 118 118 #define BTMTKSDIO_FUNC_ENABLED 3 119 119 #define BTMTKSDIO_PATCH_ENABLED 4 120 120 #define BTMTKSDIO_HW_RESET_ACTIVE 5 121 + #define BTMTKSDIO_BT_WAKE_ENABLED 6 121 122 122 123 struct mtkbtsdio_hdr { 123 124 __le16 len; ··· 555 554 sdio_claim_host(bdev->func); 556 555 557 556 /* Disable interrupt */ 558 - sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, 0); 557 + sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, NULL); 559 558 560 559 txrx_timeout = jiffies + 5 * HZ; 561 560 ··· 577 576 if ((int_status & FW_MAILBOX_INT) && 578 577 bdev->data->chipid == 0x7921) { 579 578 sdio_writel(bdev->func, PH2DSM0R_DRIVER_OWN, 580 - MTK_REG_PH2DSM0R, 0); 579 + MTK_REG_PH2DSM0R, NULL); 581 580 } 582 581 583 582 if (int_status & FW_OWN_BACK_INT) ··· 609 608 } while (int_status || time_is_before_jiffies(txrx_timeout)); 610 609 611 610 /* Enable interrupt */ 612 - sdio_writel(bdev->func, C_INT_EN_SET, MTK_REG_CHLPCR, 0); 611 + sdio_writel(bdev->func, C_INT_EN_SET, MTK_REG_CHLPCR, NULL); 613 612 614 613 sdio_release_host(bdev->func); 615 614 ··· 621 620 { 622 621 struct btmtksdio_dev *bdev = sdio_get_drvdata(func); 623 622 623 + if (test_bit(BTMTKSDIO_BT_WAKE_ENABLED, &bdev->tx_state)) { 624 + if (bdev->hdev->suspended) 625 + pm_wakeup_event(bdev->dev, 0); 626 + clear_bit(BTMTKSDIO_BT_WAKE_ENABLED, &bdev->tx_state); 627 + } 628 + 624 629 /* Disable interrupt */ 625 - sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, 0); 630 + sdio_writel(bdev->func, C_INT_EN_CLR, MTK_REG_CHLPCR, NULL); 626 631 627 632 schedule_work(&bdev->txrx_work); 628 633 } ··· 1461 1454 return err; 1462 1455 } 1463 1456 1457 + static int btmtksdio_system_suspend(struct device *dev) 1458 + { 1459 + struct sdio_func *func = dev_to_sdio_func(dev); 1460 + struct btmtksdio_dev *bdev; 1461 + 1462 + bdev = sdio_get_drvdata(func); 1463 + if (!bdev) 1464 + return 0; 1465 + 1466 + if (!test_bit(BTMTKSDIO_FUNC_ENABLED, &bdev->tx_state)) 1467 + return 0; 1468 + 1469 + set_bit(BTMTKSDIO_BT_WAKE_ENABLED, &bdev->tx_state); 1470 + 1471 + return btmtksdio_runtime_suspend(dev); 1472 + } 1473 + 1464 1474 static int btmtksdio_runtime_resume(struct device *dev) 1465 1475 { 1466 1476 struct sdio_func *func = dev_to_sdio_func(dev); ··· 1498 1474 return err; 1499 1475 } 1500 1476 1501 - static UNIVERSAL_DEV_PM_OPS(btmtksdio_pm_ops, btmtksdio_runtime_suspend, 1502 - btmtksdio_runtime_resume, NULL); 1477 + static int btmtksdio_system_resume(struct device *dev) 1478 + { 1479 + return btmtksdio_runtime_resume(dev); 1480 + } 1481 + 1482 + static const struct dev_pm_ops btmtksdio_pm_ops = { 1483 + SYSTEM_SLEEP_PM_OPS(btmtksdio_system_suspend, btmtksdio_system_resume) 1484 + RUNTIME_PM_OPS(btmtksdio_runtime_suspend, btmtksdio_runtime_resume, NULL) 1485 + }; 1486 + 1503 1487 #define BTMTKSDIO_PM_OPS (&btmtksdio_pm_ops) 1504 1488 #else /* CONFIG_PM */ 1505 1489 #define BTMTKSDIO_PM_OPS NULL
+68
drivers/bluetooth/btqca.c
··· 205 205 return 0; 206 206 } 207 207 208 + static int qca_read_fw_board_id(struct hci_dev *hdev, u16 *bid) 209 + { 210 + u8 cmd; 211 + struct sk_buff *skb; 212 + struct edl_event_hdr *edl; 213 + int err = 0; 214 + 215 + cmd = EDL_GET_BID_REQ_CMD; 216 + skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 217 + &cmd, 0, HCI_INIT_TIMEOUT); 218 + if (IS_ERR(skb)) { 219 + err = PTR_ERR(skb); 220 + bt_dev_err(hdev, "Reading QCA board ID failed (%d)", err); 221 + return err; 222 + } 223 + 224 + edl = skb_pull_data(skb, sizeof(*edl)); 225 + if (!edl) { 226 + bt_dev_err(hdev, "QCA read board ID with no header"); 227 + err = -EILSEQ; 228 + goto out; 229 + } 230 + 231 + if (edl->cresp != EDL_CMD_REQ_RES_EVT || 232 + edl->rtype != EDL_GET_BID_REQ_CMD) { 233 + bt_dev_err(hdev, "QCA Wrong packet: %d %d", edl->cresp, edl->rtype); 234 + err = -EIO; 235 + goto out; 236 + } 237 + 238 + *bid = (edl->data[1] << 8) + edl->data[2]; 239 + bt_dev_dbg(hdev, "%s: bid = %x", __func__, *bid); 240 + 241 + out: 242 + kfree_skb(skb); 243 + return err; 244 + } 245 + 208 246 int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) 209 247 { 210 248 struct sk_buff *skb; ··· 612 574 } 613 575 EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 614 576 577 + static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, 578 + struct qca_btsoc_version ver, u8 rom_ver, u16 bid) 579 + { 580 + const char *variant; 581 + 582 + /* hsp gf chip */ 583 + if ((le32_to_cpu(ver.soc_id) & QCA_HSP_GF_SOC_MASK) == QCA_HSP_GF_SOC_ID) 584 + variant = "g"; 585 + else 586 + variant = ""; 587 + 588 + if (bid == 0x0) 589 + snprintf(fwname, max_size, "qca/hpnv%02x%s.bin", rom_ver, variant); 590 + else 591 + snprintf(fwname, max_size, "qca/hpnv%02x%s.%x", rom_ver, variant, bid); 592 + } 593 + 615 594 int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, 616 595 enum qca_btsoc_type soc_type, struct qca_btsoc_version ver, 617 596 const char *firmware_name) ··· 637 582 int err; 638 583 u8 rom_ver = 0; 639 584 u32 soc_ver; 585 + u16 boardid = 0; 640 586 641 587 bt_dev_dbg(hdev, "QCA setup on UART"); 642 588 ··· 670 614 case QCA_WCN3988: 671 615 snprintf(config.fwname, sizeof(config.fwname), 672 616 "qca/apbtfw%02x.tlv", rom_ver); 617 + break; 618 + case QCA_QCA2066: 619 + snprintf(config.fwname, sizeof(config.fwname), 620 + "qca/hpbtfw%02x.tlv", rom_ver); 673 621 break; 674 622 case QCA_QCA6390: 675 623 snprintf(config.fwname, sizeof(config.fwname), ··· 709 649 /* Give the controller some time to get ready to receive the NVM */ 710 650 msleep(10); 711 651 652 + if (soc_type == QCA_QCA2066) 653 + qca_read_fw_board_id(hdev, &boardid); 654 + 712 655 /* Download NVM configuration */ 713 656 config.type = TLV_TYPE_NVM; 714 657 if (firmware_name) { ··· 733 670 case QCA_WCN3988: 734 671 snprintf(config.fwname, sizeof(config.fwname), 735 672 "qca/apnv%02x.bin", rom_ver); 673 + break; 674 + case QCA_QCA2066: 675 + qca_generate_hsp_nvm_name(config.fwname, 676 + sizeof(config.fwname), ver, rom_ver, boardid); 736 677 break; 737 678 case QCA_QCA6390: 738 679 snprintf(config.fwname, sizeof(config.fwname), ··· 769 702 770 703 switch (soc_type) { 771 704 case QCA_WCN3991: 705 + case QCA_QCA2066: 772 706 case QCA_QCA6390: 773 707 case QCA_WCN6750: 774 708 case QCA_WCN6855:
+4 -1
drivers/bluetooth/btqca.h
··· 12 12 #define EDL_PATCH_VER_REQ_CMD (0x19) 13 13 #define EDL_PATCH_TLV_REQ_CMD (0x1E) 14 14 #define EDL_GET_BUILD_INFO_CMD (0x20) 15 + #define EDL_GET_BID_REQ_CMD (0x23) 15 16 #define EDL_NVM_ACCESS_SET_REQ_CMD (0x01) 16 17 #define EDL_PATCH_CONFIG_CMD (0x28) 17 18 #define MAX_SIZE_PER_TLV_SEGMENT (243) ··· 48 47 ((le32_to_cpu(soc_id) << 16) | (le16_to_cpu(rom_ver))) 49 48 50 49 #define QCA_FW_BUILD_VER_LEN 255 51 - 50 + #define QCA_HSP_GF_SOC_ID 0x1200 51 + #define QCA_HSP_GF_SOC_MASK 0x0000ff00 52 52 53 53 enum qca_baudrate { 54 54 QCA_BAUDRATE_115200 = 0, ··· 148 146 QCA_WCN3990, 149 147 QCA_WCN3998, 150 148 QCA_WCN3991, 149 + QCA_QCA2066, 151 150 QCA_QCA6390, 152 151 QCA_WCN6750, 153 152 QCA_WCN6855,
+11
drivers/bluetooth/btusb.c
··· 477 477 { USB_DEVICE(0x8087, 0x0033), .driver_info = BTUSB_INTEL_COMBINED }, 478 478 { USB_DEVICE(0x8087, 0x0035), .driver_info = BTUSB_INTEL_COMBINED }, 479 479 { USB_DEVICE(0x8087, 0x0036), .driver_info = BTUSB_INTEL_COMBINED }, 480 + { USB_DEVICE(0x8087, 0x0038), .driver_info = BTUSB_INTEL_COMBINED }, 480 481 { USB_DEVICE(0x8087, 0x07da), .driver_info = BTUSB_CSR }, 481 482 { USB_DEVICE(0x8087, 0x07dc), .driver_info = BTUSB_INTEL_COMBINED | 482 483 BTUSB_INTEL_NO_WBS_SUPPORT | ··· 543 542 { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | 544 543 BTUSB_WIDEBAND_SPEECH }, 545 544 { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | 545 + BTUSB_WIDEBAND_SPEECH }, 546 + { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | 547 + BTUSB_WIDEBAND_SPEECH }, 548 + { USB_DEVICE(0x13d3, 0x3570), .driver_info = BTUSB_REALTEK | 546 549 BTUSB_WIDEBAND_SPEECH }, 547 550 { USB_DEVICE(0x13d3, 0x3571), .driver_info = BTUSB_REALTEK | 548 551 BTUSB_WIDEBAND_SPEECH }, ··· 647 642 BTUSB_WIDEBAND_SPEECH | 648 643 BTUSB_VALID_LE_STATES }, 649 644 { USB_DEVICE(0x04ca, 0x3804), .driver_info = BTUSB_MEDIATEK | 645 + BTUSB_WIDEBAND_SPEECH | 646 + BTUSB_VALID_LE_STATES }, 647 + { USB_DEVICE(0x35f5, 0x7922), .driver_info = BTUSB_MEDIATEK | 650 648 BTUSB_WIDEBAND_SPEECH | 651 649 BTUSB_VALID_LE_STATES }, 652 650 ··· 2825 2817 err = -ETIMEDOUT; 2826 2818 goto err_free_wc; 2827 2819 } 2820 + 2821 + if (data->evt_skb == NULL) 2822 + goto err_free_wc; 2828 2823 2829 2824 /* Parse and handle the return WMT event */ 2830 2825 wmt_evt = (struct btmtk_hci_wmt_evt *)data->evt_skb->data;
+5
drivers/bluetooth/hci_bcm4377.c
··· 512 512 unsigned long disable_aspm : 1; 513 513 unsigned long broken_ext_scan : 1; 514 514 unsigned long broken_mws_transport_config : 1; 515 + unsigned long broken_le_coded : 1; 515 516 516 517 int (*send_calibration)(struct bcm4377_data *bcm4377); 517 518 int (*send_ptb)(struct bcm4377_data *bcm4377, ··· 2373 2372 set_bit(HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG, &hdev->quirks); 2374 2373 if (bcm4377->hw->broken_ext_scan) 2375 2374 set_bit(HCI_QUIRK_BROKEN_EXT_SCAN, &hdev->quirks); 2375 + if (bcm4377->hw->broken_le_coded) 2376 + set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks); 2376 2377 2377 2378 pci_set_drvdata(pdev, bcm4377); 2378 2379 hci_set_drvdata(hdev, bcm4377); ··· 2464 2461 .bar0_core2_window2 = 0x18107000, 2465 2462 .has_bar0_core2_window2 = true, 2466 2463 .broken_mws_transport_config = true, 2464 + .broken_le_coded = true, 2467 2465 .send_calibration = bcm4378_send_calibration, 2468 2466 .send_ptb = bcm4378_send_ptb, 2469 2467 }, ··· 2478 2474 .has_bar0_core2_window2 = true, 2479 2475 .clear_pciecfg_subsystem_ctrl_bit19 = true, 2480 2476 .broken_mws_transport_config = true, 2477 + .broken_le_coded = true, 2481 2478 .send_calibration = bcm4387_send_calibration, 2482 2479 .send_ptb = bcm4378_send_ptb, 2483 2480 },
+11
drivers/bluetooth/hci_qca.c
··· 1841 1841 set_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks); 1842 1842 1843 1843 switch (soc_type) { 1844 + case QCA_QCA2066: 1845 + soc_name = "qca2066"; 1846 + break; 1847 + 1844 1848 case QCA_WCN3988: 1845 1849 case QCA_WCN3990: 1846 1850 case QCA_WCN3991: ··· 2034 2030 { "vddch0", 450000 }, 2035 2031 }, 2036 2032 .num_vregs = 4, 2033 + }; 2034 + 2035 + static const struct qca_device_data qca_soc_data_qca2066 __maybe_unused = { 2036 + .soc_type = QCA_QCA2066, 2037 + .num_vregs = 0, 2037 2038 }; 2038 2039 2039 2040 static const struct qca_device_data qca_soc_data_qca6390 __maybe_unused = { ··· 2568 2559 2569 2560 #ifdef CONFIG_OF 2570 2561 static const struct of_device_id qca_bluetooth_of_match[] = { 2562 + { .compatible = "qcom,qca2066-bt", .data = &qca_soc_data_qca2066}, 2571 2563 { .compatible = "qcom,qca6174-bt" }, 2572 2564 { .compatible = "qcom,qca6390-bt", .data = &qca_soc_data_qca6390}, 2573 2565 { .compatible = "qcom,qca9377-bt" }, ··· 2586 2576 2587 2577 #ifdef CONFIG_ACPI 2588 2578 static const struct acpi_device_id qca_bluetooth_acpi_match[] = { 2579 + { "QCOM2066", (kernel_ulong_t)&qca_soc_data_qca2066 }, 2589 2580 { "QCOM6390", (kernel_ulong_t)&qca_soc_data_qca6390 }, 2590 2581 { "DLA16390", (kernel_ulong_t)&qca_soc_data_qca6390 }, 2591 2582 { "DLB16390", (kernel_ulong_t)&qca_soc_data_qca6390 },
+3
include/net/bluetooth/hci.h
··· 1 1 /* 2 2 BlueZ - Bluetooth protocol stack for Linux 3 3 Copyright (C) 2000-2001 Qualcomm Incorporated 4 + Copyright 2023 NXP 4 5 5 6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com> 6 7 ··· 673 672 /* The core spec defines 127 as the "not available" value */ 674 673 #define HCI_TX_POWER_INVALID 127 675 674 #define HCI_RSSI_INVALID 127 675 + 676 + #define HCI_SYNC_HANDLE_INVALID 0xffff 676 677 677 678 #define HCI_ROLE_MASTER 0x00 678 679 #define HCI_ROLE_SLAVE 0x01
+49 -25
include/net/bluetooth/hci_core.h
··· 350 350 struct list_head list; 351 351 struct mutex lock; 352 352 353 + struct ida unset_handle_ida; 354 + 353 355 const char *name; 354 356 unsigned long flags; 355 357 __u16 id; ··· 1292 1290 return NULL; 1293 1291 } 1294 1292 1295 - static inline struct hci_conn *hci_conn_hash_lookup_big_any_dst(struct hci_dev *hdev, 1296 - __u8 handle) 1297 - { 1298 - struct hci_conn_hash *h = &hdev->conn_hash; 1299 - struct hci_conn *c; 1300 - 1301 - rcu_read_lock(); 1302 - 1303 - list_for_each_entry_rcu(c, &h->list, list) { 1304 - if (c->type != ISO_LINK) 1305 - continue; 1306 - 1307 - if (handle != BT_ISO_QOS_BIG_UNSET && handle == c->iso_qos.bcast.big) { 1308 - rcu_read_unlock(); 1309 - return c; 1310 - } 1311 - } 1312 - 1313 - rcu_read_unlock(); 1314 - 1315 - return NULL; 1316 - } 1317 - 1318 1293 static inline struct hci_conn * 1319 - hci_conn_hash_lookup_pa_sync(struct hci_dev *hdev, __u8 big) 1294 + hci_conn_hash_lookup_pa_sync_big_handle(struct hci_dev *hdev, __u8 big) 1320 1295 { 1321 1296 struct hci_conn_hash *h = &hdev->conn_hash; 1322 1297 struct hci_conn *c; ··· 1306 1327 continue; 1307 1328 1308 1329 if (c->iso_qos.bcast.big == big) { 1330 + rcu_read_unlock(); 1331 + return c; 1332 + } 1333 + } 1334 + rcu_read_unlock(); 1335 + 1336 + return NULL; 1337 + } 1338 + 1339 + static inline struct hci_conn * 1340 + hci_conn_hash_lookup_pa_sync_handle(struct hci_dev *hdev, __u16 sync_handle) 1341 + { 1342 + struct hci_conn_hash *h = &hdev->conn_hash; 1343 + struct hci_conn *c; 1344 + 1345 + rcu_read_lock(); 1346 + 1347 + list_for_each_entry_rcu(c, &h->list, list) { 1348 + if (c->type != ISO_LINK || 1349 + !test_bit(HCI_CONN_PA_SYNC, &c->flags)) 1350 + continue; 1351 + 1352 + if (c->sync_handle == sync_handle) { 1309 1353 rcu_read_unlock(); 1310 1354 return c; 1311 1355 } ··· 1373 1371 1374 1372 list_for_each_entry_rcu(c, &h->list, list) { 1375 1373 if (c->type == type && c->state == state) 1374 + func(c, data); 1375 + } 1376 + 1377 + rcu_read_unlock(); 1378 + } 1379 + 1380 + static inline void hci_conn_hash_list_flag(struct hci_dev *hdev, 1381 + hci_conn_func_t func, __u8 type, 1382 + __u8 flag, void *data) 1383 + { 1384 + struct hci_conn_hash *h = &hdev->conn_hash; 1385 + struct hci_conn *c; 1386 + 1387 + if (!func) 1388 + return; 1389 + 1390 + rcu_read_lock(); 1391 + 1392 + list_for_each_entry_rcu(c, &h->list, list) { 1393 + if (c->type == type && test_bit(flag, &c->flags)) 1376 1394 func(c, data); 1377 1395 } 1378 1396 ··· 1448 1426 int hci_conn_check_create_cis(struct hci_conn *conn); 1449 1427 1450 1428 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, 1451 - u8 role); 1429 + u8 role, u16 handle); 1430 + struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, 1431 + bdaddr_t *dst, u8 role); 1452 1432 void hci_conn_del(struct hci_conn *conn); 1453 1433 void hci_conn_hash_flush(struct hci_dev *hdev); 1454 1434 void hci_conn_check_pending(struct hci_dev *hdev);
+2
include/net/bluetooth/hci_sync.h
··· 80 80 u8 *data, u32 flags, u16 min_interval, 81 81 u16 max_interval, u16 sync_interval); 82 82 83 + int hci_disable_per_advertising_sync(struct hci_dev *hdev, u8 instance); 84 + 83 85 int hci_remove_advertising_sync(struct hci_dev *hdev, struct sock *sk, 84 86 u8 instance, bool force); 85 87 int hci_disable_advertising_sync(struct hci_dev *hdev);
+1 -2
net/bluetooth/amp.c
··· 109 109 struct hci_conn *hcon; 110 110 u8 role = out ? HCI_ROLE_MASTER : HCI_ROLE_SLAVE; 111 111 112 - hcon = hci_conn_add(hdev, AMP_LINK, dst, role); 112 + hcon = hci_conn_add(hdev, AMP_LINK, dst, role, __next_handle(mgr)); 113 113 if (!hcon) 114 114 return NULL; 115 115 ··· 117 117 118 118 hcon->state = BT_CONNECT; 119 119 hcon->attempt++; 120 - hcon->handle = __next_handle(mgr); 121 120 hcon->remote_id = remote_id; 122 121 hcon->amp_mgr = amp_mgr_get(mgr); 123 122
+85 -38
net/bluetooth/hci_conn.c
··· 153 153 154 154 hci_conn_hash_del(hdev, conn); 155 155 156 + if (HCI_CONN_HANDLE_UNSET(conn->handle)) 157 + ida_free(&hdev->unset_handle_ida, conn->handle); 158 + 156 159 if (conn->cleanup) 157 160 conn->cleanup(conn); 158 161 ··· 172 169 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL); 173 170 } 174 171 175 - hci_conn_del_sysfs(conn); 176 - 177 172 debugfs_remove_recursive(conn->debugfs); 178 173 179 - hci_dev_put(hdev); 174 + hci_conn_del_sysfs(conn); 180 175 181 - hci_conn_put(conn); 176 + hci_dev_put(hdev); 182 177 } 183 178 184 179 static void hci_acl_create_connection(struct hci_conn *conn) ··· 760 759 761 760 bt_dev_dbg(hdev, "big 0x%2.2x bis 0x%2.2x", d->big, d->bis); 762 761 762 + hci_disable_per_advertising_sync(hdev, d->bis); 763 763 hci_remove_ext_adv_instance_sync(hdev, d->bis, NULL); 764 764 765 765 /* Only terminate BIG if it has been created */ ··· 816 814 return 0; 817 815 } 818 816 817 + static void find_bis(struct hci_conn *conn, void *data) 818 + { 819 + struct iso_list_data *d = data; 820 + 821 + /* Ignore if BIG doesn't match */ 822 + if (d->big != conn->iso_qos.bcast.big) 823 + return; 824 + 825 + d->count++; 826 + } 827 + 819 828 static int hci_le_big_terminate(struct hci_dev *hdev, u8 big, struct hci_conn *conn) 820 829 { 821 830 struct iso_list_data *d; ··· 838 825 if (!d) 839 826 return -ENOMEM; 840 827 828 + memset(d, 0, sizeof(*d)); 841 829 d->big = big; 842 830 d->sync_handle = conn->sync_handle; 843 - d->pa_sync_term = test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags); 844 - d->big_sync_term = test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags); 831 + 832 + if (test_and_clear_bit(HCI_CONN_PA_SYNC, &conn->flags)) { 833 + hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK, 834 + HCI_CONN_PA_SYNC, d); 835 + 836 + if (!d->count) 837 + d->pa_sync_term = true; 838 + 839 + d->count = 0; 840 + } 841 + 842 + if (test_and_clear_bit(HCI_CONN_BIG_SYNC, &conn->flags)) { 843 + hci_conn_hash_list_flag(hdev, find_bis, ISO_LINK, 844 + HCI_CONN_BIG_SYNC, d); 845 + 846 + if (!d->count) 847 + d->big_sync_term = true; 848 + } 845 849 846 850 ret = hci_cmd_sync_queue(hdev, big_terminate_sync, d, 847 851 terminate_big_destroy); ··· 894 864 895 865 hci_le_terminate_big(hdev, conn); 896 866 } else { 897 - bis = hci_conn_hash_lookup_big_any_dst(hdev, 898 - conn->iso_qos.bcast.big); 899 - 900 - if (bis) 901 - return; 902 - 903 867 hci_le_big_terminate(hdev, conn->iso_qos.bcast.big, 904 868 conn); 905 869 } ··· 952 928 hci_le_remove_cig(hdev, conn->iso_qos.ucast.cig); 953 929 } 954 930 955 - static u16 hci_conn_hash_alloc_unset(struct hci_dev *hdev) 931 + static int hci_conn_hash_alloc_unset(struct hci_dev *hdev) 956 932 { 957 - struct hci_conn_hash *h = &hdev->conn_hash; 958 - struct hci_conn *c; 959 - u16 handle = HCI_CONN_HANDLE_MAX + 1; 960 - 961 - rcu_read_lock(); 962 - 963 - list_for_each_entry_rcu(c, &h->list, list) { 964 - /* Find the first unused handle */ 965 - if (handle == 0xffff || c->handle != handle) 966 - break; 967 - handle++; 968 - } 969 - rcu_read_unlock(); 970 - 971 - return handle; 933 + return ida_alloc_range(&hdev->unset_handle_ida, HCI_CONN_HANDLE_MAX + 1, 934 + U16_MAX, GFP_ATOMIC); 972 935 } 973 936 974 937 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, 975 - u8 role) 938 + u8 role, u16 handle) 976 939 { 977 940 struct hci_conn *conn; 978 941 979 - BT_DBG("%s dst %pMR", hdev->name, dst); 942 + bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); 980 943 981 944 conn = kzalloc(sizeof(*conn), GFP_KERNEL); 982 945 if (!conn) ··· 971 960 972 961 bacpy(&conn->dst, dst); 973 962 bacpy(&conn->src, &hdev->bdaddr); 974 - conn->handle = hci_conn_hash_alloc_unset(hdev); 963 + conn->handle = handle; 975 964 conn->hdev = hdev; 976 965 conn->type = type; 977 966 conn->role = role; ··· 984 973 conn->rssi = HCI_RSSI_INVALID; 985 974 conn->tx_power = HCI_TX_POWER_INVALID; 986 975 conn->max_tx_power = HCI_TX_POWER_INVALID; 976 + conn->sync_handle = HCI_SYNC_HANDLE_INVALID; 987 977 988 978 set_bit(HCI_CONN_POWER_SAVE, &conn->flags); 989 979 conn->disc_timeout = HCI_DISCONN_TIMEOUT; ··· 1054 1042 hci_conn_init_sysfs(conn); 1055 1043 1056 1044 return conn; 1045 + } 1046 + 1047 + struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, 1048 + bdaddr_t *dst, u8 role) 1049 + { 1050 + int handle; 1051 + 1052 + bt_dev_dbg(hdev, "dst %pMR", dst); 1053 + 1054 + handle = hci_conn_hash_alloc_unset(hdev); 1055 + if (unlikely(handle < 0)) 1056 + return NULL; 1057 + 1058 + return hci_conn_add(hdev, type, dst, role, handle); 1057 1059 } 1058 1060 1059 1061 static void hci_conn_cleanup_child(struct hci_conn *conn, u8 reason) ··· 1273 1247 break; 1274 1248 } 1275 1249 1250 + /* In case of BIG/PA sync failed, clear conn flags so that 1251 + * the conns will be correctly cleaned up by ISO layer 1252 + */ 1253 + test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags); 1254 + test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags); 1255 + 1276 1256 conn->state = BT_CLOSED; 1277 1257 hci_connect_cfm(conn, status); 1278 1258 hci_conn_del(conn); ··· 1305 1273 */ 1306 1274 if (conn->abort_reason) 1307 1275 return conn->abort_reason; 1276 + 1277 + if (HCI_CONN_HANDLE_UNSET(conn->handle)) 1278 + ida_free(&hdev->unset_handle_ida, conn->handle); 1308 1279 1309 1280 conn->handle = handle; 1310 1281 ··· 1416 1381 if (conn) { 1417 1382 bacpy(&conn->dst, dst); 1418 1383 } else { 1419 - conn = hci_conn_add(hdev, LE_LINK, dst, role); 1384 + conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); 1420 1385 if (!conn) 1421 1386 return ERR_PTR(-ENOMEM); 1422 1387 hci_conn_hold(conn); ··· 1521 1486 1522 1487 /* Allocate BIS if not set */ 1523 1488 if (qos->bcast.bis == BT_ISO_QOS_BIS_UNSET) { 1489 + if (qos->bcast.big != BT_ISO_QOS_BIG_UNSET) { 1490 + conn = hci_conn_hash_lookup_big(hdev, qos->bcast.big); 1491 + 1492 + if (conn) { 1493 + /* If the BIG handle is already matched to an advertising 1494 + * handle, do not allocate a new one. 1495 + */ 1496 + qos->bcast.bis = conn->iso_qos.bcast.bis; 1497 + return 0; 1498 + } 1499 + } 1500 + 1524 1501 /* Find an unused adv set to advertise BIS, skip instance 0x00 1525 1502 * since it is reserved as general purpose set. 1526 1503 */ ··· 1593 1546 memcmp(conn->le_per_adv_data, base, base_len))) 1594 1547 return ERR_PTR(-EADDRINUSE); 1595 1548 1596 - conn = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); 1549 + conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); 1597 1550 if (!conn) 1598 1551 return ERR_PTR(-ENOMEM); 1599 1552 ··· 1637 1590 1638 1591 BT_DBG("requesting refresh of dst_addr"); 1639 1592 1640 - conn = hci_conn_add(hdev, LE_LINK, dst, HCI_ROLE_MASTER); 1593 + conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); 1641 1594 if (!conn) 1642 1595 return ERR_PTR(-ENOMEM); 1643 1596 ··· 1685 1638 1686 1639 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 1687 1640 if (!acl) { 1688 - acl = hci_conn_add(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); 1641 + acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); 1689 1642 if (!acl) 1690 1643 return ERR_PTR(-ENOMEM); 1691 1644 } ··· 1745 1698 1746 1699 sco = hci_conn_hash_lookup_ba(hdev, type, dst); 1747 1700 if (!sco) { 1748 - sco = hci_conn_add(hdev, type, dst, HCI_ROLE_MASTER); 1701 + sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); 1749 1702 if (!sco) { 1750 1703 hci_conn_drop(acl); 1751 1704 return ERR_PTR(-ENOMEM); ··· 1937 1890 cis = hci_conn_hash_lookup_cis(hdev, dst, dst_type, qos->ucast.cig, 1938 1891 qos->ucast.cis); 1939 1892 if (!cis) { 1940 - cis = hci_conn_add(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); 1893 + cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); 1941 1894 if (!cis) 1942 1895 return ERR_PTR(-ENOMEM); 1943 1896 cis->cleanup = cis_cleanup; ··· 2186 2139 } pdu; 2187 2140 int err; 2188 2141 2189 - if (num_bis > sizeof(pdu.bis)) 2142 + if (num_bis < 0x01 || num_bis > sizeof(pdu.bis)) 2190 2143 return -EINVAL; 2191 2144 2192 2145 err = qos_set_big(hdev, qos);
+3
net/bluetooth/hci_core.c
··· 2535 2535 mutex_init(&hdev->lock); 2536 2536 mutex_init(&hdev->req_lock); 2537 2537 2538 + ida_init(&hdev->unset_handle_ida); 2539 + 2538 2540 INIT_LIST_HEAD(&hdev->mesh_pending); 2539 2541 INIT_LIST_HEAD(&hdev->mgmt_pending); 2540 2542 INIT_LIST_HEAD(&hdev->reject_list); ··· 2791 2789 hci_codec_list_clear(&hdev->local_codecs); 2792 2790 hci_dev_unlock(hdev); 2793 2791 2792 + ida_destroy(&hdev->unset_handle_ida); 2794 2793 ida_simple_remove(&hci_index_ida, hdev->id); 2795 2794 kfree_skb(hdev->sent_cmd); 2796 2795 kfree_skb(hdev->recv_event);
+50 -42
net/bluetooth/hci_event.c
··· 2335 2335 } 2336 2336 } else { 2337 2337 if (!conn) { 2338 - conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr, 2339 - HCI_ROLE_MASTER); 2338 + conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr, 2339 + HCI_ROLE_MASTER); 2340 2340 if (!conn) 2341 2341 bt_dev_err(hdev, "no memory for new connection"); 2342 2342 } ··· 3151 3151 hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, 3152 3152 &ev->bdaddr, 3153 3153 BDADDR_BREDR)) { 3154 - conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr, 3155 - HCI_ROLE_SLAVE); 3154 + conn = hci_conn_add_unset(hdev, ev->link_type, 3155 + &ev->bdaddr, HCI_ROLE_SLAVE); 3156 3156 if (!conn) { 3157 3157 bt_dev_err(hdev, "no memory for new conn"); 3158 3158 goto unlock; ··· 3317 3317 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, 3318 3318 &ev->bdaddr); 3319 3319 if (!conn) { 3320 - conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr, 3321 - HCI_ROLE_SLAVE); 3320 + conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, 3321 + HCI_ROLE_SLAVE); 3322 3322 if (!conn) { 3323 3323 bt_dev_err(hdev, "no memory for new connection"); 3324 3324 goto unlock; ··· 5890 5890 if (status) 5891 5891 goto unlock; 5892 5892 5893 - conn = hci_conn_add(hdev, LE_LINK, bdaddr, role); 5893 + conn = hci_conn_add_unset(hdev, LE_LINK, bdaddr, role); 5894 5894 if (!conn) { 5895 5895 bt_dev_err(hdev, "no memory for new connection"); 5896 5896 goto unlock; ··· 5952 5952 5953 5953 conn->dst_type = ev_bdaddr_type(hdev, conn->dst_type, NULL); 5954 5954 5955 - if (handle > HCI_CONN_HANDLE_MAX) { 5956 - bt_dev_err(hdev, "Invalid handle: 0x%4.4x > 0x%4.4x", handle, 5957 - HCI_CONN_HANDLE_MAX); 5958 - status = HCI_ERROR_INVALID_PARAMETERS; 5959 - } 5960 - 5961 5955 /* All connection failure handling is taken care of by the 5962 5956 * hci_conn_failed function which is triggered by the HCI 5963 5957 * request completion callbacks used for connecting. 5964 5958 */ 5965 - if (status) 5959 + if (status || hci_conn_set_handle(conn, handle)) 5966 5960 goto unlock; 5967 5961 5968 5962 /* Drop the connection if it has been aborted */ ··· 5980 5986 mgmt_device_connected(hdev, conn, NULL, 0); 5981 5987 5982 5988 conn->sec_level = BT_SECURITY_LOW; 5983 - conn->handle = handle; 5984 5989 conn->state = BT_CONFIG; 5985 5990 5986 5991 /* Store current advertising instance as connection advertising instance ··· 6596 6603 struct hci_ev_le_pa_sync_established *ev = data; 6597 6604 int mask = hdev->link_mode; 6598 6605 __u8 flags = 0; 6599 - struct hci_conn *bis; 6606 + struct hci_conn *pa_sync; 6600 6607 6601 6608 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); 6602 6609 ··· 6613 6620 if (!(flags & HCI_PROTO_DEFER)) 6614 6621 goto unlock; 6615 6622 6616 - /* Add connection to indicate the PA sync event */ 6617 - bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, 6618 - HCI_ROLE_SLAVE); 6623 + if (ev->status) { 6624 + /* Add connection to indicate the failed PA sync event */ 6625 + pa_sync = hci_conn_add_unset(hdev, ISO_LINK, BDADDR_ANY, 6626 + HCI_ROLE_SLAVE); 6619 6627 6620 - if (!bis) 6621 - goto unlock; 6628 + if (!pa_sync) 6629 + goto unlock; 6622 6630 6623 - if (ev->status) 6624 - set_bit(HCI_CONN_PA_SYNC_FAILED, &bis->flags); 6625 - else 6626 - set_bit(HCI_CONN_PA_SYNC, &bis->flags); 6631 + set_bit(HCI_CONN_PA_SYNC_FAILED, &pa_sync->flags); 6627 6632 6628 - /* Notify connection to iso layer */ 6629 - hci_connect_cfm(bis, ev->status); 6633 + /* Notify iso layer */ 6634 + hci_connect_cfm(pa_sync, ev->status); 6635 + } 6630 6636 6631 6637 unlock: 6632 6638 hci_dev_unlock(hdev); ··· 7012 7020 7013 7021 cis = hci_conn_hash_lookup_handle(hdev, cis_handle); 7014 7022 if (!cis) { 7015 - cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE); 7023 + cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE, 7024 + cis_handle); 7016 7025 if (!cis) { 7017 7026 hci_le_reject_cis(hdev, ev->cis_handle); 7018 7027 goto unlock; 7019 7028 } 7020 - cis->handle = cis_handle; 7021 7029 } 7022 7030 7023 7031 cis->iso_qos.ucast.cig = ev->cig_id; ··· 7105 7113 { 7106 7114 struct hci_evt_le_big_sync_estabilished *ev = data; 7107 7115 struct hci_conn *bis; 7108 - struct hci_conn *pa_sync; 7109 7116 int i; 7110 7117 7111 7118 bt_dev_dbg(hdev, "status 0x%2.2x", ev->status); ··· 7115 7124 7116 7125 hci_dev_lock(hdev); 7117 7126 7118 - if (!ev->status) { 7119 - pa_sync = hci_conn_hash_lookup_pa_sync(hdev, ev->handle); 7120 - if (pa_sync) 7121 - /* Also mark the BIG sync established event on the 7122 - * associated PA sync hcon 7123 - */ 7124 - set_bit(HCI_CONN_BIG_SYNC, &pa_sync->flags); 7125 - } 7126 - 7127 7127 for (i = 0; i < ev->num_bis; i++) { 7128 7128 u16 handle = le16_to_cpu(ev->bis[i]); 7129 7129 __le32 interval; ··· 7122 7140 bis = hci_conn_hash_lookup_handle(hdev, handle); 7123 7141 if (!bis) { 7124 7142 bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, 7125 - HCI_ROLE_SLAVE); 7143 + HCI_ROLE_SLAVE, handle); 7126 7144 if (!bis) 7127 7145 continue; 7128 - bis->handle = handle; 7129 7146 } 7130 7147 7131 7148 if (ev->status != 0x42) ··· 7167 7186 struct hci_evt_le_big_info_adv_report *ev = data; 7168 7187 int mask = hdev->link_mode; 7169 7188 __u8 flags = 0; 7189 + struct hci_conn *pa_sync; 7170 7190 7171 7191 bt_dev_dbg(hdev, "sync_handle 0x%4.4x", le16_to_cpu(ev->sync_handle)); 7172 7192 7173 7193 hci_dev_lock(hdev); 7174 7194 7175 7195 mask |= hci_proto_connect_ind(hdev, BDADDR_ANY, ISO_LINK, &flags); 7176 - if (!(mask & HCI_LM_ACCEPT)) 7196 + if (!(mask & HCI_LM_ACCEPT)) { 7177 7197 hci_le_pa_term_sync(hdev, ev->sync_handle); 7198 + goto unlock; 7199 + } 7178 7200 7201 + if (!(flags & HCI_PROTO_DEFER)) 7202 + goto unlock; 7203 + 7204 + pa_sync = hci_conn_hash_lookup_pa_sync_handle 7205 + (hdev, 7206 + le16_to_cpu(ev->sync_handle)); 7207 + 7208 + if (pa_sync) 7209 + goto unlock; 7210 + 7211 + /* Add connection to indicate the PA sync event */ 7212 + pa_sync = hci_conn_add_unset(hdev, ISO_LINK, BDADDR_ANY, 7213 + HCI_ROLE_SLAVE); 7214 + 7215 + if (!pa_sync) 7216 + goto unlock; 7217 + 7218 + pa_sync->sync_handle = le16_to_cpu(ev->sync_handle); 7219 + set_bit(HCI_CONN_PA_SYNC, &pa_sync->flags); 7220 + 7221 + /* Notify iso layer */ 7222 + hci_connect_cfm(pa_sync, 0x00); 7223 + 7224 + unlock: 7179 7225 hci_dev_unlock(hdev); 7180 7226 } 7181 7227
+16 -20
net/bluetooth/hci_sync.c
··· 152 152 struct sk_buff *skb; 153 153 int err = 0; 154 154 155 - bt_dev_dbg(hdev, "Opcode 0x%4x", opcode); 155 + bt_dev_dbg(hdev, "Opcode 0x%4.4x", opcode); 156 156 157 157 hci_req_init(&req, hdev); 158 158 ··· 248 248 skb = __hci_cmd_sync_sk(hdev, opcode, plen, param, event, timeout, sk); 249 249 if (IS_ERR(skb)) { 250 250 if (!event) 251 - bt_dev_err(hdev, "Opcode 0x%4x failed: %ld", opcode, 251 + bt_dev_err(hdev, "Opcode 0x%4.4x failed: %ld", opcode, 252 252 PTR_ERR(skb)); 253 253 return PTR_ERR(skb); 254 254 } ··· 1312 1312 return hci_enable_ext_advertising_sync(hdev, instance); 1313 1313 } 1314 1314 1315 - static int hci_disable_per_advertising_sync(struct hci_dev *hdev, u8 instance) 1315 + int hci_disable_per_advertising_sync(struct hci_dev *hdev, u8 instance) 1316 1316 { 1317 1317 struct hci_cp_le_set_per_adv_enable cp; 1318 1318 struct adv_info *adv = NULL; ··· 4264 4264 { 4265 4265 struct hci_cp_le_set_host_feature cp; 4266 4266 4267 - if (!iso_capable(hdev)) 4267 + if (!cis_capable(hdev)) 4268 4268 return 0; 4269 4269 4270 4270 memset(&cp, 0, sizeof(cp)); 4271 4271 4272 - /* Isochronous Channels (Host Support) */ 4272 + /* Connected Isochronous Channels (Host Support) */ 4273 4273 cp.bit_number = 32; 4274 4274 cp.bit_value = 1; 4275 4275 ··· 5232 5232 if (conn->type == AMP_LINK) 5233 5233 return hci_disconnect_phy_link_sync(hdev, conn->handle, reason); 5234 5234 5235 + if (test_bit(HCI_CONN_BIG_CREATED, &conn->flags)) { 5236 + /* This is a BIS connection, hci_conn_del will 5237 + * do the necessary cleanup. 5238 + */ 5239 + hci_dev_lock(hdev); 5240 + hci_conn_failed(conn, reason); 5241 + hci_dev_unlock(hdev); 5242 + 5243 + return 0; 5244 + } 5245 + 5235 5246 memset(&cp, 0, sizeof(cp)); 5236 5247 cp.handle = cpu_to_le16(conn->handle); 5237 5248 cp.reason = reason; ··· 5395 5384 err = hci_reject_conn_sync(hdev, conn, reason); 5396 5385 break; 5397 5386 case BT_OPEN: 5398 - hci_dev_lock(hdev); 5399 - 5400 - /* Cleanup bis or pa sync connections */ 5401 - if (test_and_clear_bit(HCI_CONN_BIG_SYNC_FAILED, &conn->flags) || 5402 - test_and_clear_bit(HCI_CONN_PA_SYNC_FAILED, &conn->flags)) { 5403 - hci_conn_failed(conn, reason); 5404 - } else if (test_bit(HCI_CONN_PA_SYNC, &conn->flags) || 5405 - test_bit(HCI_CONN_BIG_SYNC, &conn->flags)) { 5406 - conn->state = BT_CLOSED; 5407 - hci_disconn_cfm(conn, reason); 5408 - hci_conn_del(conn); 5409 - } 5410 - 5411 - hci_dev_unlock(hdev); 5412 - return 0; 5413 5387 case BT_BOUND: 5414 5388 break; 5415 5389 default:
+12 -11
net/bluetooth/hci_sysfs.c
··· 35 35 { 36 36 struct hci_dev *hdev = conn->hdev; 37 37 38 - BT_DBG("conn %p", conn); 38 + bt_dev_dbg(hdev, "conn %p", conn); 39 39 40 40 conn->dev.type = &bt_link; 41 41 conn->dev.class = &bt_class; ··· 48 48 { 49 49 struct hci_dev *hdev = conn->hdev; 50 50 51 - BT_DBG("conn %p", conn); 51 + bt_dev_dbg(hdev, "conn %p", conn); 52 52 53 53 if (device_is_registered(&conn->dev)) 54 54 return; 55 55 56 56 dev_set_name(&conn->dev, "%s:%d", hdev->name, conn->handle); 57 57 58 - if (device_add(&conn->dev) < 0) { 58 + if (device_add(&conn->dev) < 0) 59 59 bt_dev_err(hdev, "failed to register connection device"); 60 - return; 61 - } 62 - 63 - hci_dev_hold(hdev); 64 60 } 65 61 66 62 void hci_conn_del_sysfs(struct hci_conn *conn) 67 63 { 68 64 struct hci_dev *hdev = conn->hdev; 69 65 70 - if (!device_is_registered(&conn->dev)) 66 + bt_dev_dbg(hdev, "conn %p", conn); 67 + 68 + if (!device_is_registered(&conn->dev)) { 69 + /* If device_add() has *not* succeeded, use *only* put_device() 70 + * to drop the reference count. 71 + */ 72 + put_device(&conn->dev); 71 73 return; 74 + } 72 75 73 76 while (1) { 74 77 struct device *dev; ··· 83 80 put_device(dev); 84 81 } 85 82 86 - device_del(&conn->dev); 87 - 88 - hci_dev_put(hdev); 83 + device_unregister(&conn->dev); 89 84 } 90 85 91 86 static void bt_host_release(struct device *dev)
+27 -11
net/bluetooth/iso.c
··· 14 14 #include <net/bluetooth/bluetooth.h> 15 15 #include <net/bluetooth/hci_core.h> 16 16 #include <net/bluetooth/iso.h> 17 + #include "eir.h" 17 18 18 19 static const struct proto_ops iso_sock_ops; 19 20 ··· 48 47 49 48 #define EIR_SERVICE_DATA_LENGTH 4 50 49 #define BASE_MAX_LENGTH (HCI_MAX_PER_AD_LENGTH - EIR_SERVICE_DATA_LENGTH) 50 + #define EIR_BAA_SERVICE_UUID 0x1851 51 51 52 52 /* iso_pinfo flags values */ 53 53 enum { ··· 79 77 static bool check_ucast_qos(struct bt_iso_qos *qos); 80 78 static bool check_bcast_qos(struct bt_iso_qos *qos); 81 79 static bool iso_match_sid(struct sock *sk, void *data); 80 + static bool iso_match_sync_handle(struct sock *sk, void *data); 82 81 static void iso_sock_disconn(struct sock *sk); 83 82 84 83 /* ---- ISO timers ---- */ ··· 792 789 BT_DBG("sk %p bc_sid %u bc_num_bis %u", sk, sa->iso_bc->bc_sid, 793 790 sa->iso_bc->bc_num_bis); 794 791 795 - if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc) || 796 - sa->iso_bc->bc_num_bis < 0x01 || sa->iso_bc->bc_num_bis > 0x1f) 792 + if (addr_len > sizeof(*sa) + sizeof(*sa->iso_bc)) 797 793 return -EINVAL; 798 794 799 795 bacpy(&iso_pi(sk)->dst, &sa->iso_bc->bc_bdaddr); ··· 1204 1202 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1205 1203 iso_conn_big_sync(sk); 1206 1204 sk->sk_state = BT_LISTEN; 1207 - set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1208 1205 } else { 1209 1206 iso_conn_defer_accept(pi->conn->hcon); 1210 1207 sk->sk_state = BT_CONFIG; ··· 1462 1461 len = min_t(unsigned int, len, base_len); 1463 1462 if (copy_to_user(optval, base, len)) 1464 1463 err = -EFAULT; 1464 + if (put_user(len, optlen)) 1465 + err = -EFAULT; 1465 1466 1466 1467 break; 1467 1468 ··· 1582 1579 struct sock *sk = conn->sk; 1583 1580 struct hci_ev_le_big_sync_estabilished *ev = NULL; 1584 1581 struct hci_ev_le_pa_sync_established *ev2 = NULL; 1582 + struct hci_evt_le_big_info_adv_report *ev3 = NULL; 1585 1583 struct hci_conn *hcon; 1586 1584 1587 1585 BT_DBG("conn %p", conn); ··· 1607 1603 parent = iso_get_sock_listen(&hcon->src, 1608 1604 &hcon->dst, 1609 1605 iso_match_big, ev); 1610 - } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags) || 1611 - test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 1606 + } else if (test_bit(HCI_CONN_PA_SYNC_FAILED, &hcon->flags)) { 1612 1607 ev2 = hci_recv_event_data(hcon->hdev, 1613 1608 HCI_EV_LE_PA_SYNC_ESTABLISHED); 1614 1609 if (ev2) 1615 1610 parent = iso_get_sock_listen(&hcon->src, 1616 1611 &hcon->dst, 1617 1612 iso_match_sid, ev2); 1613 + } else if (test_bit(HCI_CONN_PA_SYNC, &hcon->flags)) { 1614 + ev3 = hci_recv_event_data(hcon->hdev, 1615 + HCI_EVT_LE_BIG_INFO_ADV_REPORT); 1616 + if (ev3) 1617 + parent = iso_get_sock_listen(&hcon->src, 1618 + &hcon->dst, 1619 + iso_match_sync_handle, ev3); 1618 1620 } 1619 1621 1620 1622 if (!parent) ··· 1660 1650 hcon->sync_handle = iso_pi(parent)->sync_handle; 1661 1651 } 1662 1652 1663 - if (ev2 && !ev2->status) { 1664 - iso_pi(sk)->sync_handle = iso_pi(parent)->sync_handle; 1653 + if (ev3) { 1665 1654 iso_pi(sk)->qos = iso_pi(parent)->qos; 1655 + iso_pi(sk)->qos.bcast.encryption = ev3->encryption; 1656 + hcon->iso_qos = iso_pi(sk)->qos; 1666 1657 iso_pi(sk)->bc_num_bis = iso_pi(parent)->bc_num_bis; 1667 1658 memcpy(iso_pi(sk)->bc_bis, iso_pi(parent)->bc_bis, ISO_MAX_NUM_BIS); 1659 + set_bit(BT_SK_PA_SYNC, &iso_pi(sk)->flags); 1668 1660 } 1669 1661 1670 1662 bacpy(&iso_pi(sk)->dst, &hcon->dst); ··· 1786 1774 1787 1775 ev3 = hci_recv_event_data(hdev, HCI_EV_LE_PER_ADV_REPORT); 1788 1776 if (ev3) { 1777 + size_t base_len = ev3->length; 1778 + u8 *base; 1779 + 1789 1780 sk = iso_get_sock_listen(&hdev->bdaddr, bdaddr, 1790 1781 iso_match_sync_handle_pa_report, ev3); 1791 - 1792 - if (sk) { 1793 - memcpy(iso_pi(sk)->base, ev3->data, ev3->length); 1794 - iso_pi(sk)->base_len = ev3->length; 1782 + base = eir_get_service_data(ev3->data, ev3->length, 1783 + EIR_BAA_SERVICE_UUID, &base_len); 1784 + if (base && sk && base_len <= sizeof(iso_pi(sk)->base)) { 1785 + memcpy(iso_pi(sk)->base, base, base_len); 1786 + iso_pi(sk)->base_len = base_len; 1795 1787 } 1796 1788 } else { 1797 1789 sk = iso_get_sock_listen(&hdev->bdaddr, BDADDR_ANY, NULL, NULL);
+7 -13
net/bluetooth/msft.c
··· 150 150 151 151 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp, 152 152 HCI_CMD_TIMEOUT); 153 - if (IS_ERR_OR_NULL(skb)) { 154 - if (!skb) 155 - skb = ERR_PTR(-EIO); 156 - 153 + if (IS_ERR(skb)) { 157 154 bt_dev_err(hdev, "Failed to read MSFT supported features (%ld)", 158 155 PTR_ERR(skb)); 159 156 return false; ··· 350 353 351 354 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp, 352 355 HCI_CMD_TIMEOUT); 353 - if (IS_ERR_OR_NULL(skb)) { 356 + if (IS_ERR(skb)) { 354 357 kfree(address_filter); 355 358 continue; 356 359 } ··· 439 442 440 443 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp, 441 444 HCI_CMD_TIMEOUT); 442 - if (IS_ERR_OR_NULL(skb)) { 443 - if (!skb) 444 - return -EIO; 445 + if (IS_ERR(skb)) 445 446 return PTR_ERR(skb); 446 - } 447 447 448 448 return msft_le_cancel_monitor_advertisement_cb(hdev, hdev->msft_opcode, 449 449 monitor, skb); ··· 553 559 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, total_size, cp, 554 560 HCI_CMD_TIMEOUT); 555 561 556 - if (IS_ERR_OR_NULL(skb)) { 562 + if (IS_ERR(skb)) { 557 563 err = PTR_ERR(skb); 558 564 goto out_free; 559 565 } ··· 734 740 735 741 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, sizeof(cp), &cp, 736 742 HCI_CMD_TIMEOUT); 737 - if (IS_ERR_OR_NULL(skb)) { 743 + if (IS_ERR(skb)) { 738 744 bt_dev_err(hdev, "MSFT: Failed to cancel address (%pMR) filter", 739 745 &address_filter->bdaddr); 740 - err = -EIO; 746 + err = PTR_ERR(skb); 741 747 goto done; 742 748 } 743 749 kfree_skb(skb); ··· 887 893 888 894 skb = __hci_cmd_sync(hdev, hdev->msft_opcode, size, cp, 889 895 HCI_CMD_TIMEOUT); 890 - if (IS_ERR_OR_NULL(skb)) { 896 + if (IS_ERR(skb)) { 891 897 bt_dev_err(hdev, "Failed to enable address %pMR filter", 892 898 &address_filter->bdaddr); 893 899 skb = NULL;