1. 07 Dec, 2020 23 commits
  2. 23 Nov, 2020 2 commits
    • Hans de Goede's avatar
      Bluetooth: hci_h5: Add OBDA0623 ACPI HID · e524f252
      Hans de Goede authored
      Add OBDA0623 ACPI HID to the acpi_device_id table. This HID is used
      for the RTL8723BS Bluetooth part on the Acer Switch 10E SW3-016.
      
      BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1665610Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      e524f252
    • Hans de Goede's avatar
      Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close · 5c3b5796
      Hans de Goede authored
      There have been multiple revisions of the patch fix the h5->rx_skb
      leak. Accidentally the first revision (which is buggy) and v5 have
      both been merged:
      
      v1 commit 70f259a3 ("Bluetooth: hci_h5: close serdev device and free
      hu in h5_close");
      v5 commit 855af2d7 ("Bluetooth: hci_h5: fix memory leak in h5_close")
      
      The correct v5 makes changes slightly higher up in the h5_close()
      function, which allowed both versions to get merged without conflict.
      
      The changes from v1 unconditionally frees the h5 data struct, this
      is wrong because in the serdev enumeration case the memory is
      allocated in h5_serdev_probe() like this:
      
              h5 = devm_kzalloc(dev, sizeof(*h5), GFP_KERNEL);
      
      So its lifetime is tied to the lifetime of the driver being bound
      to the serdev and it is automatically freed when the driver gets
      unbound. In the serdev case the same h5 struct is re-used over
      h5_close() and h5_open() calls and thus MUST not be free-ed in
      h5_close().
      
      The serdev_device_close() added to h5_close() is incorrect in the
      same way, serdev_device_close() is called on driver unbound too and
      also MUST no be called from h5_close().
      
      This reverts the changes made by merging v1 of the patch, so that
      just the changes of the correct v5 remain.
      
      Cc: Anant Thazhemadam <anant.thazhemadam@gmail.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      5c3b5796
  3. 11 Nov, 2020 9 commits
  4. 10 Nov, 2020 2 commits
    • Max Chou's avatar
      Bluetooth: btusb: btrtl: Add support for RTL8852A · 0d484db6
      Max Chou authored
      Add the support for RTL8852A BT controller on USB interface.
      The necessary firmware will be submitted to linux-firmware project.
      
      The device info from /sys/kernel/debug/usb/devices as below.
      
      T:  Bus=02 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#= 10 Spd=12   MxCh= 0
      D:  Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=0bda ProdID=c852 Rev= 0.00
      S:  Manufacturer=Realtek
      S:  Product=Bluetooth Radio
      S:  SerialNumber=00e04c000001
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Signed-off-by: default avatarMax Chou <max.chou@realtek.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      0d484db6
    • Chris Chiu's avatar
      Bluetooth: btusb: Add support for 13d3:3560 MediaTek MT7615E device · 3a567b95
      Chris Chiu authored
      The ASUS X532EQ laptop contains AzureWave AW-CB434NF WiFi/BT combo
      module with an associated MT7615E BT chip using a USB ID of 13d3:3560.
      
      T:  Bus=03 Lev=01 Prnt=01 Port=09 Cnt=02 Dev#=  3 Spd=480  MxCh= 0
      D:  Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=13d3 ProdID=3560 Rev= 1.00
      S:  Manufacturer=MediaTek Inc.
      S:  Product=Wireless_Device
      S:  SerialNumber=000000000
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      A:  FirstIf#= 0 IfCount= 2 Cls=e0(wlcon) Sub=01 Prot=01
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=125us
      E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
      Signed-off-by: default avatarChris Chiu <chiu@endlessos.org>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      3a567b95
  5. 09 Nov, 2020 4 commits
    • Anant Thazhemadam's avatar
      Bluetooth: hci_h5: fix memory leak in h5_close · 855af2d7
      Anant Thazhemadam authored
      When h5_close() is called, h5 is directly freed when !hu->serdev.
      However, h5->rx_skb is not freed, which causes a memory leak.
      
      Freeing h5->rx_skb and setting it to NULL, fixes this memory leak.
      
      Fixes: ce945552 ("Bluetooth: hci_h5: Add support for serdev enumerated devices")
      Reported-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com
      Tested-by: syzbot+6ce141c55b2f7aafd1c4@syzkaller.appspotmail.com
      Signed-off-by: default avatarAnant Thazhemadam <anant.thazhemadam@gmail.com>
      Reviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      855af2d7
    • Ole Bjørn Midtbø's avatar
      Bluetooth: hidp: use correct wait queue when removing ctrl_wait · cca342d9
      Ole Bjørn Midtbø authored
      A different wait queue was used when removing ctrl_wait than when adding
      it. This effectively made the remove operation without locking compared
      to other operations on the wait queue ctrl_wait was part of. This caused
      issues like below where dead000000000100 is LIST_POISON1 and
      dead000000000200 is LIST_POISON2.
      
       list_add corruption. next->prev should be prev (ffffffc1b0a33a08), \
      	but was dead000000000200. (next=ffffffc03ac77de0).
       ------------[ cut here ]------------
       CPU: 3 PID: 2138 Comm: bluetoothd Tainted: G           O    4.4.238+ #9
       ...
       ---[ end trace 0adc2158f0646eac ]---
       Call trace:
       [<ffffffc000443f78>] __list_add+0x38/0xb0
       [<ffffffc0000f0d04>] add_wait_queue+0x4c/0x68
       [<ffffffc00020eecc>] __pollwait+0xec/0x100
       [<ffffffc000d1556c>] bt_sock_poll+0x74/0x200
       [<ffffffc000bdb8a8>] sock_poll+0x110/0x128
       [<ffffffc000210378>] do_sys_poll+0x220/0x480
       [<ffffffc0002106f0>] SyS_poll+0x80/0x138
       [<ffffffc00008510c>] __sys_trace_return+0x0/0x4
      
       Unable to handle kernel paging request at virtual address dead000000000100
       ...
       CPU: 4 PID: 5387 Comm: kworker/u15:3 Tainted: G        W  O    4.4.238+ #9
       ...
       Call trace:
        [<ffffffc0000f079c>] __wake_up_common+0x7c/0xa8
        [<ffffffc0000f0818>] __wake_up+0x50/0x70
        [<ffffffc000be11b0>] sock_def_wakeup+0x58/0x60
        [<ffffffc000de5e10>] l2cap_sock_teardown_cb+0x200/0x224
        [<ffffffc000d3f2ac>] l2cap_chan_del+0xa4/0x298
        [<ffffffc000d45ea0>] l2cap_conn_del+0x118/0x198
        [<ffffffc000d45f8c>] l2cap_disconn_cfm+0x6c/0x78
        [<ffffffc000d29934>] hci_event_packet+0x564/0x2e30
        [<ffffffc000d19b0c>] hci_rx_work+0x10c/0x360
        [<ffffffc0000c2218>] process_one_work+0x268/0x460
        [<ffffffc0000c2678>] worker_thread+0x268/0x480
        [<ffffffc0000c94e0>] kthread+0x118/0x128
        [<ffffffc000085070>] ret_from_fork+0x10/0x20
        ---[ end trace 0adc2158f0646ead ]---
      Signed-off-by: default avatarOle Bjørn Midtbø <omidtbo@cisco.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      cca342d9
    • Claire Chang's avatar
      Bluetooth: Move force_bredr_smp debugfs into hci_debugfs_create_bredr · 82493316
      Claire Chang authored
      Avoid multiple attempts to create the debugfs entry, force_bredr_smp,
      by moving it from the SMP registration to the BR/EDR controller init
      section. hci_debugfs_create_bredr is only called when HCI_SETUP and
      HCI_CONFIG is not set.
      Signed-off-by: default avatarClaire Chang <tientzu@chromium.org>
      Reviewed-by: default avatarAlain Michaud <alainm@chromium.org>
      Reviewed-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      82493316
    • Sathish Narasimman's avatar
      Bluetooth: Fix: LL PRivacy BLE device fails to connect · 1fb17dfc
      Sathish Narasimman authored
      When adding device to white list the device is added to resolving list
      also. It has to be added only when HCI_ENABLE_LL_PRIVACY flag is set.
      HCI_ENABLE_LL_PRIVACY flag has to be tested before adding/deleting devices
      to resolving list. use_ll_privacy macro is used only to check if controller
      supports LL_Privacy.
      
      https://bugzilla.kernel.org/show_bug.cgi?id=209745
      
      Fixes: 0eee35bd ("Bluetooth: Update resolving list when updating whitelist")
      Signed-off-by: default avatarSathish Narasimman <sathish.narasimman@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      1fb17dfc