1. 01 Feb, 2015 4 commits
  2. 31 Jan, 2015 5 commits
  3. 30 Jan, 2015 3 commits
  4. 29 Jan, 2015 7 commits
    • Jakub Pawlowski's avatar
      Bluetooth: Set HCI_QUIRK_STRICT_DUPLICATE_FILTER for BTUSB_ATH3012 · 79f0c87d
      Jakub Pawlowski authored
      The Bluetooth controllers from Atheros use a strict scanning filter
      policy that filters based on Bluetooth device addresses and not on
      RSSI. So tell the core about this.
      Signed-off-by: default avatarJakub Pawlowski <jpawlowski@google.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      79f0c87d
    • Adam Lee's avatar
      Bluetooth: ath3k: workaround the compatibility issue with xHCI controller · c561a575
      Adam Lee authored
      BugLink: https://bugs.launchpad.net/bugs/1400215
      
      ath3k devices fail to load firmwares on xHCI buses, but work well on
      EHCI, this might be a compatibility issue between xHCI and ath3k chips.
      As my testing result, those chips will work on xHCI buses again with
      this patch.
      
      This workaround is from Qualcomm, they also did some workarounds in
      Windows driver.
      Signed-off-by: default avatarAdam Lee <adam.lee@canonical.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      c561a575
    • Szymon Janc's avatar
      Bluetooth: Fix sending Read Remote Extended Features command · ac363cf9
      Szymon Janc authored
      This command should only be used if remote device reports that it
      supports extended features. Otherwise command will fail and connection
      will be dropped.
      
      Some devices support SSP but don't support extended features so
      current check for SSP support is not enought.
      
      Instead of checking for SSP support just check if both ends support
      Extended Feature.
      
      < HCI Command: Create Connection (0x01|0x0005) plen 13
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Packet type: 0xcc18
                DM1 may be used
                DH1 may be used
                DM3 may be used
                DH3 may be used
                DM5 may be used
                DH5 may be used
              Page scan repetition mode: R1 (0x01)
              Page scan mode: Mandatory (0x00)
              Clock offset: 0x94c8
              Role switch: Allow slave (0x01)
      > HCI Event: Command Status (0x0f) plen 4
            Create Connection (0x01|0x0005) ncmd 1
              Status: Success (0x00)
      > HCI Event: Connect Complete (0x03) plen 11
              Status: Success (0x00)
              Handle: 5
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Link type: ACL (0x01)
              Encryption: Disabled (0x00)
      < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
              Handle: 5
      > HCI Event: Command Status (0x0f) plen 4
            Read Remote Supported Features (0x01|0x001b) ncmd 1
              Status: Success (0x00)
      > HCI Event: Page Scan Repetition Mode Change (0x20) plen 7
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Page scan repetition mode: R1 (0x01)
      > HCI Event: Read Remote Supported Features (0x0b) plen 11
              Status: Success (0x00)
              Handle: 5
              Features: 0xff 0xff 0x8f 0xfe 0xdb 0xff 0x5b 0x07
                3 slot packets
                5 slot packets
                Encryption
                Slot offset
                Timing accuracy
                Role switch
                Hold mode
                Sniff mode
                Park state
                Power control requests
                Channel quality driven data rate (CQDDR)
                SCO link
                HV2 packets
                HV3 packets
                u-law log synchronous data
                A-law log synchronous data
                CVSD synchronous data
                Paging parameter negotiation
                Power control
                Transparent synchronous data
                Broadcast Encryption
                Enhanced Data Rate ACL 2 Mbps mode
                Enhanced Data Rate ACL 3 Mbps mode
                Enhanced inquiry scan
                Interlaced inquiry scan
                Interlaced page scan
                RSSI with inquiry results
                Extended SCO link (EV3 packets)
                EV4 packets
                EV5 packets
                AFH capable slave
                AFH classification slave
                LE Supported (Controller)
                3-slot Enhanced Data Rate ACL packets
                5-slot Enhanced Data Rate ACL packets
                Sniff subrating
                Pause encryption
                AFH capable master
                AFH classification master
                Enhanced Data Rate eSCO 2 Mbps mode
                Enhanced Data Rate eSCO 3 Mbps mode
                3-slot Enhanced Data Rate eSCO packets
                Extended Inquiry Response
                Simultaneous LE and BR/EDR (Controller)
                Secure Simple Pairing
                Encapsulated PDU
                Non-flushable Packet Boundary Flag
                Link Supervision Timeout Changed Event
                Inquiry TX Power Level
                Enhanced Power Control
      < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
              Handle: 5
              Page: 1
      > HCI Event: Command Status (0x0f) plen 4
            Read Remote Extended Features (0x01|0x001c) ncmd 1
              Status: Command Disallowed (0x0c)
      < HCI Command: Read Clock Offset (0x01|0x001f) plen 2
              Handle: 5
      > HCI Event: Command Status (0x0f) plen 4
            Read Clock Offset (0x01|0x001f) ncmd 1
              Status: Success (0x00)
      < HCI Command: Disconnect (0x01|0x0006) plen 3
              Handle: 5
              Reason: Remote User Terminated Connection (0x13)
      Signed-off-by: default avatarSzymon Janc <szymon.janc@tieto.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      ac363cf9
    • Marcel Holtmann's avatar
      Bluetooth: btusb: Add support for USB based AMP controllers · 893ba544
      Marcel Holtmann authored
      The Bluetooth HCI transport specification for USB device defines on how
      a standard AMP controller is identified and operated. This patch adds
      the needed handling to hook it up to the Bluetooth stack.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      893ba544
    • Marcel Holtmann's avatar
      Bluetooth: btusb: Ignore unknown Intel devices with generic descriptor · d0ac9eb7
      Marcel Holtmann authored
      The Intel Bluetooth devices use the generic USB device/interface class
      descriptors that are assigned to Bluetooth H:2 conforming transports.
      
      T:  Bus=01 Lev=01 Prnt=01 Port=01 Cnt=02 Dev#=  3 Spd=12   MxCh= 0
      D:  Ver= 2.01 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      
      However newer chips have a bootloader stage and require firmware to
      be loaded before they are functional. To avoid any confusion for the
      users, just ignore unknown Intel Bluetooth devices.
      
      All the released Intel Bluetooth devices have an entry in the device
      table identifying their setup and support requirements. The advantage
      here is that older kernel can be booted with newer devices without
      causing any disturbance.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      d0ac9eb7
    • Marcel Holtmann's avatar
      Bluetooth: btusb: Sort USB_DEVICE entries for Marvell by vendor id · cb1ee89f
      Marcel Holtmann authored
      New entries to the USB blacklist/quirk device table should be sorted
      by USB vendor id. Fix the recent entry fro Marvell devices.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      cb1ee89f
    • Marcel Holtmann's avatar
      Bluetooth: Move smp_unregister() into hci_dev_do_close() function · 64dae967
      Marcel Holtmann authored
      The smp_unregister() function needs to be called every time the
      controller is powered down. There are multiple entry points when
      this can happen. One is "hciconfig hci0 reset" which will throw
      a WARN_ON when LE support has been enabled.
      
      [   78.564620] WARNING: CPU: 0 PID: 148 at net/bluetooth/smp.c:3075 smp_register+0xf1/0x170()
      [   78.564622] Modules linked in:
      [   78.564628] CPU: 0 PID: 148 Comm: kworker/u3:1 Not tainted 3.19.0-rc4-devel+ #404
      [   78.564629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
      [   78.564635] Workqueue: hci0 hci_rx_work
      [   78.564638]  ffffffff81b4a7a2 ffff88001cb2fb38 ffffffff8161d881 0000000080000000
      [   78.564642]  0000000000000000 ffff88001cb2fb78 ffffffff8103b870 696e55206e6f6f6d
      [   78.564645]  ffff88001d965000 0000000000000000 0000000000000000 ffff88001d965000
      [   78.564648] Call Trace:
      [   78.564655]  [<ffffffff8161d881>] dump_stack+0x4f/0x7b
      [   78.564662]  [<ffffffff8103b870>] warn_slowpath_common+0x80/0xc0
      [   78.564667]  [<ffffffff81544b00>] ? add_uuid+0x1f0/0x1f0
      [   78.564671]  [<ffffffff8103b955>] warn_slowpath_null+0x15/0x20
      [   78.564674]  [<ffffffff81562d81>] smp_register+0xf1/0x170
      [   78.564680]  [<ffffffff81081236>] ? lock_timer_base.isra.30+0x26/0x50
      [   78.564683]  [<ffffffff81544bf0>] powered_complete+0xf0/0x120
      [   78.564688]  [<ffffffff8152e622>] hci_req_cmd_complete+0x82/0x260
      [   78.564692]  [<ffffffff8153554f>] hci_cmd_complete_evt+0x6cf/0x2e20
      [   78.564697]  [<ffffffff81623e43>] ? _raw_spin_unlock_irqrestore+0x13/0x30
      [   78.564701]  [<ffffffff8106b0af>] ? __wake_up_sync_key+0x4f/0x60
      [   78.564705]  [<ffffffff8153a2ab>] hci_event_packet+0xbcb/0x2e70
      [   78.564709]  [<ffffffff814094d3>] ? skb_release_all+0x23/0x30
      [   78.564711]  [<ffffffff81409529>] ? kfree_skb+0x29/0x40
      [   78.564715]  [<ffffffff815296c8>] hci_rx_work+0x1c8/0x3f0
      [   78.564719]  [<ffffffff8105bd91>] ? get_parent_ip+0x11/0x50
      [   78.564722]  [<ffffffff8105be25>] ? preempt_count_add+0x55/0xb0
      [   78.564727]  [<ffffffff8104f65f>] process_one_work+0x12f/0x360
      [   78.564731]  [<ffffffff8104ff9b>] worker_thread+0x6b/0x4b0
      [   78.564735]  [<ffffffff8104ff30>] ? cancel_delayed_work_sync+0x10/0x10
      [   78.564738]  [<ffffffff810542fa>] kthread+0xea/0x100
      [   78.564742]  [<ffffffff81620000>] ? __schedule+0x3e0/0x980
      [   78.564745]  [<ffffffff81054210>] ? kthread_create_on_node+0x180/0x180
      [   78.564749]  [<ffffffff816246ec>] ret_from_fork+0x7c/0xb0
      [   78.564752]  [<ffffffff81054210>] ? kthread_create_on_node+0x180/0x180
      [   78.564755] ---[ end trace 8b0d943af76d3736 ]---
      
      This warning is not critical and has only been placed in the code to
      actually catch this exact situation. To avoid triggering it move
      the smp_unregister() into hci_dev_do_close() which will now also
      take care of remove the SMP channel. It is safe to call this function
      since it only remove the channel if it has been previously registered.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      64dae967
  5. 28 Jan, 2015 13 commits
  6. 27 Jan, 2015 1 commit
    • Marcel Holtmann's avatar
      Bluetooth: btusb: Add support for Dynex/Insignia USB dongles · d049f4e5
      Marcel Holtmann authored
      The Dynex/Insignia USB dongles are Broadcom BCM20702B0 based and require
      firmware update before operation.
      
      T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
      D:  Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=19ff ProdID=0239 Rev= 1.12
      S:  Manufacturer=Broadcom Corp
      S:  Product=BCM20702A0
      C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=  0mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
      E:  Ad=84(I) Atr=02(Bulk) MxPS=  32 Ivl=0ms
      E:  Ad=04(O) Atr=02(Bulk) MxPS=  32 Ivl=0ms
      I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
      
      Since this is an unsual USB vendor ID (0x19ff), these dongles are added
      via USB_DEVICE macro and not USB_VENDOR_AND_INTERFACE_INFO as done for
      mainstream Broadcom based dongles.
      
      The latest known working firmware is BCM20702B0_002.001.014.0527.0557.hex
      which needs to be converted using hex2hcd utility and then installed
      as /lib/firmware/brcm/BCM20702A0-19ff-0239.hcd to make this device fully
      operational.
      
      Bluetooth: hci0: BCM: patching hci_ver=06 hci_rev=2000 lmp_ver=06 lmp_subver=410e
      Bluetooth: hci0: BCM: firmware hci_ver=06 hci_rev=222d lmp_ver=06 lmp_subver=410e
      
      With this firmware the device reports support for connectionless slave
      broadcast (master and slave) feature used by 3D Glasses and TVs.
      
        < HCI Command: Read Local Extended Features (0x04|0x0004) plen 1
                Page: 2
        > HCI Event: Command Complete (0x0e) plen 14
              Read Local Extended Features (0x04|0x0004) ncmd 1
                Status: Success (0x00)
                Page: 2/2
                Features: 0x0f 0x00 0x00 0x00 0x00 0x00 0x00 0x00
                  Connectionless Slave Broadcast - Master
                  Connectionless Slave Broadcast - Slave
                  Synchronization Train
                  Synchronization Scan
      
      However there are some flaws with this feature. The Set Event Mask Page 2
      command is actually not supported and with that all connectionless slave
      broadcast events are always enabled.
      
        < HCI Command: Set Event Mask Page 2 (0x03|0x0063) plen 8
                Mask: 0x00000000000f0000
                  Synchronization Train Received
                  Connectionless Slave Broadcast Receive
                  Connectionless Slave Broadcast Timeout
                  Truncated Page Complete
        > HCI Event: Command Complete (0x0e) plen 4
              Set Event Mask Page 2 (0x03|0x0063) ncmd 1
                Status: Unknown HCI Command (0x01)
      
      In addition the Synchronization Train Received event is actually broken
      on this controller. It mixes up the order of parameters. According to the
      Bluetooth Core specification the fields are like this:
      
        struct hci_ev_sync_train_received {
                __u8     status;
                bdaddr_t bdaddr;
                __le32   offset;
                __u8     map[10];
                __u8     lt_addr;
                __le32   instant;
                __le16   interval;
                __u8     service_data;
        } __packed;
      
      This controller however sends the service_data as 5th parameter instead
      of having it as last parameter.
      
        struct hci_ev_sync_train_received {
                __u8     status;
                bdaddr_t bdaddr;
                __le32   offset;
                __u8     map[10];
                __u8     service_data;
                __u8     lt_addr;
                __le32   instant;
                __le16   interval;
        } __packed;
      
      So anybody trying to use this hardware for utilizing connectionless slave
      broadcast receivers (aka 3D Glasses), be warned about this shortcoming.
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Cc: stable@vger.kernel.org
      d049f4e5
  7. 23 Jan, 2015 4 commits
    • Peter Hurley's avatar
      Bluetooth: Fix nested sleeps · dfb2fae7
      Peter Hurley authored
      l2cap/rfcomm/sco_sock_accept() are wait loops which may acquire
      sleeping locks. Since both wait loops and sleeping locks use
      task_struct.state to sleep and wake, the nested sleeping locks
      destroy the wait loop state.
      
      Use the newly-minted wait_woken() and DEFINE_WAIT_FUNC() for the
      wait loop. DEFINE_WAIT_FUNC() allows an alternate wake function
      to be specified; in this case, the predefined scheduler function,
      woken_wake_function(). This wait construct ensures wakeups will
      not be missed without requiring the wait loop to set the
      task state before condition evaluation. How this works:
      
       CPU 0                            |  CPU 1
                                        |
                                        | is <condition> set?
                                        | no
      set <condition>                   |
                                        |
      wake_up_interruptible             |
        woken_wake_function             |
          set WQ_FLAG_WOKEN             |
          try_to_wake_up                |
                                        | wait_woken
                                        |   set TASK_INTERRUPTIBLE
                                        |   WQ_FLAG_WOKEN? yes
                                        |   set TASK_RUNNING
                                        |
                                        | - loop -
      				  |
      				  | is <condition> set?
                                        | yes - exit wait loop
      
      Fixes "do not call blocking ops when !TASK_RUNNING" warnings
      in l2cap_sock_accept(), rfcomm_sock_accept() and sco_sock_accept().
      Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      dfb2fae7
    • Johan Hedberg's avatar
      Bluetooth: Convert Set SC to use HCI Request · a1443f5a
      Johan Hedberg authored
      This patch converts the Set Secure Connection HCI handling to use a HCI
      request instead of using a hard-coded callback in hci_event.c. This e.g.
      ensures that we don't clear the flags incorrectly if something goes
      wrong with the power up process (not related to a mgmt Set SC command).
      
      The code can also be simplified a bit since only one pending Set SC
      command is allowed, i.e. mgmt_pending_foreach usage is not needed.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      a1443f5a
    • Johan Hedberg's avatar
      Bluetooth: Remove incorrect check for BDADDR_BREDR address type · 484aabc1
      Johan Hedberg authored
      The Add Remote OOB Data mgmt command should allow data to be passed for
      LE as well. This patch removes a left-over check for BDADDR_BREDR that
      should not be there anymore.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      484aabc1
    • Johan Hedberg's avatar
      Bluetooth: Check for valid bdaddr in add_remote_oob_data · 5d57e796
      Johan Hedberg authored
      Before doing any other verifications, the add_remote_oob_data function
      should first check that the given address is valid. This patch adds such
      a missing check to the beginning of the function.
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      5d57e796
  8. 22 Jan, 2015 3 commits