1. 14 May, 2024 40 commits
    • Kiran K's avatar
      Bluetooth: btintel_pcie: Refactor and code cleanup · 6a486c13
      Kiran K authored
      Minor refactor and s/TX_WAIT_TIMEOUT_MS/BTINTEL_PCIE_TX_WAIT_TIMEOUT_MS/g.
      
      Fixes: 6e65a09f ("Bluetooth: btintel_pcie: Add *setup* function to download firmware")
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      6a486c13
    • Kiran K's avatar
      Bluetooth: btintel_pcie: Fix warning reported by sparse · e5a43efb
      Kiran K authored
      Fix sparse error.
      
      Fixes: c2b636b3 ("Bluetooth: btintel_pcie: Add support for PCIe transport")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202405100654.0djvoryZ-lkp@intel.com/Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      e5a43efb
    • Luiz Augusto von Dentz's avatar
      Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 · e77f43d5
      Luiz Augusto von Dentz authored
      If hdev->le_num_of_adv_sets is set to 1 it means that only handle 0x00
      can be used, but since the MGMT interface instances start from 1
      (instance 0 means all instances in case of MGMT_OP_REMOVE_ADVERTISING)
      the code needs to map the instance to handle otherwise users will not be
      able to advertise as instance 1 would attempt to use handle 0x01.
      
      Fixes: 1d0fac2c ("Bluetooth: Use controller sets when available")
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      e77f43d5
    • Kiran K's avatar
      Bluetooth: btintel: Fix compiler warning for multi_v7_defconfig config · 36b1c9c3
      Kiran K authored
      Fix the following compiler warning reported for ARCH=arm
      multi_v7_defconfig.
      
      In file included from drivers/bluetooth/hci_ldisc.c:34:
      drivers/bluetooth/btintel.h:373:13: warning: 'btintel_hw_error' defined
      but not used [-Wunused-function]
        373 | static void btintel_hw_error(struct hci_dev *hdev, u8 code)
            |             ^~~~~~~~~~~~~~~~
      
      cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Fixes: 67d4dbac ("Bluetooth: btintel: Export few static functions")
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      36b1c9c3
    • Kiran K's avatar
      Bluetooth: btintel_pcie: Fix compiler warnings · a18d28f5
      Kiran K authored
      Fix compiler warnings reported by kernel bot.
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202405080647.VRBej6fA-lkp@intel.com/
      Fixes: c2b636b3 ("Bluetooth: btintel_pcie: Add support for PCIe transport")
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      a18d28f5
    • Kiran K's avatar
      Bluetooth: btintel_pcie: Add *setup* function to download firmware · 6e65a09f
      Kiran K authored
      Add support to download firmware.
      
      dmesg:
      [4.407464] Bluetooth: Core ver 2.22
      [4.407467] Bluetooth: Starting self testing
      [4.409093] Bluetooth: ECDH test passed in 1587 usecs
      [4.420737] Bluetooth: SMP test passed in 526 usecs
      [4.420745] Bluetooth: Finished self testing
      [4.420760] Bluetooth: HCI device and connection manager initialized
      [4.420764] Bluetooth: HCI socket layer initialized
      [4.420766] Bluetooth: L2CAP socket layer initialized
      [4.420769] Bluetooth: SCO socket layer initialized
      [4.437976] Bluetooth: hci0: Device revision is 0
      [4.437979] Bluetooth: hci0: Secure boot is disabled
      [4.437980] Bluetooth: hci0: OTP lock is disabled
      [4.437980] Bluetooth: hci0: API lock is disabled
      [4.437981] Bluetooth: hci0: Debug lock is disabled
      [4.437981] Bluetooth: hci0: Minimum firmware build 0 week 0 2000
      [4.437982] Bluetooth: hci0: Bootloader timestamp 2023.33 buildtype 1 build 45995
      [4.439461] Bluetooth: hci0: Found device firmware: intel/ibt-0190-0291-iml.sfi
      [4.439467] Bluetooth: hci0: Boot Address: 0x30099000
      [4.439468] Bluetooth: hci0: Firmware Version: 92-19.24
      [4.486773] Bluetooth: hci0: Waiting for firmware download to complete
      [4.486784] Bluetooth: hci0: Firmware loaded in 46209 usecs
      [4.486845] Bluetooth: hci0: Waiting for device to boot
      [4.491984] Bluetooth: hci0: Malformed MSFT vendor event: 0x02
      [4.491987] Bluetooth: hci0: Device booted in 5074 usecs
      [4.496657] Bluetooth: hci0: Found device firmware: intel/ibt-0190-0291.sfi
      [4.496703] Bluetooth: hci0: Boot Address: 0x10000800
      [4.496704] Bluetooth: hci0: Firmware Version: 92-19.24
      [4.687338] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
      [4.687342] Bluetooth: BNEP filters: protocol multicast
      [4.687345] Bluetooth: BNEP socket layer initialized
      [4.922589] Bluetooth: hci0: Waiting for firmware download to complete
      [4.922608] Bluetooth: hci0: Firmware loaded in 415962 usecs
      [4.922664] Bluetooth: hci0: Waiting for device to boot
      [4.956185] Bluetooth: hci0: Malformed MSFT vendor event: 0x02
      [4.956188] Bluetooth: hci0: Device booted in 32770 usecs
      [4.963167] Bluetooth: hci0: Found Intel DDC parameters: intel/ibt-0190-0291.ddc
      [4.963440] Bluetooth: hci0: Applying Intel DDC parameters completed
      [4.963684] Bluetooth: hci0: Firmware timestamp 2024.18 buildtype 3 build 62300
      [4.963687] Bluetooth: hci0: Firmware SHA1: 0x8201a4cd
      [5.003020] Bluetooth: MGMT ver 1.22
      [5.003084] Bluetooth: ISO socket layer initialized
      [5.057844] Bluetooth: RFCOMM TTY layer initialized
      [5.057858] Bluetooth: RFCOMM socket layer initialized
      [5.057865] Bluetooth: RFCOMM ver 1.11
      
      hciconfig -a:
      hci0:   Type: Primary  Bus: PCI
              BD Address: A0:D3:65:48:F5:7F  ACL MTU: 1021:5  SCO MTU: 240:8
              UP RUNNING PSCAN
              RX bytes:23603 acl:0 sco:0 events:3792 errors:0
              TX bytes:949804 acl:0 sco:0 commands:3788 errors:0
              Features: 0xbf 0xfe 0x0f 0xfe 0xdb 0xff 0x7b 0x87
              Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
              Link policy: RSWITCH SNIFF
              Link mode: PERIPHERAL ACCEPT
              Name: 'LNLM620'
              Class: 0x20010c
              Service Classes: Audio
              Device Class: Computer, Laptop
              HCI Version: 5.4 (0xd)  Revision: 0x4b5c
              LMP Version: 5.4 (0xd)  Subversion: 0x4b5c
              Manufacturer: Intel Corp. (2)
      Signed-off-by: default avatarChandrashekar <chandrashekar.devegowda@intel.com>
      Suggested-by: default avatarBjorn Helgaas <helgaas@kernel.org>
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      6e65a09f
    • Tedd Ho-Jeong An's avatar
      Bluetooth: btintel_pcie: Add support for PCIe transport · c2b636b3
      Tedd Ho-Jeong An authored
      Add initial code to support Intel bluetooth devices based on PCIe
      transport. Allocate memory for TX & RX buffers, internal structures,
      initialize interrupts for TX & RX and PCIe device.
      Signed-off-by: default avatarTedd Ho-Jeong An <tedd.an@intel.com>
      Suggested-by: default avatarBjorn Helgaas <helgaas@kernel.org>
      Suggested-by: default avatarPaul Menzel <pmenzel@molgen.mpg.de>
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      c2b636b3
    • Kiran K's avatar
      Bluetooth: btintel: Export few static functions · 67d4dbac
      Kiran K authored
      Some of the functions used in btintel.c is made global so that they can
      be reused in other transport drivers apart from USB.
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      67d4dbac
    • Luiz Augusto von Dentz's avatar
      Bluetooth: HCI: Remove HCI_AMP support · 84a4bb65
      Luiz Augusto von Dentz authored
      Since BT_HS has been remove HCI_AMP controllers no longer has any use so
      remove it along with the capability of creating AMP controllers.
      
      Since we no longer need to differentiate between AMP and Primary
      controllers, as only HCI_PRIMARY is left, this also remove
      hdev->dev_type altogether.
      
      Fixes: e7b02296 ("Bluetooth: Remove BT_HS")
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      84a4bb65
    • Sungwoo Kim's avatar
      Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() · a5b862c6
      Sungwoo Kim authored
      l2cap_le_flowctl_init() can cause both div-by-zero and an integer
      overflow since hdev->le_mtu may not fall in the valid range.
      
      Move MTU from hci_dev to hci_conn to validate MTU and stop the connection
      process earlier if MTU is invalid.
      Also, add a missing validation in read_buffer_size() and make it return
      an error value if the validation fails.
      Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a
      kzalloc failure and invalid MTU value.
      
      divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI
      CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G        W          6.9.0-rc5+ #20
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
      Workqueue: hci0 hci_rx_work
      RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547
      Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c
      89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d
      b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42
      RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246
      RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000
      RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f
      RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa
      R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084
      R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000
      FS:  0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0
      PKRU: 55555554
      Call Trace:
       <TASK>
       l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]
       l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]
       l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]
       l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809
       l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506
       hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]
       hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176
       process_one_work kernel/workqueue.c:3254 [inline]
       process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335
       worker_thread+0x926/0xe70 kernel/workqueue.c:3416
       kthread+0x2e3/0x380 kernel/kthread.c:388
       ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
       </TASK>
      Modules linked in:
      ---[ end trace 0000000000000000 ]---
      
      Fixes: 6ed58ec5 ("Bluetooth: Use LE buffers for LE traffic")
      Suggested-by: default avatarLuiz Augusto von Dentz <luiz.dentz@gmail.com>
      Signed-off-by: default avatarSungwoo Kim <iam@sung-woo.kim>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      a5b862c6
    • Dan Carpenter's avatar
      Bluetooth: qca: Fix error code in qca_read_fw_build_info() · a189f0ee
      Dan Carpenter authored
      Return -ENOMEM on allocation failure.  Don't return success.
      
      Fixes: cda0d6a1 ("Bluetooth: qca: fix info leak when fetching fw build id")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Reviewed-by: default avatarJohan Hovold <johan+linaro@kernel.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      a189f0ee
    • Gustavo A. R. Silva's avatar
      Bluetooth: hci_conn: Use __counted_by() and avoid -Wfamnae warning · ea9e148c
      Gustavo A. R. Silva authored
      Prepare for the coming implementation by GCC and Clang of the
      __counted_by attribute. Flexible array members annotated with
      __counted_by can have their accesses bounds-checked at run-time
      via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE
      (for strcpy/memcpy-family functions).
      
      Also, -Wflex-array-member-not-at-end is coming in GCC-14, and we are
      getting ready to enable it globally.
      
      So, use the `DEFINE_FLEX()` helper for an on-stack definition of
      a flexible structure where the size of the flexible-array member
      is known at compile-time, and refactor the rest of the code,
      accordingly.
      
      With these changes, fix the following warning:
      net/bluetooth/hci_conn.c:669:41: warning: structure containing a
      flexible array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      
      Link: https://github.com/KSPP/linux/issues/202Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      ea9e148c
    • Kiran K's avatar
      Bluetooth: btintel: Add support for Filmore Peak2 (BE201) · 5c9f6a78
      Kiran K authored
      Add VID/PID for Intel Filmore Peak2 (BE201)
      
      Device from /sys/kernel/debug/usb/devices:
      
      T:  Bus=09 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
      D:  Ver= 2.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=8087 ProdID=0037 Rev= 0.00
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  64 Ivl=1ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      5c9f6a78
    • Kiran K's avatar
      Bluetooth: btintel: Add support for BlazarI · 87ad06a2
      Kiran K authored
      Add support for BlazarI (cnvi) bluetooth core.
      Signed-off-by: default avatarKiran K <kiran.k@intel.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      87ad06a2
    • Mahesh Talewad's avatar
      LE Create Connection command timeout increased to 20 secs · 21d74b6b
      Mahesh Talewad authored
      On our DUT, we can see that the host issues create connection cancel
      command after 4-sec if there is no connection complete event for
      LE create connection cmd.
      As per core spec v5.3 section 7.8.5, advertisement interval range is-
      
      Advertising_Interval_Min
      Default : 0x0800(1.28s)
      Time Range: 20ms to 10.24s
      
      Advertising_Interval_Max
      Default : 0x0800(1.28s)
      Time Range: 20ms to 10.24s
      
      If the remote device is using adv interval of > 4 sec, it is
      difficult to make a connection with the current timeout value.
      Also, with the default interval of 1.28 sec, we will get only
      3 chances to capture the adv packets with the 4 sec window.
      Hence we want to increase this timeout to 20sec.
      Signed-off-by: default avatarMahesh Talewad <mahesh.talewad@nxp.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      21d74b6b
    • Chen-Yu Tsai's avatar
      dt-bindings: net: bluetooth: Add MediaTek MT7921S SDIO Bluetooth · defa9cca
      Chen-Yu Tsai authored
      The MediaTek MT7921S is a WiFi/Bluetooth combo chip that works over
      SDIO. WiFi and Bluetooth are separate SDIO functions within the chip.
      While the Bluetooth SDIO function is fully discoverable, the chip has
      a pin that can reset just the Bluetooth core, as opposed to the full
      chip. This should be described in the device tree.
      
      Add a device tree binding for the Bluetooth SDIO function of the MT7921S
      specifically to document the reset line. This binding is based on the MMC
      controller binding, which specifies one device node per SDIO function.
      
      Cc: Sean Wang <sean.wang@mediatek.com>
      Signed-off-by: default avatarChen-Yu Tsai <wenst@chromium.org>
      Reviewed-by: default avatarAngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
      Reviewed-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      defa9cca
    • Sebastian Urban's avatar
      Bluetooth: compute LE flow credits based on recvbuf space · ce60b923
      Sebastian Urban authored
      Previously LE flow credits were returned to the
      sender even if the socket's receive buffer was
      full. This meant that no back-pressure
      was applied to the sender, thus it continued to
      send data, resulting in data loss without any
      error being reported. Furthermore, the amount
      of credits was essentially fixed to a small
      amount, leading to reduced performance.
      
      This is fixed by computing the number of returned
      LE flow credits based on the estimated available
      space in the receive buffer of an L2CAP socket.
      Consequently, if the receive buffer is full, no
      credits are returned until the buffer is read and
      thus cleared by user-space.
      
      Since the computation of available receive buffer
      space can only be performed approximately (due to
      sk_buff overhead) and the receive buffer size may
      be changed by user-space after flow credits have
      been sent, superfluous received data is temporary
      stored within l2cap_pinfo. This is necessary
      because Bluetooth LE provides no retransmission
      mechanism once the data has been acked by the
      physical layer.
      
      If receive buffer space estimation is not possible
      at the moment, we fall back to providing credits
      for one full packet as before. This is currently
      the case during connection setup, when MPS is not
      yet available.
      
      Fixes: b1c325c2 ("Bluetooth: Implement returning of LE L2CAP credits")
      Signed-off-by: default avatarSebastian Urban <surban@surban.net>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      ce60b923
    • Gustavo A. R. Silva's avatar
      Bluetooth: hci_sync: Use cmd->num_cis instead of magic number · 73b2652c
      Gustavo A. R. Silva authored
      At the moment of the check, `cmd->num_cis` holds the value of 0x1f,
      which is the max number of elements in the `cmd->cis[]` array at
      declaration, which is 0x1f.
      
      So, avoid using 0x1f directly, and instead use `cmd->num_cis`. Similarly
      to this other patch[1].
      
      Link: https://lore.kernel.org/linux-hardening/ZivaHUQyDDK9fXEk@neat/ [1]
      Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      73b2652c
    • Gustavo A. R. Silva's avatar
      Bluetooth: hci_conn: Use struct_size() in hci_le_big_create_sync() · d6bb8782
      Gustavo A. R. Silva authored
      Use struct_size() instead of the open-coded version. Similarly to
      this other patch[1].
      
      Link: https://lore.kernel.org/linux-hardening/ZiwwPmCvU25YzWek@neat/ [1]
      Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      d6bb8782
    • Johan Hovold's avatar
      Bluetooth: qca: clean up defines · 4322502f
      Johan Hovold authored
      Clean up the QCA driver defines by dropping redundant parentheses around
      values and making sure they are aligned (using tabs only).
      Signed-off-by: default avatarJohan Hovold <johan+linaro@kernel.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      4322502f
    • Johan Hovold's avatar
      Bluetooth: qca: drop bogus module version · 83d8e815
      Johan Hovold authored
      Random module versions serves no purpose, what matters is the kernel
      version.
      
      Drop the bogus module version which has never been updated.
      Signed-off-by: default avatarJohan Hovold <johan+linaro@kernel.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      83d8e815
    • Johan Hovold's avatar
      Bluetooth: qca: drop bogus edl header checks · 280939bd
      Johan Hovold authored
      The skb->data pointer is never NULL so drop the bogus sanity checks when
      initialising the EDL header pointer.
      Signed-off-by: default avatarJohan Hovold <johan+linaro@kernel.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      280939bd
    • Marek Vasut's avatar
      dt-bindings: net: broadcom-bluetooth: Add CYW43439 DT binding · b33a0d29
      Marek Vasut authored
      CYW43439 is a Wi-Fi + Bluetooth combo device from Infineon.
      The Bluetooth part is capable of Bluetooth 5.2 BR/EDR/LE .
      This chip is present e.g. on muRata 1YN module.
      
      Extend the binding with its DT compatible using fallback
      compatible string to "brcm,bcm4329-bt" which seems to be
      the oldest compatible device. This should also prevent the
      growth of compatible string tables in drivers. The existing
      block of compatible strings is retained.
      Acked-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
      Signed-off-by: default avatarMarek Vasut <marex@denx.de>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      b33a0d29
    • Gustavo A. R. Silva's avatar
      Bluetooth: hci_conn: Use __counted_by() to avoid -Wfamnae warning · c90748b8
      Gustavo A. R. Silva authored
      Prepare for the coming implementation by GCC and Clang of the
      __counted_by attribute. Flexible array members annotated with
      __counted_by can have their accesses bounds-checked at run-time
      via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE
      (for strcpy/memcpy-family functions).
      
      Also, -Wflex-array-member-not-at-end is coming in GCC-14, and we are
      getting ready to enable it globally.
      
      So, use the `DEFINE_FLEX()` helper for an on-stack definition of
      a flexible structure where the size of the flexible-array member
      is known at compile-time, and refactor the rest of the code,
      accordingly.
      
      With these changes, fix the following warning:
      net/bluetooth/hci_conn.c:2116:50: warning: structure containing a flexible
      array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      
      Link: https://github.com/KSPP/linux/issues/202Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      c90748b8
    • Gustavo A. R. Silva's avatar
      Bluetooth: hci_conn, hci_sync: Use __counted_by() to avoid -Wfamnae warnings · c4585edf
      Gustavo A. R. Silva authored
      Prepare for the coming implementation by GCC and Clang of the
      __counted_by attribute. Flexible array members annotated with
      __counted_by can have their accesses bounds-checked at run-time
      via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE
      (for strcpy/memcpy-family functions).
      
      Also, -Wflex-array-member-not-at-end is coming in GCC-14, and we are
      getting ready to enable it globally.
      
      So, use the `DEFINE_FLEX()` helper for multiple on-stack definitions
      of a flexible structure where the size of the flexible-array member
      is known at compile-time, and refactor the rest of the code,
      accordingly.
      
      Notice that, due to the use of `__counted_by()` in `struct
      hci_cp_le_create_cis`, the for loop in function `hci_cs_le_create_cis()`
      had to be modified. Once the index `i`, through which `cp->cis[i]` is
      accessed, falls in the interval [0, cp->num_cis), `cp->num_cis` cannot
      be decremented all the way down to zero while accessing `cp->cis[]`:
      
      net/bluetooth/hci_event.c:4310:
      4310    for (i = 0; cp->num_cis; cp->num_cis--, i++) {
                      ...
      4314            handle = __le16_to_cpu(cp->cis[i].cis_handle);
      
      otherwise, only half (one iteration before `cp->num_cis == i`) or half
      plus one (one iteration before `cp->num_cis < i`) of the items in the
      array will be accessed before running into an out-of-bounds issue. So,
      in order to avoid this, set `cp->num_cis` to zero just after the for
      loop.
      
      Also, make use of `aux_num_cis` variable to update `cmd->num_cis` after
      a `list_for_each_entry_rcu()` loop.
      
      With these changes, fix the following warnings:
      net/bluetooth/hci_sync.c:1239:56: warning: structure containing a flexible
      array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      net/bluetooth/hci_sync.c:1415:51: warning: structure containing a flexible
      array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      net/bluetooth/hci_sync.c:1731:51: warning: structure containing a flexible
      array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      net/bluetooth/hci_sync.c:6497:45: warning: structure containing a flexible
      array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      
      Link: https://github.com/KSPP/linux/issues/202Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      c4585edf
    • Jiande Lu's avatar
      Bluetooth: btusb: Sort usb_device_id table by the ID · 3487cda2
      Jiande Lu authored
      Sort usb device id table for enhanced readability.
      Signed-off-by: default avatarJiande Lu <jiande.lu@mediatek.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      3487cda2
    • Jiande Lu's avatar
      Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 · 129d3292
      Jiande Lu authored
      Add HW IDs for wireless module specific to Acer/ASUS
      notebook models to ensure proper recognition and functionality.
      These HW IDs are extracted from Windows driver inf file.
      Note some HW IDs without official drivers, still in testing phase.
      Thus, we update module HW ID and test ensure consistent boot success.
      Signed-off-by: default avatarJiande Lu <jiande.lu@mediatek.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      129d3292
    • Zijun Hu's avatar
      Bluetooth: qca: Support downloading board id specific NVM for WCN7850 · e41137d8
      Zijun Hu authored
      Download board id specific NVM instead of default for WCN7850 if board id
      is available.
      Signed-off-by: default avatarZijun Hu <quic_zijuhu@quicinc.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      e41137d8
    • Archie Pusaka's avatar
      Bluetooth: Populate hci_set_hw_info for Intel and Realtek · b39910bb
      Archie Pusaka authored
      The hardware information surfaced via debugfs might be usable by the
      userspace to set some configuration knobs. This patch sets the hw_info
      for Intel and Realtek chipsets.
      
      Below are some possible output of the hardware_info debugfs file.
      INTEL platform=55 variant=24
      RTL lmp_subver=34898 hci_rev=10 hci_ver=11 hci_bus=1
      Signed-off-by: default avatarArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: default avatarAbhishek Pandit-Subedi <abhishekpandit@google.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      b39910bb
    • Zijun Hu's avatar
      Bluetooth: Remove 3 repeated macro definitions · 94c603c2
      Zijun Hu authored
      Macros HCI_REQ_DONE, HCI_REQ_PEND and HCI_REQ_CANCELED are repeatedly
      defined twice with hci_request.h, so remove a copy of definition.
      Signed-off-by: default avatarZijun Hu <quic_zijuhu@quicinc.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      94c603c2
    • Zijun Hu's avatar
      Bluetooth: hci_conn: Remove a redundant check for HFP offload · d68d8a7a
      Zijun Hu authored
      Remove a redundant check !hdev->get_codec_config_data.
      Signed-off-by: default avatarZijun Hu <quic_zijuhu@quicinc.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      d68d8a7a
    • Zijun Hu's avatar
      Bluetooth: btusb: Correct timeout macro argument used to receive control message · c48439fc
      Zijun Hu authored
      USB driver defines macro @USB_CTRL_SET_TIMEOUT for sending control message
      timeout and @USB_CTRL_GET_TIMEOUT for receiving, but usb_control_msg()
      uses wrong macro @USB_CTRL_SET_TIMEOUT as argument to receive control
      message, fixed by using @USB_CTRL_GET_TIMEOUT to receive message.
      Signed-off-by: default avatarZijun Hu <quic_zijuhu@quicinc.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      c48439fc
    • Peter Tsao's avatar
      Bluetooth: btusb: Fix the patch for MT7920 the affected to MT7921 · 958cd6be
      Peter Tsao authored
      Because both MT7920 and MT7921 use the same chip ID.
      We use the 8th bit of fw_flavor to distingush MT7920.
      The original patch made a mistake to check whole fw_flavor,
      that makes the condition both true (dev_id == 0x7961 && fw_flavor),
      and makes MT7921 flow wrong.
      
      In this patch, we correct the flow to get the 8th bit value for MT7920.
      And the patch is verified pass with both MT7920 and MT7921.
      Signed-off-by: default avatarPeter Tsao <peter.tsao@mediatek.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      958cd6be
    • Uri Arev's avatar
      Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl · 68aa2105
      Uri Arev authored
      This fixes some CHECKs reported by the checkpatch script.
      
      Issues reported in ath3k.c:
      -------
      ath3k.c
      -------
      CHECK: Please don't use multiple blank lines
      +
      +
      
      CHECK: Blank lines aren't necessary after an open brace '{'
      +static const struct usb_device_id ath3k_blist_tbl[] = {
      +
      
      CHECK: Alignment should match open parenthesis
      +static int ath3k_load_firmware(struct usb_device *udev,
      +                               const struct firmware *firmware)
      
      CHECK: Alignment should match open parenthesis
      +               err = usb_bulk_msg(udev, pipe, send_buf, size,
      +                                       &len, 3000);
      
      CHECK: Unnecessary parentheses around 'len != size'
      +               if (err || (len != size)) {
      
      CHECK: Alignment should match open parenthesis
      +static int ath3k_get_version(struct usb_device *udev,
      +                       struct ath3k_version *version)
      
      CHECK: Alignment should match open parenthesis
      +static int ath3k_load_fwfile(struct usb_device *udev,
      +               const struct firmware *firmware)
      
      CHECK: Alignment should match open parenthesis
      +               err = usb_bulk_msg(udev, pipe, send_buf, size,
      +                                       &len, 3000);
      
      CHECK: Unnecessary parentheses around 'len != size'
      +               if (err || (len != size)) {
      
      CHECK: Blank lines aren't necessary after an open brace '{'
      +       switch (fw_version.ref_clock) {
      +
      
      CHECK: Alignment should match open parenthesis
      +       snprintf(filename, ATH3K_NAME_LEN, "ar3k/ramps_0x%08x_%d%s",
      +               le32_to_cpu(fw_version.rom_version), clk_value, ".dfu");
      
      CHECK: Alignment should match open parenthesis
      +static int ath3k_probe(struct usb_interface *intf,
      +                       const struct usb_device_id *id)
      
      CHECK: Alignment should match open parenthesis
      +                       BT_ERR("Firmware file \"%s\" not found",
      +                                                       ATH3K_FIRMWARE);
      
      CHECK: Alignment should match open parenthesis
      +               BT_ERR("Firmware file \"%s\" request failed (err=%d)",
      +                                               ATH3K_FIRMWARE, ret);
      
      total: 0 errors, 0 warnings, 14 checks, 540 lines checked
      Signed-off-by: default avatarUri Arev <me@wantyapps.xyz>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      68aa2105
    • Hans de Goede's avatar
      Bluetooth: hci_bcm: Limit bcm43455 baudrate to 2000000 · 51931c55
      Hans de Goede authored
      Like the bcm43430a0 the bcm43455 BT does not support the 0xfc45 command
      to set the UART clock to 48 MHz and because of this it does not work
      at 4000000 baud.
      
      These chips are found on ACPI/x86 devices where the operating baudrate
      does not come from the firmware but is hardcoded at 4000000, which does
      not work.
      
      Make the driver_data for the "BCM2EA4" ACPI HID which is used for
      the bcm43455 BT point to bcm43430_device_data which limits the baudrate
      to 2000000.
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      51931c55
    • Gustavo A. R. Silva's avatar
      Bluetooth: L2CAP: Avoid -Wflex-array-member-not-at-end warnings · 1c08108f
      Gustavo A. R. Silva authored
      -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
      ready to enable it globally.
      
      There are currently a couple of objects (`req` and `rsp`), in a couple
      of structures, that contain flexible structures (`struct l2cap_ecred_conn_req`
      and `struct l2cap_ecred_conn_rsp`), for example:
      
      struct l2cap_ecred_rsp_data {
              struct {
                      struct l2cap_ecred_conn_rsp rsp;
                      __le16 scid[L2CAP_ECRED_MAX_CID];
              } __packed pdu;
              int count;
      };
      
      in the struct above, `struct l2cap_ecred_conn_rsp` is a flexible
      structure:
      
      struct l2cap_ecred_conn_rsp {
              __le16 mtu;
              __le16 mps;
              __le16 credits;
              __le16 result;
              __le16 dcid[];
      };
      
      So, in order to avoid ending up with a flexible-array member in the
      middle of another structure, we use the `struct_group_tagged()` (and
      `__struct_group()` when the flexible structure is `__packed`) helper
      to separate the flexible array from the rest of the members in the
      flexible structure:
      
      struct l2cap_ecred_conn_rsp {
              struct_group_tagged(l2cap_ecred_conn_rsp_hdr, hdr,
      
      	... the rest of members
      
              );
              __le16 dcid[];
      };
      
      With the change described above, we now declare objects of the type of
      the tagged struct, in this example `struct l2cap_ecred_conn_rsp_hdr`,
      without embedding flexible arrays in the middle of other structures:
      
      struct l2cap_ecred_rsp_data {
              struct {
                      struct l2cap_ecred_conn_rsp_hdr rsp;
                      __le16 scid[L2CAP_ECRED_MAX_CID];
              } __packed pdu;
              int count;
      };
      
      Also, when the flexible-array member needs to be accessed, we use
      `container_of()` to retrieve a pointer to the flexible structure.
      
      We also use the `DEFINE_RAW_FLEX()` helper for a couple of on-stack
      definitions of a flexible structure where the size of the flexible-array
      member is known at compile-time.
      
      So, with these changes, fix the following warnings:
      net/bluetooth/l2cap_core.c:1260:45: warning: structure containing a
      flexible array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      net/bluetooth/l2cap_core.c:3740:45: warning: structure containing a
      flexible array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      net/bluetooth/l2cap_core.c:4999:45: warning: structure containing a
      flexible array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      net/bluetooth/l2cap_core.c:7116:47: warning: structure containing a
      flexible array member is not at the end of another structure
      [-Wflex-array-member-not-at-end]
      
      Link: https://github.com/KSPP/linux/issues/202Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      1c08108f
    • Uri Arev's avatar
      Bluetooth: hci_intel: Fix multiple issues reported by checkpatch.pl · 62f7de37
      Uri Arev authored
      This fixes the following CHECKs, WARNINGs, and ERRORs reported in
      hci_intel.c
      
      Reported by checkpatch.pl:
      -----------
      hci_intel.c
      -----------
      WARNING: Prefer using '"%s...", __func__' to using 'intel_setup', this
              function's name, in a string
      +       bt_dev_dbg(hdev, "start intel_setup");
      
      ERROR: code indent should use tabs where possible
      +        /* Check for supported iBT hardware variants of this firmware$
      
      ERROR: code indent should use tabs where possible
      +         * loading method.$
      
      ERROR: code indent should use tabs where possible
      +         *$
      
      ERROR: code indent should use tabs where possible
      +         * This check has been put in place to ensure correct forward$
      
      ERROR: code indent should use tabs where possible
      +         * compatibility options when newer hardware variants come along.$
      
      ERROR: code indent should use tabs where possible
      +         */$
      
      CHECK: No space is necessary after a cast
      +       duration = (unsigned long long) ktime_to_ns(delta) >> 10;
      
      CHECK: No space is necessary after a cast
      +       duration = (unsigned long long) ktime_to_ns(delta) >> 10;
      
      WARNING: Missing a blank line after declarations
      +               int err = PTR_ERR(intel->rx_skb);
      +               bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
      Signed-off-by: default avatarUri Arev <me@wantyapps.xyz>
      Suggested-by: default avatarLuiz Augusto von Dentz <luiz.dentz@gmail.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      62f7de37
    • Iulia Tanasescu's avatar
      Bluetooth: ISO: Handle PA sync when no BIGInfo reports are generated · d356c924
      Iulia Tanasescu authored
      In case of a Broadcast Source that has PA enabled but no active BIG,
      a Broadcast Sink needs to establish PA sync and parse BASE from PA
      reports.
      
      This commit moves the allocation of a PA sync hcon from the BIGInfo
      advertising report event to the PA sync established event. After the
      first complete PA report, the hcon is notified to the ISO layer. A
      child socket is allocated and enqueued in the parent's accept queue.
      
      BIGInfo reports also need to be processed, to extract the encryption
      field and inform userspace. After the first BIGInfo report is received,
      the PA sync hcon is notified again to the ISO layer. Since a socket will
      be found this time, the socket state will transition to BT_CONNECTED and
      the userspace will be woken up using sk_state_change.
      Signed-off-by: default avatarIulia Tanasescu <iulia.tanasescu@nxp.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      d356c924
    • Iulia Tanasescu's avatar
      Bluetooth: ISO: Make iso_get_sock_listen generic · 311527e9
      Iulia Tanasescu authored
      This makes iso_get_sock_listen more generic, to return matching socket
      in the state provided as argument.
      Signed-off-by: default avatarIulia Tanasescu <iulia.tanasescu@nxp.com>
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      311527e9
    • Luiz Augusto von Dentz's avatar
      Bluetooth: hci_event: Set DISCOVERY_FINDING on SCAN_ENABLED · 2e2515c1
      Luiz Augusto von Dentz authored
      This makes sure that discovery state is properly synchronized otherwise
      reports may not generate MGMT DeviceFound events as it would be assumed
      that it was not initiated by a discovery session.
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      2e2515c1