1. 29 10月, 2021 6 次提交
    • B
      Bluetooth: hci_sync: Convert MGMT_OP_SSP · 3244845c
      Brian Gix 提交于
      mgmt-tester paths:
      Set SSP on - Success 2
      Set Device ID - SSP off and Power on
      Signed-off-by: NBrian Gix <brian.gix@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      3244845c
    • L
      Bluetooth: hci_sync: Convert MGMT_OP_START_DISCOVERY · abfeea47
      Luiz Augusto von Dentz 提交于
      This make use of hci_cmd_sync_queue for MGMT_OP_START_DISCOVERY,
      MGMT_OP_START_SERVICE_DISCOVERY and MGMT_OP_STOP_DISCOVERY to use
      hci_cmd_sync_queue so they no longer depend on hdev->discov_update work
      to send any commands.
      
      Tested with:
      
      tools/mgmt-tester -s "Start Discovery"
      
      Test Summary
      ------------
      Start Discovery - Not powered 1                      Passed
      Start Discovery - Invalid parameters 1               Passed
      Start Discovery - Not supported 1                    Passed
      Start Discovery - Success 1                          Passed
      Start Discovery - Success 2                          Passed
      Start Discovery - Power Off 1                        Passed
      Start Discovery BREDR LE - (Ext Scan Enable)         Passed
      Start Discovery LE - (Ext Scan Enable)               Passed
      Start Discovery LE - (Ext Scan Param)                Passed
      Start Discovery - (2m, Scan Param)                   Passed
      Start Discovery - (coded, Scan Param)                Passed
      Start Discovery - (1m, 2m, coded, Scan Param)        Passed
      LL Privacy - Start Discovery 1 (Disable RL)          Passed
      LL Privacy - Start Discovery 2 (Disable RL)          Passed
      Total: 14, Passed: 14 (100.0%), Failed: 0, Not Run: 0
      
      tools/mgmt-tester -s "Start Service"
      
      Test Summary
      ------------
      Start Service Discovery - Not powered 1              Passed
      Start Service Discovery - Invalid parameters 1       Passed
      Start Service Discovery - Not supported 1            Passed
      Start Service Discovery - Success 1                  Passed
      Start Service Discovery - Success 2                  Passed
      Total: 5, Passed: 5 (100.0%), Failed: 0, Not Run: 0
      
      tools/mgmt-tester -s "Stop Discovery"
      
      Test Summary
      ------------
      Stop Discovery - Success 1                           Passed
      Stop Discovery - BR/EDR (Inquiry) Success 1          Passed
      Stop Discovery - Rejected 1                          Passed
      Stop Discovery - Invalid parameters 1                Passed
      Stop Discovery - (Ext Scan Disable)                  Passed
      Total: 5, Passed: 5 (100.0%), Failed: 0, Not Run: 0
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      abfeea47
    • L
      Bluetooth: hci_sync: Rework background scan · 5bee2fd6
      Luiz Augusto von Dentz 提交于
      This replaces the use of hci_update_background_scan with
      hci_update_passive_scan which runs from cmd_work_sync and deal properly
      with resolving list when LL privacy is enabled.
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      5bee2fd6
    • L
      Bluetooth: hci_sync: Enable advertising when LL privacy is enabled · ad383c2c
      Luiz Augusto von Dentz 提交于
      This enables advertising when LL privacy is enabled and changes the
      command sequence when resolving list is updated to also account for when
      advertising is enabled using the following sequence:
      
      If there are devices to scan:
      
      Disable Scanning -> Update Accept List ->
      use_ll_privacy((Disable Advertising) -> Disable Resolving List ->
      Update Resolving List -> Enable Resolving List -> (Enable Advertising)) ->
      Enable Scanning
      
      Otherwise:
      
      Disable Scanning
      
      Errors during the Update Accept List stage are handled gracefully by
      restoring any previous state (e.g. advertising) and disabling the use of
      accept list as either accept list or resolving list could not be
      updated.
      
      Tested with:
      
      mgmt-tester -s "LL Privacy"
      
      Test Summary
      ------------
      LL Privacy - Add Device 1 (Add to WL)                Passed
      LL Privacy - Add Device 2 (Add to RL)                Passed
      LL Privacy - Add Device 3 (Enable RL)                Passed
      LL Privacy - Add Device 4 (2 Devices to WL)          Passed
      LL Privacy - Add Device 5 (2 Devices to RL)          Passed
      LL Privacy - Add Device 6 (RL is full)               Passed
      LL Privacy - Add Device 7 (WL is full)               Passed
      LL Privacy - Add Device 8 (Disable Adv)              Passed
      LL Privacy - Add Device 9 (Multi Adv)                Passed
      LL Privacy - Add Device 10 (Multi Dev and Multi Adv) Passed
      LL Privacy - Remove Device 1 (Remove from WL)        Passed
      LL Privacy - Remove Device 2 (Remove from RL)        Passed
      LL Privacy - Remove Device 3 (Disable RL)            Passed
      LL Privacy - Remove Device 4 (Disable Adv)           Passed
      LL Privacy - Remove Device 5 (Multi Adv)             Passed
      LL Privacy - Start Discovery 1 (Disable RL)          Passed
      LL Privacy - Start Discovery 2 (Disable RL)          Passed
      Total: 18, Passed: 18 (100.0%), Failed: 0, Not Run: 0
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      ad383c2c
    • L
      Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 2 · cba6b758
      Luiz Augusto von Dentz 提交于
      This make use of hci_cmd_sync_queue for the following MGMT commands:
      
      Add Advertising
      Remove Advertising
      Add Extended Advertising Parameters
      Add Extended Advertising Data
      
      mgmt-tester -s "Add Advertising"
      
      Test Summary
      ------------
      Add Advertising - Failure: LE off                    Passed
      Add Advertising - Invalid Params 1 (AD too long)     Passed
      Add Advertising - Invalid Params 2 (Malformed len)   Passed
      Add Advertising - Invalid Params 3 (Malformed len)   Passed
      Add Advertising - Invalid Params 4 (Malformed len)   Passed
      Add Advertising - Invalid Params 5 (AD too long)     Passed
      Add Advertising - Invalid Params 6 (ScRsp too long)  Passed
      Add Advertising - Invalid Params 7 (Malformed len)   Passed
      Add Advertising - Invalid Params 8 (Malformed len)   Passed
      Add Advertising - Invalid Params 9 (Malformed len)   Passed
      Add Advertising - Invalid Params 10 (ScRsp too long) Passed
      Add Advertising - Rejected (Timeout, !Powered)       Passed
      Add Advertising - Success 1 (Powered, Add Adv Inst)  Passed
      Add Advertising - Success 2 (!Powered, Add Adv Inst) Passed
      Add Advertising - Success 3 (!Powered, Adv Enable)   Passed
      Add Advertising - Success 4 (Set Adv on override)    Passed
      Add Advertising - Success 5 (Set Adv off override)   Passed
      Add Advertising - Success 6 (Scan Rsp Dta, Adv ok)   Passed
      Add Advertising - Success 7 (Scan Rsp Dta, Scan ok)  Passed
      Add Advertising - Success 8 (Connectable Flag)       Passed
      Add Advertising - Success 9 (General Discov Flag)    Passed
      Add Advertising - Success 10 (Limited Discov Flag)   Passed
      Add Advertising - Success 11 (Managed Flags)         Passed
      Add Advertising - Success 12 (TX Power Flag)         Passed
      Add Advertising - Success 13 (ADV_SCAN_IND)          Passed
      Add Advertising - Success 14 (ADV_NONCONN_IND)       Passed
      Add Advertising - Success 15 (ADV_IND)               Passed
      Add Advertising - Success 16 (Connectable -> on)     Passed
      Add Advertising - Success 17 (Connectable -> off)    Passed
      Add Advertising - Success 18 (Power -> off, Remove)  Passed
      Add Advertising - Success 19 (Power -> off, Keep)    Passed
      Add Advertising - Success 20 (Add Adv override)      Passed
      Add Advertising - Success 21 (Timeout expires)       Passed
      Add Advertising - Success 22 (LE -> off, Remove)     Passed
      Add Advertising - Success (Empty ScRsp)              Passed
      Add Advertising - Success (ScRsp only)               Passed
      Add Advertising - Invalid Params (ScRsp too long)    Passed
      Add Advertising - Success (ScRsp appear)             Passed
      Add Advertising - Invalid Params (ScRsp appear long) Passed
      Add Advertising - Success (Appear is null)           Passed
      Add Advertising - Success (Name is null)             Passed
      Add Advertising - Success (Complete name)            Passed
      Add Advertising - Success (Shortened name)           Passed
      Add Advertising - Success (Short name)               Passed
      Add Advertising - Success (Name + data)              Passed
      Add Advertising - Invalid Params (Name + data)       Passed
      Add Advertising - Success (Name+data+appear)         Passed
      Total: 47, Passed: 47 (100.0%), Failed: 0, Not Run: 0
      Overall execution time: 2.17 seconds
      
      mgmt-tester -s "Remove Advertising"
      
      Test Summary
      ------------
      Remove Advertising - Invalid Params 1                Passed
      Remove Advertising - Success 1                       Passed
      Remove Advertising - Success 2                       Passed
      Total: 3, Passed: 3 (100.0%), Failed: 0, Not Run: 0
      Overall execution time: 0.0585 seconds
      
      mgmt-tester -s "Ext Adv MGMT Params"
      
      Test Summary:
      ------------
      Ext Adv MGMT Params - Unpowered                      Passed
      Ext Adv MGMT Params - Invalid parameters             Passed
      Ext Adv MGMT Params - Success                        Passed
      Ext Adv MGMT Params - (5.0) Success                  Passed
      Total: 4, Passed: 4 (100.0%), Failed: 0, Not Run: 0
      Overall execution time: 0.0746 seconds
      
      mgmt-tester -s "Ext Adv MGMT -"
      
      Test Summary
      ------------
      Ext Adv MGMT - Data set without Params               Passed
      Ext Adv MGMT - AD Data (5.0) Invalid parameters      Passed
      Ext Adv MGMT - AD Data (5.0) Success                 Passed
      Ext Adv MGMT - AD Scan Response (5.0) Success        Passed
      Total: 4, Passed: 4 (100.0%), Failed: 0, Not Run: 0
      Overall execution time: 0.0805 seconds
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      cba6b758
    • A
      Bluetooth: Fix removing adv when processing cmd complete · 2128939f
      Archie Pusaka 提交于
      If we remove one instance of adv using Set Extended Adv Enable, there
      is a possibility of issue occurs when processing the Command Complete
      event. Especially, the adv_info might not be found since we already
      remove it in hci_req_clear_adv_instance() -> hci_remove_adv_instance().
      If that's the case, we will mistakenly proceed to remove all adv
      instances instead of just one single instance.
      
      This patch fixes the issue by checking the content of the HCI command
      instead of checking whether the adv_info is found.
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NSonny Sasaka <sonnysasaka@chromium.org>
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      2128939f
  2. 06 10月, 2021 1 次提交
    • L
      Bluetooth: Fix handling of SUSPEND_DISCONNECTING · 83775456
      Luiz Augusto von Dentz 提交于
      When SUSPEND_DISCONNECTING bit is set that means Disconnect is pending
      but the code was evaluating if the list is empty before calling
      hci_conn_del which does the actual cleanup and remove the connection
      from the list thus the bit is never cleared causing the suspend
      procedure to always timeout when there are connections to be
      disconnected:
      
      Suspend/Resume - Success 5 (Pairing - Legacy) - waiting done
        Set the system into Suspend via force_suspend
      = mgmt-tester: Suspend/Resume - Success 5 (Pairing -..   17:03:13.200458
      = mgmt-tester: Set the system into Suspend via force_suspend    17:03:13.205812
      < HCI Command: Write Scan E.. (0x03|0x001a) plen 1  #122 [hci0] 17:03:13.213561
              Scan enable: No Scans (0x00)
      > HCI Event: Command Complete (0x0e) plen 4         #123 [hci0] 17:03:13.214710
            Write Scan Enable (0x03|0x001a) ncmd 1
              Status: Success (0x00)
      < HCI Command: Disconnect (0x01|0x0006) plen 3      #124 [hci0] 17:03:13.215830
              Handle: 42
              Reason: Remote Device Terminated due to Power Off (0x15)
      > HCI Event: Command Status (0x0f) plen 4           #125 [hci0] 17:03:13.216602
            Disconnect (0x01|0x0006) ncmd 1
              Status: Success (0x00)
      > HCI Event: Disconnect Complete (0x05) plen 4      #126 [hci0] 17:03:13.217342
              Status: Success (0x00)
              Handle: 42
              Reason: Remote Device Terminated due to Power Off (0x15)
      @ MGMT Event: Device Disconn.. (0x000c) plen 8  {0x0002} [hci0] 17:03:13.217688
              BR/EDR Address: 00:AA:01:01:00:00 (Intel Corporation)
              Reason: Connection terminated by local host for suspend (0x05)
      @ MGMT Event: Device Disconn.. (0x000c) plen 8  {0x0001} [hci0] 17:03:13.217688
              BR/EDR Address: 00:AA:01:01:00:00 (Intel Corporation)
              Reason: Connection terminated by local host for suspend (0x05)
      Suspend/Resume - Success 5 (Pairing - Legacy) - test timed out
      = mgmt-tester: Suspend/Resume - Success 5 (Pairing -..   17:03:13.939317
      Suspend/Resume - Success 5 (Pairing - Legacy) - teardown
      = mgmt-tester: Suspend/Resume - Success 5 (Pairing -..   17:03:13.947267
      [   13.284291] Bluetooth: hci0: Timed out waiting for suspend events
      [   13.287324] Bluetooth: hci0: Suspend timeout bit: 6
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      83775456
  3. 21 9月, 2021 1 次提交
  4. 08 9月, 2021 2 次提交
  5. 31 8月, 2021 2 次提交
  6. 30 8月, 2021 1 次提交
  7. 17 8月, 2021 1 次提交
    • K
      Bluetooth: Fix race condition in handling NOP command · ecb71f25
      Kiran K 提交于
      For NOP command, need to cancel work scheduled on cmd_timer,
      on receiving command status or commmand complete event.
      
      Below use case might lead to race condition multiple when NOP
      commands are queued sequentially:
      
      hci_cmd_work() {
         if (atomic_read(&hdev->cmd_cnt) {
                  .
                  .
                  .
            atomic_dec(&hdev->cmd_cnt);
            hci_send_frame(hdev,...);
            schedule_delayed_work(&hdev->cmd_timer,...);
         }
      }
      
      On receiving event for first NOP, the work scheduled on hdev->cmd_timer
      is not cancelled and second NOP is dequeued and sent to controller.
      
      While waiting for an event for second NOP command, work scheduled on
      cmd_timer for the first NOP can get scheduled, resulting in sending third
      NOP command (sending back to back NOP commands). This might
      cause issues at controller side (like memory overrun, controller going
      unresponsive) resulting in hci tx timeouts, hardware errors etc.
      
      The fix to this issue is to cancel the delayed work scheduled on
      cmd_timer on receiving command status or command complete event for
      NOP command (this patch handles NOP command same as any other SIG
      command).
      Signed-off-by: NKiran K <kiran.k@intel.com>
      Reviewed-by: NChethan T N <chethan.tumkur.narayan@intel.com>
      Reviewed-by: NSrivatsa Ravishankar <ravishankar.srivatsa@intel.com>
      Acked-by: NManish Mandlik <mmandlik@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      ecb71f25
  8. 16 8月, 2021 2 次提交
  9. 04 8月, 2021 2 次提交
  10. 29 7月, 2021 1 次提交
  11. 26 6月, 2021 11 次提交
    • L
      Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event · 23837a6d
      Luiz Augusto von Dentz 提交于
      Error status of this event means that it has ended due reasons other
      than a connection:
      
       'If advertising has terminated as a result of the advertising duration
       elapsing, the Status parameter shall be set to the error code
       Advertising Timeout (0x3C).'
      
       'If advertising has terminated because the
       Max_Extended_Advertising_Events was reached, the Status parameter
       shall be set to the error code Limit Reached (0x43).'
      
      Fixes: acf0aeae ("Bluetooth: Handle ADv set terminated event")
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      23837a6d
    • A
      Bluetooth: use inclusive language when filtering devices · 3d4f9c00
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      blacklist -> reject list
      whitelist -> accept list
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      3d4f9c00
    • A
      Bluetooth: use inclusive language when tracking connections · 39bc74ca
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      master -> central
      slave  -> peripheral
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      39bc74ca
    • A
      Bluetooth: use inclusive language in HCI role comments · 74be523c
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      master -> initiator (for smp) or central (everything else)
      slave  -> responder (for smp) or peripheral (everything else)
      
      The #define preprocessor terms are unchanged for now to not disturb
      dependent APIs.
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      74be523c
    • A
      Bluetooth: use inclusive language in comments · 67ffb185
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      slave       -> peripheral
      blacklisted -> blocked
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      67ffb185
    • A
      Bluetooth: use inclusive language in HCI LE features · ef365da1
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      master -> central
      slave  -> peripheral
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      ef365da1
    • S
      Bluetooth: Translate additional address type during le_conn_comp · 79699a70
      Sathish Narasimman 提交于
      When using controller based address resolution, then the destination
      address type during le_conn_complete uses 0x02 & 0x03 if controller
      resolves the destination address(RPA).
      These address types need to be converted back into either 0x00 0r 0x01
      Signed-off-by: NSathish Narasimman <sathish.narasimman@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      79699a70
    • S
      Bluetooth: Remove spurious error message · 1c58e933
      Szymon Janc 提交于
      Even with rate limited reporting this is very spammy and since
      it is remote device that is providing bogus data there is no
      need to report this as error.
      
      Since real_len variable was used only to allow conditional error
      message it is now also removed.
      
      [72454.143336] bt_err_ratelimited: 10 callbacks suppressed
      [72454.143337] Bluetooth: hci0: advertising data len corrected
      [72454.296314] Bluetooth: hci0: advertising data len corrected
      [72454.892329] Bluetooth: hci0: advertising data len corrected
      [72455.051319] Bluetooth: hci0: advertising data len corrected
      [72455.357326] Bluetooth: hci0: advertising data len corrected
      [72455.663295] Bluetooth: hci0: advertising data len corrected
      [72455.787278] Bluetooth: hci0: advertising data len corrected
      [72455.942278] Bluetooth: hci0: advertising data len corrected
      [72456.094276] Bluetooth: hci0: advertising data len corrected
      [72456.249137] Bluetooth: hci0: advertising data len corrected
      [72459.416333] bt_err_ratelimited: 13 callbacks suppressed
      [72459.416334] Bluetooth: hci0: advertising data len corrected
      [72459.721334] Bluetooth: hci0: advertising data len corrected
      [72460.011317] Bluetooth: hci0: advertising data len corrected
      [72460.327171] Bluetooth: hci0: advertising data len corrected
      [72460.638294] Bluetooth: hci0: advertising data len corrected
      [72460.946350] Bluetooth: hci0: advertising data len corrected
      [72461.225320] Bluetooth: hci0: advertising data len corrected
      [72461.690322] Bluetooth: hci0: advertising data len corrected
      [72462.118318] Bluetooth: hci0: advertising data len corrected
      [72462.427319] Bluetooth: hci0: advertising data len corrected
      [72464.546319] bt_err_ratelimited: 7 callbacks suppressed
      [72464.546319] Bluetooth: hci0: advertising data len corrected
      [72464.857318] Bluetooth: hci0: advertising data len corrected
      [72465.163332] Bluetooth: hci0: advertising data len corrected
      [72465.278331] Bluetooth: hci0: advertising data len corrected
      [72465.432323] Bluetooth: hci0: advertising data len corrected
      [72465.891334] Bluetooth: hci0: advertising data len corrected
      [72466.045334] Bluetooth: hci0: advertising data len corrected
      [72466.197321] Bluetooth: hci0: advertising data len corrected
      [72466.340318] Bluetooth: hci0: advertising data len corrected
      [72466.498335] Bluetooth: hci0: advertising data len corrected
      [72469.803299] bt_err_ratelimited: 10 callbacks suppressed
      Signed-off-by: NSzymon Janc <szymon.janc@codecoup.pl>
      Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=203753
      Cc: stable@vger.kernel.org
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      1c58e933
    • K
      Bluetooth: Fix alt settings for incoming SCO with transparent coding format · 06d213d8
      Kiran K 提交于
      For incoming SCO connection with transparent coding format, alt setting
      of CVSD is getting applied instead of Transparent.
      
      Before fix:
      < HCI Command: Accept Synchron.. (0x01|0x0029) plen 21  #2196 [hci0] 321.342548
              Address: 1C:CC:D6:E2:EA:80 (Xiaomi Communications Co Ltd)
              Transmit bandwidth: 8000
              Receive bandwidth: 8000
              Max latency: 13
              Setting: 0x0003
                Input Coding: Linear
                Input Data Format: 1's complement
                Input Sample Size: 8-bit
                # of bits padding at MSB: 0
                Air Coding Format: Transparent Data
              Retransmission effort: Optimize for link quality (0x02)
              Packet type: 0x003f
                HV1 may be used
                HV2 may be used
                HV3 may be used
                EV3 may be used
                EV4 may be used
                EV5 may be used
      > HCI Event: Command Status (0x0f) plen 4               #2197 [hci0] 321.343585
            Accept Synchronous Connection Request (0x01|0x0029) ncmd 1
              Status: Success (0x00)
      > HCI Event: Synchronous Connect Comp.. (0x2c) plen 17  #2198 [hci0] 321.351666
              Status: Success (0x00)
              Handle: 257
              Address: 1C:CC:D6:E2:EA:80 (Xiaomi Communications Co Ltd)
              Link type: eSCO (0x02)
              Transmission interval: 0x0c
              Retransmission window: 0x04
              RX packet length: 60
              TX packet length: 60
              Air mode: Transparent (0x03)
      ........
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2336 [hci0] 321.383655
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2337 [hci0] 321.389558
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2338 [hci0] 321.393615
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2339 [hci0] 321.393618
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2340 [hci0] 321.393618
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2341 [hci0] 321.397070
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2342 [hci0] 321.403622
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2343 [hci0] 321.403625
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2344 [hci0] 321.403625
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2345 [hci0] 321.403625
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2346 [hci0] 321.404569
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2347 [hci0] 321.412091
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2348 [hci0] 321.413626
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2349 [hci0] 321.413630
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2350 [hci0] 321.413630
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2351 [hci0] 321.419674
      
      After fix:
      
      < HCI Command: Accept Synchronou.. (0x01|0x0029) plen 21  #309 [hci0] 49.439693
              Address: 1C:CC:D6:E2:EA:80 (Xiaomi Communications Co Ltd)
              Transmit bandwidth: 8000
              Receive bandwidth: 8000
              Max latency: 13
              Setting: 0x0003
                Input Coding: Linear
                Input Data Format: 1's complement
                Input Sample Size: 8-bit
                # of bits padding at MSB: 0
                Air Coding Format: Transparent Data
              Retransmission effort: Optimize for link quality (0x02)
              Packet type: 0x003f
                HV1 may be used
                HV2 may be used
                HV3 may be used
                EV3 may be used
                EV4 may be used
                EV5 may be used
      > HCI Event: Command Status (0x0f) plen 4                 #310 [hci0] 49.440308
            Accept Synchronous Connection Request (0x01|0x0029) ncmd 1
              Status: Success (0x00)
      > HCI Event: Synchronous Connect Complete (0x2c) plen 17  #311 [hci0] 49.449308
              Status: Success (0x00)
              Handle: 257
              Address: 1C:CC:D6:E2:EA:80 (Xiaomi Communications Co Ltd)
              Link type: eSCO (0x02)
              Transmission interval: 0x0c
              Retransmission window: 0x04
              RX packet length: 60
              TX packet length: 60
              Air mode: Transparent (0x03)
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #312 [hci0] 49.450421
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #313 [hci0] 49.457927
      > HCI Event: Max Slots Change (0x1b) plen 3               #314 [hci0] 49.460345
              Handle: 256
              Max slots: 5
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #315 [hci0] 49.465453
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #316 [hci0] 49.470502
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #317 [hci0] 49.470519
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #318 [hci0] 49.472996
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #319 [hci0] 49.480412
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #320 [hci0] 49.480492
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #321 [hci0] 49.487989
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #322 [hci0] 49.490303
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #323 [hci0] 49.495496
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #324 [hci0] 49.500304
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #325 [hci0] 49.500311
      Signed-off-by: NKiran K <kiran.k@intel.com>
      Signed-off-by: NLokendra Singh <lokendra.singh@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      06d213d8
    • M
      Bluetooth: Add ncmd=0 recovery handling · de75cd0d
      Manish Mandlik 提交于
      During command status or command complete event, the controller may set
      ncmd=0 indicating that it is not accepting any more commands. In such a
      case, host holds off sending any more commands to the controller. If the
      controller doesn't recover from such condition, host will wait forever,
      until the user decides that the Bluetooth is broken and may power cycles
      the Bluetooth.
      
      This patch triggers the hardware error to reset the controller and
      driver when it gets into such state as there is no other wat out.
      Reviewed-by: NAbhishek Pandit-Subedi <abhishekpandit@chromium.org>
      Signed-off-by: NManish Mandlik <mmandlik@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      de75cd0d
    • Y
      Bluetooth: Return whether a connection is outbound · 1c6ed31b
      Yu Liu 提交于
      When an MGMT_EV_DEVICE_CONNECTED event is reported back to the user
      space we will set the flags to tell if the established connection is
      outbound or not. This is useful for the user space to log better metrics
      and error messages.
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Reviewed-by: NAlain Michaud <alainm@chromium.org>
      Signed-off-by: NYu Liu <yudiliu@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      1c6ed31b
  12. 03 6月, 2021 1 次提交
  13. 06 4月, 2021 1 次提交
    • D
      Bluetooth: Use ext adv handle from requests in CCs · 25e70886
      Daniel Winkler 提交于
      Some extended advertising hci command complete events are still using
      hdev->cur_adv_instance to map the request to the correct advertisement
      handle. However, with extended advertising, "current instance" doesn't
      make sense as we can have multiple concurrent advertisements. This
      change switches these command complete handlers to use the advertising
      handle from the request/event, to ensure we will always use the correct
      advertising handle regardless of the state of hdev->cur_adv_instance.
      
      This change is tested on hatch and kefka chromebooks and run through
      single- and multi-advertising automated tests to confirm callbacks
      report tx power to the correct advertising handle, etc.
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NDaniel Winkler <danielwinkler@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      25e70886
  14. 02 4月, 2021 1 次提交
  15. 23 3月, 2021 1 次提交
    • A
      Bluetooth: verify AMP hci_chan before amp_destroy · 5c4c8c95
      Archie Pusaka 提交于
      hci_chan can be created in 2 places: hci_loglink_complete_evt() if
      it is an AMP hci_chan, or l2cap_conn_add() otherwise. In theory,
      Only AMP hci_chan should be removed by a call to
      hci_disconn_loglink_complete_evt(). However, the controller might mess
      up, call that function, and destroy an hci_chan which is not initiated
      by hci_loglink_complete_evt().
      
      This patch adds a verification that the destroyed hci_chan must have
      been init'd by hci_loglink_complete_evt().
      
      Example crash call trace:
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0xe3/0x144 lib/dump_stack.c:118
       print_address_description+0x67/0x22a mm/kasan/report.c:256
       kasan_report_error mm/kasan/report.c:354 [inline]
       kasan_report mm/kasan/report.c:412 [inline]
       kasan_report+0x251/0x28f mm/kasan/report.c:396
       hci_send_acl+0x3b/0x56e net/bluetooth/hci_core.c:4072
       l2cap_send_cmd+0x5af/0x5c2 net/bluetooth/l2cap_core.c:877
       l2cap_send_move_chan_cfm_icid+0x8e/0xb1 net/bluetooth/l2cap_core.c:4661
       l2cap_move_fail net/bluetooth/l2cap_core.c:5146 [inline]
       l2cap_move_channel_rsp net/bluetooth/l2cap_core.c:5185 [inline]
       l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:5464 [inline]
       l2cap_sig_channel net/bluetooth/l2cap_core.c:5799 [inline]
       l2cap_recv_frame+0x1d12/0x51aa net/bluetooth/l2cap_core.c:7023
       l2cap_recv_acldata+0x2ea/0x693 net/bluetooth/l2cap_core.c:7596
       hci_acldata_packet net/bluetooth/hci_core.c:4606 [inline]
       hci_rx_work+0x2bd/0x45e net/bluetooth/hci_core.c:4796
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      Allocated by task 38:
       set_track mm/kasan/kasan.c:460 [inline]
       kasan_kmalloc+0x8d/0x9a mm/kasan/kasan.c:553
       kmem_cache_alloc_trace+0x102/0x129 mm/slub.c:2787
       kmalloc include/linux/slab.h:515 [inline]
       kzalloc include/linux/slab.h:709 [inline]
       hci_chan_create+0x86/0x26d net/bluetooth/hci_conn.c:1674
       l2cap_conn_add.part.0+0x1c/0x814 net/bluetooth/l2cap_core.c:7062
       l2cap_conn_add net/bluetooth/l2cap_core.c:7059 [inline]
       l2cap_connect_cfm+0x134/0x852 net/bluetooth/l2cap_core.c:7381
       hci_connect_cfm+0x9d/0x122 include/net/bluetooth/hci_core.h:1404
       hci_remote_ext_features_evt net/bluetooth/hci_event.c:4161 [inline]
       hci_event_packet+0x463f/0x72fa net/bluetooth/hci_event.c:5981
       hci_rx_work+0x197/0x45e net/bluetooth/hci_core.c:4791
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      Freed by task 1732:
       set_track mm/kasan/kasan.c:460 [inline]
       __kasan_slab_free mm/kasan/kasan.c:521 [inline]
       __kasan_slab_free+0x106/0x128 mm/kasan/kasan.c:493
       slab_free_hook mm/slub.c:1409 [inline]
       slab_free_freelist_hook+0xaa/0xf6 mm/slub.c:1436
       slab_free mm/slub.c:3009 [inline]
       kfree+0x182/0x21e mm/slub.c:3972
       hci_disconn_loglink_complete_evt net/bluetooth/hci_event.c:4891 [inline]
       hci_event_packet+0x6a1c/0x72fa net/bluetooth/hci_event.c:6050
       hci_rx_work+0x197/0x45e net/bluetooth/hci_core.c:4791
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      The buggy address belongs to the object at ffff8881d7af9180
       which belongs to the cache kmalloc-128 of size 128
      The buggy address is located 24 bytes inside of
       128-byte region [ffff8881d7af9180, ffff8881d7af9200)
      The buggy address belongs to the page:
      page:ffffea00075ebe40 count:1 mapcount:0 mapping:ffff8881da403200 index:0x0
      flags: 0x8000000000000200(slab)
      raw: 8000000000000200 dead000000000100 dead000000000200 ffff8881da403200
      raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff8881d7af9080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
       ffff8881d7af9100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
      >ffff8881d7af9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
       ffff8881d7af9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff8881d7af9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reported-by: syzbot+98228e7407314d2d4ba2@syzkaller.appspotmail.com
      Reviewed-by: NAlain Michaud <alainm@chromium.org>
      Reviewed-by: NAbhishek Pandit-Subedi <abhishekpandit@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      5c4c8c95
  16. 17 3月, 2021 1 次提交
  17. 04 3月, 2021 1 次提交
  18. 07 12月, 2020 2 次提交
    • D
      Bluetooth: Query LE tx power on startup · 7c395ea5
      Daniel Winkler 提交于
      Queries tx power via HCI_LE_Read_Transmit_Power command when the hci
      device is initialized, and stores resulting min/max LE power in hdev
      struct. If command isn't available (< BT5 support), min/max values
      both default to HCI_TX_POWER_INVALID.
      
      This patch is manually verified by ensuring BT5 devices correctly query
      and receive controller tx power range.
      Reviewed-by: NSonny Sasaka <sonnysasaka@chromium.org>
      Signed-off-by: NDaniel Winkler <danielwinkler@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      7c395ea5
    • D
      Bluetooth: Break add adv into two mgmt commands · 12410572
      Daniel Winkler 提交于
      This patch adds support for the new advertising add interface, with the
      first command setting advertising parameters and the second to set
      advertising data. The set parameters command allows the caller to leave
      some fields "unset", with a params bitfield defining which params were
      purposefully set. Unset parameters will be given defaults when calling
      hci_add_adv_instance. The data passed to the param mgmt command is
      allowed to be flexible, so in the future if bluetoothd passes a larger
      structure with new params, the mgmt command will ignore the unknown
      members at the end.
      
      This change has been validated on both hatch (extended advertising) and
      kukui (no extended advertising) chromebooks running bluetoothd that
      support this new interface. I ran the following manual tests:
      - Set several (3) advertisements using modified test_advertisement.py
      - For each, validate correct data and parameters in btmon trace
      - Verified both for software rotation and extended adv
      
      Automatic test suite also run, testing many (25) scenarios of single and
      multi-advertising for data/parameter correctness.
      Reviewed-by: NSonny Sasaka <sonnysasaka@chromium.org>
      Signed-off-by: NDaniel Winkler <danielwinkler@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      12410572
  19. 11 11月, 2020 1 次提交
  20. 09 11月, 2020 1 次提交