1. 01 2月, 2015 9 次提交
  2. 31 1月, 2015 2 次提交
  3. 30 1月, 2015 5 次提交
  4. 29 1月, 2015 18 次提交
    • S
      Bluetooth: Fix sending Read Remote Extended Features command · ac363cf9
      Szymon Janc 提交于
      This command should only be used if remote device reports that it
      supports extended features. Otherwise command will fail and connection
      will be dropped.
      
      Some devices support SSP but don't support extended features so
      current check for SSP support is not enought.
      
      Instead of checking for SSP support just check if both ends support
      Extended Feature.
      
      < HCI Command: Create Connection (0x01|0x0005) plen 13
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Packet type: 0xcc18
                DM1 may be used
                DH1 may be used
                DM3 may be used
                DH3 may be used
                DM5 may be used
                DH5 may be used
              Page scan repetition mode: R1 (0x01)
              Page scan mode: Mandatory (0x00)
              Clock offset: 0x94c8
              Role switch: Allow slave (0x01)
      > HCI Event: Command Status (0x0f) plen 4
            Create Connection (0x01|0x0005) ncmd 1
              Status: Success (0x00)
      > HCI Event: Connect Complete (0x03) plen 11
              Status: Success (0x00)
              Handle: 5
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Link type: ACL (0x01)
              Encryption: Disabled (0x00)
      < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
              Handle: 5
      > HCI Event: Command Status (0x0f) plen 4
            Read Remote Supported Features (0x01|0x001b) ncmd 1
              Status: Success (0x00)
      > HCI Event: Page Scan Repetition Mode Change (0x20) plen 7
              Address: D0:9C:30:00:19:6F (Foster Electric Company, Limited)
              Page scan repetition mode: R1 (0x01)
      > HCI Event: Read Remote Supported Features (0x0b) plen 11
              Status: Success (0x00)
              Handle: 5
              Features: 0xff 0xff 0x8f 0xfe 0xdb 0xff 0x5b 0x07
                3 slot packets
                5 slot packets
                Encryption
                Slot offset
                Timing accuracy
                Role switch
                Hold mode
                Sniff mode
                Park state
                Power control requests
                Channel quality driven data rate (CQDDR)
                SCO link
                HV2 packets
                HV3 packets
                u-law log synchronous data
                A-law log synchronous data
                CVSD synchronous data
                Paging parameter negotiation
                Power control
                Transparent synchronous data
                Broadcast Encryption
                Enhanced Data Rate ACL 2 Mbps mode
                Enhanced Data Rate ACL 3 Mbps mode
                Enhanced inquiry scan
                Interlaced inquiry scan
                Interlaced page scan
                RSSI with inquiry results
                Extended SCO link (EV3 packets)
                EV4 packets
                EV5 packets
                AFH capable slave
                AFH classification slave
                LE Supported (Controller)
                3-slot Enhanced Data Rate ACL packets
                5-slot Enhanced Data Rate ACL packets
                Sniff subrating
                Pause encryption
                AFH capable master
                AFH classification master
                Enhanced Data Rate eSCO 2 Mbps mode
                Enhanced Data Rate eSCO 3 Mbps mode
                3-slot Enhanced Data Rate eSCO packets
                Extended Inquiry Response
                Simultaneous LE and BR/EDR (Controller)
                Secure Simple Pairing
                Encapsulated PDU
                Non-flushable Packet Boundary Flag
                Link Supervision Timeout Changed Event
                Inquiry TX Power Level
                Enhanced Power Control
      < HCI Command: Read Remote Extended Features (0x01|0x001c) plen 3
              Handle: 5
              Page: 1
      > HCI Event: Command Status (0x0f) plen 4
            Read Remote Extended Features (0x01|0x001c) ncmd 1
              Status: Command Disallowed (0x0c)
      < HCI Command: Read Clock Offset (0x01|0x001f) plen 2
              Handle: 5
      > HCI Event: Command Status (0x0f) plen 4
            Read Clock Offset (0x01|0x001f) ncmd 1
              Status: Success (0x00)
      < HCI Command: Disconnect (0x01|0x0006) plen 3
              Handle: 5
              Reason: Remote User Terminated Connection (0x13)
      Signed-off-by: NSzymon Janc <szymon.janc@tieto.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      ac363cf9
    • M
      Bluetooth: btusb: Add support for USB based AMP controllers · 893ba544
      Marcel Holtmann 提交于
      The Bluetooth HCI transport specification for USB device defines on how
      a standard AMP controller is identified and operated. This patch adds
      the needed handling to hook it up to the Bluetooth stack.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      893ba544
    • M
      Bluetooth: btusb: Ignore unknown Intel devices with generic descriptor · d0ac9eb7
      Marcel Holtmann 提交于
      The Intel Bluetooth devices use the generic USB device/interface class
      descriptors that are assigned to Bluetooth H:2 conforming transports.
      
      T:  Bus=01 Lev=01 Prnt=01 Port=01 Cnt=02 Dev#=  3 Spd=12   MxCh= 0
      D:  Ver= 2.01 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      
      However newer chips have a bootloader stage and require firmware to
      be loaded before they are functional. To avoid any confusion for the
      users, just ignore unknown Intel Bluetooth devices.
      
      All the released Intel Bluetooth devices have an entry in the device
      table identifying their setup and support requirements. The advantage
      here is that older kernel can be booted with newer devices without
      causing any disturbance.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      d0ac9eb7
    • M
      Bluetooth: btusb: Sort USB_DEVICE entries for Marvell by vendor id · cb1ee89f
      Marcel Holtmann 提交于
      New entries to the USB blacklist/quirk device table should be sorted
      by USB vendor id. Fix the recent entry fro Marvell devices.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      cb1ee89f
    • M
      Bluetooth: Move smp_unregister() into hci_dev_do_close() function · 64dae967
      Marcel Holtmann 提交于
      The smp_unregister() function needs to be called every time the
      controller is powered down. There are multiple entry points when
      this can happen. One is "hciconfig hci0 reset" which will throw
      a WARN_ON when LE support has been enabled.
      
      [   78.564620] WARNING: CPU: 0 PID: 148 at net/bluetooth/smp.c:3075 smp_register+0xf1/0x170()
      [   78.564622] Modules linked in:
      [   78.564628] CPU: 0 PID: 148 Comm: kworker/u3:1 Not tainted 3.19.0-rc4-devel+ #404
      [   78.564629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
      [   78.564635] Workqueue: hci0 hci_rx_work
      [   78.564638]  ffffffff81b4a7a2 ffff88001cb2fb38 ffffffff8161d881 0000000080000000
      [   78.564642]  0000000000000000 ffff88001cb2fb78 ffffffff8103b870 696e55206e6f6f6d
      [   78.564645]  ffff88001d965000 0000000000000000 0000000000000000 ffff88001d965000
      [   78.564648] Call Trace:
      [   78.564655]  [<ffffffff8161d881>] dump_stack+0x4f/0x7b
      [   78.564662]  [<ffffffff8103b870>] warn_slowpath_common+0x80/0xc0
      [   78.564667]  [<ffffffff81544b00>] ? add_uuid+0x1f0/0x1f0
      [   78.564671]  [<ffffffff8103b955>] warn_slowpath_null+0x15/0x20
      [   78.564674]  [<ffffffff81562d81>] smp_register+0xf1/0x170
      [   78.564680]  [<ffffffff81081236>] ? lock_timer_base.isra.30+0x26/0x50
      [   78.564683]  [<ffffffff81544bf0>] powered_complete+0xf0/0x120
      [   78.564688]  [<ffffffff8152e622>] hci_req_cmd_complete+0x82/0x260
      [   78.564692]  [<ffffffff8153554f>] hci_cmd_complete_evt+0x6cf/0x2e20
      [   78.564697]  [<ffffffff81623e43>] ? _raw_spin_unlock_irqrestore+0x13/0x30
      [   78.564701]  [<ffffffff8106b0af>] ? __wake_up_sync_key+0x4f/0x60
      [   78.564705]  [<ffffffff8153a2ab>] hci_event_packet+0xbcb/0x2e70
      [   78.564709]  [<ffffffff814094d3>] ? skb_release_all+0x23/0x30
      [   78.564711]  [<ffffffff81409529>] ? kfree_skb+0x29/0x40
      [   78.564715]  [<ffffffff815296c8>] hci_rx_work+0x1c8/0x3f0
      [   78.564719]  [<ffffffff8105bd91>] ? get_parent_ip+0x11/0x50
      [   78.564722]  [<ffffffff8105be25>] ? preempt_count_add+0x55/0xb0
      [   78.564727]  [<ffffffff8104f65f>] process_one_work+0x12f/0x360
      [   78.564731]  [<ffffffff8104ff9b>] worker_thread+0x6b/0x4b0
      [   78.564735]  [<ffffffff8104ff30>] ? cancel_delayed_work_sync+0x10/0x10
      [   78.564738]  [<ffffffff810542fa>] kthread+0xea/0x100
      [   78.564742]  [<ffffffff81620000>] ? __schedule+0x3e0/0x980
      [   78.564745]  [<ffffffff81054210>] ? kthread_create_on_node+0x180/0x180
      [   78.564749]  [<ffffffff816246ec>] ret_from_fork+0x7c/0xb0
      [   78.564752]  [<ffffffff81054210>] ? kthread_create_on_node+0x180/0x180
      [   78.564755] ---[ end trace 8b0d943af76d3736 ]---
      
      This warning is not critical and has only been placed in the code to
      actually catch this exact situation. To avoid triggering it move
      the smp_unregister() into hci_dev_do_close() which will now also
      take care of remove the SMP channel. It is safe to call this function
      since it only remove the channel if it has been previously registered.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      64dae967
    • M
      Bluetooth: btusb: Provide hardware error handler for Intel devices · 385a768c
      Marcel Holtmann 提交于
      The Intel Bluetooth controllers can provide an additional exception
      info string when a hardware error event occurs. The core will now
      call hdev->hw_error to let the driver read out this information.
      
      This change will cause a reset of the hardware to bring it back
      into functional state and then read the Intel exception info
      string and print it along with the error information.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      385a768c
    • M
      Bluetooth: Perform a power cycle when receiving hardware error event · c7741d16
      Marcel Holtmann 提交于
      When receiving a HCI Hardware Error event, the controller should be
      assumed to be non-functional until issuing a HCI Reset command.
      
      The Bluetooth hardware errors are vendor specific and so add a
      new hdev->hw_error callback that drivers can provide to run extra
      code to handle the hardware error.
      
      After completing the vendor specific error handling perform a full
      reset of the Bluetooth stack by closing and re-opening the transport.
      Based-on-patch-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      c7741d16
    • M
      Bluetooth: Introduce hci_dev_do_reset helper function · 5c912495
      Marcel Holtmann 提交于
      Split the hci_dev_reset ioctl handling into using hci_dev_do_reset
      helper function. Similar to what has been done with hci_dev_do_open
      and hci_dev_do_close.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      5c912495
    • J
      Bluetooth: Fix notifying discovery state when powering off · 8f502f84
      Johan Hedberg 提交于
      The discovery state should be set to stopped when the HCI device is
      powered off. This patch adds the appropriate call to the
      hci_discovery_set_state() function from hci_dev_do_close() which is
      responsible for the power-off procedure.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      8f502f84
    • J
      Bluetooth: Fix notifying discovery state upon reset · 39c5d970
      Johan Hedberg 提交于
      When HCI_Reset is issued the discovery state is assumed to be stopped.
      The hci_cc_reset() handler was trying to set the state but it was doing
      it without using the hci_discovery_set_state() function. Because of this
      e.g. the mgmt Discovering event could go without being sent. This patch
      fixes the code to use the hci_discovery_set_state() function instead of
      just blindly setting the state value.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      39c5d970
    • J
      Bluetooth: Fix check for SSP when enabling SC · 59200286
      Johan Hedberg 提交于
      There's a check in set_secure_conn() that's supposed to ensure that SSP
      is enabled before we try to request the controller to enable SC (since
      SSP is a pre-requisite for it). However, this check only makes sense for
      controllers actually supporting BR/EDR SC. If we have a 4.0 controller
      we're only interested in the LE part of SC and should therefore not be
      requiring SSP to be enabled. This patch adds an additional condition to
      check for lmp_sc_capable(hdev) before requiring SSP to be enabled.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      59200286
    • J
      Bluetooth: btusb: Remove redundant call to btusb_free_frags() · 838f66e3
      Johan Hedberg 提交于
      The btusb_disconnect() callback calls hci_unregister_dev() which in turn
      calls btusb_close() if the HCI device is powered. The btusb_close()
      function in turn will call btusb_free_frags(). It's therefore
      unnecessary to have another call to btusb_free_frags() in the
      btusb_disconnect() function. Besides the redundancy the second call
      seems to also cause some strange stability issues which this patch then
      also fixes.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      838f66e3
    • M
      Bluetooth: btusb: Handle out of order firmware loading complete event · ce6bb929
      Marcel Holtmann 提交于
      When loading the Intel firmware it can happen that the firmware loading
      complete vendor event arrives before the command complete event for the
      last firmware fragment.
      
      < HCI Command: Vendor (0x3f|0x0009) plen 7
              01 02 fc 03 00 00 00
      > HCI Event: Vendor (0xff) plen 5
              06 00 00 00 00
      > HCI Event: Command Complete (0x0e) plen 4
            Vendor (0x3f|0x0009) ncmd 31
              Status: Success (0x00)
      
      This is mainly caused by the fact that the vendor command and its
      command complete event are transported over the bulk endpoints. The
      firmware loading complete event however is send over the interrupt
      endpoint. So with just bad timing one event arrives before the other.
      
      Currently the code does not account for it. There are precautions for
      receiving firmware loading complete event quickly, but not for receiving
      it before the command complete.
      
      Introduce an extra flag that tracks when the firmware sending has
      completed from the driver point of view and track the completion of
      the firmware loading procedure with a different flag. That way the
      wakeup can be handled properly.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      ce6bb929
    • M
      Bluetooth: Check for P-256 OOB values in Secure Connections Only mode · aa5b0345
      Marcel Holtmann 提交于
      If Secure Connections Only mode has been enabled, the it is important
      to check that OOB data for P-256 values is provided. In case it is not,
      then tell the remote side that no OOB data is present.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      aa5b0345
    • M
      Bluetooth: Use helper function to determine BR/EDR OOB data present · a83ed81e
      Marcel Holtmann 提交于
      When replying to the IO capability request for Secure Simple Pairing and
      Secure Connections, the OOB data present fields needs to set. Instead of
      making the calculation inline, split this into a separate helper
      function.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      a83ed81e
    • M
      Bluetooth: Clear P-192 values for OOB when in Secure Connections Only mode · 6665d057
      Marcel Holtmann 提交于
      When Secure Connections Only mode has been enabled and remote OOB data
      is requested, then only provide P-256 hash and randomizer vaulues. The
      fields for P-192 hash and randomizer should be set to zero.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      6665d057
    • J
      Bluetooth: Enforce zero-valued hash/rand192 for LE OOB · d25b78e2
      Johan Hedberg 提交于
      Until legacy SMP OOB pairing is implemented user space should be given a
      clear error when trying to use it. This patch adds a corresponding check
      to the Add Remote OOB Data handler function which returns "invalid
      parameters" if non-zero Rand192 or Hash192 parameters were given for an
      LE address.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      d25b78e2
    • M
      Bluetooth: btusb: Add firmware loading for Intel Snowfield Peak devices · cda0dd78
      Marcel Holtmann 提交于
      The Intel Snowfield Peak devices do not come with Bluetooth firmware
      loaded and thus require a full download of the operational Bluetooth
      firmware when the device is connected via USB.
      
      Snowfield Peak devices start with a bootloader mode that only accepts
      a very limited set of HCI commands. The supported commands are enough
      to identify the hardware and select the right firmware to load.
      
      Previous patches to the btusb driver allow overwriting the handling
      for bulk receive endpoint packets and HCI events processing. The
      firmware loading makes heavy use of these new internal callbacks.
      
      This patch also introduces additional internal states to track if the
      device is in bootloader or operational mode. This allows for correct
      feedback about the firmware loading procedure.
      
      Output from /sys/kernel/debug/usb/devices for this device:
      
      T:  Bus=02 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#=  3 Spd=12   MxCh= 0
      D:  Ver= 2.01 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=8087 ProdID=0a2b Rev= 0.01
      C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  64 Ivl=1ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      Based-on-patch-by: NTedd Ho-Jeong An <tedd.an@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      cda0dd78
  5. 27 1月, 2015 1 次提交
    • M
      Bluetooth: btusb: Add support for Dynex/Insignia USB dongles · d049f4e5
      Marcel Holtmann 提交于
      The Dynex/Insignia USB dongles are Broadcom BCM20702B0 based and require
      firmware update before operation.
      
      T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=12   MxCh= 0
      D:  Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=19ff ProdID=0239 Rev= 1.12
      S:  Manufacturer=Broadcom Corp
      S:  Product=BCM20702A0
      C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=  0mA
      I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
      I:  If#= 1 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
      I:  If#= 1 Alt= 2 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
      I:  If#= 1 Alt= 3 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
      I:  If#= 1 Alt= 4 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
      I:  If#= 1 Alt= 5 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
      E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
      I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
      E:  Ad=84(I) Atr=02(Bulk) MxPS=  32 Ivl=0ms
      E:  Ad=04(O) Atr=02(Bulk) MxPS=  32 Ivl=0ms
      I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
      
      Since this is an unsual USB vendor ID (0x19ff), these dongles are added
      via USB_DEVICE macro and not USB_VENDOR_AND_INTERFACE_INFO as done for
      mainstream Broadcom based dongles.
      
      The latest known working firmware is BCM20702B0_002.001.014.0527.0557.hex
      which needs to be converted using hex2hcd utility and then installed
      as /lib/firmware/brcm/BCM20702A0-19ff-0239.hcd to make this device fully
      operational.
      
      Bluetooth: hci0: BCM: patching hci_ver=06 hci_rev=2000 lmp_ver=06 lmp_subver=410e
      Bluetooth: hci0: BCM: firmware hci_ver=06 hci_rev=222d lmp_ver=06 lmp_subver=410e
      
      With this firmware the device reports support for connectionless slave
      broadcast (master and slave) feature used by 3D Glasses and TVs.
      
        < HCI Command: Read Local Extended Features (0x04|0x0004) plen 1
                Page: 2
        > HCI Event: Command Complete (0x0e) plen 14
              Read Local Extended Features (0x04|0x0004) ncmd 1
                Status: Success (0x00)
                Page: 2/2
                Features: 0x0f 0x00 0x00 0x00 0x00 0x00 0x00 0x00
                  Connectionless Slave Broadcast - Master
                  Connectionless Slave Broadcast - Slave
                  Synchronization Train
                  Synchronization Scan
      
      However there are some flaws with this feature. The Set Event Mask Page 2
      command is actually not supported and with that all connectionless slave
      broadcast events are always enabled.
      
        < HCI Command: Set Event Mask Page 2 (0x03|0x0063) plen 8
                Mask: 0x00000000000f0000
                  Synchronization Train Received
                  Connectionless Slave Broadcast Receive
                  Connectionless Slave Broadcast Timeout
                  Truncated Page Complete
        > HCI Event: Command Complete (0x0e) plen 4
              Set Event Mask Page 2 (0x03|0x0063) ncmd 1
                Status: Unknown HCI Command (0x01)
      
      In addition the Synchronization Train Received event is actually broken
      on this controller. It mixes up the order of parameters. According to the
      Bluetooth Core specification the fields are like this:
      
        struct hci_ev_sync_train_received {
                __u8     status;
                bdaddr_t bdaddr;
                __le32   offset;
                __u8     map[10];
                __u8     lt_addr;
                __le32   instant;
                __le16   interval;
                __u8     service_data;
        } __packed;
      
      This controller however sends the service_data as 5th parameter instead
      of having it as last parameter.
      
        struct hci_ev_sync_train_received {
                __u8     status;
                bdaddr_t bdaddr;
                __le32   offset;
                __u8     map[10];
                __u8     service_data;
                __u8     lt_addr;
                __le32   instant;
                __le16   interval;
        } __packed;
      
      So anybody trying to use this hardware for utilizing connectionless slave
      broadcast receivers (aka 3D Glasses), be warned about this shortcoming.
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Cc: stable@vger.kernel.org
      d049f4e5
  6. 24 1月, 2015 4 次提交
    • P
      Bluetooth: Fix nested sleeps · dfb2fae7
      Peter Hurley 提交于
      l2cap/rfcomm/sco_sock_accept() are wait loops which may acquire
      sleeping locks. Since both wait loops and sleeping locks use
      task_struct.state to sleep and wake, the nested sleeping locks
      destroy the wait loop state.
      
      Use the newly-minted wait_woken() and DEFINE_WAIT_FUNC() for the
      wait loop. DEFINE_WAIT_FUNC() allows an alternate wake function
      to be specified; in this case, the predefined scheduler function,
      woken_wake_function(). This wait construct ensures wakeups will
      not be missed without requiring the wait loop to set the
      task state before condition evaluation. How this works:
      
       CPU 0                            |  CPU 1
                                        |
                                        | is <condition> set?
                                        | no
      set <condition>                   |
                                        |
      wake_up_interruptible             |
        woken_wake_function             |
          set WQ_FLAG_WOKEN             |
          try_to_wake_up                |
                                        | wait_woken
                                        |   set TASK_INTERRUPTIBLE
                                        |   WQ_FLAG_WOKEN? yes
                                        |   set TASK_RUNNING
                                        |
                                        | - loop -
      				  |
      				  | is <condition> set?
                                        | yes - exit wait loop
      
      Fixes "do not call blocking ops when !TASK_RUNNING" warnings
      in l2cap_sock_accept(), rfcomm_sock_accept() and sco_sock_accept().
      Signed-off-by: NPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      dfb2fae7
    • J
      Bluetooth: Convert Set SC to use HCI Request · a1443f5a
      Johan Hedberg 提交于
      This patch converts the Set Secure Connection HCI handling to use a HCI
      request instead of using a hard-coded callback in hci_event.c. This e.g.
      ensures that we don't clear the flags incorrectly if something goes
      wrong with the power up process (not related to a mgmt Set SC command).
      
      The code can also be simplified a bit since only one pending Set SC
      command is allowed, i.e. mgmt_pending_foreach usage is not needed.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      a1443f5a
    • J
      Bluetooth: Remove incorrect check for BDADDR_BREDR address type · 484aabc1
      Johan Hedberg 提交于
      The Add Remote OOB Data mgmt command should allow data to be passed for
      LE as well. This patch removes a left-over check for BDADDR_BREDR that
      should not be there anymore.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      484aabc1
    • J
      Bluetooth: Check for valid bdaddr in add_remote_oob_data · 5d57e796
      Johan Hedberg 提交于
      Before doing any other verifications, the add_remote_oob_data function
      should first check that the given address is valid. This patch adds such
      a missing check to the beginning of the function.
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      5d57e796
  7. 23 1月, 2015 1 次提交