1. 04 8月, 2021 2 次提交
  2. 29 7月, 2021 1 次提交
  3. 26 6月, 2021 11 次提交
    • L
      Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event · 23837a6d
      Luiz Augusto von Dentz 提交于
      Error status of this event means that it has ended due reasons other
      than a connection:
      
       'If advertising has terminated as a result of the advertising duration
       elapsing, the Status parameter shall be set to the error code
       Advertising Timeout (0x3C).'
      
       'If advertising has terminated because the
       Max_Extended_Advertising_Events was reached, the Status parameter
       shall be set to the error code Limit Reached (0x43).'
      
      Fixes: acf0aeae ("Bluetooth: Handle ADv set terminated event")
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      23837a6d
    • A
      Bluetooth: use inclusive language when filtering devices · 3d4f9c00
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      blacklist -> reject list
      whitelist -> accept list
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      3d4f9c00
    • A
      Bluetooth: use inclusive language when tracking connections · 39bc74ca
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      master -> central
      slave  -> peripheral
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      39bc74ca
    • A
      Bluetooth: use inclusive language in HCI role comments · 74be523c
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      master -> initiator (for smp) or central (everything else)
      slave  -> responder (for smp) or peripheral (everything else)
      
      The #define preprocessor terms are unchanged for now to not disturb
      dependent APIs.
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      74be523c
    • A
      Bluetooth: use inclusive language in comments · 67ffb185
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      slave       -> peripheral
      blacklisted -> blocked
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      67ffb185
    • A
      Bluetooth: use inclusive language in HCI LE features · ef365da1
      Archie Pusaka 提交于
      This patch replaces some non-inclusive terms based on the appropriate
      language mapping table compiled by the Bluetooth SIG:
      https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
      
      Specifically, these terms are replaced:
      master -> central
      slave  -> peripheral
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      ef365da1
    • S
      Bluetooth: Translate additional address type during le_conn_comp · 79699a70
      Sathish Narasimman 提交于
      When using controller based address resolution, then the destination
      address type during le_conn_complete uses 0x02 & 0x03 if controller
      resolves the destination address(RPA).
      These address types need to be converted back into either 0x00 0r 0x01
      Signed-off-by: NSathish Narasimman <sathish.narasimman@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      79699a70
    • S
      Bluetooth: Remove spurious error message · 1c58e933
      Szymon Janc 提交于
      Even with rate limited reporting this is very spammy and since
      it is remote device that is providing bogus data there is no
      need to report this as error.
      
      Since real_len variable was used only to allow conditional error
      message it is now also removed.
      
      [72454.143336] bt_err_ratelimited: 10 callbacks suppressed
      [72454.143337] Bluetooth: hci0: advertising data len corrected
      [72454.296314] Bluetooth: hci0: advertising data len corrected
      [72454.892329] Bluetooth: hci0: advertising data len corrected
      [72455.051319] Bluetooth: hci0: advertising data len corrected
      [72455.357326] Bluetooth: hci0: advertising data len corrected
      [72455.663295] Bluetooth: hci0: advertising data len corrected
      [72455.787278] Bluetooth: hci0: advertising data len corrected
      [72455.942278] Bluetooth: hci0: advertising data len corrected
      [72456.094276] Bluetooth: hci0: advertising data len corrected
      [72456.249137] Bluetooth: hci0: advertising data len corrected
      [72459.416333] bt_err_ratelimited: 13 callbacks suppressed
      [72459.416334] Bluetooth: hci0: advertising data len corrected
      [72459.721334] Bluetooth: hci0: advertising data len corrected
      [72460.011317] Bluetooth: hci0: advertising data len corrected
      [72460.327171] Bluetooth: hci0: advertising data len corrected
      [72460.638294] Bluetooth: hci0: advertising data len corrected
      [72460.946350] Bluetooth: hci0: advertising data len corrected
      [72461.225320] Bluetooth: hci0: advertising data len corrected
      [72461.690322] Bluetooth: hci0: advertising data len corrected
      [72462.118318] Bluetooth: hci0: advertising data len corrected
      [72462.427319] Bluetooth: hci0: advertising data len corrected
      [72464.546319] bt_err_ratelimited: 7 callbacks suppressed
      [72464.546319] Bluetooth: hci0: advertising data len corrected
      [72464.857318] Bluetooth: hci0: advertising data len corrected
      [72465.163332] Bluetooth: hci0: advertising data len corrected
      [72465.278331] Bluetooth: hci0: advertising data len corrected
      [72465.432323] Bluetooth: hci0: advertising data len corrected
      [72465.891334] Bluetooth: hci0: advertising data len corrected
      [72466.045334] Bluetooth: hci0: advertising data len corrected
      [72466.197321] Bluetooth: hci0: advertising data len corrected
      [72466.340318] Bluetooth: hci0: advertising data len corrected
      [72466.498335] Bluetooth: hci0: advertising data len corrected
      [72469.803299] bt_err_ratelimited: 10 callbacks suppressed
      Signed-off-by: NSzymon Janc <szymon.janc@codecoup.pl>
      Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=203753
      Cc: stable@vger.kernel.org
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      1c58e933
    • K
      Bluetooth: Fix alt settings for incoming SCO with transparent coding format · 06d213d8
      Kiran K 提交于
      For incoming SCO connection with transparent coding format, alt setting
      of CVSD is getting applied instead of Transparent.
      
      Before fix:
      < HCI Command: Accept Synchron.. (0x01|0x0029) plen 21  #2196 [hci0] 321.342548
              Address: 1C:CC:D6:E2:EA:80 (Xiaomi Communications Co Ltd)
              Transmit bandwidth: 8000
              Receive bandwidth: 8000
              Max latency: 13
              Setting: 0x0003
                Input Coding: Linear
                Input Data Format: 1's complement
                Input Sample Size: 8-bit
                # of bits padding at MSB: 0
                Air Coding Format: Transparent Data
              Retransmission effort: Optimize for link quality (0x02)
              Packet type: 0x003f
                HV1 may be used
                HV2 may be used
                HV3 may be used
                EV3 may be used
                EV4 may be used
                EV5 may be used
      > HCI Event: Command Status (0x0f) plen 4               #2197 [hci0] 321.343585
            Accept Synchronous Connection Request (0x01|0x0029) ncmd 1
              Status: Success (0x00)
      > HCI Event: Synchronous Connect Comp.. (0x2c) plen 17  #2198 [hci0] 321.351666
              Status: Success (0x00)
              Handle: 257
              Address: 1C:CC:D6:E2:EA:80 (Xiaomi Communications Co Ltd)
              Link type: eSCO (0x02)
              Transmission interval: 0x0c
              Retransmission window: 0x04
              RX packet length: 60
              TX packet length: 60
              Air mode: Transparent (0x03)
      ........
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2336 [hci0] 321.383655
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2337 [hci0] 321.389558
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2338 [hci0] 321.393615
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2339 [hci0] 321.393618
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2340 [hci0] 321.393618
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2341 [hci0] 321.397070
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2342 [hci0] 321.403622
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2343 [hci0] 321.403625
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2344 [hci0] 321.403625
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2345 [hci0] 321.403625
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2346 [hci0] 321.404569
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2347 [hci0] 321.412091
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2348 [hci0] 321.413626
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2349 [hci0] 321.413630
      > SCO Data RX: Handle 257 flags 0x00 dlen 48            #2350 [hci0] 321.413630
      < SCO Data TX: Handle 257 flags 0x00 dlen 60            #2351 [hci0] 321.419674
      
      After fix:
      
      < HCI Command: Accept Synchronou.. (0x01|0x0029) plen 21  #309 [hci0] 49.439693
              Address: 1C:CC:D6:E2:EA:80 (Xiaomi Communications Co Ltd)
              Transmit bandwidth: 8000
              Receive bandwidth: 8000
              Max latency: 13
              Setting: 0x0003
                Input Coding: Linear
                Input Data Format: 1's complement
                Input Sample Size: 8-bit
                # of bits padding at MSB: 0
                Air Coding Format: Transparent Data
              Retransmission effort: Optimize for link quality (0x02)
              Packet type: 0x003f
                HV1 may be used
                HV2 may be used
                HV3 may be used
                EV3 may be used
                EV4 may be used
                EV5 may be used
      > HCI Event: Command Status (0x0f) plen 4                 #310 [hci0] 49.440308
            Accept Synchronous Connection Request (0x01|0x0029) ncmd 1
              Status: Success (0x00)
      > HCI Event: Synchronous Connect Complete (0x2c) plen 17  #311 [hci0] 49.449308
              Status: Success (0x00)
              Handle: 257
              Address: 1C:CC:D6:E2:EA:80 (Xiaomi Communications Co Ltd)
              Link type: eSCO (0x02)
              Transmission interval: 0x0c
              Retransmission window: 0x04
              RX packet length: 60
              TX packet length: 60
              Air mode: Transparent (0x03)
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #312 [hci0] 49.450421
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #313 [hci0] 49.457927
      > HCI Event: Max Slots Change (0x1b) plen 3               #314 [hci0] 49.460345
              Handle: 256
              Max slots: 5
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #315 [hci0] 49.465453
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #316 [hci0] 49.470502
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #317 [hci0] 49.470519
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #318 [hci0] 49.472996
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #319 [hci0] 49.480412
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #320 [hci0] 49.480492
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #321 [hci0] 49.487989
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #322 [hci0] 49.490303
      < SCO Data TX: Handle 257 flags 0x00 dlen 60              #323 [hci0] 49.495496
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #324 [hci0] 49.500304
      > SCO Data RX: Handle 257 flags 0x00 dlen 60              #325 [hci0] 49.500311
      Signed-off-by: NKiran K <kiran.k@intel.com>
      Signed-off-by: NLokendra Singh <lokendra.singh@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      06d213d8
    • M
      Bluetooth: Add ncmd=0 recovery handling · de75cd0d
      Manish Mandlik 提交于
      During command status or command complete event, the controller may set
      ncmd=0 indicating that it is not accepting any more commands. In such a
      case, host holds off sending any more commands to the controller. If the
      controller doesn't recover from such condition, host will wait forever,
      until the user decides that the Bluetooth is broken and may power cycles
      the Bluetooth.
      
      This patch triggers the hardware error to reset the controller and
      driver when it gets into such state as there is no other wat out.
      Reviewed-by: NAbhishek Pandit-Subedi <abhishekpandit@chromium.org>
      Signed-off-by: NManish Mandlik <mmandlik@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      de75cd0d
    • Y
      Bluetooth: Return whether a connection is outbound · 1c6ed31b
      Yu Liu 提交于
      When an MGMT_EV_DEVICE_CONNECTED event is reported back to the user
      space we will set the flags to tell if the established connection is
      outbound or not. This is useful for the user space to log better metrics
      and error messages.
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Reviewed-by: NAlain Michaud <alainm@chromium.org>
      Signed-off-by: NYu Liu <yudiliu@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      1c6ed31b
  4. 03 6月, 2021 1 次提交
  5. 06 4月, 2021 1 次提交
    • D
      Bluetooth: Use ext adv handle from requests in CCs · 25e70886
      Daniel Winkler 提交于
      Some extended advertising hci command complete events are still using
      hdev->cur_adv_instance to map the request to the correct advertisement
      handle. However, with extended advertising, "current instance" doesn't
      make sense as we can have multiple concurrent advertisements. This
      change switches these command complete handlers to use the advertising
      handle from the request/event, to ensure we will always use the correct
      advertising handle regardless of the state of hdev->cur_adv_instance.
      
      This change is tested on hatch and kefka chromebooks and run through
      single- and multi-advertising automated tests to confirm callbacks
      report tx power to the correct advertising handle, etc.
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NDaniel Winkler <danielwinkler@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      25e70886
  6. 02 4月, 2021 1 次提交
  7. 23 3月, 2021 1 次提交
    • A
      Bluetooth: verify AMP hci_chan before amp_destroy · 5c4c8c95
      Archie Pusaka 提交于
      hci_chan can be created in 2 places: hci_loglink_complete_evt() if
      it is an AMP hci_chan, or l2cap_conn_add() otherwise. In theory,
      Only AMP hci_chan should be removed by a call to
      hci_disconn_loglink_complete_evt(). However, the controller might mess
      up, call that function, and destroy an hci_chan which is not initiated
      by hci_loglink_complete_evt().
      
      This patch adds a verification that the destroyed hci_chan must have
      been init'd by hci_loglink_complete_evt().
      
      Example crash call trace:
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0xe3/0x144 lib/dump_stack.c:118
       print_address_description+0x67/0x22a mm/kasan/report.c:256
       kasan_report_error mm/kasan/report.c:354 [inline]
       kasan_report mm/kasan/report.c:412 [inline]
       kasan_report+0x251/0x28f mm/kasan/report.c:396
       hci_send_acl+0x3b/0x56e net/bluetooth/hci_core.c:4072
       l2cap_send_cmd+0x5af/0x5c2 net/bluetooth/l2cap_core.c:877
       l2cap_send_move_chan_cfm_icid+0x8e/0xb1 net/bluetooth/l2cap_core.c:4661
       l2cap_move_fail net/bluetooth/l2cap_core.c:5146 [inline]
       l2cap_move_channel_rsp net/bluetooth/l2cap_core.c:5185 [inline]
       l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:5464 [inline]
       l2cap_sig_channel net/bluetooth/l2cap_core.c:5799 [inline]
       l2cap_recv_frame+0x1d12/0x51aa net/bluetooth/l2cap_core.c:7023
       l2cap_recv_acldata+0x2ea/0x693 net/bluetooth/l2cap_core.c:7596
       hci_acldata_packet net/bluetooth/hci_core.c:4606 [inline]
       hci_rx_work+0x2bd/0x45e net/bluetooth/hci_core.c:4796
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      Allocated by task 38:
       set_track mm/kasan/kasan.c:460 [inline]
       kasan_kmalloc+0x8d/0x9a mm/kasan/kasan.c:553
       kmem_cache_alloc_trace+0x102/0x129 mm/slub.c:2787
       kmalloc include/linux/slab.h:515 [inline]
       kzalloc include/linux/slab.h:709 [inline]
       hci_chan_create+0x86/0x26d net/bluetooth/hci_conn.c:1674
       l2cap_conn_add.part.0+0x1c/0x814 net/bluetooth/l2cap_core.c:7062
       l2cap_conn_add net/bluetooth/l2cap_core.c:7059 [inline]
       l2cap_connect_cfm+0x134/0x852 net/bluetooth/l2cap_core.c:7381
       hci_connect_cfm+0x9d/0x122 include/net/bluetooth/hci_core.h:1404
       hci_remote_ext_features_evt net/bluetooth/hci_event.c:4161 [inline]
       hci_event_packet+0x463f/0x72fa net/bluetooth/hci_event.c:5981
       hci_rx_work+0x197/0x45e net/bluetooth/hci_core.c:4791
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      Freed by task 1732:
       set_track mm/kasan/kasan.c:460 [inline]
       __kasan_slab_free mm/kasan/kasan.c:521 [inline]
       __kasan_slab_free+0x106/0x128 mm/kasan/kasan.c:493
       slab_free_hook mm/slub.c:1409 [inline]
       slab_free_freelist_hook+0xaa/0xf6 mm/slub.c:1436
       slab_free mm/slub.c:3009 [inline]
       kfree+0x182/0x21e mm/slub.c:3972
       hci_disconn_loglink_complete_evt net/bluetooth/hci_event.c:4891 [inline]
       hci_event_packet+0x6a1c/0x72fa net/bluetooth/hci_event.c:6050
       hci_rx_work+0x197/0x45e net/bluetooth/hci_core.c:4791
       process_one_work+0x6f8/0xb50 kernel/workqueue.c:2175
       worker_thread+0x4fc/0x670 kernel/workqueue.c:2321
       kthread+0x2f0/0x304 kernel/kthread.c:253
       ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      The buggy address belongs to the object at ffff8881d7af9180
       which belongs to the cache kmalloc-128 of size 128
      The buggy address is located 24 bytes inside of
       128-byte region [ffff8881d7af9180, ffff8881d7af9200)
      The buggy address belongs to the page:
      page:ffffea00075ebe40 count:1 mapcount:0 mapping:ffff8881da403200 index:0x0
      flags: 0x8000000000000200(slab)
      raw: 8000000000000200 dead000000000100 dead000000000200 ffff8881da403200
      raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff8881d7af9080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
       ffff8881d7af9100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
      >ffff8881d7af9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
       ffff8881d7af9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff8881d7af9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      Signed-off-by: NArchie Pusaka <apusaka@chromium.org>
      Reported-by: syzbot+98228e7407314d2d4ba2@syzkaller.appspotmail.com
      Reviewed-by: NAlain Michaud <alainm@chromium.org>
      Reviewed-by: NAbhishek Pandit-Subedi <abhishekpandit@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      5c4c8c95
  8. 17 3月, 2021 1 次提交
  9. 04 3月, 2021 1 次提交
  10. 07 12月, 2020 2 次提交
    • D
      Bluetooth: Query LE tx power on startup · 7c395ea5
      Daniel Winkler 提交于
      Queries tx power via HCI_LE_Read_Transmit_Power command when the hci
      device is initialized, and stores resulting min/max LE power in hdev
      struct. If command isn't available (< BT5 support), min/max values
      both default to HCI_TX_POWER_INVALID.
      
      This patch is manually verified by ensuring BT5 devices correctly query
      and receive controller tx power range.
      Reviewed-by: NSonny Sasaka <sonnysasaka@chromium.org>
      Signed-off-by: NDaniel Winkler <danielwinkler@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      7c395ea5
    • D
      Bluetooth: Break add adv into two mgmt commands · 12410572
      Daniel Winkler 提交于
      This patch adds support for the new advertising add interface, with the
      first command setting advertising parameters and the second to set
      advertising data. The set parameters command allows the caller to leave
      some fields "unset", with a params bitfield defining which params were
      purposefully set. Unset parameters will be given defaults when calling
      hci_add_adv_instance. The data passed to the param mgmt command is
      allowed to be flexible, so in the future if bluetoothd passes a larger
      structure with new params, the mgmt command will ignore the unknown
      members at the end.
      
      This change has been validated on both hatch (extended advertising) and
      kukui (no extended advertising) chromebooks running bluetoothd that
      support this new interface. I ran the following manual tests:
      - Set several (3) advertisements using modified test_advertisement.py
      - For each, validate correct data and parameters in btmon trace
      - Verified both for software rotation and extended adv
      
      Automatic test suite also run, testing many (25) scenarios of single and
      multi-advertising for data/parameter correctness.
      Reviewed-by: NSonny Sasaka <sonnysasaka@chromium.org>
      Signed-off-by: NDaniel Winkler <danielwinkler@google.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NJohan Hedberg <johan.hedberg@intel.com>
      12410572
  11. 11 11月, 2020 1 次提交
  12. 09 11月, 2020 2 次提交
  13. 20 9月, 2020 1 次提交
  14. 13 9月, 2020 1 次提交
    • A
      Bluetooth: Emit controller suspend and resume events · 2f20216c
      Abhishek Pandit-Subedi 提交于
      Emit controller suspend and resume events when we are ready for suspend
      and we've resumed from suspend.
      
      The controller suspend event will report whatever suspend state was
      successfully entered. The controller resume event will check the first
      HCI event that was received after we finished preparing for suspend and,
      if it was a connection event, store the address of the peer that caused
      the event. If it was not a connection event, we mark the wake reason as
      an unexpected event.
      
      Here is a sample btmon trace with these events:
      
      @ MGMT Event: Controller Suspended (0x002d) plen 1
              Suspend state: Page scanning and/or passive scanning (2)
      
      @ MGMT Event: Controller Resumed (0x002e) plen 8
              Wake reason: Remote wake due to peer device connection (2)
              LE Address: CD:F3:CD:13:C5:9A (OUI CD-F3-CD)
      Signed-off-by: NAbhishek Pandit-Subedi <abhishekpandit@chromium.org>
      Reviewed-by: NMiao-chen Chou <mcchou@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      2f20216c
  15. 31 7月, 2020 1 次提交
    • A
      Bluetooth: fix kernel oops in store_pending_adv_report · a2ec905d
      Alain Michaud 提交于
      Fix kernel oops observed when an ext adv data is larger than 31 bytes.
      
      This can be reproduced by setting up an advertiser with advertisement
      larger than 31 bytes.  The issue is not sensitive to the advertisement
      content.  In particular, this was reproduced with an advertisement of
      229 bytes filled with 'A'.  See stack trace below.
      
      This is fixed by not catching ext_adv as legacy adv are only cached to
      be able to concatenate a scanable adv with its scan response before
      sending it up through mgmt.
      
      With ext_adv, this is no longer necessary.
      
        general protection fault: 0000 [#1] SMP PTI
        CPU: 6 PID: 205 Comm: kworker/u17:0 Not tainted 5.4.0-37-generic #41-Ubuntu
        Hardware name: Dell Inc. XPS 15 7590/0CF6RR, BIOS 1.7.0 05/11/2020
        Workqueue: hci0 hci_rx_work [bluetooth]
        RIP: 0010:hci_bdaddr_list_lookup+0x1e/0x40 [bluetooth]
        Code: ff ff e9 26 ff ff ff 0f 1f 44 00 00 0f 1f 44 00 00 55 48 8b 07 48 89 e5 48 39 c7 75 0a eb 24 48 8b 00 48 39 f8 74 1c 44 8b 06 <44> 39 40 10 75 ef 44 0f b7 4e 04 66 44 39 48 14 75 e3 38 50 16 75
        RSP: 0018:ffffbc6a40493c70 EFLAGS: 00010286
        RAX: 4141414141414141 RBX: 000000000000001b RCX: 0000000000000000
        RDX: 0000000000000000 RSI: ffff9903e76c100f RDI: ffff9904289d4b28
        RBP: ffffbc6a40493c70 R08: 0000000093570362 R09: 0000000000000000
        R10: 0000000000000000 R11: ffff9904344eae38 R12: ffff9904289d4000
        R13: 0000000000000000 R14: 00000000ffffffa3 R15: ffff9903e76c100f
        FS: 0000000000000000(0000) GS:ffff990434580000(0000) knlGS:0000000000000000
        CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 00007feed125a000 CR3: 00000001b860a003 CR4: 00000000003606e0
        Call Trace:
          process_adv_report+0x12e/0x560 [bluetooth]
          hci_le_meta_evt+0x7b2/0xba0 [bluetooth]
          hci_event_packet+0x1c29/0x2a90 [bluetooth]
          hci_rx_work+0x19b/0x360 [bluetooth]
          process_one_work+0x1eb/0x3b0
          worker_thread+0x4d/0x400
          kthread+0x104/0x140
      
      Fixes: c215e939 ("Bluetooth: Process extended ADV report event")
      Reported-by: NAndy Nguyen <theflow@google.com>
      Reported-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Reported-by: NBalakrishna Godavarthi <bgodavar@codeaurora.org>
      Signed-off-by: NAlain Michaud <alainm@chromium.org>
      Tested-by: NSonny Sasaka <sonnysasaka@chromium.org>
      Acked-by: NMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a2ec905d
  16. 30 7月, 2020 3 次提交
  17. 14 7月, 2020 2 次提交
  18. 11 7月, 2020 2 次提交
  19. 07 7月, 2020 1 次提交
  20. 23 6月, 2020 1 次提交
    • L
      Bluetooth: Disconnect if E0 is used for Level 4 · 8746f135
      Luiz Augusto von Dentz 提交于
      E0 is not allowed with Level 4:
      
      BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C page 1319:
      
        '128-bit equivalent strength for link and encryption keys
         required using FIPS approved algorithms (E0 not allowed,
         SAFER+ not allowed, and P-192 not allowed; encryption key
         not shortened'
      
      SC enabled:
      
      > HCI Event: Read Remote Extended Features (0x23) plen 13
              Status: Success (0x00)
              Handle: 256
              Page: 1/2
              Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00
                Secure Simple Pairing (Host Support)
                LE Supported (Host)
                Secure Connections (Host Support)
      > HCI Event: Encryption Change (0x08) plen 4
              Status: Success (0x00)
              Handle: 256
              Encryption: Enabled with AES-CCM (0x02)
      
      SC disabled:
      
      > HCI Event: Read Remote Extended Features (0x23) plen 13
              Status: Success (0x00)
              Handle: 256
              Page: 1/2
              Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00
                Secure Simple Pairing (Host Support)
                LE Supported (Host)
      > HCI Event: Encryption Change (0x08) plen 4
              Status: Success (0x00)
              Handle: 256
              Encryption: Enabled with E0 (0x01)
      [May 8 20:23] Bluetooth: hci0: Invalid security: expect AES but E0 was used
      < HCI Command: Disconnect (0x01|0x0006) plen 3
              Handle: 256
              Reason: Authentication Failure (0x05)
      Signed-off-by: NLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      8746f135
  21. 18 6月, 2020 2 次提交
  22. 20 5月, 2020 1 次提交