Commit e6b21901 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge tag 'for-net-2024-04-24' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

Luiz Augusto von Dentz says:

====================
bluetooth pull request for net:

 - qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional()
 - hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor
 - qca: fix invalid device address check
 - hci_sync: Use advertised PHYs on hci_le_ext_create_conn_sync
 - Fix type of len in {l2cap,sco}_sock_getsockopt_old()
 - btusb: mediatek: Fix double free of skb in coredump
 - btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
 - btusb: Fix triggering coredump implementation for QCA

* tag 'for-net-2024-04-24' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth:
  Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional()
  Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor
  Bluetooth: qca: fix NULL-deref on non-serdev setup
  Bluetooth: qca: fix NULL-deref on non-serdev suspend
  Bluetooth: btusb: mediatek: Fix double free of skb in coredump
  Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID
  Bluetooth: qca: fix invalid device address check
  Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE
  Bluetooth: btusb: Fix triggering coredump implementation for QCA
  Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
  Bluetooth: hci_sync: Use advertised PHYs on hci_le_ext_create_conn_sync
  Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
====================

Link: https://lore.kernel.org/r/20240424204102.2319483-1-luiz.dentz@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 73011773 3d05fc82
...@@ -380,8 +380,10 @@ int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb) ...@@ -380,8 +380,10 @@ int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
switch (data->cd_info.state) { switch (data->cd_info.state) {
case HCI_DEVCOREDUMP_IDLE: case HCI_DEVCOREDUMP_IDLE:
err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE); err = hci_devcd_init(hdev, MTK_COREDUMP_SIZE);
if (err < 0) if (err < 0) {
kfree_skb(skb);
break; break;
}
data->cd_info.cnt = 0; data->cd_info.cnt = 0;
/* It is supposed coredump can be done within 5 seconds */ /* It is supposed coredump can be done within 5 seconds */
...@@ -407,9 +409,6 @@ int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb) ...@@ -407,9 +409,6 @@ int btmtk_process_coredump(struct hci_dev *hdev, struct sk_buff *skb)
break; break;
} }
if (err < 0)
kfree_skb(skb);
return err; return err;
} }
EXPORT_SYMBOL_GPL(btmtk_process_coredump); EXPORT_SYMBOL_GPL(btmtk_process_coredump);
......
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
#define VERSION "0.1" #define VERSION "0.1"
#define QCA_BDADDR_DEFAULT (&(bdaddr_t) {{ 0xad, 0x5a, 0x00, 0x00, 0x00, 0x00 }})
int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver, int qca_read_soc_version(struct hci_dev *hdev, struct qca_btsoc_version *ver,
enum qca_btsoc_type soc_type) enum qca_btsoc_type soc_type)
{ {
...@@ -612,6 +614,38 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr) ...@@ -612,6 +614,38 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
} }
EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
static int qca_check_bdaddr(struct hci_dev *hdev)
{
struct hci_rp_read_bd_addr *bda;
struct sk_buff *skb;
int err;
if (bacmp(&hdev->public_addr, BDADDR_ANY))
return 0;
skb = __hci_cmd_sync(hdev, HCI_OP_READ_BD_ADDR, 0, NULL,
HCI_INIT_TIMEOUT);
if (IS_ERR(skb)) {
err = PTR_ERR(skb);
bt_dev_err(hdev, "Failed to read device address (%d)", err);
return err;
}
if (skb->len != sizeof(*bda)) {
bt_dev_err(hdev, "Device address length mismatch");
kfree_skb(skb);
return -EIO;
}
bda = (struct hci_rp_read_bd_addr *)skb->data;
if (!bacmp(&bda->bdaddr, QCA_BDADDR_DEFAULT))
set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
kfree_skb(skb);
return 0;
}
static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size, static void qca_generate_hsp_nvm_name(char *fwname, size_t max_size,
struct qca_btsoc_version ver, u8 rom_ver, u16 bid) struct qca_btsoc_version ver, u8 rom_ver, u16 bid)
{ {
...@@ -818,6 +852,10 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate, ...@@ -818,6 +852,10 @@ int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
break; break;
} }
err = qca_check_bdaddr(hdev);
if (err)
return err;
bt_dev_info(hdev, "QCA setup on UART is completed"); bt_dev_info(hdev, "QCA setup on UART is completed");
return 0; return 0;
......
...@@ -542,6 +542,8 @@ static const struct usb_device_id quirks_table[] = { ...@@ -542,6 +542,8 @@ static const struct usb_device_id quirks_table[] = {
/* Realtek 8852BE Bluetooth devices */ /* Realtek 8852BE Bluetooth devices */
{ USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK |
BTUSB_WIDEBAND_SPEECH }, BTUSB_WIDEBAND_SPEECH },
{ USB_DEVICE(0x0bda, 0x4853), .driver_info = BTUSB_REALTEK |
BTUSB_WIDEBAND_SPEECH },
{ USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK |
BTUSB_WIDEBAND_SPEECH }, BTUSB_WIDEBAND_SPEECH },
{ USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK |
...@@ -3480,13 +3482,12 @@ static void btusb_dump_hdr_qca(struct hci_dev *hdev, struct sk_buff *skb) ...@@ -3480,13 +3482,12 @@ static void btusb_dump_hdr_qca(struct hci_dev *hdev, struct sk_buff *skb)
static void btusb_coredump_qca(struct hci_dev *hdev) static void btusb_coredump_qca(struct hci_dev *hdev)
{ {
int err;
static const u8 param[] = { 0x26 }; static const u8 param[] = { 0x26 };
struct sk_buff *skb;
skb = __hci_cmd_sync(hdev, 0xfc0c, 1, param, HCI_CMD_TIMEOUT); err = __hci_cmd_send(hdev, 0xfc0c, 1, param);
if (IS_ERR(skb)) if (err < 0)
bt_dev_err(hdev, "%s: triggle crash failed (%ld)", __func__, PTR_ERR(skb)); bt_dev_err(hdev, "%s: triggle crash failed (%d)", __func__, err);
kfree_skb(skb);
} }
/* /*
......
...@@ -1672,6 +1672,9 @@ static bool qca_wakeup(struct hci_dev *hdev) ...@@ -1672,6 +1672,9 @@ static bool qca_wakeup(struct hci_dev *hdev)
struct hci_uart *hu = hci_get_drvdata(hdev); struct hci_uart *hu = hci_get_drvdata(hdev);
bool wakeup; bool wakeup;
if (!hu->serdev)
return true;
/* BT SoC attached through the serial bus is handled by the serdev driver. /* BT SoC attached through the serial bus is handled by the serdev driver.
* So we need to use the device handle of the serdev driver to get the * So we need to use the device handle of the serdev driver to get the
* status of device may wakeup. * status of device may wakeup.
...@@ -1905,8 +1908,6 @@ static int qca_setup(struct hci_uart *hu) ...@@ -1905,8 +1908,6 @@ static int qca_setup(struct hci_uart *hu)
case QCA_WCN6750: case QCA_WCN6750:
case QCA_WCN6855: case QCA_WCN6855:
case QCA_WCN7850: case QCA_WCN7850:
set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
qcadev = serdev_device_get_drvdata(hu->serdev); qcadev = serdev_device_get_drvdata(hu->serdev);
if (qcadev->bdaddr_property_broken) if (qcadev->bdaddr_property_broken)
set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks); set_bit(HCI_QUIRK_BDADDR_PROPERTY_BROKEN, &hdev->quirks);
...@@ -1957,8 +1958,10 @@ static int qca_setup(struct hci_uart *hu) ...@@ -1957,8 +1958,10 @@ static int qca_setup(struct hci_uart *hu)
qca_debugfs_init(hdev); qca_debugfs_init(hdev);
hu->hdev->hw_error = qca_hw_error; hu->hdev->hw_error = qca_hw_error;
hu->hdev->cmd_timeout = qca_cmd_timeout; hu->hdev->cmd_timeout = qca_cmd_timeout;
if (device_can_wakeup(hu->serdev->ctrl->dev.parent)) if (hu->serdev) {
hu->hdev->wakeup = qca_wakeup; if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
hu->hdev->wakeup = qca_wakeup;
}
} else if (ret == -ENOENT) { } else if (ret == -ENOENT) {
/* No patch/nvm-config found, run with original fw/config */ /* No patch/nvm-config found, run with original fw/config */
set_bit(QCA_ROM_FW, &qca->flags); set_bit(QCA_ROM_FW, &qca->flags);
...@@ -2329,16 +2332,21 @@ static int qca_serdev_probe(struct serdev_device *serdev) ...@@ -2329,16 +2332,21 @@ static int qca_serdev_probe(struct serdev_device *serdev)
(data->soc_type == QCA_WCN6750 || (data->soc_type == QCA_WCN6750 ||
data->soc_type == QCA_WCN6855)) { data->soc_type == QCA_WCN6855)) {
dev_err(&serdev->dev, "failed to acquire BT_EN gpio\n"); dev_err(&serdev->dev, "failed to acquire BT_EN gpio\n");
power_ctrl_enabled = false; return PTR_ERR(qcadev->bt_en);
} }
if (!qcadev->bt_en)
power_ctrl_enabled = false;
qcadev->sw_ctrl = devm_gpiod_get_optional(&serdev->dev, "swctrl", qcadev->sw_ctrl = devm_gpiod_get_optional(&serdev->dev, "swctrl",
GPIOD_IN); GPIOD_IN);
if (IS_ERR(qcadev->sw_ctrl) && if (IS_ERR(qcadev->sw_ctrl) &&
(data->soc_type == QCA_WCN6750 || (data->soc_type == QCA_WCN6750 ||
data->soc_type == QCA_WCN6855 || data->soc_type == QCA_WCN6855 ||
data->soc_type == QCA_WCN7850)) data->soc_type == QCA_WCN7850)) {
dev_warn(&serdev->dev, "failed to acquire SW_CTRL gpio\n"); dev_err(&serdev->dev, "failed to acquire SW_CTRL gpio\n");
return PTR_ERR(qcadev->sw_ctrl);
}
qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL); qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL);
if (IS_ERR(qcadev->susclk)) { if (IS_ERR(qcadev->susclk)) {
...@@ -2357,10 +2365,13 @@ static int qca_serdev_probe(struct serdev_device *serdev) ...@@ -2357,10 +2365,13 @@ static int qca_serdev_probe(struct serdev_device *serdev)
qcadev->bt_en = devm_gpiod_get_optional(&serdev->dev, "enable", qcadev->bt_en = devm_gpiod_get_optional(&serdev->dev, "enable",
GPIOD_OUT_LOW); GPIOD_OUT_LOW);
if (IS_ERR(qcadev->bt_en)) { if (IS_ERR(qcadev->bt_en)) {
dev_warn(&serdev->dev, "failed to acquire enable gpio\n"); dev_err(&serdev->dev, "failed to acquire enable gpio\n");
power_ctrl_enabled = false; return PTR_ERR(qcadev->bt_en);
} }
if (!qcadev->bt_en)
power_ctrl_enabled = false;
qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL); qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL);
if (IS_ERR(qcadev->susclk)) { if (IS_ERR(qcadev->susclk)) {
dev_warn(&serdev->dev, "failed to acquire clk\n"); dev_warn(&serdev->dev, "failed to acquire clk\n");
......
...@@ -738,6 +738,8 @@ struct hci_conn { ...@@ -738,6 +738,8 @@ struct hci_conn {
__u8 le_per_adv_data[HCI_MAX_PER_AD_TOT_LEN]; __u8 le_per_adv_data[HCI_MAX_PER_AD_TOT_LEN];
__u16 le_per_adv_data_len; __u16 le_per_adv_data_len;
__u16 le_per_adv_data_offset; __u16 le_per_adv_data_offset;
__u8 le_adv_phy;
__u8 le_adv_sec_phy;
__u8 le_tx_phy; __u8 le_tx_phy;
__u8 le_rx_phy; __u8 le_rx_phy;
__s8 rssi; __s8 rssi;
...@@ -1512,7 +1514,7 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, ...@@ -1512,7 +1514,7 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst,
enum conn_reasons conn_reason); enum conn_reasons conn_reason);
struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
u8 dst_type, bool dst_resolved, u8 sec_level, u8 dst_type, bool dst_resolved, u8 sec_level,
u16 conn_timeout, u8 role); u16 conn_timeout, u8 role, u8 phy, u8 sec_phy);
void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status); void hci_connect_le_scan_cleanup(struct hci_conn *conn, u8 status);
struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst,
u8 sec_level, u8 auth_type, u8 sec_level, u8 auth_type,
...@@ -1905,6 +1907,10 @@ void hci_conn_del_sysfs(struct hci_conn *conn); ...@@ -1905,6 +1907,10 @@ void hci_conn_del_sysfs(struct hci_conn *conn);
#define privacy_mode_capable(dev) (use_ll_privacy(dev) && \ #define privacy_mode_capable(dev) (use_ll_privacy(dev) && \
(hdev->commands[39] & 0x04)) (hdev->commands[39] & 0x04))
#define read_key_size_capable(dev) \
((dev)->commands[20] & 0x10 && \
!test_bit(HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE, &hdev->quirks))
/* Use enhanced synchronous connection if command is supported and its quirk /* Use enhanced synchronous connection if command is supported and its quirk
* has not been set. * has not been set.
*/ */
......
...@@ -1263,7 +1263,7 @@ u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle) ...@@ -1263,7 +1263,7 @@ u8 hci_conn_set_handle(struct hci_conn *conn, u16 handle)
struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
u8 dst_type, bool dst_resolved, u8 sec_level, u8 dst_type, bool dst_resolved, u8 sec_level,
u16 conn_timeout, u8 role) u16 conn_timeout, u8 role, u8 phy, u8 sec_phy)
{ {
struct hci_conn *conn; struct hci_conn *conn;
struct smp_irk *irk; struct smp_irk *irk;
...@@ -1326,6 +1326,8 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, ...@@ -1326,6 +1326,8 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
conn->dst_type = dst_type; conn->dst_type = dst_type;
conn->sec_level = BT_SECURITY_LOW; conn->sec_level = BT_SECURITY_LOW;
conn->conn_timeout = conn_timeout; conn->conn_timeout = conn_timeout;
conn->le_adv_phy = phy;
conn->le_adv_sec_phy = sec_phy;
err = hci_connect_le_sync(hdev, conn); err = hci_connect_le_sync(hdev, conn);
if (err) { if (err) {
...@@ -2273,7 +2275,7 @@ struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst, ...@@ -2273,7 +2275,7 @@ struct hci_conn *hci_connect_cis(struct hci_dev *hdev, bdaddr_t *dst,
le = hci_connect_le(hdev, dst, dst_type, false, le = hci_connect_le(hdev, dst, dst_type, false,
BT_SECURITY_LOW, BT_SECURITY_LOW,
HCI_LE_CONN_TIMEOUT, HCI_LE_CONN_TIMEOUT,
HCI_ROLE_SLAVE); HCI_ROLE_SLAVE, 0, 0);
else else
le = hci_connect_le_scan(hdev, dst, dst_type, le = hci_connect_le_scan(hdev, dst, dst_type,
BT_SECURITY_LOW, BT_SECURITY_LOW,
......
...@@ -3218,7 +3218,7 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, void *data, ...@@ -3218,7 +3218,7 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, void *data,
if (key) { if (key) {
set_bit(HCI_CONN_ENCRYPT, &conn->flags); set_bit(HCI_CONN_ENCRYPT, &conn->flags);
if (!(hdev->commands[20] & 0x10)) { if (!read_key_size_capable(hdev)) {
conn->enc_key_size = HCI_LINK_KEY_SIZE; conn->enc_key_size = HCI_LINK_KEY_SIZE;
} else { } else {
cp.handle = cpu_to_le16(conn->handle); cp.handle = cpu_to_le16(conn->handle);
...@@ -3666,8 +3666,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, void *data, ...@@ -3666,8 +3666,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, void *data,
* controller really supports it. If it doesn't, assume * controller really supports it. If it doesn't, assume
* the default size (16). * the default size (16).
*/ */
if (!(hdev->commands[20] & 0x10) || if (!read_key_size_capable(hdev)) {
test_bit(HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE, &hdev->quirks)) {
conn->enc_key_size = HCI_LINK_KEY_SIZE; conn->enc_key_size = HCI_LINK_KEY_SIZE;
goto notify; goto notify;
} }
...@@ -6038,7 +6037,7 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, void *data, ...@@ -6038,7 +6037,7 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, void *data,
static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
bdaddr_t *addr, bdaddr_t *addr,
u8 addr_type, bool addr_resolved, u8 addr_type, bool addr_resolved,
u8 adv_type) u8 adv_type, u8 phy, u8 sec_phy)
{ {
struct hci_conn *conn; struct hci_conn *conn;
struct hci_conn_params *params; struct hci_conn_params *params;
...@@ -6093,7 +6092,7 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, ...@@ -6093,7 +6092,7 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
conn = hci_connect_le(hdev, addr, addr_type, addr_resolved, conn = hci_connect_le(hdev, addr, addr_type, addr_resolved,
BT_SECURITY_LOW, hdev->def_le_autoconnect_timeout, BT_SECURITY_LOW, hdev->def_le_autoconnect_timeout,
HCI_ROLE_MASTER); HCI_ROLE_MASTER, phy, sec_phy);
if (!IS_ERR(conn)) { if (!IS_ERR(conn)) {
/* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned
* by higher layer that tried to connect, if no then * by higher layer that tried to connect, if no then
...@@ -6128,8 +6127,9 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, ...@@ -6128,8 +6127,9 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
u8 bdaddr_type, bdaddr_t *direct_addr, u8 bdaddr_type, bdaddr_t *direct_addr,
u8 direct_addr_type, s8 rssi, u8 *data, u8 len, u8 direct_addr_type, u8 phy, u8 sec_phy, s8 rssi,
bool ext_adv, bool ctl_time, u64 instant) u8 *data, u8 len, bool ext_adv, bool ctl_time,
u64 instant)
{ {
struct discovery_state *d = &hdev->discovery; struct discovery_state *d = &hdev->discovery;
struct smp_irk *irk; struct smp_irk *irk;
...@@ -6217,7 +6217,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, ...@@ -6217,7 +6217,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
* for advertising reports) and is already verified to be RPA above. * for advertising reports) and is already verified to be RPA above.
*/ */
conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, bdaddr_resolved, conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, bdaddr_resolved,
type); type, phy, sec_phy);
if (!ext_adv && conn && type == LE_ADV_IND && if (!ext_adv && conn && type == LE_ADV_IND &&
len <= max_adv_len(hdev)) { len <= max_adv_len(hdev)) {
/* Store report for later inclusion by /* Store report for later inclusion by
...@@ -6363,7 +6363,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, void *data, ...@@ -6363,7 +6363,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, void *data,
if (info->length <= max_adv_len(hdev)) { if (info->length <= max_adv_len(hdev)) {
rssi = info->data[info->length]; rssi = info->data[info->length];
process_adv_report(hdev, info->type, &info->bdaddr, process_adv_report(hdev, info->type, &info->bdaddr,
info->bdaddr_type, NULL, 0, rssi, info->bdaddr_type, NULL, 0,
HCI_ADV_PHY_1M, 0, rssi,
info->data, info->length, false, info->data, info->length, false,
false, instant); false, instant);
} else { } else {
...@@ -6448,6 +6449,8 @@ static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, void *data, ...@@ -6448,6 +6449,8 @@ static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, void *data,
if (legacy_evt_type != LE_ADV_INVALID) { if (legacy_evt_type != LE_ADV_INVALID) {
process_adv_report(hdev, legacy_evt_type, &info->bdaddr, process_adv_report(hdev, legacy_evt_type, &info->bdaddr,
info->bdaddr_type, NULL, 0, info->bdaddr_type, NULL, 0,
info->primary_phy,
info->secondary_phy,
info->rssi, info->data, info->length, info->rssi, info->data, info->length,
!(evt_type & LE_EXT_ADV_LEGACY_PDU), !(evt_type & LE_EXT_ADV_LEGACY_PDU),
false, instant); false, instant);
...@@ -6730,8 +6733,8 @@ static void hci_le_direct_adv_report_evt(struct hci_dev *hdev, void *data, ...@@ -6730,8 +6733,8 @@ static void hci_le_direct_adv_report_evt(struct hci_dev *hdev, void *data,
process_adv_report(hdev, info->type, &info->bdaddr, process_adv_report(hdev, info->type, &info->bdaddr,
info->bdaddr_type, &info->direct_addr, info->bdaddr_type, &info->direct_addr,
info->direct_addr_type, info->rssi, NULL, 0, info->direct_addr_type, HCI_ADV_PHY_1M, 0,
false, false, instant); info->rssi, NULL, 0, false, false, instant);
} }
hci_dev_unlock(hdev); hci_dev_unlock(hdev);
......
...@@ -6346,7 +6346,8 @@ static int hci_le_ext_create_conn_sync(struct hci_dev *hdev, ...@@ -6346,7 +6346,8 @@ static int hci_le_ext_create_conn_sync(struct hci_dev *hdev,
plen = sizeof(*cp); plen = sizeof(*cp);
if (scan_1m(hdev)) { if (scan_1m(hdev) && (conn->le_adv_phy == HCI_ADV_PHY_1M ||
conn->le_adv_sec_phy == HCI_ADV_PHY_1M)) {
cp->phys |= LE_SCAN_PHY_1M; cp->phys |= LE_SCAN_PHY_1M;
set_ext_conn_params(conn, p); set_ext_conn_params(conn, p);
...@@ -6354,7 +6355,8 @@ static int hci_le_ext_create_conn_sync(struct hci_dev *hdev, ...@@ -6354,7 +6355,8 @@ static int hci_le_ext_create_conn_sync(struct hci_dev *hdev,
plen += sizeof(*p); plen += sizeof(*p);
} }
if (scan_2m(hdev)) { if (scan_2m(hdev) && (conn->le_adv_phy == HCI_ADV_PHY_2M ||
conn->le_adv_sec_phy == HCI_ADV_PHY_2M)) {
cp->phys |= LE_SCAN_PHY_2M; cp->phys |= LE_SCAN_PHY_2M;
set_ext_conn_params(conn, p); set_ext_conn_params(conn, p);
...@@ -6362,7 +6364,8 @@ static int hci_le_ext_create_conn_sync(struct hci_dev *hdev, ...@@ -6362,7 +6364,8 @@ static int hci_le_ext_create_conn_sync(struct hci_dev *hdev,
plen += sizeof(*p); plen += sizeof(*p);
} }
if (scan_coded(hdev)) { if (scan_coded(hdev) && (conn->le_adv_phy == HCI_ADV_PHY_CODED ||
conn->le_adv_sec_phy == HCI_ADV_PHY_CODED)) {
cp->phys |= LE_SCAN_PHY_CODED; cp->phys |= LE_SCAN_PHY_CODED;
set_ext_conn_params(conn, p); set_ext_conn_params(conn, p);
......
...@@ -7018,7 +7018,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, ...@@ -7018,7 +7018,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
hcon = hci_connect_le(hdev, dst, dst_type, false, hcon = hci_connect_le(hdev, dst, dst_type, false,
chan->sec_level, timeout, chan->sec_level, timeout,
HCI_ROLE_SLAVE); HCI_ROLE_SLAVE, 0, 0);
else else
hcon = hci_connect_le_scan(hdev, dst, dst_type, hcon = hci_connect_le_scan(hdev, dst, dst_type,
chan->sec_level, timeout, chan->sec_level, timeout,
......
...@@ -439,7 +439,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, ...@@ -439,7 +439,8 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
struct l2cap_chan *chan = l2cap_pi(sk)->chan; struct l2cap_chan *chan = l2cap_pi(sk)->chan;
struct l2cap_options opts; struct l2cap_options opts;
struct l2cap_conninfo cinfo; struct l2cap_conninfo cinfo;
int len, err = 0; int err = 0;
size_t len;
u32 opt; u32 opt;
BT_DBG("sk %p", sk); BT_DBG("sk %p", sk);
...@@ -486,7 +487,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, ...@@ -486,7 +487,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
BT_DBG("mode 0x%2.2x", chan->mode); BT_DBG("mode 0x%2.2x", chan->mode);
len = min_t(unsigned int, len, sizeof(opts)); len = min(len, sizeof(opts));
if (copy_to_user(optval, (char *) &opts, len)) if (copy_to_user(optval, (char *) &opts, len))
err = -EFAULT; err = -EFAULT;
...@@ -536,7 +537,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, ...@@ -536,7 +537,7 @@ static int l2cap_sock_getsockopt_old(struct socket *sock, int optname,
cinfo.hci_handle = chan->conn->hcon->handle; cinfo.hci_handle = chan->conn->hcon->handle;
memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3); memcpy(cinfo.dev_class, chan->conn->hcon->dev_class, 3);
len = min_t(unsigned int, len, sizeof(cinfo)); len = min(len, sizeof(cinfo));
if (copy_to_user(optval, (char *) &cinfo, len)) if (copy_to_user(optval, (char *) &cinfo, len))
err = -EFAULT; err = -EFAULT;
......
...@@ -2623,7 +2623,11 @@ static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len) ...@@ -2623,7 +2623,11 @@ static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
goto failed; goto failed;
} }
err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete); /* MGMT_OP_ADD_UUID don't require adapter the UP/Running so use
* hci_cmd_sync_submit instead of hci_cmd_sync_queue.
*/
err = hci_cmd_sync_submit(hdev, add_uuid_sync, cmd,
mgmt_class_complete);
if (err < 0) { if (err < 0) {
mgmt_pending_free(cmd); mgmt_pending_free(cmd);
goto failed; goto failed;
...@@ -2717,8 +2721,11 @@ static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data, ...@@ -2717,8 +2721,11 @@ static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
goto unlock; goto unlock;
} }
err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd, /* MGMT_OP_REMOVE_UUID don't require adapter the UP/Running so use
mgmt_class_complete); * hci_cmd_sync_submit instead of hci_cmd_sync_queue.
*/
err = hci_cmd_sync_submit(hdev, remove_uuid_sync, cmd,
mgmt_class_complete);
if (err < 0) if (err < 0)
mgmt_pending_free(cmd); mgmt_pending_free(cmd);
...@@ -2784,8 +2791,11 @@ static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data, ...@@ -2784,8 +2791,11 @@ static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
goto unlock; goto unlock;
} }
err = hci_cmd_sync_queue(hdev, set_class_sync, cmd, /* MGMT_OP_SET_DEV_CLASS don't require adapter the UP/Running so use
mgmt_class_complete); * hci_cmd_sync_submit instead of hci_cmd_sync_queue.
*/
err = hci_cmd_sync_submit(hdev, set_class_sync, cmd,
mgmt_class_complete);
if (err < 0) if (err < 0)
mgmt_pending_free(cmd); mgmt_pending_free(cmd);
...@@ -5475,8 +5485,8 @@ static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev, ...@@ -5475,8 +5485,8 @@ static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
goto unlock; goto unlock;
} }
err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd, err = hci_cmd_sync_submit(hdev, mgmt_remove_adv_monitor_sync, cmd,
mgmt_remove_adv_monitor_complete); mgmt_remove_adv_monitor_complete);
if (err) { if (err) {
mgmt_pending_remove(cmd); mgmt_pending_remove(cmd);
......
...@@ -964,7 +964,8 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, ...@@ -964,7 +964,8 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname,
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
struct sco_options opts; struct sco_options opts;
struct sco_conninfo cinfo; struct sco_conninfo cinfo;
int len, err = 0; int err = 0;
size_t len;
BT_DBG("sk %p", sk); BT_DBG("sk %p", sk);
...@@ -986,7 +987,7 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, ...@@ -986,7 +987,7 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname,
BT_DBG("mtu %u", opts.mtu); BT_DBG("mtu %u", opts.mtu);
len = min_t(unsigned int, len, sizeof(opts)); len = min(len, sizeof(opts));
if (copy_to_user(optval, (char *)&opts, len)) if (copy_to_user(optval, (char *)&opts, len))
err = -EFAULT; err = -EFAULT;
...@@ -1004,7 +1005,7 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, ...@@ -1004,7 +1005,7 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname,
cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle; cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3); memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
len = min_t(unsigned int, len, sizeof(cinfo)); len = min(len, sizeof(cinfo));
if (copy_to_user(optval, (char *)&cinfo, len)) if (copy_to_user(optval, (char *)&cinfo, len))
err = -EFAULT; err = -EFAULT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment