Commit 244b96c2 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge tag 'for-net-2024-02-28' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 

Luiz Augusto von Dentz says:

====================
bluetooth pull request for net:

 - mgmt: Fix limited discoverable off timeout
 - hci_qca: Set BDA quirk bit if fwnode exists in DT
 - hci_bcm4377: do not mark valid bd_addr as invalid
 - hci_sync: Check the correct flag before starting a scan
 - Enforce validation on max value of connection interval
 - hci_sync: Fix accept_list when attempting to suspend
 - hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
 - Avoid potential use-after-free in hci_error_reset
 - rfcomm: Fix null-ptr-deref in rfcomm_check_security
 - hci_event: Fix wrongly recorded wakeup BD_ADDR
 - qca: Fix wrong event type for patch config command
 - qca: Fix triggering coredump implementation

* tag 'for-net-2024-02-28' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth:
  Bluetooth: qca: Fix triggering coredump implementation
  Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT
  Bluetooth: qca: Fix wrong event type for patch config command
  Bluetooth: Enforce validation on max value of connection interval
  Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
  Bluetooth: mgmt: Fix limited discoverable off timeout
  Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
  Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
  Bluetooth: hci_sync: Fix accept_list when attempting to suspend
  Bluetooth: Avoid potential use-after-free in hci_error_reset
  Bluetooth: hci_sync: Check the correct flag before starting a scan
  Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid
====================

Link: https://lore.kernel.org/r/20240228145644.2269088-1-luiz.dentz@gmail.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 8f5afe41 6abf9dd2

drivers/bluetooth/btqca.c

+1 −1
Original line number Diff line number Diff line
@@ -152,7 +152,7 @@ static int qca_send_patch_config_cmd(struct hci_dev *hdev) 
	bt_dev_dbg(hdev, "QCA Patch config");



	skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, sizeof(cmd),

				cmd, HCI_EV_VENDOR, HCI_INIT_TIMEOUT);

				cmd, 0, HCI_INIT_TIMEOUT);

	if (IS_ERR(skb)) {

		err = PTR_ERR(skb);

		bt_dev_err(hdev, "Sending QCA Patch config failed (%d)", err);

drivers/bluetooth/hci_bcm4377.c

+1 −2
Original line number Diff line number Diff line
@@ -1417,7 +1417,7 @@ static int bcm4377_check_bdaddr(struct bcm4377_data *bcm4377) 


	bda = (struct hci_rp_read_bd_addr *)skb->data;

	if (!bcm4377_is_valid_bdaddr(bcm4377, &bda->bdaddr))

		set_bit(HCI_QUIRK_INVALID_BDADDR, &bcm4377->hdev->quirks);

		set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &bcm4377->hdev->quirks);



	kfree_skb(skb);

	return 0;
@@ -2368,7 +2368,6 @@ static int bcm4377_probe(struct pci_dev *pdev, const struct pci_device_id *id) 
	hdev->set_bdaddr = bcm4377_hci_set_bdaddr;

	hdev->setup = bcm4377_hci_setup;



	set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);

	if (bcm4377->hw->broken_mws_transport_config)

		set_bit(HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG, &hdev->quirks);

	if (bcm4377->hw->broken_ext_scan)

drivers/bluetooth/hci_qca.c

+16 −6
Original line number Diff line number Diff line
@@ -7,6 +7,7 @@ 
 *

 *  Copyright (C) 2007 Texas Instruments, Inc.

 *  Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved.

 *  Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.

 *

 *  Acknowledgements:

 *  This file is based on hci_ll.c, which was...
@@ -1806,13 +1807,12 @@ static int qca_power_on(struct hci_dev *hdev) 


static void hci_coredump_qca(struct hci_dev *hdev)

{

	int err;

	static const u8 param[] = { 0x26 };

	struct sk_buff *skb;



	skb = __hci_cmd_sync(hdev, 0xfc0c, 1, param, HCI_CMD_TIMEOUT);

	if (IS_ERR(skb))

		bt_dev_err(hdev, "%s: trigger crash failed (%ld)", __func__, PTR_ERR(skb));

	kfree_skb(skb);

	err = __hci_cmd_send(hdev, 0xfc0c, 1, param);

	if (err < 0)

		bt_dev_err(hdev, "%s: trigger crash failed (%d)", __func__, err);

}



static int qca_get_data_path_id(struct hci_dev *hdev, __u8 *data_path_id)
@@ -1904,7 +1904,17 @@ static int qca_setup(struct hci_uart *hu) 
	case QCA_WCN6750:

	case QCA_WCN6855:

	case QCA_WCN7850:



		/* Set BDA quirk bit for reading BDA value from fwnode property

		 * only if that property exist in DT.

		 */

		if (fwnode_property_present(dev_fwnode(hdev->dev.parent), "local-bd-address")) {

			set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);

			bt_dev_info(hdev, "setting quirk bit to read BDA from fwnode later");

		} else {

			bt_dev_dbg(hdev, "local-bd-address` is not present in the devicetree so not setting quirk bit for BDA");

		}



		hci_set_aosp_capable(hdev);



		ret = qca_read_soc_version(hdev, &ver, soc_type);

net/bluetooth/hci_core.c

+4 −3
Original line number Diff line number Diff line
@@ -1049,6 +1049,7 @@ static void hci_error_reset(struct work_struct *work) 
{

	struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);



	hci_dev_hold(hdev);

	BT_DBG("%s", hdev->name);



	if (hdev->hw_error)
@@ -1056,10 +1057,10 @@ static void hci_error_reset(struct work_struct *work) 
	else

		bt_dev_err(hdev, "hardware error 0x%2.2x", hdev->hw_error_code);



	if (hci_dev_do_close(hdev))

		return;



	if (!hci_dev_do_close(hdev))

		hci_dev_do_open(hdev);



	hci_dev_put(hdev);

}



void hci_uuids_clear(struct hci_dev *hdev)

net/bluetooth/hci_event.c

+10 −3
Original line number Diff line number Diff line
@@ -5329,9 +5329,12 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, void *data, 
	hci_dev_lock(hdev);



	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);

	if (!conn || !hci_conn_ssp_enabled(conn))

	if (!conn || !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))

		goto unlock;



	/* Assume remote supports SSP since it has triggered this event */

	set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);



	hci_conn_hold(conn);



	if (!hci_dev_test_flag(hdev, HCI_MGMT))
@@ -6794,6 +6797,10 @@ static void hci_le_remote_conn_param_req_evt(struct hci_dev *hdev, void *data, 
		return send_conn_param_neg_reply(hdev, handle,

						 HCI_ERROR_UNKNOWN_CONN_ID);



	if (max > hcon->le_conn_max_interval)

		return send_conn_param_neg_reply(hdev, handle,

						 HCI_ERROR_INVALID_LL_PARAMS);



	if (hci_check_conn_params(min, max, latency, timeout))

		return send_conn_param_neg_reply(hdev, handle,

						 HCI_ERROR_INVALID_LL_PARAMS);
@@ -7420,10 +7427,10 @@ static void hci_store_wake_reason(struct hci_dev *hdev, u8 event, 
	 * keep track of the bdaddr of the connection event that woke us up.

	 */

	if (event == HCI_EV_CONN_REQUEST) {

		bacpy(&hdev->wake_addr, &conn_complete->bdaddr);

		bacpy(&hdev->wake_addr, &conn_request->bdaddr);

		hdev->wake_addr_type = BDADDR_BREDR;

	} else if (event == HCI_EV_CONN_COMPLETE) {

		bacpy(&hdev->wake_addr, &conn_request->bdaddr);

		bacpy(&hdev->wake_addr, &conn_complete->bdaddr);

		hdev->wake_addr_type = BDADDR_BREDR;

	} else if (event == HCI_EV_LE_META) {

		struct hci_ev_le_meta *le_ev = (void *)skb->data;