Commit 42391445 authored by David S. Miller's avatar David S. Miller
Browse files

Merge tag 'for-net-2024-06-28' of... 

Merge tag 'for-net-2024-06-28' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

 into main

bluetooth pull request for net:

 - Ignore too large handle values in BIG
 - L2CAP: sync sock recv cb and release
 - hci_bcm4377: Fix msgid release
 - ISO: Check socket flag instead of hcon
 - hci_event: Fix setting of unicast qos interval
 - hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
 - Add quirk to ignore reserved PHY bits in LE Extended Adv Report
 - hci_core: cancel all works upon hci_unregister_dev
 - btintel_pcie: Fix REVERSE_INULL issue reported by coverity
 - qca: Fix BT enable failure again for QCA6390 after warm reboot

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 66be40e6 f1a8f402

drivers/bluetooth/btintel_pcie.c

+1 −1
Original line number Diff line number Diff line
@@ -382,7 +382,7 @@ static int btintel_pcie_recv_frame(struct btintel_pcie_data *data, 


	/* The first 4 bytes indicates the Intel PCIe specific packet type */

	pdata = skb_pull_data(skb, BTINTEL_PCIE_HCI_TYPE_LEN);

	if (!data) {

	if (!pdata) {

		bt_dev_err(hdev, "Corrupted packet received");

		ret = -EILSEQ;

		goto exit_error;

drivers/bluetooth/btnxpuart.c

+1 −1
Original line number Diff line number Diff line
@@ -281,7 +281,7 @@ static u8 crc8_table[CRC8_TABLE_SIZE]; 


/* Default configurations */

#define DEFAULT_H2C_WAKEUP_MODE	WAKEUP_METHOD_BREAK

#define DEFAULT_PS_MODE		PS_MODE_DISABLE

#define DEFAULT_PS_MODE		PS_MODE_ENABLE

#define FW_INIT_BAUDRATE	HCI_NXP_PRI_BAUDRATE



static struct sk_buff *nxp_drv_send_cmd(struct hci_dev *hdev, u16 opcode,

drivers/bluetooth/hci_bcm4377.c

+9 −1
Original line number Diff line number Diff line
@@ -495,6 +495,10 @@ struct bcm4377_data; 
 *                  extended scanning

 * broken_mws_transport_config: Set to true if the chip erroneously claims to

 *                              support MWS Transport Configuration

 * broken_le_ext_adv_report_phy: Set to true if this chip stuffs flags inside

 *                               reserved bits of Primary/Secondary_PHY inside

 *                               LE Extended Advertising Report events which

 *                               have to be ignored

 * send_calibration: Optional callback to send calibration data

 * send_ptb: Callback to send "PTB" regulatory/calibration data

 */
@@ -513,6 +517,7 @@ struct bcm4377_hw { 
	unsigned long broken_ext_scan : 1;

	unsigned long broken_mws_transport_config : 1;

	unsigned long broken_le_coded : 1;

	unsigned long broken_le_ext_adv_report_phy : 1;



	int (*send_calibration)(struct bcm4377_data *bcm4377);

	int (*send_ptb)(struct bcm4377_data *bcm4377,
@@ -716,7 +721,7 @@ static void bcm4377_handle_ack(struct bcm4377_data *bcm4377, 
		ring->events[msgid] = NULL;

	}



	bitmap_release_region(ring->msgids, msgid, ring->n_entries);

	bitmap_release_region(ring->msgids, msgid, 0);



unlock:

	spin_unlock_irqrestore(&ring->lock, flags);
@@ -2373,6 +2378,8 @@ static int bcm4377_probe(struct pci_dev *pdev, const struct pci_device_id *id) 
		set_bit(HCI_QUIRK_BROKEN_EXT_SCAN, &hdev->quirks);

	if (bcm4377->hw->broken_le_coded)

		set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks);

	if (bcm4377->hw->broken_le_ext_adv_report_phy)

		set_bit(HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY, &hdev->quirks);



	pci_set_drvdata(pdev, bcm4377);

	hci_set_drvdata(hdev, bcm4377);
@@ -2477,6 +2484,7 @@ static const struct bcm4377_hw bcm4377_hw_variants[] = { 
		.clear_pciecfg_subsystem_ctrl_bit19 = true,

		.broken_mws_transport_config = true,

		.broken_le_coded = true,

		.broken_le_ext_adv_report_phy = true,

		.send_calibration = bcm4387_send_calibration,

		.send_ptb = bcm4378_send_ptb,

	},

drivers/bluetooth/hci_qca.c

+15 −3
Original line number Diff line number Diff line
@@ -2450,15 +2450,27 @@ static void qca_serdev_shutdown(struct device *dev) 
	struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);

	struct hci_uart *hu = &qcadev->serdev_hu;

	struct hci_dev *hdev = hu->hdev;

	struct qca_data *qca = hu->priv;

	const u8 ibs_wake_cmd[] = { 0xFD };

	const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 };



	if (qcadev->btsoc_type == QCA_QCA6390) {

		if (test_bit(QCA_BT_OFF, &qca->flags) ||

		    !test_bit(HCI_RUNNING, &hdev->flags))

		/* The purpose of sending the VSC is to reset SOC into a initial

		 * state and the state will ensure next hdev->setup() success.

		 * if HCI_QUIRK_NON_PERSISTENT_SETUP is set, it means that

		 * hdev->setup() can do its job regardless of SoC state, so

		 * don't need to send the VSC.

		 * if HCI_SETUP is set, it means that hdev->setup() was never

		 * invoked and the SOC is already in the initial state, so

		 * don't also need to send the VSC.

		 */

		if (test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks) ||

		    hci_dev_test_flag(hdev, HCI_SETUP))

			return;



		/* The serdev must be in open state when conrol logic arrives

		 * here, so also fix the use-after-free issue caused by that

		 * the serdev is flushed or wrote after it is closed.

		 */

		serdev_device_write_flush(serdev);

		ret = serdev_device_write_buf(serdev, ibs_wake_cmd,

					      sizeof(ibs_wake_cmd));

include/net/bluetooth/hci.h

+11 −0
Original line number Diff line number Diff line
@@ -324,6 +324,17 @@ enum { 
	 * claim to support it.

	 */

	HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE,



	/*

	 * When this quirk is set, the reserved bits of Primary/Secondary_PHY

	 * inside the LE Extended Advertising Report events are discarded.

	 * This is required for some Apple/Broadcom controllers which

	 * abuse these reserved bits for unrelated flags.

	 *

	 * This quirk can be set before hci_register_dev is called or

	 * during the hdev->setup vendor callback.

	 */

	HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY,

};



/* HCI device flags */