aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2018-08-05 20:29:27 -0400
committerDavid S. Miller <davem@davemloft.net>2018-08-05 20:29:27 -0400
commit6277547f33ecd6beaca373cb0858df69706e466a (patch)
treea3905e29130100d1766dc517355b0773c7658aa6
parentadd0decc46a061069a9f9fd90eff95e590339039 (diff)
parent6c3711ec64fd23a9abc8aaf59a9429569a6282df (diff)
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
Johan Hedberg says: ==================== pull request: bluetooth-next 2018-08-05 Here's the main bluetooth-next pull request for the 4.19 kernel. - Added support for Bluetooth Advertising Extensions - Added vendor driver support to hci_h5 HCI driver - Added serdev support to hci_h5 driver - Added support for Qualcomm wcn3990 controller - Added support for RTL8723BS and RTL8723DS controllers - btusb: Added new ID for Realtek 8723DE - Several other smaller fixes & cleanups Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--Documentation/devicetree/bindings/net/qualcomm-bluetooth.txt29
-rw-r--r--drivers/bluetooth/Kconfig1
-rw-r--r--drivers/bluetooth/bfusb.c2
-rw-r--r--drivers/bluetooth/bluecard_cs.c2
-rw-r--r--drivers/bluetooth/bpa10x.c6
-rw-r--r--drivers/bluetooth/btmrvl_sdio.c2
-rw-r--r--drivers/bluetooth/btqca.c117
-rw-r--r--drivers/bluetooth/btqca.h22
-rw-r--r--drivers/bluetooth/btrtl.c512
-rw-r--r--drivers/bluetooth/btrtl.h53
-rw-r--r--drivers/bluetooth/btusb.c116
-rw-r--r--drivers/bluetooth/hci_h5.c202
-rw-r--r--drivers/bluetooth/hci_intel.c2
-rw-r--r--drivers/bluetooth/hci_qca.c490
-rw-r--r--include/linux/platform_data/bt-nokia-h4p.h38
-rw-r--r--include/net/bluetooth/hci.h219
-rw-r--r--include/net/bluetooth/hci_core.h34
-rw-r--r--include/net/bluetooth/mgmt.h55
-rw-r--r--net/6lowpan/iphc.c1
-rw-r--r--net/bluetooth/af_bluetooth.c2
-rw-r--r--net/bluetooth/hci_conn.c189
-rw-r--r--net/bluetooth/hci_core.c105
-rw-r--r--net/bluetooth/hci_debugfs.c19
-rw-r--r--net/bluetooth/hci_event.c554
-rw-r--r--net/bluetooth/hci_request.c616
-rw-r--r--net/bluetooth/hci_request.h8
-rw-r--r--net/bluetooth/hidp/core.c6
-rw-r--r--net/bluetooth/mgmt.c405
-rw-r--r--net/bluetooth/sco.c3
29 files changed, 3236 insertions, 574 deletions
diff --git a/Documentation/devicetree/bindings/net/qualcomm-bluetooth.txt b/Documentation/devicetree/bindings/net/qualcomm-bluetooth.txt
index 0ea18a53cc29..824c0e23c544 100644
--- a/Documentation/devicetree/bindings/net/qualcomm-bluetooth.txt
+++ b/Documentation/devicetree/bindings/net/qualcomm-bluetooth.txt
@@ -10,12 +10,25 @@ device the slave device is attached to.
10Required properties: 10Required properties:
11 - compatible: should contain one of the following: 11 - compatible: should contain one of the following:
12 * "qcom,qca6174-bt" 12 * "qcom,qca6174-bt"
13 * "qcom,wcn3990-bt"
14
15Optional properties for compatible string qcom,qca6174-bt:
13 16
14Optional properties:
15 - enable-gpios: gpio specifier used to enable chip 17 - enable-gpios: gpio specifier used to enable chip
16 - clocks: clock provided to the controller (SUSCLK_32KHZ) 18 - clocks: clock provided to the controller (SUSCLK_32KHZ)
17 19
18Example: 20Required properties for compatible string qcom,wcn3990-bt:
21
22 - vddio-supply: VDD_IO supply regulator handle.
23 - vddxo-supply: VDD_XO supply regulator handle.
24 - vddrf-supply: VDD_RF supply regulator handle.
25 - vddch0-supply: VDD_CH0 supply regulator handle.
26
27Optional properties for compatible string qcom,wcn3990-bt:
28
29 - max-speed: see Documentation/devicetree/bindings/serial/slave-device.txt
30
31Examples:
19 32
20serial@7570000 { 33serial@7570000 {
21 label = "BT-UART"; 34 label = "BT-UART";
@@ -28,3 +41,15 @@ serial@7570000 {
28 clocks = <&divclk4>; 41 clocks = <&divclk4>;
29 }; 42 };
30}; 43};
44
45serial@898000 {
46 bluetooth {
47 compatible = "qcom,wcn3990-bt";
48
49 vddio-supply = <&vreg_s4a_1p8>;
50 vddxo-supply = <&vreg_l7a_1p8>;
51 vddrf-supply = <&vreg_l17a_1p3>;
52 vddch0-supply = <&vreg_l25a_3p3>;
53 max-speed = <3200000>;
54 };
55};
diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig
index f3c643a0473c..5f953ca8ac5b 100644
--- a/drivers/bluetooth/Kconfig
+++ b/drivers/bluetooth/Kconfig
@@ -159,6 +159,7 @@ config BT_HCIUART_LL
159config BT_HCIUART_3WIRE 159config BT_HCIUART_3WIRE
160 bool "Three-wire UART (H5) protocol support" 160 bool "Three-wire UART (H5) protocol support"
161 depends on BT_HCIUART 161 depends on BT_HCIUART
162 depends on BT_HCIUART_SERDEV
162 help 163 help
163 The HCI Three-wire UART Transport Layer makes it possible to 164 The HCI Three-wire UART Transport Layer makes it possible to
164 user the Bluetooth HCI over a serial port interface. The HCI 165 user the Bluetooth HCI over a serial port interface. The HCI
diff --git a/drivers/bluetooth/bfusb.c b/drivers/bluetooth/bfusb.c
index ab090a313a5f..0588639b899a 100644
--- a/drivers/bluetooth/bfusb.c
+++ b/drivers/bluetooth/bfusb.c
@@ -490,7 +490,7 @@ static int bfusb_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
490 count = skb->len; 490 count = skb->len;
491 491
492 /* Max HCI frame size seems to be 1511 + 1 */ 492 /* Max HCI frame size seems to be 1511 + 1 */
493 nskb = bt_skb_alloc(count + 32, GFP_ATOMIC); 493 nskb = bt_skb_alloc(count + 32, GFP_KERNEL);
494 if (!nskb) { 494 if (!nskb) {
495 BT_ERR("Can't allocate memory for new packet"); 495 BT_ERR("Can't allocate memory for new packet");
496 return -ENOMEM; 496 return -ENOMEM;
diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c
index 82437a69f99c..cc6e56223656 100644
--- a/drivers/bluetooth/bluecard_cs.c
+++ b/drivers/bluetooth/bluecard_cs.c
@@ -565,7 +565,7 @@ static int bluecard_hci_set_baud_rate(struct hci_dev *hdev, int baud)
565 /* Ericsson baud rate command */ 565 /* Ericsson baud rate command */
566 unsigned char cmd[] = { HCI_COMMAND_PKT, 0x09, 0xfc, 0x01, 0x03 }; 566 unsigned char cmd[] = { HCI_COMMAND_PKT, 0x09, 0xfc, 0x01, 0x03 };
567 567
568 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC); 568 skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_KERNEL);
569 if (!skb) { 569 if (!skb) {
570 BT_ERR("Can't allocate mem for new packet"); 570 BT_ERR("Can't allocate mem for new packet");
571 return -1; 571 return -1;
diff --git a/drivers/bluetooth/bpa10x.c b/drivers/bluetooth/bpa10x.c
index c6f7cc57db14..d1c2adf08576 100644
--- a/drivers/bluetooth/bpa10x.c
+++ b/drivers/bluetooth/bpa10x.c
@@ -289,7 +289,7 @@ static int bpa10x_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
289 289
290 skb->dev = (void *) hdev; 290 skb->dev = (void *) hdev;
291 291
292 urb = usb_alloc_urb(0, GFP_ATOMIC); 292 urb = usb_alloc_urb(0, GFP_KERNEL);
293 if (!urb) 293 if (!urb)
294 return -ENOMEM; 294 return -ENOMEM;
295 295
@@ -298,7 +298,7 @@ static int bpa10x_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
298 298
299 switch (hci_skb_pkt_type(skb)) { 299 switch (hci_skb_pkt_type(skb)) {
300 case HCI_COMMAND_PKT: 300 case HCI_COMMAND_PKT:
301 dr = kmalloc(sizeof(*dr), GFP_ATOMIC); 301 dr = kmalloc(sizeof(*dr), GFP_KERNEL);
302 if (!dr) { 302 if (!dr) {
303 usb_free_urb(urb); 303 usb_free_urb(urb);
304 return -ENOMEM; 304 return -ENOMEM;
@@ -343,7 +343,7 @@ static int bpa10x_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
343 343
344 usb_anchor_urb(urb, &data->tx_anchor); 344 usb_anchor_urb(urb, &data->tx_anchor);
345 345
346 err = usb_submit_urb(urb, GFP_ATOMIC); 346 err = usb_submit_urb(urb, GFP_KERNEL);
347 if (err < 0) { 347 if (err < 0) {
348 bt_dev_err(hdev, "urb %p submission failed", urb); 348 bt_dev_err(hdev, "urb %p submission failed", urb);
349 kfree(urb->setup_packet); 349 kfree(urb->setup_packet);
diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c
index 888bac49a87b..fb3d03928460 100644
--- a/drivers/bluetooth/btmrvl_sdio.c
+++ b/drivers/bluetooth/btmrvl_sdio.c
@@ -718,7 +718,7 @@ static int btmrvl_sdio_card_to_host(struct btmrvl_private *priv)
718 } 718 }
719 719
720 /* Allocate buffer */ 720 /* Allocate buffer */
721 skb = bt_skb_alloc(num_blocks * blksz + BTSDIO_DMA_ALIGN, GFP_ATOMIC); 721 skb = bt_skb_alloc(num_blocks * blksz + BTSDIO_DMA_ALIGN, GFP_KERNEL);
722 if (!skb) { 722 if (!skb) {
723 BT_ERR("No free skb"); 723 BT_ERR("No free skb");
724 ret = -ENOMEM; 724 ret = -ENOMEM;
diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c
index 8219816c54a0..488f5e7521dd 100644
--- a/drivers/bluetooth/btqca.c
+++ b/drivers/bluetooth/btqca.c
@@ -27,7 +27,7 @@
27 27
28#define VERSION "0.1" 28#define VERSION "0.1"
29 29
30static int rome_patch_ver_req(struct hci_dev *hdev, u32 *rome_version) 30int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version)
31{ 31{
32 struct sk_buff *skb; 32 struct sk_buff *skb;
33 struct edl_event_hdr *edl; 33 struct edl_event_hdr *edl;
@@ -35,36 +35,35 @@ static int rome_patch_ver_req(struct hci_dev *hdev, u32 *rome_version)
35 char cmd; 35 char cmd;
36 int err = 0; 36 int err = 0;
37 37
38 BT_DBG("%s: ROME Patch Version Request", hdev->name); 38 bt_dev_dbg(hdev, "QCA Version Request");
39 39
40 cmd = EDL_PATCH_VER_REQ_CMD; 40 cmd = EDL_PATCH_VER_REQ_CMD;
41 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN, 41 skb = __hci_cmd_sync_ev(hdev, EDL_PATCH_CMD_OPCODE, EDL_PATCH_CMD_LEN,
42 &cmd, HCI_VENDOR_PKT, HCI_INIT_TIMEOUT); 42 &cmd, HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
43 if (IS_ERR(skb)) { 43 if (IS_ERR(skb)) {
44 err = PTR_ERR(skb); 44 err = PTR_ERR(skb);
45 BT_ERR("%s: Failed to read version of ROME (%d)", hdev->name, 45 bt_dev_err(hdev, "Reading QCA version information failed (%d)",
46 err); 46 err);
47 return err; 47 return err;
48 } 48 }
49 49
50 if (skb->len != sizeof(*edl) + sizeof(*ver)) { 50 if (skb->len != sizeof(*edl) + sizeof(*ver)) {
51 BT_ERR("%s: Version size mismatch len %d", hdev->name, 51 bt_dev_err(hdev, "QCA Version size mismatch len %d", skb->len);
52 skb->len);
53 err = -EILSEQ; 52 err = -EILSEQ;
54 goto out; 53 goto out;
55 } 54 }
56 55
57 edl = (struct edl_event_hdr *)(skb->data); 56 edl = (struct edl_event_hdr *)(skb->data);
58 if (!edl) { 57 if (!edl) {
59 BT_ERR("%s: TLV with no header", hdev->name); 58 bt_dev_err(hdev, "QCA TLV with no header");
60 err = -EILSEQ; 59 err = -EILSEQ;
61 goto out; 60 goto out;
62 } 61 }
63 62
64 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 63 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
65 edl->rtype != EDL_APP_VER_RES_EVT) { 64 edl->rtype != EDL_APP_VER_RES_EVT) {
66 BT_ERR("%s: Wrong packet received %d %d", hdev->name, 65 bt_dev_err(hdev, "QCA Wrong packet received %d %d", edl->cresp,
67 edl->cresp, edl->rtype); 66 edl->rtype);
68 err = -EIO; 67 err = -EIO;
69 goto out; 68 goto out;
70 } 69 }
@@ -76,30 +75,35 @@ static int rome_patch_ver_req(struct hci_dev *hdev, u32 *rome_version)
76 BT_DBG("%s: ROM :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver)); 75 BT_DBG("%s: ROM :0x%08x", hdev->name, le16_to_cpu(ver->rome_ver));
77 BT_DBG("%s: SOC :0x%08x", hdev->name, le32_to_cpu(ver->soc_id)); 76 BT_DBG("%s: SOC :0x%08x", hdev->name, le32_to_cpu(ver->soc_id));
78 77
79 /* ROME chipset version can be decided by patch and SoC 78 /* QCA chipset version can be decided by patch and SoC
80 * version, combination with upper 2 bytes from SoC 79 * version, combination with upper 2 bytes from SoC
81 * and lower 2 bytes from patch will be used. 80 * and lower 2 bytes from patch will be used.
82 */ 81 */
83 *rome_version = (le32_to_cpu(ver->soc_id) << 16) | 82 *soc_version = (le32_to_cpu(ver->soc_id) << 16) |
84 (le16_to_cpu(ver->rome_ver) & 0x0000ffff); 83 (le16_to_cpu(ver->rome_ver) & 0x0000ffff);
84 if (*soc_version == 0)
85 err = -EILSEQ;
85 86
86out: 87out:
87 kfree_skb(skb); 88 kfree_skb(skb);
89 if (err)
90 bt_dev_err(hdev, "QCA Failed to get version (%d)", err);
88 91
89 return err; 92 return err;
90} 93}
94EXPORT_SYMBOL_GPL(qca_read_soc_version);
91 95
92static int rome_reset(struct hci_dev *hdev) 96static int qca_send_reset(struct hci_dev *hdev)
93{ 97{
94 struct sk_buff *skb; 98 struct sk_buff *skb;
95 int err; 99 int err;
96 100
97 BT_DBG("%s: ROME HCI_RESET", hdev->name); 101 bt_dev_dbg(hdev, "QCA HCI_RESET");
98 102
99 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 103 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
100 if (IS_ERR(skb)) { 104 if (IS_ERR(skb)) {
101 err = PTR_ERR(skb); 105 err = PTR_ERR(skb);
102 BT_ERR("%s: Reset failed (%d)", hdev->name, err); 106 bt_dev_err(hdev, "QCA Reset failed (%d)", err);
103 return err; 107 return err;
104 } 108 }
105 109
@@ -108,7 +112,7 @@ static int rome_reset(struct hci_dev *hdev)
108 return 0; 112 return 0;
109} 113}
110 114
111static void rome_tlv_check_data(struct rome_config *config, 115static void qca_tlv_check_data(struct rome_config *config,
112 const struct firmware *fw) 116 const struct firmware *fw)
113{ 117{
114 const u8 *data; 118 const u8 *data;
@@ -207,7 +211,7 @@ static void rome_tlv_check_data(struct rome_config *config,
207 } 211 }
208} 212}
209 213
210static int rome_tlv_send_segment(struct hci_dev *hdev, int seg_size, 214static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size,
211 const u8 *data, enum rome_tlv_dnld_mode mode) 215 const u8 *data, enum rome_tlv_dnld_mode mode)
212{ 216{
213 struct sk_buff *skb; 217 struct sk_buff *skb;
@@ -228,19 +232,19 @@ static int rome_tlv_send_segment(struct hci_dev *hdev, int seg_size,
228 HCI_VENDOR_PKT, HCI_INIT_TIMEOUT); 232 HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
229 if (IS_ERR(skb)) { 233 if (IS_ERR(skb)) {
230 err = PTR_ERR(skb); 234 err = PTR_ERR(skb);
231 BT_ERR("%s: Failed to send TLV segment (%d)", hdev->name, err); 235 bt_dev_err(hdev, "QCA Failed to send TLV segment (%d)", err);
232 return err; 236 return err;
233 } 237 }
234 238
235 if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) { 239 if (skb->len != sizeof(*edl) + sizeof(*tlv_resp)) {
236 BT_ERR("%s: TLV response size mismatch", hdev->name); 240 bt_dev_err(hdev, "QCA TLV response size mismatch");
237 err = -EILSEQ; 241 err = -EILSEQ;
238 goto out; 242 goto out;
239 } 243 }
240 244
241 edl = (struct edl_event_hdr *)(skb->data); 245 edl = (struct edl_event_hdr *)(skb->data);
242 if (!edl) { 246 if (!edl) {
243 BT_ERR("%s: TLV with no header", hdev->name); 247 bt_dev_err(hdev, "TLV with no header");
244 err = -EILSEQ; 248 err = -EILSEQ;
245 goto out; 249 goto out;
246 } 250 }
@@ -249,8 +253,8 @@ static int rome_tlv_send_segment(struct hci_dev *hdev, int seg_size,
249 253
250 if (edl->cresp != EDL_CMD_REQ_RES_EVT || 254 if (edl->cresp != EDL_CMD_REQ_RES_EVT ||
251 edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) { 255 edl->rtype != EDL_TVL_DNLD_RES_EVT || tlv_resp->result != 0x00) {
252 BT_ERR("%s: TLV with error stat 0x%x rtype 0x%x (0x%x)", 256 bt_dev_err(hdev, "QCA TLV with error stat 0x%x rtype 0x%x (0x%x)",
253 hdev->name, edl->cresp, edl->rtype, tlv_resp->result); 257 edl->cresp, edl->rtype, tlv_resp->result);
254 err = -EIO; 258 err = -EIO;
255 } 259 }
256 260
@@ -260,23 +264,23 @@ out:
260 return err; 264 return err;
261} 265}
262 266
263static int rome_download_firmware(struct hci_dev *hdev, 267static int qca_download_firmware(struct hci_dev *hdev,
264 struct rome_config *config) 268 struct rome_config *config)
265{ 269{
266 const struct firmware *fw; 270 const struct firmware *fw;
267 const u8 *segment; 271 const u8 *segment;
268 int ret, remain, i = 0; 272 int ret, remain, i = 0;
269 273
270 bt_dev_info(hdev, "ROME Downloading %s", config->fwname); 274 bt_dev_info(hdev, "QCA Downloading %s", config->fwname);
271 275
272 ret = request_firmware(&fw, config->fwname, &hdev->dev); 276 ret = request_firmware(&fw, config->fwname, &hdev->dev);
273 if (ret) { 277 if (ret) {
274 BT_ERR("%s: Failed to request file: %s (%d)", hdev->name, 278 bt_dev_err(hdev, "QCA Failed to request file: %s (%d)",
275 config->fwname, ret); 279 config->fwname, ret);
276 return ret; 280 return ret;
277 } 281 }
278 282
279 rome_tlv_check_data(config, fw); 283 qca_tlv_check_data(config, fw);
280 284
281 segment = fw->data; 285 segment = fw->data;
282 remain = fw->size; 286 remain = fw->size;
@@ -290,7 +294,7 @@ static int rome_download_firmware(struct hci_dev *hdev,
290 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT) 294 if (!remain || segsize < MAX_SIZE_PER_TLV_SEGMENT)
291 config->dnld_mode = ROME_SKIP_EVT_NONE; 295 config->dnld_mode = ROME_SKIP_EVT_NONE;
292 296
293 ret = rome_tlv_send_segment(hdev, segsize, segment, 297 ret = qca_tlv_send_segment(hdev, segsize, segment,
294 config->dnld_mode); 298 config->dnld_mode);
295 if (ret) 299 if (ret)
296 break; 300 break;
@@ -317,8 +321,7 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
317 HCI_VENDOR_PKT, HCI_INIT_TIMEOUT); 321 HCI_VENDOR_PKT, HCI_INIT_TIMEOUT);
318 if (IS_ERR(skb)) { 322 if (IS_ERR(skb)) {
319 err = PTR_ERR(skb); 323 err = PTR_ERR(skb);
320 BT_ERR("%s: Change address command failed (%d)", 324 bt_dev_err(hdev, "QCA Change address command failed (%d)", err);
321 hdev->name, err);
322 return err; 325 return err;
323 } 326 }
324 327
@@ -328,57 +331,65 @@ int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr)
328} 331}
329EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome); 332EXPORT_SYMBOL_GPL(qca_set_bdaddr_rome);
330 333
331int qca_uart_setup_rome(struct hci_dev *hdev, uint8_t baudrate) 334int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
335 enum qca_btsoc_type soc_type, u32 soc_ver)
332{ 336{
333 u32 rome_ver = 0;
334 struct rome_config config; 337 struct rome_config config;
335 int err; 338 int err;
339 u8 rom_ver;
336 340
337 BT_DBG("%s: ROME setup on UART", hdev->name); 341 bt_dev_dbg(hdev, "QCA setup on UART");
338 342
339 config.user_baud_rate = baudrate; 343 config.user_baud_rate = baudrate;
340 344
341 /* Get ROME version information */
342 err = rome_patch_ver_req(hdev, &rome_ver);
343 if (err < 0 || rome_ver == 0) {
344 BT_ERR("%s: Failed to get version 0x%x", hdev->name, err);
345 return err;
346 }
347
348 bt_dev_info(hdev, "ROME controller version 0x%08x", rome_ver);
349
350 /* Download rampatch file */ 345 /* Download rampatch file */
351 config.type = TLV_TYPE_PATCH; 346 config.type = TLV_TYPE_PATCH;
352 snprintf(config.fwname, sizeof(config.fwname), "qca/rampatch_%08x.bin", 347 if (soc_type == QCA_WCN3990) {
353 rome_ver); 348 /* Firmware files to download are based on ROM version.
354 err = rome_download_firmware(hdev, &config); 349 * ROM version is derived from last two bytes of soc_ver.
350 */
351 rom_ver = ((soc_ver & 0x00000f00) >> 0x04) |
352 (soc_ver & 0x0000000f);
353 snprintf(config.fwname, sizeof(config.fwname),
354 "qca/crbtfw%02x.tlv", rom_ver);
355 } else {
356 snprintf(config.fwname, sizeof(config.fwname),
357 "qca/rampatch_%08x.bin", soc_ver);
358 }
359
360 err = qca_download_firmware(hdev, &config);
355 if (err < 0) { 361 if (err < 0) {
356 BT_ERR("%s: Failed to download patch (%d)", hdev->name, err); 362 bt_dev_err(hdev, "QCA Failed to download patch (%d)", err);
357 return err; 363 return err;
358 } 364 }
359 365
360 /* Download NVM configuration */ 366 /* Download NVM configuration */
361 config.type = TLV_TYPE_NVM; 367 config.type = TLV_TYPE_NVM;
362 snprintf(config.fwname, sizeof(config.fwname), "qca/nvm_%08x.bin", 368 if (soc_type == QCA_WCN3990)
363 rome_ver); 369 snprintf(config.fwname, sizeof(config.fwname),
364 err = rome_download_firmware(hdev, &config); 370 "qca/crnv%02x.bin", rom_ver);
371 else
372 snprintf(config.fwname, sizeof(config.fwname),
373 "qca/nvm_%08x.bin", soc_ver);
374
375 err = qca_download_firmware(hdev, &config);
365 if (err < 0) { 376 if (err < 0) {
366 BT_ERR("%s: Failed to download NVM (%d)", hdev->name, err); 377 bt_dev_err(hdev, "QCA Failed to download NVM (%d)", err);
367 return err; 378 return err;
368 } 379 }
369 380
370 /* Perform HCI reset */ 381 /* Perform HCI reset */
371 err = rome_reset(hdev); 382 err = qca_send_reset(hdev);
372 if (err < 0) { 383 if (err < 0) {
373 BT_ERR("%s: Failed to run HCI_RESET (%d)", hdev->name, err); 384 bt_dev_err(hdev, "QCA Failed to run HCI_RESET (%d)", err);
374 return err; 385 return err;
375 } 386 }
376 387
377 bt_dev_info(hdev, "ROME setup on UART is completed"); 388 bt_dev_info(hdev, "QCA setup on UART is completed");
378 389
379 return 0; 390 return 0;
380} 391}
381EXPORT_SYMBOL_GPL(qca_uart_setup_rome); 392EXPORT_SYMBOL_GPL(qca_uart_setup);
382 393
383MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>"); 394MODULE_AUTHOR("Ben Young Tae Kim <ytkim@qca.qualcomm.com>");
384MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION); 395MODULE_DESCRIPTION("Bluetooth support for Qualcomm Atheros family ver " VERSION);
diff --git a/drivers/bluetooth/btqca.h b/drivers/bluetooth/btqca.h
index 13d77fd873b6..0c01f375fe83 100644
--- a/drivers/bluetooth/btqca.h
+++ b/drivers/bluetooth/btqca.h
@@ -37,6 +37,9 @@
37#define EDL_TAG_ID_HCI (17) 37#define EDL_TAG_ID_HCI (17)
38#define EDL_TAG_ID_DEEP_SLEEP (27) 38#define EDL_TAG_ID_DEEP_SLEEP (27)
39 39
40#define QCA_WCN3990_POWERON_PULSE 0xFC
41#define QCA_WCN3990_POWEROFF_PULSE 0xC0
42
40enum qca_bardrate { 43enum qca_bardrate {
41 QCA_BAUDRATE_115200 = 0, 44 QCA_BAUDRATE_115200 = 0,
42 QCA_BAUDRATE_57600, 45 QCA_BAUDRATE_57600,
@@ -124,10 +127,19 @@ struct tlv_type_hdr {
124 __u8 data[0]; 127 __u8 data[0];
125} __packed; 128} __packed;
126 129
130enum qca_btsoc_type {
131 QCA_INVALID = -1,
132 QCA_AR3002,
133 QCA_ROME,
134 QCA_WCN3990
135};
136
127#if IS_ENABLED(CONFIG_BT_QCA) 137#if IS_ENABLED(CONFIG_BT_QCA)
128 138
129int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr); 139int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdaddr);
130int qca_uart_setup_rome(struct hci_dev *hdev, uint8_t baudrate); 140int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
141 enum qca_btsoc_type soc_type, u32 soc_ver);
142int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version);
131 143
132#else 144#else
133 145
@@ -136,7 +148,13 @@ static inline int qca_set_bdaddr_rome(struct hci_dev *hdev, const bdaddr_t *bdad
136 return -EOPNOTSUPP; 148 return -EOPNOTSUPP;
137} 149}
138 150
139static inline int qca_uart_setup_rome(struct hci_dev *hdev, int speed) 151static inline int qca_uart_setup(struct hci_dev *hdev, uint8_t baudrate,
152 enum qca_btsoc_type soc_type, u32 soc_ver)
153{
154 return -EOPNOTSUPP;
155}
156
157static inline int qca_read_soc_version(struct hci_dev *hdev, u32 *soc_version)
140{ 158{
141 return -EOPNOTSUPP; 159 return -EOPNOTSUPP;
142} 160}
diff --git a/drivers/bluetooth/btrtl.c b/drivers/bluetooth/btrtl.c
index 437f080deaab..7f9ea8e4c1b2 100644
--- a/drivers/bluetooth/btrtl.c
+++ b/drivers/bluetooth/btrtl.c
@@ -34,9 +34,12 @@
34#define RTL_ROM_LMP_8821A 0x8821 34#define RTL_ROM_LMP_8821A 0x8821
35#define RTL_ROM_LMP_8761A 0x8761 35#define RTL_ROM_LMP_8761A 0x8761
36#define RTL_ROM_LMP_8822B 0x8822 36#define RTL_ROM_LMP_8822B 0x8822
37#define RTL_CONFIG_MAGIC 0x8723ab55
37 38
38#define IC_MATCH_FL_LMPSUBV (1 << 0) 39#define IC_MATCH_FL_LMPSUBV (1 << 0)
39#define IC_MATCH_FL_HCIREV (1 << 1) 40#define IC_MATCH_FL_HCIREV (1 << 1)
41#define IC_MATCH_FL_HCIVER (1 << 2)
42#define IC_MATCH_FL_HCIBUS (1 << 3)
40#define IC_INFO(lmps, hcir) \ 43#define IC_INFO(lmps, hcir) \
41 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV, \ 44 .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV, \
42 .lmp_subver = (lmps), \ 45 .lmp_subver = (lmps), \
@@ -46,49 +49,130 @@ struct id_table {
46 __u16 match_flags; 49 __u16 match_flags;
47 __u16 lmp_subver; 50 __u16 lmp_subver;
48 __u16 hci_rev; 51 __u16 hci_rev;
52 __u8 hci_ver;
53 __u8 hci_bus;
49 bool config_needed; 54 bool config_needed;
55 bool has_rom_version;
50 char *fw_name; 56 char *fw_name;
51 char *cfg_name; 57 char *cfg_name;
52}; 58};
53 59
60struct btrtl_device_info {
61 const struct id_table *ic_info;
62 u8 rom_version;
63 u8 *fw_data;
64 int fw_len;
65 u8 *cfg_data;
66 int cfg_len;
67};
68
54static const struct id_table ic_id_table[] = { 69static const struct id_table ic_id_table[] = {
70 { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_8723A, 0x0,
71 .config_needed = false,
72 .has_rom_version = false,
73 .fw_name = "rtl_bt/rtl8723a_fw.bin",
74 .cfg_name = NULL },
75
76 { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_3499, 0x0,
77 .config_needed = false,
78 .has_rom_version = false,
79 .fw_name = "rtl_bt/rtl8723a_fw.bin",
80 .cfg_name = NULL },
81
82 /* 8723BS */
83 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV |
84 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS,
85 .lmp_subver = RTL_ROM_LMP_8723B,
86 .hci_rev = 0xb,
87 .hci_ver = 6,
88 .hci_bus = HCI_UART,
89 .config_needed = true,
90 .has_rom_version = true,
91 .fw_name = "rtl_bt/rtl8723bs_fw.bin",
92 .cfg_name = "rtl_bt/rtl8723bs_config" },
93
55 /* 8723B */ 94 /* 8723B */
56 { IC_INFO(RTL_ROM_LMP_8723B, 0xb), 95 { IC_INFO(RTL_ROM_LMP_8723B, 0xb),
57 .config_needed = false, 96 .config_needed = false,
97 .has_rom_version = true,
58 .fw_name = "rtl_bt/rtl8723b_fw.bin", 98 .fw_name = "rtl_bt/rtl8723b_fw.bin",
59 .cfg_name = "rtl_bt/rtl8723b_config.bin" }, 99 .cfg_name = "rtl_bt/rtl8723b_config" },
60 100
61 /* 8723D */ 101 /* 8723D */
62 { IC_INFO(RTL_ROM_LMP_8723B, 0xd), 102 { IC_INFO(RTL_ROM_LMP_8723B, 0xd),
63 .config_needed = true, 103 .config_needed = true,
104 .has_rom_version = true,
64 .fw_name = "rtl_bt/rtl8723d_fw.bin", 105 .fw_name = "rtl_bt/rtl8723d_fw.bin",
65 .cfg_name = "rtl_bt/rtl8723d_config.bin" }, 106 .cfg_name = "rtl_bt/rtl8723d_config" },
107
108 /* 8723DS */
109 { .match_flags = IC_MATCH_FL_LMPSUBV | IC_MATCH_FL_HCIREV |
110 IC_MATCH_FL_HCIVER | IC_MATCH_FL_HCIBUS,
111 .lmp_subver = RTL_ROM_LMP_8723B,
112 .hci_rev = 0xd,
113 .hci_ver = 8,
114 .hci_bus = HCI_UART,
115 .config_needed = true,
116 .has_rom_version = true,
117 .fw_name = "rtl_bt/rtl8723ds_fw.bin",
118 .cfg_name = "rtl_bt/rtl8723ds_config" },
66 119
67 /* 8821A */ 120 /* 8821A */
68 { IC_INFO(RTL_ROM_LMP_8821A, 0xa), 121 { IC_INFO(RTL_ROM_LMP_8821A, 0xa),
69 .config_needed = false, 122 .config_needed = false,
123 .has_rom_version = true,
70 .fw_name = "rtl_bt/rtl8821a_fw.bin", 124 .fw_name = "rtl_bt/rtl8821a_fw.bin",
71 .cfg_name = "rtl_bt/rtl8821a_config.bin" }, 125 .cfg_name = "rtl_bt/rtl8821a_config" },
72 126
73 /* 8821C */ 127 /* 8821C */
74 { IC_INFO(RTL_ROM_LMP_8821A, 0xc), 128 { IC_INFO(RTL_ROM_LMP_8821A, 0xc),
75 .config_needed = false, 129 .config_needed = false,
130 .has_rom_version = true,
76 .fw_name = "rtl_bt/rtl8821c_fw.bin", 131 .fw_name = "rtl_bt/rtl8821c_fw.bin",
77 .cfg_name = "rtl_bt/rtl8821c_config.bin" }, 132 .cfg_name = "rtl_bt/rtl8821c_config" },
78 133
79 /* 8761A */ 134 /* 8761A */
80 { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_8761A, 0x0, 135 { IC_MATCH_FL_LMPSUBV, RTL_ROM_LMP_8761A, 0x0,
81 .config_needed = false, 136 .config_needed = false,
137 .has_rom_version = true,
82 .fw_name = "rtl_bt/rtl8761a_fw.bin", 138 .fw_name = "rtl_bt/rtl8761a_fw.bin",
83 .cfg_name = "rtl_bt/rtl8761a_config.bin" }, 139 .cfg_name = "rtl_bt/rtl8761a_config" },
84 140
85 /* 8822B */ 141 /* 8822B */
86 { IC_INFO(RTL_ROM_LMP_8822B, 0xb), 142 { IC_INFO(RTL_ROM_LMP_8822B, 0xb),
87 .config_needed = true, 143 .config_needed = true,
144 .has_rom_version = true,
88 .fw_name = "rtl_bt/rtl8822b_fw.bin", 145 .fw_name = "rtl_bt/rtl8822b_fw.bin",
89 .cfg_name = "rtl_bt/rtl8822b_config.bin" }, 146 .cfg_name = "rtl_bt/rtl8822b_config" },
90 }; 147 };
91 148
149static const struct id_table *btrtl_match_ic(u16 lmp_subver, u16 hci_rev,
150 u8 hci_ver, u8 hci_bus)
151{
152 int i;
153
154 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) {
155 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
156 (ic_id_table[i].lmp_subver != lmp_subver))
157 continue;
158 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
159 (ic_id_table[i].hci_rev != hci_rev))
160 continue;
161 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIVER) &&
162 (ic_id_table[i].hci_ver != hci_ver))
163 continue;
164 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIBUS) &&
165 (ic_id_table[i].hci_bus != hci_bus))
166 continue;
167
168 break;
169 }
170 if (i >= ARRAY_SIZE(ic_id_table))
171 return NULL;
172
173 return &ic_id_table[i];
174}
175
92static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version) 176static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
93{ 177{
94 struct rtl_rom_version_evt *rom_version; 178 struct rtl_rom_version_evt *rom_version;
@@ -97,20 +181,20 @@ static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
97 /* Read RTL ROM version command */ 181 /* Read RTL ROM version command */
98 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT); 182 skb = __hci_cmd_sync(hdev, 0xfc6d, 0, NULL, HCI_INIT_TIMEOUT);
99 if (IS_ERR(skb)) { 183 if (IS_ERR(skb)) {
100 BT_ERR("%s: Read ROM version failed (%ld)", 184 rtl_dev_err(hdev, "Read ROM version failed (%ld)\n",
101 hdev->name, PTR_ERR(skb)); 185 PTR_ERR(skb));
102 return PTR_ERR(skb); 186 return PTR_ERR(skb);
103 } 187 }
104 188
105 if (skb->len != sizeof(*rom_version)) { 189 if (skb->len != sizeof(*rom_version)) {
106 BT_ERR("%s: RTL version event length mismatch", hdev->name); 190 rtl_dev_err(hdev, "RTL version event length mismatch\n");
107 kfree_skb(skb); 191 kfree_skb(skb);
108 return -EIO; 192 return -EIO;
109 } 193 }
110 194
111 rom_version = (struct rtl_rom_version_evt *)skb->data; 195 rom_version = (struct rtl_rom_version_evt *)skb->data;
112 bt_dev_info(hdev, "rom_version status=%x version=%x", 196 rtl_dev_info(hdev, "rom_version status=%x version=%x\n",
113 rom_version->status, rom_version->version); 197 rom_version->status, rom_version->version);
114 198
115 *version = rom_version->version; 199 *version = rom_version->version;
116 200
@@ -118,16 +202,16 @@ static int rtl_read_rom_version(struct hci_dev *hdev, u8 *version)
118 return 0; 202 return 0;
119} 203}
120 204
121static int rtlbt_parse_firmware(struct hci_dev *hdev, u16 lmp_subver, 205static int rtlbt_parse_firmware(struct hci_dev *hdev,
122 const struct firmware *fw, 206 struct btrtl_device_info *btrtl_dev,
123 unsigned char **_buf) 207 unsigned char **_buf)
124{ 208{
125 const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 }; 209 const u8 extension_sig[] = { 0x51, 0x04, 0xfd, 0x77 };
126 struct rtl_epatch_header *epatch_info; 210 struct rtl_epatch_header *epatch_info;
127 unsigned char *buf; 211 unsigned char *buf;
128 int i, ret, len; 212 int i, len;
129 size_t min_size; 213 size_t min_size;
130 u8 opcode, length, data, rom_version = 0; 214 u8 opcode, length, data;
131 int project_id = -1; 215 int project_id = -1;
132 const unsigned char *fwptr, *chip_id_base; 216 const unsigned char *fwptr, *chip_id_base;
133 const unsigned char *patch_length_base, *patch_offset_base; 217 const unsigned char *patch_length_base, *patch_offset_base;
@@ -146,17 +230,13 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, u16 lmp_subver,
146 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */ 230 { RTL_ROM_LMP_8821A, 10 }, /* 8821C */
147 }; 231 };
148 232
149 ret = rtl_read_rom_version(hdev, &rom_version);
150 if (ret)
151 return ret;
152
153 min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3; 233 min_size = sizeof(struct rtl_epatch_header) + sizeof(extension_sig) + 3;
154 if (fw->size < min_size) 234 if (btrtl_dev->fw_len < min_size)
155 return -EINVAL; 235 return -EINVAL;
156 236
157 fwptr = fw->data + fw->size - sizeof(extension_sig); 237 fwptr = btrtl_dev->fw_data + btrtl_dev->fw_len - sizeof(extension_sig);
158 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) { 238 if (memcmp(fwptr, extension_sig, sizeof(extension_sig)) != 0) {
159 BT_ERR("%s: extension section signature mismatch", hdev->name); 239 rtl_dev_err(hdev, "extension section signature mismatch\n");
160 return -EINVAL; 240 return -EINVAL;
161 } 241 }
162 242
@@ -166,7 +246,7 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, u16 lmp_subver,
166 * Once we have that, we double-check that that project_id is suitable 246 * Once we have that, we double-check that that project_id is suitable
167 * for the hardware we are working with. 247 * for the hardware we are working with.
168 */ 248 */
169 while (fwptr >= fw->data + (sizeof(struct rtl_epatch_header) + 3)) { 249 while (fwptr >= btrtl_dev->fw_data + (sizeof(*epatch_info) + 3)) {
170 opcode = *--fwptr; 250 opcode = *--fwptr;
171 length = *--fwptr; 251 length = *--fwptr;
172 data = *--fwptr; 252 data = *--fwptr;
@@ -177,8 +257,7 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, u16 lmp_subver,
177 break; 257 break;
178 258
179 if (length == 0) { 259 if (length == 0) {
180 BT_ERR("%s: found instruction with length 0", 260 rtl_dev_err(hdev, "found instruction with length 0\n");
181 hdev->name);
182 return -EINVAL; 261 return -EINVAL;
183 } 262 }
184 263
@@ -191,7 +270,7 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, u16 lmp_subver,
191 } 270 }
192 271
193 if (project_id < 0) { 272 if (project_id < 0) {
194 BT_ERR("%s: failed to find version instruction", hdev->name); 273 rtl_dev_err(hdev, "failed to find version instruction\n");
195 return -EINVAL; 274 return -EINVAL;
196 } 275 }
197 276
@@ -202,19 +281,21 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, u16 lmp_subver,
202 } 281 }
203 282
204 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) { 283 if (i >= ARRAY_SIZE(project_id_to_lmp_subver)) {
205 BT_ERR("%s: unknown project id %d", hdev->name, project_id); 284 rtl_dev_err(hdev, "unknown project id %d\n", project_id);
206 return -EINVAL; 285 return -EINVAL;
207 } 286 }
208 287
209 if (lmp_subver != project_id_to_lmp_subver[i].lmp_subver) { 288 if (btrtl_dev->ic_info->lmp_subver !=
210 BT_ERR("%s: firmware is for %x but this is a %x", hdev->name, 289 project_id_to_lmp_subver[i].lmp_subver) {
211 project_id_to_lmp_subver[i].lmp_subver, lmp_subver); 290 rtl_dev_err(hdev, "firmware is for %x but this is a %x\n",
291 project_id_to_lmp_subver[i].lmp_subver,
292 btrtl_dev->ic_info->lmp_subver);
212 return -EINVAL; 293 return -EINVAL;
213 } 294 }
214 295
215 epatch_info = (struct rtl_epatch_header *)fw->data; 296 epatch_info = (struct rtl_epatch_header *)btrtl_dev->fw_data;
216 if (memcmp(epatch_info->signature, RTL_EPATCH_SIGNATURE, 8) != 0) { 297 if (memcmp(epatch_info->signature, RTL_EPATCH_SIGNATURE, 8) != 0) {
217 BT_ERR("%s: bad EPATCH signature", hdev->name); 298 rtl_dev_err(hdev, "bad EPATCH signature\n");
218 return -EINVAL; 299 return -EINVAL;
219 } 300 }
220 301
@@ -229,16 +310,16 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, u16 lmp_subver,
229 * Find the right patch for this chip. 310 * Find the right patch for this chip.
230 */ 311 */
231 min_size += 8 * num_patches; 312 min_size += 8 * num_patches;
232 if (fw->size < min_size) 313 if (btrtl_dev->fw_len < min_size)
233 return -EINVAL; 314 return -EINVAL;
234 315
235 chip_id_base = fw->data + sizeof(struct rtl_epatch_header); 316 chip_id_base = btrtl_dev->fw_data + sizeof(struct rtl_epatch_header);
236 patch_length_base = chip_id_base + (sizeof(u16) * num_patches); 317 patch_length_base = chip_id_base + (sizeof(u16) * num_patches);
237 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches); 318 patch_offset_base = patch_length_base + (sizeof(u16) * num_patches);
238 for (i = 0; i < num_patches; i++) { 319 for (i = 0; i < num_patches; i++) {
239 u16 chip_id = get_unaligned_le16(chip_id_base + 320 u16 chip_id = get_unaligned_le16(chip_id_base +
240 (i * sizeof(u16))); 321 (i * sizeof(u16)));
241 if (chip_id == rom_version + 1) { 322 if (chip_id == btrtl_dev->rom_version + 1) {
242 patch_length = get_unaligned_le16(patch_length_base + 323 patch_length = get_unaligned_le16(patch_length_base +
243 (i * sizeof(u16))); 324 (i * sizeof(u16)));
244 patch_offset = get_unaligned_le32(patch_offset_base + 325 patch_offset = get_unaligned_le32(patch_offset_base +
@@ -248,21 +329,22 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, u16 lmp_subver,
248 } 329 }
249 330
250 if (!patch_offset) { 331 if (!patch_offset) {
251 BT_ERR("%s: didn't find patch for chip id %d", 332 rtl_dev_err(hdev, "didn't find patch for chip id %d",
252 hdev->name, rom_version); 333 btrtl_dev->rom_version);
253 return -EINVAL; 334 return -EINVAL;
254 } 335 }
255 336
256 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i); 337 BT_DBG("length=%x offset=%x index %d", patch_length, patch_offset, i);
257 min_size = patch_offset + patch_length; 338 min_size = patch_offset + patch_length;
258 if (fw->size < min_size) 339 if (btrtl_dev->fw_len < min_size)
259 return -EINVAL; 340 return -EINVAL;
260 341
261 /* Copy the firmware into a new buffer and write the version at 342 /* Copy the firmware into a new buffer and write the version at
262 * the end. 343 * the end.
263 */ 344 */
264 len = patch_length; 345 len = patch_length;
265 buf = kmemdup(fw->data + patch_offset, patch_length, GFP_KERNEL); 346 buf = kmemdup(btrtl_dev->fw_data + patch_offset, patch_length,
347 GFP_KERNEL);
266 if (!buf) 348 if (!buf)
267 return -ENOMEM; 349 return -ENOMEM;
268 350
@@ -301,15 +383,14 @@ static int rtl_download_firmware(struct hci_dev *hdev,
301 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd, 383 skb = __hci_cmd_sync(hdev, 0xfc20, frag_len + 1, dl_cmd,
302 HCI_INIT_TIMEOUT); 384 HCI_INIT_TIMEOUT);
303 if (IS_ERR(skb)) { 385 if (IS_ERR(skb)) {
304 BT_ERR("%s: download fw command failed (%ld)", 386 rtl_dev_err(hdev, "download fw command failed (%ld)\n",
305 hdev->name, PTR_ERR(skb)); 387 PTR_ERR(skb));
306 ret = -PTR_ERR(skb); 388 ret = -PTR_ERR(skb);
307 goto out; 389 goto out;
308 } 390 }
309 391
310 if (skb->len != sizeof(struct rtl_download_response)) { 392 if (skb->len != sizeof(struct rtl_download_response)) {
311 BT_ERR("%s: download fw event length mismatch", 393 rtl_dev_err(hdev, "download fw event length mismatch\n");
312 hdev->name);
313 kfree_skb(skb); 394 kfree_skb(skb);
314 ret = -EIO; 395 ret = -EIO;
315 goto out; 396 goto out;
@@ -324,12 +405,12 @@ out:
324 return ret; 405 return ret;
325} 406}
326 407
327static int rtl_load_config(struct hci_dev *hdev, const char *name, u8 **buff) 408static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff)
328{ 409{
329 const struct firmware *fw; 410 const struct firmware *fw;
330 int ret; 411 int ret;
331 412
332 bt_dev_info(hdev, "rtl: loading %s", name); 413 rtl_dev_info(hdev, "rtl: loading %s\n", name);
333 ret = request_firmware(&fw, name, &hdev->dev); 414 ret = request_firmware(&fw, name, &hdev->dev);
334 if (ret < 0) 415 if (ret < 0)
335 return ret; 416 return ret;
@@ -343,96 +424,37 @@ static int rtl_load_config(struct hci_dev *hdev, const char *name, u8 **buff)
343 return ret; 424 return ret;
344} 425}
345 426
346static int btrtl_setup_rtl8723a(struct hci_dev *hdev) 427static int btrtl_setup_rtl8723a(struct hci_dev *hdev,
428 struct btrtl_device_info *btrtl_dev)
347{ 429{
348 const struct firmware *fw; 430 if (btrtl_dev->fw_len < 8)
349 int ret; 431 return -EINVAL;
350
351 bt_dev_info(hdev, "rtl: loading rtl_bt/rtl8723a_fw.bin");
352 ret = request_firmware(&fw, "rtl_bt/rtl8723a_fw.bin", &hdev->dev);
353 if (ret < 0) {
354 BT_ERR("%s: Failed to load rtl_bt/rtl8723a_fw.bin", hdev->name);
355 return ret;
356 }
357
358 if (fw->size < 8) {
359 ret = -EINVAL;
360 goto out;
361 }
362 432
363 /* Check that the firmware doesn't have the epatch signature 433 /* Check that the firmware doesn't have the epatch signature
364 * (which is only for RTL8723B and newer). 434 * (which is only for RTL8723B and newer).
365 */ 435 */
366 if (!memcmp(fw->data, RTL_EPATCH_SIGNATURE, 8)) { 436 if (!memcmp(btrtl_dev->fw_data, RTL_EPATCH_SIGNATURE, 8)) {
367 BT_ERR("%s: unexpected EPATCH signature!", hdev->name); 437 rtl_dev_err(hdev, "unexpected EPATCH signature!\n");
368 ret = -EINVAL; 438 return -EINVAL;
369 goto out;
370 } 439 }
371 440
372 ret = rtl_download_firmware(hdev, fw->data, fw->size); 441 return rtl_download_firmware(hdev, btrtl_dev->fw_data,
373 442 btrtl_dev->fw_len);
374out:
375 release_firmware(fw);
376 return ret;
377} 443}
378 444
379static int btrtl_setup_rtl8723b(struct hci_dev *hdev, u16 hci_rev, 445static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
380 u16 lmp_subver) 446 struct btrtl_device_info *btrtl_dev)
381{ 447{
382 unsigned char *fw_data = NULL; 448 unsigned char *fw_data = NULL;
383 const struct firmware *fw;
384 int ret; 449 int ret;
385 int cfg_sz;
386 u8 *cfg_buff = NULL;
387 u8 *tbuff; 450 u8 *tbuff;
388 char *cfg_name = NULL;
389 char *fw_name = NULL;
390 int i;
391 451
392 for (i = 0; i < ARRAY_SIZE(ic_id_table); i++) { 452 ret = rtlbt_parse_firmware(hdev, btrtl_dev, &fw_data);
393 if ((ic_id_table[i].match_flags & IC_MATCH_FL_LMPSUBV) &&
394 (ic_id_table[i].lmp_subver != lmp_subver))
395 continue;
396 if ((ic_id_table[i].match_flags & IC_MATCH_FL_HCIREV) &&
397 (ic_id_table[i].hci_rev != hci_rev))
398 continue;
399
400 break;
401 }
402
403 if (i >= ARRAY_SIZE(ic_id_table)) {
404 BT_ERR("%s: unknown IC info, lmp subver %04x, hci rev %04x",
405 hdev->name, lmp_subver, hci_rev);
406 return -EINVAL;
407 }
408
409 cfg_name = ic_id_table[i].cfg_name;
410
411 if (cfg_name) {
412 cfg_sz = rtl_load_config(hdev, cfg_name, &cfg_buff);
413 if (cfg_sz < 0) {
414 cfg_sz = 0;
415 if (ic_id_table[i].config_needed)
416 BT_ERR("Necessary config file %s not found\n",
417 cfg_name);
418 }
419 } else
420 cfg_sz = 0;
421
422 fw_name = ic_id_table[i].fw_name;
423 bt_dev_info(hdev, "rtl: loading %s", fw_name);
424 ret = request_firmware(&fw, fw_name, &hdev->dev);
425 if (ret < 0) {
426 BT_ERR("%s: Failed to load %s", hdev->name, fw_name);
427 goto err_req_fw;
428 }
429
430 ret = rtlbt_parse_firmware(hdev, lmp_subver, fw, &fw_data);
431 if (ret < 0) 453 if (ret < 0)
432 goto out; 454 goto out;
433 455
434 if (cfg_sz) { 456 if (btrtl_dev->cfg_len > 0) {
435 tbuff = kzalloc(ret + cfg_sz, GFP_KERNEL); 457 tbuff = kzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL);
436 if (!tbuff) { 458 if (!tbuff) {
437 ret = -ENOMEM; 459 ret = -ENOMEM;
438 goto out; 460 goto out;
@@ -441,22 +463,18 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev, u16 hci_rev,
441 memcpy(tbuff, fw_data, ret); 463 memcpy(tbuff, fw_data, ret);
442 kfree(fw_data); 464 kfree(fw_data);
443 465
444 memcpy(tbuff + ret, cfg_buff, cfg_sz); 466 memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
445 ret += cfg_sz; 467 ret += btrtl_dev->cfg_len;
446 468
447 fw_data = tbuff; 469 fw_data = tbuff;
448 } 470 }
449 471
450 bt_dev_info(hdev, "cfg_sz %d, total size %d", cfg_sz, ret); 472 rtl_dev_info(hdev, "cfg_sz %d, total sz %d\n", btrtl_dev->cfg_len, ret);
451 473
452 ret = rtl_download_firmware(hdev, fw_data, ret); 474 ret = rtl_download_firmware(hdev, fw_data, ret);
453 475
454out: 476out:
455 release_firmware(fw);
456 kfree(fw_data); 477 kfree(fw_data);
457err_req_fw:
458 if (cfg_sz)
459 kfree(cfg_buff);
460 return ret; 478 return ret;
461} 479}
462 480
@@ -467,14 +485,13 @@ static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev)
467 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL, 485 skb = __hci_cmd_sync(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL,
468 HCI_INIT_TIMEOUT); 486 HCI_INIT_TIMEOUT);
469 if (IS_ERR(skb)) { 487 if (IS_ERR(skb)) {
470 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION failed (%ld)", 488 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION failed (%ld)\n",
471 hdev->name, PTR_ERR(skb)); 489 PTR_ERR(skb));
472 return skb; 490 return skb;
473 } 491 }
474 492
475 if (skb->len != sizeof(struct hci_rp_read_local_version)) { 493 if (skb->len != sizeof(struct hci_rp_read_local_version)) {
476 BT_ERR("%s: HCI_OP_READ_LOCAL_VERSION event length mismatch", 494 rtl_dev_err(hdev, "HCI_OP_READ_LOCAL_VERSION event length mismatch\n");
477 hdev->name);
478 kfree_skb(skb); 495 kfree_skb(skb);
479 return ERR_PTR(-EIO); 496 return ERR_PTR(-EIO);
480 } 497 }
@@ -482,49 +499,264 @@ static struct sk_buff *btrtl_read_local_version(struct hci_dev *hdev)
482 return skb; 499 return skb;
483} 500}
484 501
485int btrtl_setup_realtek(struct hci_dev *hdev) 502void btrtl_free(struct btrtl_device_info *btrtl_dev)
486{ 503{
504 kfree(btrtl_dev->fw_data);
505 kfree(btrtl_dev->cfg_data);
506 kfree(btrtl_dev);
507}
508EXPORT_SYMBOL_GPL(btrtl_free);
509
510struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
511 const char *postfix)
512{
513 struct btrtl_device_info *btrtl_dev;
487 struct sk_buff *skb; 514 struct sk_buff *skb;
488 struct hci_rp_read_local_version *resp; 515 struct hci_rp_read_local_version *resp;
516 char cfg_name[40];
489 u16 hci_rev, lmp_subver; 517 u16 hci_rev, lmp_subver;
518 u8 hci_ver;
519 int ret;
520
521 btrtl_dev = kzalloc(sizeof(*btrtl_dev), GFP_KERNEL);
522 if (!btrtl_dev) {
523 ret = -ENOMEM;
524 goto err_alloc;
525 }
490 526
491 skb = btrtl_read_local_version(hdev); 527 skb = btrtl_read_local_version(hdev);
492 if (IS_ERR(skb)) 528 if (IS_ERR(skb)) {
493 return -PTR_ERR(skb); 529 ret = PTR_ERR(skb);
530 goto err_free;
531 }
494 532
495 resp = (struct hci_rp_read_local_version *)skb->data; 533 resp = (struct hci_rp_read_local_version *)skb->data;
496 bt_dev_info(hdev, "rtl: examining hci_ver=%02x hci_rev=%04x " 534 rtl_dev_info(hdev, "rtl: examining hci_ver=%02x hci_rev=%04x lmp_ver=%02x lmp_subver=%04x\n",
497 "lmp_ver=%02x lmp_subver=%04x", 535 resp->hci_ver, resp->hci_rev,
498 resp->hci_ver, resp->hci_rev, 536 resp->lmp_ver, resp->lmp_subver);
499 resp->lmp_ver, resp->lmp_subver);
500 537
538 hci_ver = resp->hci_ver;
501 hci_rev = le16_to_cpu(resp->hci_rev); 539 hci_rev = le16_to_cpu(resp->hci_rev);
502 lmp_subver = le16_to_cpu(resp->lmp_subver); 540 lmp_subver = le16_to_cpu(resp->lmp_subver);
503 kfree_skb(skb); 541 kfree_skb(skb);
504 542
543 btrtl_dev->ic_info = btrtl_match_ic(lmp_subver, hci_rev, hci_ver,
544 hdev->bus);
545
546 if (!btrtl_dev->ic_info) {
547 rtl_dev_err(hdev, "rtl: unknown IC info, lmp subver %04x, hci rev %04x, hci ver %04x",
548 lmp_subver, hci_rev, hci_ver);
549 ret = -EINVAL;
550 goto err_free;
551 }
552
553 if (btrtl_dev->ic_info->has_rom_version) {
554 ret = rtl_read_rom_version(hdev, &btrtl_dev->rom_version);
555 if (ret)
556 goto err_free;
557 }
558
559 btrtl_dev->fw_len = rtl_load_file(hdev, btrtl_dev->ic_info->fw_name,
560 &btrtl_dev->fw_data);
561 if (btrtl_dev->fw_len < 0) {
562 rtl_dev_err(hdev, "firmware file %s not found\n",
563 btrtl_dev->ic_info->fw_name);
564 ret = btrtl_dev->fw_len;
565 goto err_free;
566 }
567
568 if (btrtl_dev->ic_info->cfg_name) {
569 if (postfix) {
570 snprintf(cfg_name, sizeof(cfg_name), "%s-%s.bin",
571 btrtl_dev->ic_info->cfg_name, postfix);
572 } else {
573 snprintf(cfg_name, sizeof(cfg_name), "%s.bin",
574 btrtl_dev->ic_info->cfg_name);
575 }
576 btrtl_dev->cfg_len = rtl_load_file(hdev, cfg_name,
577 &btrtl_dev->cfg_data);
578 if (btrtl_dev->ic_info->config_needed &&
579 btrtl_dev->cfg_len <= 0) {
580 rtl_dev_err(hdev, "mandatory config file %s not found\n",
581 btrtl_dev->ic_info->cfg_name);
582 ret = btrtl_dev->cfg_len;
583 goto err_free;
584 }
585 }
586
587 return btrtl_dev;
588
589err_free:
590 btrtl_free(btrtl_dev);
591err_alloc:
592 return ERR_PTR(ret);
593}
594EXPORT_SYMBOL_GPL(btrtl_initialize);
595
596int btrtl_download_firmware(struct hci_dev *hdev,
597 struct btrtl_device_info *btrtl_dev)
598{
505 /* Match a set of subver values that correspond to stock firmware, 599 /* Match a set of subver values that correspond to stock firmware,
506 * which is not compatible with standard btusb. 600 * which is not compatible with standard btusb.
507 * If matched, upload an alternative firmware that does conform to 601 * If matched, upload an alternative firmware that does conform to
508 * standard btusb. Once that firmware is uploaded, the subver changes 602 * standard btusb. Once that firmware is uploaded, the subver changes
509 * to a different value. 603 * to a different value.
510 */ 604 */
511 switch (lmp_subver) { 605 switch (btrtl_dev->ic_info->lmp_subver) {
512 case RTL_ROM_LMP_8723A: 606 case RTL_ROM_LMP_8723A:
513 case RTL_ROM_LMP_3499: 607 case RTL_ROM_LMP_3499:
514 return btrtl_setup_rtl8723a(hdev); 608 return btrtl_setup_rtl8723a(hdev, btrtl_dev);
515 case RTL_ROM_LMP_8723B: 609 case RTL_ROM_LMP_8723B:
516 case RTL_ROM_LMP_8821A: 610 case RTL_ROM_LMP_8821A:
517 case RTL_ROM_LMP_8761A: 611 case RTL_ROM_LMP_8761A:
518 case RTL_ROM_LMP_8822B: 612 case RTL_ROM_LMP_8822B:
519 return btrtl_setup_rtl8723b(hdev, hci_rev, lmp_subver); 613 return btrtl_setup_rtl8723b(hdev, btrtl_dev);
520 default: 614 default:
521 bt_dev_info(hdev, "rtl: assuming no firmware upload needed"); 615 rtl_dev_info(hdev, "rtl: assuming no firmware upload needed\n");
522 return 0; 616 return 0;
523 } 617 }
524} 618}
619EXPORT_SYMBOL_GPL(btrtl_download_firmware);
620
621int btrtl_setup_realtek(struct hci_dev *hdev)
622{
623 struct btrtl_device_info *btrtl_dev;
624 int ret;
625
626 btrtl_dev = btrtl_initialize(hdev, NULL);
627 if (IS_ERR(btrtl_dev))
628 return PTR_ERR(btrtl_dev);
629
630 ret = btrtl_download_firmware(hdev, btrtl_dev);
631
632 btrtl_free(btrtl_dev);
633
634 return ret;
635}
525EXPORT_SYMBOL_GPL(btrtl_setup_realtek); 636EXPORT_SYMBOL_GPL(btrtl_setup_realtek);
526 637
638static unsigned int btrtl_convert_baudrate(u32 device_baudrate)
639{
640 switch (device_baudrate) {
641 case 0x0252a00a:
642 return 230400;
643
644 case 0x05f75004:
645 return 921600;
646
647 case 0x00005004:
648 return 1000000;
649
650 case 0x04928002:
651 case 0x01128002:
652 return 1500000;
653
654 case 0x00005002:
655 return 2000000;
656
657 case 0x0000b001:
658 return 2500000;
659
660 case 0x04928001:
661 return 3000000;
662
663 case 0x052a6001:
664 return 3500000;
665
666 case 0x00005001:
667 return 4000000;
668
669 case 0x0252c014:
670 default:
671 return 115200;
672 }
673}
674
675int btrtl_get_uart_settings(struct hci_dev *hdev,
676 struct btrtl_device_info *btrtl_dev,
677 unsigned int *controller_baudrate,
678 u32 *device_baudrate, bool *flow_control)
679{
680 struct rtl_vendor_config *config;
681 struct rtl_vendor_config_entry *entry;
682 int i, total_data_len;
683 bool found = false;
684
685 total_data_len = btrtl_dev->cfg_len - sizeof(*config);
686 if (total_data_len <= 0) {
687 rtl_dev_warn(hdev, "no config loaded\n");
688 return -EINVAL;
689 }
690
691 config = (struct rtl_vendor_config *)btrtl_dev->cfg_data;
692 if (le32_to_cpu(config->signature) != RTL_CONFIG_MAGIC) {
693 rtl_dev_err(hdev, "invalid config magic\n");
694 return -EINVAL;
695 }
696
697 if (total_data_len < le16_to_cpu(config->total_len)) {
698 rtl_dev_err(hdev, "config is too short\n");
699 return -EINVAL;
700 }
701
702 for (i = 0; i < total_data_len; ) {
703 entry = ((void *)config->entry) + i;
704
705 switch (le16_to_cpu(entry->offset)) {
706 case 0xc:
707 if (entry->len < sizeof(*device_baudrate)) {
708 rtl_dev_err(hdev, "invalid UART config entry\n");
709 return -EINVAL;
710 }
711
712 *device_baudrate = get_unaligned_le32(entry->data);
713 *controller_baudrate = btrtl_convert_baudrate(
714 *device_baudrate);
715
716 if (entry->len >= 13)
717 *flow_control = !!(entry->data[12] & BIT(2));
718 else
719 *flow_control = false;
720
721 found = true;
722 break;
723
724 default:
725 rtl_dev_dbg(hdev, "skipping config entry 0x%x (len %u)\n",
726 le16_to_cpu(entry->offset), entry->len);
727 break;
728 };
729
730 i += sizeof(*entry) + entry->len;
731 }
732
733 if (!found) {
734 rtl_dev_err(hdev, "no UART config entry found\n");
735 return -ENOENT;
736 }
737
738 rtl_dev_dbg(hdev, "device baudrate = 0x%08x\n", *device_baudrate);
739 rtl_dev_dbg(hdev, "controller baudrate = %u\n", *controller_baudrate);
740 rtl_dev_dbg(hdev, "flow control %d\n", *flow_control);
741
742 return 0;
743}
744EXPORT_SYMBOL_GPL(btrtl_get_uart_settings);
745
527MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>"); 746MODULE_AUTHOR("Daniel Drake <drake@endlessm.com>");
528MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION); 747MODULE_DESCRIPTION("Bluetooth support for Realtek devices ver " VERSION);
529MODULE_VERSION(VERSION); 748MODULE_VERSION(VERSION);
530MODULE_LICENSE("GPL"); 749MODULE_LICENSE("GPL");
750MODULE_FIRMWARE("rtl_bt/rtl8723a_fw.bin");
751MODULE_FIRMWARE("rtl_bt/rtl8723b_fw.bin");
752MODULE_FIRMWARE("rtl_bt/rtl8723b_config.bin");
753MODULE_FIRMWARE("rtl_bt/rtl8723bs_fw.bin");
754MODULE_FIRMWARE("rtl_bt/rtl8723bs_config.bin");
755MODULE_FIRMWARE("rtl_bt/rtl8723ds_fw.bin");
756MODULE_FIRMWARE("rtl_bt/rtl8723ds_config.bin");
757MODULE_FIRMWARE("rtl_bt/rtl8761a_fw.bin");
758MODULE_FIRMWARE("rtl_bt/rtl8761a_config.bin");
759MODULE_FIRMWARE("rtl_bt/rtl8821a_fw.bin");
760MODULE_FIRMWARE("rtl_bt/rtl8821a_config.bin");
761MODULE_FIRMWARE("rtl_bt/rtl8822b_fw.bin");
762MODULE_FIRMWARE("rtl_bt/rtl8822b_config.bin");
diff --git a/drivers/bluetooth/btrtl.h b/drivers/bluetooth/btrtl.h
index 38ffe4890cd1..f5e36f3993a8 100644
--- a/drivers/bluetooth/btrtl.h
+++ b/drivers/bluetooth/btrtl.h
@@ -17,6 +17,13 @@
17 17
18#define RTL_FRAG_LEN 252 18#define RTL_FRAG_LEN 252
19 19
20#define rtl_dev_err(dev, fmt, ...) bt_dev_err(dev, "RTL: " fmt, ##__VA_ARGS__)
21#define rtl_dev_warn(dev, fmt, ...) bt_dev_warn(dev, "RTL: " fmt, ##__VA_ARGS__)
22#define rtl_dev_info(dev, fmt, ...) bt_dev_info(dev, "RTL: " fmt, ##__VA_ARGS__)
23#define rtl_dev_dbg(dev, fmt, ...) bt_dev_dbg(dev, "RTL: " fmt, ##__VA_ARGS__)
24
25struct btrtl_device_info;
26
20struct rtl_download_cmd { 27struct rtl_download_cmd {
21 __u8 index; 28 __u8 index;
22 __u8 data[RTL_FRAG_LEN]; 29 __u8 data[RTL_FRAG_LEN];
@@ -38,15 +45,61 @@ struct rtl_epatch_header {
38 __le16 num_patches; 45 __le16 num_patches;
39} __packed; 46} __packed;
40 47
48struct rtl_vendor_config_entry {
49 __le16 offset;
50 __u8 len;
51 __u8 data[0];
52} __packed;
53
54struct rtl_vendor_config {
55 __le32 signature;
56 __le16 total_len;
57 struct rtl_vendor_config_entry entry[0];
58} __packed;
59
41#if IS_ENABLED(CONFIG_BT_RTL) 60#if IS_ENABLED(CONFIG_BT_RTL)
42 61
62struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
63 const char *postfix);
64void btrtl_free(struct btrtl_device_info *btrtl_dev);
65int btrtl_download_firmware(struct hci_dev *hdev,
66 struct btrtl_device_info *btrtl_dev);
43int btrtl_setup_realtek(struct hci_dev *hdev); 67int btrtl_setup_realtek(struct hci_dev *hdev);
68int btrtl_get_uart_settings(struct hci_dev *hdev,
69 struct btrtl_device_info *btrtl_dev,
70 unsigned int *controller_baudrate,
71 u32 *device_baudrate, bool *flow_control);
44 72
45#else 73#else
46 74
75static inline struct btrtl_device_info *btrtl_initialize(struct hci_dev *hdev,
76 const char *postfix)
77{
78 return ERR_PTR(-EOPNOTSUPP);
79}
80
81static inline void btrtl_free(struct btrtl_device_info *btrtl_dev)
82{
83}
84
85static inline int btrtl_download_firmware(struct hci_dev *hdev,
86 struct btrtl_device_info *btrtl_dev)
87{
88 return -EOPNOTSUPP;
89}
90
47static inline int btrtl_setup_realtek(struct hci_dev *hdev) 91static inline int btrtl_setup_realtek(struct hci_dev *hdev)
48{ 92{
49 return -EOPNOTSUPP; 93 return -EOPNOTSUPP;
50} 94}
51 95
96static inline int btrtl_get_uart_settings(struct hci_dev *hdev,
97 struct btrtl_device_info *btrtl_dev,
98 unsigned int *controller_baudrate,
99 u32 *device_baudrate,
100 bool *flow_control)
101{
102 return -ENOENT;
103}
104
52#endif 105#endif
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index f73a27ea28cc..cd2e5cf14ea5 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -374,6 +374,7 @@ static const struct usb_device_id blacklist_table[] = {
374 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK }, 374 { USB_DEVICE(0x7392, 0xa611), .driver_info = BTUSB_REALTEK },
375 375
376 /* Additional Realtek 8723DE Bluetooth devices */ 376 /* Additional Realtek 8723DE Bluetooth devices */
377 { USB_DEVICE(0x0bda, 0xb009), .driver_info = BTUSB_REALTEK },
377 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK }, 378 { USB_DEVICE(0x2ff8, 0xb011), .driver_info = BTUSB_REALTEK },
378 379
379 /* Additional Realtek 8821AE Bluetooth devices */ 380 /* Additional Realtek 8821AE Bluetooth devices */
@@ -509,9 +510,10 @@ static inline void btusb_free_frags(struct btusb_data *data)
509static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count) 510static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
510{ 511{
511 struct sk_buff *skb; 512 struct sk_buff *skb;
513 unsigned long flags;
512 int err = 0; 514 int err = 0;
513 515
514 spin_lock(&data->rxlock); 516 spin_lock_irqsave(&data->rxlock, flags);
515 skb = data->evt_skb; 517 skb = data->evt_skb;
516 518
517 while (count) { 519 while (count) {
@@ -556,7 +558,7 @@ static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
556 } 558 }
557 559
558 data->evt_skb = skb; 560 data->evt_skb = skb;
559 spin_unlock(&data->rxlock); 561 spin_unlock_irqrestore(&data->rxlock, flags);
560 562
561 return err; 563 return err;
562} 564}
@@ -564,9 +566,10 @@ static int btusb_recv_intr(struct btusb_data *data, void *buffer, int count)
564static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count) 566static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
565{ 567{
566 struct sk_buff *skb; 568 struct sk_buff *skb;
569 unsigned long flags;
567 int err = 0; 570 int err = 0;
568 571
569 spin_lock(&data->rxlock); 572 spin_lock_irqsave(&data->rxlock, flags);
570 skb = data->acl_skb; 573 skb = data->acl_skb;
571 574
572 while (count) { 575 while (count) {
@@ -613,7 +616,7 @@ static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
613 } 616 }
614 617
615 data->acl_skb = skb; 618 data->acl_skb = skb;
616 spin_unlock(&data->rxlock); 619 spin_unlock_irqrestore(&data->rxlock, flags);
617 620
618 return err; 621 return err;
619} 622}
@@ -621,9 +624,10 @@ static int btusb_recv_bulk(struct btusb_data *data, void *buffer, int count)
621static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count) 624static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
622{ 625{
623 struct sk_buff *skb; 626 struct sk_buff *skb;
627 unsigned long flags;
624 int err = 0; 628 int err = 0;
625 629
626 spin_lock(&data->rxlock); 630 spin_lock_irqsave(&data->rxlock, flags);
627 skb = data->sco_skb; 631 skb = data->sco_skb;
628 632
629 while (count) { 633 while (count) {
@@ -668,7 +672,7 @@ static int btusb_recv_isoc(struct btusb_data *data, void *buffer, int count)
668 } 672 }
669 673
670 data->sco_skb = skb; 674 data->sco_skb = skb;
671 spin_unlock(&data->rxlock); 675 spin_unlock_irqrestore(&data->rxlock, flags);
672 676
673 return err; 677 return err;
674} 678}
@@ -1066,6 +1070,7 @@ static void btusb_tx_complete(struct urb *urb)
1066 struct sk_buff *skb = urb->context; 1070 struct sk_buff *skb = urb->context;
1067 struct hci_dev *hdev = (struct hci_dev *)skb->dev; 1071 struct hci_dev *hdev = (struct hci_dev *)skb->dev;
1068 struct btusb_data *data = hci_get_drvdata(hdev); 1072 struct btusb_data *data = hci_get_drvdata(hdev);
1073 unsigned long flags;
1069 1074
1070 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status, 1075 BT_DBG("%s urb %p status %d count %d", hdev->name, urb, urb->status,
1071 urb->actual_length); 1076 urb->actual_length);
@@ -1079,9 +1084,9 @@ static void btusb_tx_complete(struct urb *urb)
1079 hdev->stat.err_tx++; 1084 hdev->stat.err_tx++;
1080 1085
1081done: 1086done:
1082 spin_lock(&data->txlock); 1087 spin_lock_irqsave(&data->txlock, flags);
1083 data->tx_in_flight--; 1088 data->tx_in_flight--;
1084 spin_unlock(&data->txlock); 1089 spin_unlock_irqrestore(&data->txlock, flags);
1085 1090
1086 kfree(urb->setup_packet); 1091 kfree(urb->setup_packet);
1087 1092
@@ -1593,13 +1598,13 @@ static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1593 ret = request_firmware(&fw, fwname, &hdev->dev); 1598 ret = request_firmware(&fw, fwname, &hdev->dev);
1594 if (ret < 0) { 1599 if (ret < 0) {
1595 if (ret == -EINVAL) { 1600 if (ret == -EINVAL) {
1596 BT_ERR("%s Intel firmware file request failed (%d)", 1601 bt_dev_err(hdev, "Intel firmware file request failed (%d)",
1597 hdev->name, ret); 1602 ret);
1598 return NULL; 1603 return NULL;
1599 } 1604 }
1600 1605
1601 BT_ERR("%s failed to open Intel firmware file: %s(%d)", 1606 bt_dev_err(hdev, "failed to open Intel firmware file: %s (%d)",
1602 hdev->name, fwname, ret); 1607 fwname, ret);
1603 1608
1604 /* If the correct firmware patch file is not found, use the 1609 /* If the correct firmware patch file is not found, use the
1605 * default firmware patch file instead 1610 * default firmware patch file instead
@@ -1607,8 +1612,8 @@ static const struct firmware *btusb_setup_intel_get_fw(struct hci_dev *hdev,
1607 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq", 1612 snprintf(fwname, sizeof(fwname), "intel/ibt-hw-%x.%x.bseq",
1608 ver->hw_platform, ver->hw_variant); 1613 ver->hw_platform, ver->hw_variant);
1609 if (request_firmware(&fw, fwname, &hdev->dev) < 0) { 1614 if (request_firmware(&fw, fwname, &hdev->dev) < 0) {
1610 BT_ERR("%s failed to open default Intel fw file: %s", 1615 bt_dev_err(hdev, "failed to open default fw file: %s",
1611 hdev->name, fwname); 1616 fwname);
1612 return NULL; 1617 return NULL;
1613 } 1618 }
1614 } 1619 }
@@ -1637,7 +1642,7 @@ static int btusb_setup_intel_patching(struct hci_dev *hdev,
1637 * process. 1642 * process.
1638 */ 1643 */
1639 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) { 1644 if (remain > HCI_COMMAND_HDR_SIZE && *fw_ptr[0] != 0x01) {
1640 BT_ERR("%s Intel fw corrupted: invalid cmd read", hdev->name); 1645 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd read");
1641 return -EINVAL; 1646 return -EINVAL;
1642 } 1647 }
1643 (*fw_ptr)++; 1648 (*fw_ptr)++;
@@ -1651,7 +1656,7 @@ static int btusb_setup_intel_patching(struct hci_dev *hdev,
1651 * of command parameter. If not, the firmware file is corrupted. 1656 * of command parameter. If not, the firmware file is corrupted.
1652 */ 1657 */
1653 if (remain < cmd->plen) { 1658 if (remain < cmd->plen) {
1654 BT_ERR("%s Intel fw corrupted: invalid cmd len", hdev->name); 1659 bt_dev_err(hdev, "Intel fw corrupted: invalid cmd len");
1655 return -EFAULT; 1660 return -EFAULT;
1656 } 1661 }
1657 1662
@@ -1684,8 +1689,7 @@ static int btusb_setup_intel_patching(struct hci_dev *hdev,
1684 remain -= sizeof(*evt); 1689 remain -= sizeof(*evt);
1685 1690
1686 if (remain < evt->plen) { 1691 if (remain < evt->plen) {
1687 BT_ERR("%s Intel fw corrupted: invalid evt len", 1692 bt_dev_err(hdev, "Intel fw corrupted: invalid evt len");
1688 hdev->name);
1689 return -EFAULT; 1693 return -EFAULT;
1690 } 1694 }
1691 1695
@@ -1699,15 +1703,15 @@ static int btusb_setup_intel_patching(struct hci_dev *hdev,
1699 * file is corrupted. 1703 * file is corrupted.
1700 */ 1704 */
1701 if (!evt || !evt_param || remain < 0) { 1705 if (!evt || !evt_param || remain < 0) {
1702 BT_ERR("%s Intel fw corrupted: invalid evt read", hdev->name); 1706 bt_dev_err(hdev, "Intel fw corrupted: invalid evt read");
1703 return -EFAULT; 1707 return -EFAULT;
1704 } 1708 }
1705 1709
1706 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen, 1710 skb = __hci_cmd_sync_ev(hdev, le16_to_cpu(cmd->opcode), cmd->plen,
1707 cmd_param, evt->evt, HCI_INIT_TIMEOUT); 1711 cmd_param, evt->evt, HCI_INIT_TIMEOUT);
1708 if (IS_ERR(skb)) { 1712 if (IS_ERR(skb)) {
1709 BT_ERR("%s sending Intel patch command (0x%4.4x) failed (%ld)", 1713 bt_dev_err(hdev, "sending Intel patch command (0x%4.4x) failed (%ld)",
1710 hdev->name, cmd->opcode, PTR_ERR(skb)); 1714 cmd->opcode, PTR_ERR(skb));
1711 return PTR_ERR(skb); 1715 return PTR_ERR(skb);
1712 } 1716 }
1713 1717
@@ -1716,15 +1720,15 @@ static int btusb_setup_intel_patching(struct hci_dev *hdev,
1716 * the contents of the event. 1720 * the contents of the event.
1717 */ 1721 */
1718 if (skb->len != evt->plen) { 1722 if (skb->len != evt->plen) {
1719 BT_ERR("%s mismatch event length (opcode 0x%4.4x)", hdev->name, 1723 bt_dev_err(hdev, "mismatch event length (opcode 0x%4.4x)",
1720 le16_to_cpu(cmd->opcode)); 1724 le16_to_cpu(cmd->opcode));
1721 kfree_skb(skb); 1725 kfree_skb(skb);
1722 return -EFAULT; 1726 return -EFAULT;
1723 } 1727 }
1724 1728
1725 if (memcmp(skb->data, evt_param, evt->plen)) { 1729 if (memcmp(skb->data, evt_param, evt->plen)) {
1726 BT_ERR("%s mismatch event parameter (opcode 0x%4.4x)", 1730 bt_dev_err(hdev, "mismatch event parameter (opcode 0x%4.4x)",
1727 hdev->name, le16_to_cpu(cmd->opcode)); 1731 le16_to_cpu(cmd->opcode));
1728 kfree_skb(skb); 1732 kfree_skb(skb);
1729 return -EFAULT; 1733 return -EFAULT;
1730 } 1734 }
@@ -1753,8 +1757,8 @@ static int btusb_setup_intel(struct hci_dev *hdev)
1753 */ 1757 */
1754 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); 1758 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
1755 if (IS_ERR(skb)) { 1759 if (IS_ERR(skb)) {
1756 BT_ERR("%s sending initial HCI reset command failed (%ld)", 1760 bt_dev_err(hdev, "sending initial HCI reset command failed (%ld)",
1757 hdev->name, PTR_ERR(skb)); 1761 PTR_ERR(skb));
1758 return PTR_ERR(skb); 1762 return PTR_ERR(skb);
1759 } 1763 }
1760 kfree_skb(skb); 1764 kfree_skb(skb);
@@ -1890,7 +1894,7 @@ static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
1890 struct hci_event_hdr *hdr; 1894 struct hci_event_hdr *hdr;
1891 struct hci_ev_cmd_complete *evt; 1895 struct hci_ev_cmd_complete *evt;
1892 1896
1893 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); 1897 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
1894 if (!skb) 1898 if (!skb)
1895 return -ENOMEM; 1899 return -ENOMEM;
1896 1900
@@ -2084,8 +2088,8 @@ static int btusb_setup_intel_new(struct hci_dev *hdev)
2084 * for now only accept this single value. 2088 * for now only accept this single value.
2085 */ 2089 */
2086 if (ver.hw_platform != 0x37) { 2090 if (ver.hw_platform != 0x37) {
2087 BT_ERR("%s: Unsupported Intel hardware platform (%u)", 2091 bt_dev_err(hdev, "Unsupported Intel hardware platform (%u)",
2088 hdev->name, ver.hw_platform); 2092 ver.hw_platform);
2089 return -EINVAL; 2093 return -EINVAL;
2090 } 2094 }
2091 2095
@@ -2104,8 +2108,8 @@ static int btusb_setup_intel_new(struct hci_dev *hdev)
2104 case 0x14: /* QnJ, IcP */ 2108 case 0x14: /* QnJ, IcP */
2105 break; 2109 break;
2106 default: 2110 default:
2107 BT_ERR("%s: Unsupported Intel hardware variant (%u)", 2111 bt_dev_err(hdev, "Unsupported Intel hardware variant (%u)",
2108 hdev->name, ver.hw_variant); 2112 ver.hw_variant);
2109 return -EINVAL; 2113 return -EINVAL;
2110 } 2114 }
2111 2115
@@ -2134,8 +2138,8 @@ static int btusb_setup_intel_new(struct hci_dev *hdev)
2134 * choice is to return an error and abort the device initialization. 2138 * choice is to return an error and abort the device initialization.
2135 */ 2139 */
2136 if (ver.fw_variant != 0x06) { 2140 if (ver.fw_variant != 0x06) {
2137 BT_ERR("%s: Unsupported Intel firmware variant (%u)", 2141 bt_dev_err(hdev, "Unsupported Intel firmware variant (%u)",
2138 hdev->name, ver.fw_variant); 2142 ver.fw_variant);
2139 return -ENODEV; 2143 return -ENODEV;
2140 } 2144 }
2141 2145
@@ -2151,8 +2155,8 @@ static int btusb_setup_intel_new(struct hci_dev *hdev)
2151 * that this bootloader does not send them, then abort the setup. 2155 * that this bootloader does not send them, then abort the setup.
2152 */ 2156 */
2153 if (params.limited_cce != 0x00) { 2157 if (params.limited_cce != 0x00) {
2154 BT_ERR("%s: Unsupported Intel firmware loading method (%u)", 2158 bt_dev_err(hdev, "Unsupported Intel firmware loading method (%u)",
2155 hdev->name, params.limited_cce); 2159 params.limited_cce);
2156 return -EINVAL; 2160 return -EINVAL;
2157 } 2161 }
2158 2162
@@ -2202,14 +2206,13 @@ static int btusb_setup_intel_new(struct hci_dev *hdev)
2202 le16_to_cpu(ver.fw_revision)); 2206 le16_to_cpu(ver.fw_revision));
2203 break; 2207 break;
2204 default: 2208 default:
2205 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name); 2209 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2206 return -EINVAL; 2210 return -EINVAL;
2207 } 2211 }
2208 2212
2209 err = request_firmware(&fw, fwname, &hdev->dev); 2213 err = request_firmware(&fw, fwname, &hdev->dev);
2210 if (err < 0) { 2214 if (err < 0) {
2211 BT_ERR("%s: Failed to load Intel firmware file (%d)", 2215 bt_dev_err(hdev, "Failed to load Intel firmware file (%d)", err);
2212 hdev->name, err);
2213 return err; 2216 return err;
2214 } 2217 }
2215 2218
@@ -2235,13 +2238,13 @@ static int btusb_setup_intel_new(struct hci_dev *hdev)
2235 le16_to_cpu(ver.fw_revision)); 2238 le16_to_cpu(ver.fw_revision));
2236 break; 2239 break;
2237 default: 2240 default:
2238 BT_ERR("%s: Unsupported Intel firmware naming", hdev->name); 2241 bt_dev_err(hdev, "Unsupported Intel firmware naming");
2239 return -EINVAL; 2242 return -EINVAL;
2240 } 2243 }
2241 2244
2242 if (fw->size < 644) { 2245 if (fw->size < 644) {
2243 BT_ERR("%s: Invalid size of firmware file (%zu)", 2246 bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
2244 hdev->name, fw->size); 2247 fw->size);
2245 err = -EBADF; 2248 err = -EBADF;
2246 goto done; 2249 goto done;
2247 } 2250 }
@@ -2272,18 +2275,18 @@ static int btusb_setup_intel_new(struct hci_dev *hdev)
2272 TASK_INTERRUPTIBLE, 2275 TASK_INTERRUPTIBLE,
2273 msecs_to_jiffies(5000)); 2276 msecs_to_jiffies(5000));
2274 if (err == -EINTR) { 2277 if (err == -EINTR) {
2275 BT_ERR("%s: Firmware loading interrupted", hdev->name); 2278 bt_dev_err(hdev, "Firmware loading interrupted");
2276 goto done; 2279 goto done;
2277 } 2280 }
2278 2281
2279 if (err) { 2282 if (err) {
2280 BT_ERR("%s: Firmware loading timeout", hdev->name); 2283 bt_dev_err(hdev, "Firmware loading timeout");
2281 err = -ETIMEDOUT; 2284 err = -ETIMEDOUT;
2282 goto done; 2285 goto done;
2283 } 2286 }
2284 2287
2285 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) { 2288 if (test_bit(BTUSB_FIRMWARE_FAILED, &data->flags)) {
2286 BT_ERR("%s: Firmware loading failed", hdev->name); 2289 bt_dev_err(hdev, "Firmware loading failed");
2287 err = -ENOEXEC; 2290 err = -ENOEXEC;
2288 goto done; 2291 goto done;
2289 } 2292 }
@@ -2322,12 +2325,12 @@ done:
2322 msecs_to_jiffies(1000)); 2325 msecs_to_jiffies(1000));
2323 2326
2324 if (err == -EINTR) { 2327 if (err == -EINTR) {
2325 BT_ERR("%s: Device boot interrupted", hdev->name); 2328 bt_dev_err(hdev, "Device boot interrupted");
2326 return -EINTR; 2329 return -EINTR;
2327 } 2330 }
2328 2331
2329 if (err) { 2332 if (err) {
2330 BT_ERR("%s: Device boot timeout", hdev->name); 2333 bt_dev_err(hdev, "Device boot timeout");
2331 return -ETIMEDOUT; 2334 return -ETIMEDOUT;
2332 } 2335 }
2333 2336
@@ -2364,6 +2367,22 @@ static int btusb_shutdown_intel(struct hci_dev *hdev)
2364 struct sk_buff *skb; 2367 struct sk_buff *skb;
2365 long ret; 2368 long ret;
2366 2369
2370 /* In the shutdown sequence where Bluetooth is turned off followed
2371 * by WiFi being turned off, turning WiFi back on causes issue with
2372 * the RF calibration.
2373 *
2374 * To ensure that any RF activity has been stopped, issue HCI Reset
2375 * command to clear all ongoing activity including advertising,
2376 * scanning etc.
2377 */
2378 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT);
2379 if (IS_ERR(skb)) {
2380 ret = PTR_ERR(skb);
2381 bt_dev_err(hdev, "HCI reset during shutdown failed");
2382 return ret;
2383 }
2384 kfree_skb(skb);
2385
2367 /* Some platforms have an issue with BT LED when the interface is 2386 /* Some platforms have an issue with BT LED when the interface is
2368 * down or BT radio is turned off, which takes 5 seconds to BT LED 2387 * down or BT radio is turned off, which takes 5 seconds to BT LED
2369 * goes off. This command turns off the BT LED immediately. 2388 * goes off. This command turns off the BT LED immediately.
@@ -2371,8 +2390,7 @@ static int btusb_shutdown_intel(struct hci_dev *hdev)
2371 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT); 2390 skb = __hci_cmd_sync(hdev, 0xfc3f, 0, NULL, HCI_INIT_TIMEOUT);
2372 if (IS_ERR(skb)) { 2391 if (IS_ERR(skb)) {
2373 ret = PTR_ERR(skb); 2392 ret = PTR_ERR(skb);
2374 BT_ERR("%s: turning off Intel device LED failed (%ld)", 2393 bt_dev_err(hdev, "turning off Intel device LED failed");
2375 hdev->name, ret);
2376 return ret; 2394 return ret;
2377 } 2395 }
2378 kfree_skb(skb); 2396 kfree_skb(skb);
diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
index 6a8d0d06aba7..63c0dcbc4914 100644
--- a/drivers/bluetooth/hci_h5.c
+++ b/drivers/bluetooth/hci_h5.c
@@ -21,13 +21,18 @@
21 * 21 *
22 */ 22 */
23 23
24#include <linux/kernel.h> 24#include <linux/acpi.h>
25#include <linux/errno.h> 25#include <linux/errno.h>
26#include <linux/gpio/consumer.h>
27#include <linux/kernel.h>
28#include <linux/mod_devicetable.h>
29#include <linux/serdev.h>
26#include <linux/skbuff.h> 30#include <linux/skbuff.h>
27 31
28#include <net/bluetooth/bluetooth.h> 32#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h> 33#include <net/bluetooth/hci_core.h>
30 34
35#include "btrtl.h"
31#include "hci_uart.h" 36#include "hci_uart.h"
32 37
33#define HCI_3WIRE_ACK_PKT 0 38#define HCI_3WIRE_ACK_PKT 0
@@ -65,6 +70,9 @@ enum {
65}; 70};
66 71
67struct h5 { 72struct h5 {
73 /* Must be the first member, hci_serdev.c expects this. */
74 struct hci_uart serdev_hu;
75
68 struct sk_buff_head unack; /* Unack'ed packets queue */ 76 struct sk_buff_head unack; /* Unack'ed packets queue */
69 struct sk_buff_head rel; /* Reliable packets queue */ 77 struct sk_buff_head rel; /* Reliable packets queue */
70 struct sk_buff_head unrel; /* Unreliable packets queue */ 78 struct sk_buff_head unrel; /* Unreliable packets queue */
@@ -95,6 +103,19 @@ struct h5 {
95 H5_SLEEPING, 103 H5_SLEEPING,
96 H5_WAKING_UP, 104 H5_WAKING_UP,
97 } sleep; 105 } sleep;
106
107 const struct h5_vnd *vnd;
108 const char *id;
109
110 struct gpio_desc *enable_gpio;
111 struct gpio_desc *device_wake_gpio;
112};
113
114struct h5_vnd {
115 int (*setup)(struct h5 *h5);
116 void (*open)(struct h5 *h5);
117 void (*close)(struct h5 *h5);
118 const struct acpi_gpio_mapping *acpi_gpio_map;
98}; 119};
99 120
100static void h5_reset_rx(struct h5 *h5); 121static void h5_reset_rx(struct h5 *h5);
@@ -193,9 +214,13 @@ static int h5_open(struct hci_uart *hu)
193 214
194 BT_DBG("hu %p", hu); 215 BT_DBG("hu %p", hu);
195 216
196 h5 = kzalloc(sizeof(*h5), GFP_KERNEL); 217 if (hu->serdev) {
197 if (!h5) 218 h5 = serdev_device_get_drvdata(hu->serdev);
198 return -ENOMEM; 219 } else {
220 h5 = kzalloc(sizeof(*h5), GFP_KERNEL);
221 if (!h5)
222 return -ENOMEM;
223 }
199 224
200 hu->priv = h5; 225 hu->priv = h5;
201 h5->hu = hu; 226 h5->hu = hu;
@@ -210,6 +235,9 @@ static int h5_open(struct hci_uart *hu)
210 235
211 h5->tx_win = H5_TX_WIN_MAX; 236 h5->tx_win = H5_TX_WIN_MAX;
212 237
238 if (h5->vnd && h5->vnd->open)
239 h5->vnd->open(h5);
240
213 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags); 241 set_bit(HCI_UART_INIT_PENDING, &hu->hdev_flags);
214 242
215 /* Send initial sync request */ 243 /* Send initial sync request */
@@ -229,7 +257,21 @@ static int h5_close(struct hci_uart *hu)
229 skb_queue_purge(&h5->rel); 257 skb_queue_purge(&h5->rel);
230 skb_queue_purge(&h5->unrel); 258 skb_queue_purge(&h5->unrel);
231 259
232 kfree(h5); 260 if (h5->vnd && h5->vnd->close)
261 h5->vnd->close(h5);
262
263 if (!hu->serdev)
264 kfree(h5);
265
266 return 0;
267}
268
269static int h5_setup(struct hci_uart *hu)
270{
271 struct h5 *h5 = hu->priv;
272
273 if (h5->vnd && h5->vnd->setup)
274 return h5->vnd->setup(h5);
233 275
234 return 0; 276 return 0;
235} 277}
@@ -744,18 +786,168 @@ static const struct hci_uart_proto h5p = {
744 .name = "Three-wire (H5)", 786 .name = "Three-wire (H5)",
745 .open = h5_open, 787 .open = h5_open,
746 .close = h5_close, 788 .close = h5_close,
789 .setup = h5_setup,
747 .recv = h5_recv, 790 .recv = h5_recv,
748 .enqueue = h5_enqueue, 791 .enqueue = h5_enqueue,
749 .dequeue = h5_dequeue, 792 .dequeue = h5_dequeue,
750 .flush = h5_flush, 793 .flush = h5_flush,
751}; 794};
752 795
796static int h5_serdev_probe(struct serdev_device *serdev)
797{
798 const struct acpi_device_id *match;
799 struct device *dev = &serdev->dev;
800 struct h5 *h5;
801
802 h5 = devm_kzalloc(dev, sizeof(*h5), GFP_KERNEL);
803 if (!h5)
804 return -ENOMEM;
805
806 set_bit(HCI_UART_RESET_ON_INIT, &h5->serdev_hu.flags);
807
808 h5->hu = &h5->serdev_hu;
809 h5->serdev_hu.serdev = serdev;
810 serdev_device_set_drvdata(serdev, h5);
811
812 if (has_acpi_companion(dev)) {
813 match = acpi_match_device(dev->driver->acpi_match_table, dev);
814 if (!match)
815 return -ENODEV;
816
817 h5->vnd = (const struct h5_vnd *)match->driver_data;
818 h5->id = (char *)match->id;
819
820 if (h5->vnd->acpi_gpio_map)
821 devm_acpi_dev_add_driver_gpios(dev,
822 h5->vnd->acpi_gpio_map);
823 }
824
825 h5->enable_gpio = devm_gpiod_get_optional(dev, "enable", GPIOD_OUT_LOW);
826 if (IS_ERR(h5->enable_gpio))
827 return PTR_ERR(h5->enable_gpio);
828
829 h5->device_wake_gpio = devm_gpiod_get_optional(dev, "device-wake",
830 GPIOD_OUT_LOW);
831 if (IS_ERR(h5->device_wake_gpio))
832 return PTR_ERR(h5->device_wake_gpio);
833
834 return hci_uart_register_device(&h5->serdev_hu, &h5p);
835}
836
837static void h5_serdev_remove(struct serdev_device *serdev)
838{
839 struct h5 *h5 = serdev_device_get_drvdata(serdev);
840
841 hci_uart_unregister_device(&h5->serdev_hu);
842}
843
844static int h5_btrtl_setup(struct h5 *h5)
845{
846 struct btrtl_device_info *btrtl_dev;
847 struct sk_buff *skb;
848 __le32 baudrate_data;
849 u32 device_baudrate;
850 unsigned int controller_baudrate;
851 bool flow_control;
852 int err;
853
854 btrtl_dev = btrtl_initialize(h5->hu->hdev, h5->id);
855 if (IS_ERR(btrtl_dev))
856 return PTR_ERR(btrtl_dev);
857
858 err = btrtl_get_uart_settings(h5->hu->hdev, btrtl_dev,
859 &controller_baudrate, &device_baudrate,
860 &flow_control);
861 if (err)
862 goto out_free;
863
864 baudrate_data = cpu_to_le32(device_baudrate);
865 skb = __hci_cmd_sync(h5->hu->hdev, 0xfc17, sizeof(baudrate_data),
866 &baudrate_data, HCI_INIT_TIMEOUT);
867 if (IS_ERR(skb)) {
868 rtl_dev_err(h5->hu->hdev, "set baud rate command failed\n");
869 err = PTR_ERR(skb);
870 goto out_free;
871 } else {
872 kfree_skb(skb);
873 }
874 /* Give the device some time to set up the new baudrate. */
875 usleep_range(10000, 20000);
876
877 serdev_device_set_baudrate(h5->hu->serdev, controller_baudrate);
878 serdev_device_set_flow_control(h5->hu->serdev, flow_control);
879
880 err = btrtl_download_firmware(h5->hu->hdev, btrtl_dev);
881 /* Give the device some time before the hci-core sends it a reset */
882 usleep_range(10000, 20000);
883
884out_free:
885 btrtl_free(btrtl_dev);
886
887 return err;
888}
889
890static void h5_btrtl_open(struct h5 *h5)
891{
892 /* Devices always start with these fixed parameters */
893 serdev_device_set_flow_control(h5->hu->serdev, false);
894 serdev_device_set_parity(h5->hu->serdev, SERDEV_PARITY_EVEN);
895 serdev_device_set_baudrate(h5->hu->serdev, 115200);
896
897 /* The controller needs up to 500ms to wakeup */
898 gpiod_set_value_cansleep(h5->enable_gpio, 1);
899 gpiod_set_value_cansleep(h5->device_wake_gpio, 1);
900 msleep(500);
901}
902
903static void h5_btrtl_close(struct h5 *h5)
904{
905 gpiod_set_value_cansleep(h5->device_wake_gpio, 0);
906 gpiod_set_value_cansleep(h5->enable_gpio, 0);
907}
908
909static const struct acpi_gpio_params btrtl_device_wake_gpios = { 0, 0, false };
910static const struct acpi_gpio_params btrtl_enable_gpios = { 1, 0, false };
911static const struct acpi_gpio_params btrtl_host_wake_gpios = { 2, 0, false };
912static const struct acpi_gpio_mapping acpi_btrtl_gpios[] = {
913 { "device-wake-gpios", &btrtl_device_wake_gpios, 1 },
914 { "enable-gpios", &btrtl_enable_gpios, 1 },
915 { "host-wake-gpios", &btrtl_host_wake_gpios, 1 },
916 {},
917};
918
919static struct h5_vnd rtl_vnd = {
920 .setup = h5_btrtl_setup,
921 .open = h5_btrtl_open,
922 .close = h5_btrtl_close,
923 .acpi_gpio_map = acpi_btrtl_gpios,
924};
925
926#ifdef CONFIG_ACPI
927static const struct acpi_device_id h5_acpi_match[] = {
928 { "OBDA8723", (kernel_ulong_t)&rtl_vnd },
929 { },
930};
931MODULE_DEVICE_TABLE(acpi, h5_acpi_match);
932#endif
933
934static struct serdev_device_driver h5_serdev_driver = {
935 .probe = h5_serdev_probe,
936 .remove = h5_serdev_remove,
937 .driver = {
938 .name = "hci_uart_h5",
939 .acpi_match_table = ACPI_PTR(h5_acpi_match),
940 },
941};
942
753int __init h5_init(void) 943int __init h5_init(void)
754{ 944{
945 serdev_device_driver_register(&h5_serdev_driver);
755 return hci_uart_register_proto(&h5p); 946 return hci_uart_register_proto(&h5p);
756} 947}
757 948
758int __exit h5_deinit(void) 949int __exit h5_deinit(void)
759{ 950{
951 serdev_device_driver_unregister(&h5_serdev_driver);
760 return hci_uart_unregister_proto(&h5p); 952 return hci_uart_unregister_proto(&h5p);
761} 953}
diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c
index 7c166e3b308b..46ace321bf60 100644
--- a/drivers/bluetooth/hci_intel.c
+++ b/drivers/bluetooth/hci_intel.c
@@ -458,7 +458,7 @@ static int inject_cmd_complete(struct hci_dev *hdev, __u16 opcode)
458 struct hci_event_hdr *hdr; 458 struct hci_event_hdr *hdr;
459 struct hci_ev_cmd_complete *evt; 459 struct hci_ev_cmd_complete *evt;
460 460
461 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_ATOMIC); 461 skb = bt_skb_alloc(sizeof(*hdr) + sizeof(*evt) + 1, GFP_KERNEL);
462 if (!skb) 462 if (!skb)
463 return -ENOMEM; 463 return -ENOMEM;
464 464
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 51790dd02afb..e182f6019f68 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -5,7 +5,7 @@
5 * protocol extension to H4. 5 * protocol extension to H4.
6 * 6 *
7 * Copyright (C) 2007 Texas Instruments, Inc. 7 * Copyright (C) 2007 Texas Instruments, Inc.
8 * Copyright (c) 2010, 2012 The Linux Foundation. All rights reserved. 8 * Copyright (c) 2010, 2012, 2018 The Linux Foundation. All rights reserved.
9 * 9 *
10 * Acknowledgements: 10 * Acknowledgements:
11 * This file is based on hci_ll.c, which was... 11 * This file is based on hci_ll.c, which was...
@@ -31,9 +31,14 @@
31#include <linux/kernel.h> 31#include <linux/kernel.h>
32#include <linux/clk.h> 32#include <linux/clk.h>
33#include <linux/debugfs.h> 33#include <linux/debugfs.h>
34#include <linux/delay.h>
35#include <linux/device.h>
34#include <linux/gpio/consumer.h> 36#include <linux/gpio/consumer.h>
35#include <linux/mod_devicetable.h> 37#include <linux/mod_devicetable.h>
36#include <linux/module.h> 38#include <linux/module.h>
39#include <linux/of_device.h>
40#include <linux/platform_device.h>
41#include <linux/regulator/consumer.h>
37#include <linux/serdev.h> 42#include <linux/serdev.h>
38 43
39#include <net/bluetooth/bluetooth.h> 44#include <net/bluetooth/bluetooth.h>
@@ -119,12 +124,51 @@ struct qca_data {
119 u64 votes_off; 124 u64 votes_off;
120}; 125};
121 126
127enum qca_speed_type {
128 QCA_INIT_SPEED = 1,
129 QCA_OPER_SPEED
130};
131
132/*
133 * Voltage regulator information required for configuring the
134 * QCA Bluetooth chipset
135 */
136struct qca_vreg {
137 const char *name;
138 unsigned int min_uV;
139 unsigned int max_uV;
140 unsigned int load_uA;
141};
142
143struct qca_vreg_data {
144 enum qca_btsoc_type soc_type;
145 struct qca_vreg *vregs;
146 size_t num_vregs;
147};
148
149/*
150 * Platform data for the QCA Bluetooth power driver.
151 */
152struct qca_power {
153 struct device *dev;
154 const struct qca_vreg_data *vreg_data;
155 struct regulator_bulk_data *vreg_bulk;
156 bool vregs_on;
157};
158
122struct qca_serdev { 159struct qca_serdev {
123 struct hci_uart serdev_hu; 160 struct hci_uart serdev_hu;
124 struct gpio_desc *bt_en; 161 struct gpio_desc *bt_en;
125 struct clk *susclk; 162 struct clk *susclk;
163 enum qca_btsoc_type btsoc_type;
164 struct qca_power *bt_power;
165 u32 init_speed;
166 u32 oper_speed;
126}; 167};
127 168
169static int qca_power_setup(struct hci_uart *hu, bool on);
170static void qca_power_shutdown(struct hci_dev *hdev);
171
128static void __serial_clock_on(struct tty_struct *tty) 172static void __serial_clock_on(struct tty_struct *tty)
129{ 173{
130 /* TODO: Some chipset requires to enable UART clock on client 174 /* TODO: Some chipset requires to enable UART clock on client
@@ -402,10 +446,11 @@ static int qca_open(struct hci_uart *hu)
402{ 446{
403 struct qca_serdev *qcadev; 447 struct qca_serdev *qcadev;
404 struct qca_data *qca; 448 struct qca_data *qca;
449 int ret;
405 450
406 BT_DBG("hu %p qca_open", hu); 451 BT_DBG("hu %p qca_open", hu);
407 452
408 qca = kzalloc(sizeof(struct qca_data), GFP_ATOMIC); 453 qca = kzalloc(sizeof(struct qca_data), GFP_KERNEL);
409 if (!qca) 454 if (!qca)
410 return -ENOMEM; 455 return -ENOMEM;
411 456
@@ -453,19 +498,32 @@ static int qca_open(struct hci_uart *hu)
453 498
454 hu->priv = qca; 499 hu->priv = qca;
455 500
456 timer_setup(&qca->wake_retrans_timer, hci_ibs_wake_retrans_timeout, 0);
457 qca->wake_retrans = IBS_WAKE_RETRANS_TIMEOUT_MS;
458
459 timer_setup(&qca->tx_idle_timer, hci_ibs_tx_idle_timeout, 0);
460 qca->tx_idle_delay = IBS_TX_IDLE_TIMEOUT_MS;
461
462 if (hu->serdev) { 501 if (hu->serdev) {
463 serdev_device_open(hu->serdev); 502 serdev_device_open(hu->serdev);
464 503
465 qcadev = serdev_device_get_drvdata(hu->serdev); 504 qcadev = serdev_device_get_drvdata(hu->serdev);
466 gpiod_set_value_cansleep(qcadev->bt_en, 1); 505 if (qcadev->btsoc_type != QCA_WCN3990) {
506 gpiod_set_value_cansleep(qcadev->bt_en, 1);
507 } else {
508 hu->init_speed = qcadev->init_speed;
509 hu->oper_speed = qcadev->oper_speed;
510 ret = qca_power_setup(hu, true);
511 if (ret) {
512 destroy_workqueue(qca->workqueue);
513 kfree_skb(qca->rx_skb);
514 hu->priv = NULL;
515 kfree(qca);
516 return ret;
517 }
518 }
467 } 519 }
468 520
521 timer_setup(&qca->wake_retrans_timer, hci_ibs_wake_retrans_timeout, 0);
522 qca->wake_retrans = IBS_WAKE_RETRANS_TIMEOUT_MS;
523
524 timer_setup(&qca->tx_idle_timer, hci_ibs_tx_idle_timeout, 0);
525 qca->tx_idle_delay = IBS_TX_IDLE_TIMEOUT_MS;
526
469 BT_DBG("HCI_UART_QCA open, tx_idle_delay=%u, wake_retrans=%u", 527 BT_DBG("HCI_UART_QCA open, tx_idle_delay=%u, wake_retrans=%u",
470 qca->tx_idle_delay, qca->wake_retrans); 528 qca->tx_idle_delay, qca->wake_retrans);
471 529
@@ -549,10 +607,13 @@ static int qca_close(struct hci_uart *hu)
549 qca->hu = NULL; 607 qca->hu = NULL;
550 608
551 if (hu->serdev) { 609 if (hu->serdev) {
552 serdev_device_close(hu->serdev);
553
554 qcadev = serdev_device_get_drvdata(hu->serdev); 610 qcadev = serdev_device_get_drvdata(hu->serdev);
555 gpiod_set_value_cansleep(qcadev->bt_en, 0); 611 if (qcadev->btsoc_type == QCA_WCN3990)
612 qca_power_shutdown(hu->hdev);
613 else
614 gpiod_set_value_cansleep(qcadev->bt_en, 0);
615
616 serdev_device_close(hu->serdev);
556 } 617 }
557 618
558 kfree_skb(qca->rx_skb); 619 kfree_skb(qca->rx_skb);
@@ -872,6 +933,8 @@ static uint8_t qca_get_baudrate_value(int speed)
872 return QCA_BAUDRATE_2000000; 933 return QCA_BAUDRATE_2000000;
873 case 3000000: 934 case 3000000:
874 return QCA_BAUDRATE_3000000; 935 return QCA_BAUDRATE_3000000;
936 case 3200000:
937 return QCA_BAUDRATE_3200000;
875 case 3500000: 938 case 3500000:
876 return QCA_BAUDRATE_3500000; 939 return QCA_BAUDRATE_3500000;
877 default: 940 default:
@@ -884,19 +947,27 @@ static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
884 struct hci_uart *hu = hci_get_drvdata(hdev); 947 struct hci_uart *hu = hci_get_drvdata(hdev);
885 struct qca_data *qca = hu->priv; 948 struct qca_data *qca = hu->priv;
886 struct sk_buff *skb; 949 struct sk_buff *skb;
950 struct qca_serdev *qcadev;
887 u8 cmd[] = { 0x01, 0x48, 0xFC, 0x01, 0x00 }; 951 u8 cmd[] = { 0x01, 0x48, 0xFC, 0x01, 0x00 };
888 952
889 if (baudrate > QCA_BAUDRATE_3000000) 953 if (baudrate > QCA_BAUDRATE_3200000)
890 return -EINVAL; 954 return -EINVAL;
891 955
892 cmd[4] = baudrate; 956 cmd[4] = baudrate;
893 957
894 skb = bt_skb_alloc(sizeof(cmd), GFP_ATOMIC); 958 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
895 if (!skb) { 959 if (!skb) {
896 bt_dev_err(hdev, "Failed to allocate baudrate packet"); 960 bt_dev_err(hdev, "Failed to allocate baudrate packet");
897 return -ENOMEM; 961 return -ENOMEM;
898 } 962 }
899 963
964 /* Disabling hardware flow control is mandatory while
965 * sending change baudrate request to wcn3990 SoC.
966 */
967 qcadev = serdev_device_get_drvdata(hu->serdev);
968 if (qcadev->btsoc_type == QCA_WCN3990)
969 hci_uart_set_flow_control(hu, true);
970
900 /* Assign commands to change baudrate and packet type. */ 971 /* Assign commands to change baudrate and packet type. */
901 skb_put_data(skb, cmd, sizeof(cmd)); 972 skb_put_data(skb, cmd, sizeof(cmd));
902 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT; 973 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
@@ -912,6 +983,9 @@ static int qca_set_baudrate(struct hci_dev *hdev, uint8_t baudrate)
912 schedule_timeout(msecs_to_jiffies(BAUDRATE_SETTLE_TIMEOUT_MS)); 983 schedule_timeout(msecs_to_jiffies(BAUDRATE_SETTLE_TIMEOUT_MS));
913 set_current_state(TASK_RUNNING); 984 set_current_state(TASK_RUNNING);
914 985
986 if (qcadev->btsoc_type == QCA_WCN3990)
987 hci_uart_set_flow_control(hu, false);
988
915 return 0; 989 return 0;
916} 990}
917 991
@@ -923,50 +997,195 @@ static inline void host_set_baudrate(struct hci_uart *hu, unsigned int speed)
923 hci_uart_set_baudrate(hu, speed); 997 hci_uart_set_baudrate(hu, speed);
924} 998}
925 999
1000static int qca_send_power_pulse(struct hci_dev *hdev, u8 cmd)
1001{
1002 struct hci_uart *hu = hci_get_drvdata(hdev);
1003 struct qca_data *qca = hu->priv;
1004 struct sk_buff *skb;
1005
1006 /* These power pulses are single byte command which are sent
1007 * at required baudrate to wcn3990. On wcn3990, we have an external
1008 * circuit at Tx pin which decodes the pulse sent at specific baudrate.
1009 * For example, wcn3990 supports RF COEX antenna for both Wi-Fi/BT
1010 * and also we use the same power inputs to turn on and off for
1011 * Wi-Fi/BT. Powering up the power sources will not enable BT, until
1012 * we send a power on pulse at 115200 bps. This algorithm will help to
1013 * save power. Disabling hardware flow control is mandatory while
1014 * sending power pulses to SoC.
1015 */
1016 bt_dev_dbg(hdev, "sending power pulse %02x to SoC", cmd);
1017
1018 skb = bt_skb_alloc(sizeof(cmd), GFP_KERNEL);
1019 if (!skb)
1020 return -ENOMEM;
1021
1022 hci_uart_set_flow_control(hu, true);
1023
1024 skb_put_u8(skb, cmd);
1025 hci_skb_pkt_type(skb) = HCI_COMMAND_PKT;
1026
1027 skb_queue_tail(&qca->txq, skb);
1028 hci_uart_tx_wakeup(hu);
1029
1030 /* Wait for 100 uS for SoC to settle down */
1031 usleep_range(100, 200);
1032 hci_uart_set_flow_control(hu, false);
1033
1034 return 0;
1035}
1036
1037static unsigned int qca_get_speed(struct hci_uart *hu,
1038 enum qca_speed_type speed_type)
1039{
1040 unsigned int speed = 0;
1041
1042 if (speed_type == QCA_INIT_SPEED) {
1043 if (hu->init_speed)
1044 speed = hu->init_speed;
1045 else if (hu->proto->init_speed)
1046 speed = hu->proto->init_speed;
1047 } else {
1048 if (hu->oper_speed)
1049 speed = hu->oper_speed;
1050 else if (hu->proto->oper_speed)
1051 speed = hu->proto->oper_speed;
1052 }
1053
1054 return speed;
1055}
1056
1057static int qca_check_speeds(struct hci_uart *hu)
1058{
1059 struct qca_serdev *qcadev;
1060
1061 qcadev = serdev_device_get_drvdata(hu->serdev);
1062 if (qcadev->btsoc_type == QCA_WCN3990) {
1063 if (!qca_get_speed(hu, QCA_INIT_SPEED) &&
1064 !qca_get_speed(hu, QCA_OPER_SPEED))
1065 return -EINVAL;
1066 } else {
1067 if (!qca_get_speed(hu, QCA_INIT_SPEED) ||
1068 !qca_get_speed(hu, QCA_OPER_SPEED))
1069 return -EINVAL;
1070 }
1071
1072 return 0;
1073}
1074
1075static int qca_set_speed(struct hci_uart *hu, enum qca_speed_type speed_type)
1076{
1077 unsigned int speed, qca_baudrate;
1078 int ret;
1079
1080 if (speed_type == QCA_INIT_SPEED) {
1081 speed = qca_get_speed(hu, QCA_INIT_SPEED);
1082 if (speed)
1083 host_set_baudrate(hu, speed);
1084 } else {
1085 speed = qca_get_speed(hu, QCA_OPER_SPEED);
1086 if (!speed)
1087 return 0;
1088
1089 qca_baudrate = qca_get_baudrate_value(speed);
1090 bt_dev_dbg(hu->hdev, "Set UART speed to %d", speed);
1091 ret = qca_set_baudrate(hu->hdev, qca_baudrate);
1092 if (ret)
1093 return ret;
1094
1095 host_set_baudrate(hu, speed);
1096 }
1097
1098 return 0;
1099}
1100
1101static int qca_wcn3990_init(struct hci_uart *hu)
1102{
1103 struct hci_dev *hdev = hu->hdev;
1104 int ret;
1105
1106 /* Forcefully enable wcn3990 to enter in to boot mode. */
1107 host_set_baudrate(hu, 2400);
1108 ret = qca_send_power_pulse(hdev, QCA_WCN3990_POWEROFF_PULSE);
1109 if (ret)
1110 return ret;
1111
1112 qca_set_speed(hu, QCA_INIT_SPEED);
1113 ret = qca_send_power_pulse(hdev, QCA_WCN3990_POWERON_PULSE);
1114 if (ret)
1115 return ret;
1116
1117 /* Wait for 100 ms for SoC to boot */
1118 msleep(100);
1119
1120 /* Now the device is in ready state to communicate with host.
1121 * To sync host with device we need to reopen port.
1122 * Without this, we will have RTS and CTS synchronization
1123 * issues.
1124 */
1125 serdev_device_close(hu->serdev);
1126 ret = serdev_device_open(hu->serdev);
1127 if (ret) {
1128 bt_dev_err(hu->hdev, "failed to open port");
1129 return ret;
1130 }
1131
1132 hci_uart_set_flow_control(hu, false);
1133
1134 return 0;
1135}
1136
926static int qca_setup(struct hci_uart *hu) 1137static int qca_setup(struct hci_uart *hu)
927{ 1138{
928 struct hci_dev *hdev = hu->hdev; 1139 struct hci_dev *hdev = hu->hdev;
929 struct qca_data *qca = hu->priv; 1140 struct qca_data *qca = hu->priv;
930 unsigned int speed, qca_baudrate = QCA_BAUDRATE_115200; 1141 unsigned int speed, qca_baudrate = QCA_BAUDRATE_115200;
1142 struct qca_serdev *qcadev;
931 int ret; 1143 int ret;
1144 int soc_ver = 0;
1145
1146 qcadev = serdev_device_get_drvdata(hu->serdev);
932 1147
933 bt_dev_info(hdev, "ROME setup"); 1148 ret = qca_check_speeds(hu);
1149 if (ret)
1150 return ret;
934 1151
935 /* Patch downloading has to be done without IBS mode */ 1152 /* Patch downloading has to be done without IBS mode */
936 clear_bit(STATE_IN_BAND_SLEEP_ENABLED, &qca->flags); 1153 clear_bit(STATE_IN_BAND_SLEEP_ENABLED, &qca->flags);
937 1154
938 /* Setup initial baudrate */ 1155 if (qcadev->btsoc_type == QCA_WCN3990) {
939 speed = 0; 1156 bt_dev_info(hdev, "setting up wcn3990");
940 if (hu->init_speed) 1157 ret = qca_wcn3990_init(hu);
941 speed = hu->init_speed; 1158 if (ret)
942 else if (hu->proto->init_speed) 1159 return ret;
943 speed = hu->proto->init_speed;
944 1160
945 if (speed) 1161 ret = qca_read_soc_version(hdev, &soc_ver);
946 host_set_baudrate(hu, speed); 1162 if (ret)
1163 return ret;
1164 } else {
1165 bt_dev_info(hdev, "ROME setup");
1166 qca_set_speed(hu, QCA_INIT_SPEED);
1167 }
947 1168
948 /* Setup user speed if needed */ 1169 /* Setup user speed if needed */
949 speed = 0; 1170 speed = qca_get_speed(hu, QCA_OPER_SPEED);
950 if (hu->oper_speed)
951 speed = hu->oper_speed;
952 else if (hu->proto->oper_speed)
953 speed = hu->proto->oper_speed;
954
955 if (speed) { 1171 if (speed) {
1172 ret = qca_set_speed(hu, QCA_OPER_SPEED);
1173 if (ret)
1174 return ret;
1175
956 qca_baudrate = qca_get_baudrate_value(speed); 1176 qca_baudrate = qca_get_baudrate_value(speed);
1177 }
957 1178
958 bt_dev_info(hdev, "Set UART speed to %d", speed); 1179 if (qcadev->btsoc_type != QCA_WCN3990) {
959 ret = qca_set_baudrate(hdev, qca_baudrate); 1180 /* Get QCA version information */
960 if (ret) { 1181 ret = qca_read_soc_version(hdev, &soc_ver);
961 bt_dev_err(hdev, "Failed to change the baud rate (%d)", 1182 if (ret)
962 ret);
963 return ret; 1183 return ret;
964 }
965 host_set_baudrate(hu, speed);
966 } 1184 }
967 1185
1186 bt_dev_info(hdev, "QCA controller version 0x%08x", soc_ver);
968 /* Setup patch / NVM configurations */ 1187 /* Setup patch / NVM configurations */
969 ret = qca_uart_setup_rome(hdev, qca_baudrate); 1188 ret = qca_uart_setup(hdev, qca_baudrate, qcadev->btsoc_type, soc_ver);
970 if (!ret) { 1189 if (!ret) {
971 set_bit(STATE_IN_BAND_SLEEP_ENABLED, &qca->flags); 1190 set_bit(STATE_IN_BAND_SLEEP_ENABLED, &qca->flags);
972 qca_debugfs_init(hdev); 1191 qca_debugfs_init(hdev);
@@ -1002,9 +1221,123 @@ static struct hci_uart_proto qca_proto = {
1002 .dequeue = qca_dequeue, 1221 .dequeue = qca_dequeue,
1003}; 1222};
1004 1223
1224static const struct qca_vreg_data qca_soc_data = {
1225 .soc_type = QCA_WCN3990,
1226 .vregs = (struct qca_vreg []) {
1227 { "vddio", 1800000, 1900000, 15000 },
1228 { "vddxo", 1800000, 1900000, 80000 },
1229 { "vddrf", 1300000, 1350000, 300000 },
1230 { "vddch0", 3300000, 3400000, 450000 },
1231 },
1232 .num_vregs = 4,
1233};
1234
1235static void qca_power_shutdown(struct hci_dev *hdev)
1236{
1237 struct hci_uart *hu = hci_get_drvdata(hdev);
1238
1239 host_set_baudrate(hu, 2400);
1240 qca_send_power_pulse(hdev, QCA_WCN3990_POWEROFF_PULSE);
1241 qca_power_setup(hu, false);
1242}
1243
1244static int qca_enable_regulator(struct qca_vreg vregs,
1245 struct regulator *regulator)
1246{
1247 int ret;
1248
1249 ret = regulator_set_voltage(regulator, vregs.min_uV,
1250 vregs.max_uV);
1251 if (ret)
1252 return ret;
1253
1254 if (vregs.load_uA)
1255 ret = regulator_set_load(regulator,
1256 vregs.load_uA);
1257
1258 if (ret)
1259 return ret;
1260
1261 return regulator_enable(regulator);
1262
1263}
1264
1265static void qca_disable_regulator(struct qca_vreg vregs,
1266 struct regulator *regulator)
1267{
1268 regulator_disable(regulator);
1269 regulator_set_voltage(regulator, 0, vregs.max_uV);
1270 if (vregs.load_uA)
1271 regulator_set_load(regulator, 0);
1272
1273}
1274
1275static int qca_power_setup(struct hci_uart *hu, bool on)
1276{
1277 struct qca_vreg *vregs;
1278 struct regulator_bulk_data *vreg_bulk;
1279 struct qca_serdev *qcadev;
1280 int i, num_vregs, ret = 0;
1281
1282 qcadev = serdev_device_get_drvdata(hu->serdev);
1283 if (!qcadev || !qcadev->bt_power || !qcadev->bt_power->vreg_data ||
1284 !qcadev->bt_power->vreg_bulk)
1285 return -EINVAL;
1286
1287 vregs = qcadev->bt_power->vreg_data->vregs;
1288 vreg_bulk = qcadev->bt_power->vreg_bulk;
1289 num_vregs = qcadev->bt_power->vreg_data->num_vregs;
1290 BT_DBG("on: %d", on);
1291 if (on && !qcadev->bt_power->vregs_on) {
1292 for (i = 0; i < num_vregs; i++) {
1293 ret = qca_enable_regulator(vregs[i],
1294 vreg_bulk[i].consumer);
1295 if (ret)
1296 break;
1297 }
1298
1299 if (ret) {
1300 BT_ERR("failed to enable regulator:%s", vregs[i].name);
1301 /* turn off regulators which are enabled */
1302 for (i = i - 1; i >= 0; i--)
1303 qca_disable_regulator(vregs[i],
1304 vreg_bulk[i].consumer);
1305 } else {
1306 qcadev->bt_power->vregs_on = true;
1307 }
1308 } else if (!on && qcadev->bt_power->vregs_on) {
1309 /* turn off regulator in reverse order */
1310 i = qcadev->bt_power->vreg_data->num_vregs - 1;
1311 for ( ; i >= 0; i--)
1312 qca_disable_regulator(vregs[i], vreg_bulk[i].consumer);
1313
1314 qcadev->bt_power->vregs_on = false;
1315 }
1316
1317 return ret;
1318}
1319
1320static int qca_init_regulators(struct qca_power *qca,
1321 const struct qca_vreg *vregs, size_t num_vregs)
1322{
1323 int i;
1324
1325 qca->vreg_bulk = devm_kzalloc(qca->dev, num_vregs *
1326 sizeof(struct regulator_bulk_data),
1327 GFP_KERNEL);
1328 if (!qca->vreg_bulk)
1329 return -ENOMEM;
1330
1331 for (i = 0; i < num_vregs; i++)
1332 qca->vreg_bulk[i].supply = vregs[i].name;
1333
1334 return devm_regulator_bulk_get(qca->dev, num_vregs, qca->vreg_bulk);
1335}
1336
1005static int qca_serdev_probe(struct serdev_device *serdev) 1337static int qca_serdev_probe(struct serdev_device *serdev)
1006{ 1338{
1007 struct qca_serdev *qcadev; 1339 struct qca_serdev *qcadev;
1340 const struct qca_vreg_data *data;
1008 int err; 1341 int err;
1009 1342
1010 qcadev = devm_kzalloc(&serdev->dev, sizeof(*qcadev), GFP_KERNEL); 1343 qcadev = devm_kzalloc(&serdev->dev, sizeof(*qcadev), GFP_KERNEL);
@@ -1012,47 +1345,84 @@ static int qca_serdev_probe(struct serdev_device *serdev)
1012 return -ENOMEM; 1345 return -ENOMEM;
1013 1346
1014 qcadev->serdev_hu.serdev = serdev; 1347 qcadev->serdev_hu.serdev = serdev;
1348 data = of_device_get_match_data(&serdev->dev);
1015 serdev_device_set_drvdata(serdev, qcadev); 1349 serdev_device_set_drvdata(serdev, qcadev);
1350 if (data && data->soc_type == QCA_WCN3990) {
1351 qcadev->btsoc_type = QCA_WCN3990;
1352 qcadev->bt_power = devm_kzalloc(&serdev->dev,
1353 sizeof(struct qca_power),
1354 GFP_KERNEL);
1355 if (!qcadev->bt_power)
1356 return -ENOMEM;
1357
1358 qcadev->bt_power->dev = &serdev->dev;
1359 qcadev->bt_power->vreg_data = data;
1360 err = qca_init_regulators(qcadev->bt_power, data->vregs,
1361 data->num_vregs);
1362 if (err) {
1363 BT_ERR("Failed to init regulators:%d", err);
1364 goto out;
1365 }
1016 1366
1017 qcadev->bt_en = devm_gpiod_get(&serdev->dev, "enable", 1367 qcadev->bt_power->vregs_on = false;
1018 GPIOD_OUT_LOW);
1019 if (IS_ERR(qcadev->bt_en)) {
1020 dev_err(&serdev->dev, "failed to acquire enable gpio\n");
1021 return PTR_ERR(qcadev->bt_en);
1022 }
1023 1368
1024 qcadev->susclk = devm_clk_get(&serdev->dev, NULL); 1369 device_property_read_u32(&serdev->dev, "max-speed",
1025 if (IS_ERR(qcadev->susclk)) { 1370 &qcadev->oper_speed);
1026 dev_err(&serdev->dev, "failed to acquire clk\n"); 1371 if (!qcadev->oper_speed)
1027 return PTR_ERR(qcadev->susclk); 1372 BT_DBG("UART will pick default operating speed");
1028 }
1029 1373
1030 err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ); 1374 err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
1031 if (err) 1375 if (err) {
1032 return err; 1376 BT_ERR("wcn3990 serdev registration failed");
1377 goto out;
1378 }
1379 } else {
1380 qcadev->btsoc_type = QCA_ROME;
1381 qcadev->bt_en = devm_gpiod_get(&serdev->dev, "enable",
1382 GPIOD_OUT_LOW);
1383 if (IS_ERR(qcadev->bt_en)) {
1384 dev_err(&serdev->dev, "failed to acquire enable gpio\n");
1385 return PTR_ERR(qcadev->bt_en);
1386 }
1033 1387
1034 err = clk_prepare_enable(qcadev->susclk); 1388 qcadev->susclk = devm_clk_get(&serdev->dev, NULL);
1035 if (err) 1389 if (IS_ERR(qcadev->susclk)) {
1036 return err; 1390 dev_err(&serdev->dev, "failed to acquire clk\n");
1391 return PTR_ERR(qcadev->susclk);
1392 }
1037 1393
1038 err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto); 1394 err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ);
1039 if (err) 1395 if (err)
1040 clk_disable_unprepare(qcadev->susclk); 1396 return err;
1397
1398 err = clk_prepare_enable(qcadev->susclk);
1399 if (err)
1400 return err;
1401
1402 err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto);
1403 if (err)
1404 clk_disable_unprepare(qcadev->susclk);
1405 }
1406
1407out: return err;
1041 1408
1042 return err;
1043} 1409}
1044 1410
1045static void qca_serdev_remove(struct serdev_device *serdev) 1411static void qca_serdev_remove(struct serdev_device *serdev)
1046{ 1412{
1047 struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev); 1413 struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
1048 1414
1049 hci_uart_unregister_device(&qcadev->serdev_hu); 1415 if (qcadev->btsoc_type == QCA_WCN3990)
1416 qca_power_shutdown(qcadev->serdev_hu.hdev);
1417 else
1418 clk_disable_unprepare(qcadev->susclk);
1050 1419
1051 clk_disable_unprepare(qcadev->susclk); 1420 hci_uart_unregister_device(&qcadev->serdev_hu);
1052} 1421}
1053 1422
1054static const struct of_device_id qca_bluetooth_of_match[] = { 1423static const struct of_device_id qca_bluetooth_of_match[] = {
1055 { .compatible = "qcom,qca6174-bt" }, 1424 { .compatible = "qcom,qca6174-bt" },
1425 { .compatible = "qcom,wcn3990-bt", .data = &qca_soc_data},
1056 { /* sentinel */ } 1426 { /* sentinel */ }
1057}; 1427};
1058MODULE_DEVICE_TABLE(of, qca_bluetooth_of_match); 1428MODULE_DEVICE_TABLE(of, qca_bluetooth_of_match);
diff --git a/include/linux/platform_data/bt-nokia-h4p.h b/include/linux/platform_data/bt-nokia-h4p.h
deleted file mode 100644
index 30d169dfadf3..000000000000
--- a/include/linux/platform_data/bt-nokia-h4p.h
+++ /dev/null
@@ -1,38 +0,0 @@
1/*
2 * This file is part of Nokia H4P bluetooth driver
3 *
4 * Copyright (C) 2010 Nokia Corporation.
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18 * 02110-1301 USA
19 *
20 */
21
22
23/**
24 * struct hci_h4p_platform data - hci_h4p Platform data structure
25 */
26struct hci_h4p_platform_data {
27 int chip_type;
28 int bt_sysclk;
29 unsigned int bt_wakeup_gpio;
30 unsigned int host_wakeup_gpio;
31 unsigned int reset_gpio;
32 int reset_gpio_shared;
33 unsigned int uart_irq;
34 phys_addr_t uart_base;
35 const char *uart_iclk;
36 const char *uart_fclk;
37 void (*set_pm_limits)(struct device *dev, bool set);
38};
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 1668211297a9..7f008097552e 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -183,6 +183,15 @@ enum {
183 * during the hdev->setup vendor callback. 183 * during the hdev->setup vendor callback.
184 */ 184 */
185 HCI_QUIRK_NON_PERSISTENT_DIAG, 185 HCI_QUIRK_NON_PERSISTENT_DIAG,
186
187 /* When this quirk is set, setup() would be run after every
188 * open() and not just after the first open().
189 *
190 * This quirk can be set before hci_register_dev is called or
191 * during the hdev->setup vendor callback.
192 *
193 */
194 HCI_QUIRK_NON_PERSISTENT_SETUP,
186}; 195};
187 196
188/* HCI device flags */ 197/* HCI device flags */
@@ -291,6 +300,14 @@ enum {
291#define HCI_DH3 0x0800 300#define HCI_DH3 0x0800
292#define HCI_DH5 0x8000 301#define HCI_DH5 0x8000
293 302
303/* HCI packet types inverted masks */
304#define HCI_2DH1 0x0002
305#define HCI_3DH1 0x0004
306#define HCI_2DH3 0x0100
307#define HCI_3DH3 0x0200
308#define HCI_2DH5 0x1000
309#define HCI_3DH5 0x2000
310
294#define HCI_HV1 0x0020 311#define HCI_HV1 0x0020
295#define HCI_HV2 0x0040 312#define HCI_HV2 0x0040
296#define HCI_HV3 0x0080 313#define HCI_HV3 0x0080
@@ -354,6 +371,8 @@ enum {
354#define LMP_PCONTROL 0x04 371#define LMP_PCONTROL 0x04
355#define LMP_TRANSPARENT 0x08 372#define LMP_TRANSPARENT 0x08
356 373
374#define LMP_EDR_2M 0x02
375#define LMP_EDR_3M 0x04
357#define LMP_RSSI_INQ 0x40 376#define LMP_RSSI_INQ 0x40
358#define LMP_ESCO 0x80 377#define LMP_ESCO 0x80
359 378
@@ -361,7 +380,9 @@ enum {
361#define LMP_EV5 0x02 380#define LMP_EV5 0x02
362#define LMP_NO_BREDR 0x20 381#define LMP_NO_BREDR 0x20
363#define LMP_LE 0x40 382#define LMP_LE 0x40
383#define LMP_EDR_3SLOT 0x80
364 384
385#define LMP_EDR_5SLOT 0x01
365#define LMP_SNIFF_SUBR 0x02 386#define LMP_SNIFF_SUBR 0x02
366#define LMP_PAUSE_ENC 0x04 387#define LMP_PAUSE_ENC 0x04
367#define LMP_EDR_ESCO_2M 0x20 388#define LMP_EDR_ESCO_2M 0x20
@@ -398,7 +419,12 @@ enum {
398#define HCI_LE_SLAVE_FEATURES 0x08 419#define HCI_LE_SLAVE_FEATURES 0x08
399#define HCI_LE_PING 0x10 420#define HCI_LE_PING 0x10
400#define HCI_LE_DATA_LEN_EXT 0x20 421#define HCI_LE_DATA_LEN_EXT 0x20
422#define HCI_LE_PHY_2M 0x01
423#define HCI_LE_PHY_CODED 0x08
424#define HCI_LE_EXT_ADV 0x10
401#define HCI_LE_EXT_SCAN_POLICY 0x80 425#define HCI_LE_EXT_SCAN_POLICY 0x80
426#define HCI_LE_PHY_2M 0x01
427#define HCI_LE_PHY_CODED 0x08
402#define HCI_LE_CHAN_SEL_ALG2 0x40 428#define HCI_LE_CHAN_SEL_ALG2 0x40
403 429
404/* Connection modes */ 430/* Connection modes */
@@ -1490,6 +1516,14 @@ struct hci_cp_le_write_def_data_len {
1490 __le16 tx_time; 1516 __le16 tx_time;
1491} __packed; 1517} __packed;
1492 1518
1519#define HCI_OP_LE_CLEAR_RESOLV_LIST 0x2029
1520
1521#define HCI_OP_LE_READ_RESOLV_LIST_SIZE 0x202a
1522struct hci_rp_le_read_resolv_list_size {
1523 __u8 status;
1524 __u8 size;
1525} __packed;
1526
1493#define HCI_OP_LE_READ_MAX_DATA_LEN 0x202f 1527#define HCI_OP_LE_READ_MAX_DATA_LEN 0x202f
1494struct hci_rp_le_read_max_data_len { 1528struct hci_rp_le_read_max_data_len {
1495 __u8 status; 1529 __u8 status;
@@ -1506,6 +1540,134 @@ struct hci_cp_le_set_default_phy {
1506 __u8 rx_phys; 1540 __u8 rx_phys;
1507} __packed; 1541} __packed;
1508 1542
1543#define HCI_LE_SET_PHY_1M 0x01
1544#define HCI_LE_SET_PHY_2M 0x02
1545#define HCI_LE_SET_PHY_CODED 0x04
1546
1547#define HCI_OP_LE_SET_EXT_SCAN_PARAMS 0x2041
1548struct hci_cp_le_set_ext_scan_params {
1549 __u8 own_addr_type;
1550 __u8 filter_policy;
1551 __u8 scanning_phys;
1552 __u8 data[0];
1553} __packed;
1554
1555#define LE_SCAN_PHY_1M 0x01
1556#define LE_SCAN_PHY_2M 0x02
1557#define LE_SCAN_PHY_CODED 0x04
1558
1559struct hci_cp_le_scan_phy_params {
1560 __u8 type;
1561 __le16 interval;
1562 __le16 window;
1563} __packed;
1564
1565#define HCI_OP_LE_SET_EXT_SCAN_ENABLE 0x2042
1566struct hci_cp_le_set_ext_scan_enable {
1567 __u8 enable;
1568 __u8 filter_dup;
1569 __le16 duration;
1570 __le16 period;
1571} __packed;
1572
1573#define HCI_OP_LE_EXT_CREATE_CONN 0x2043
1574struct hci_cp_le_ext_create_conn {
1575 __u8 filter_policy;
1576 __u8 own_addr_type;
1577 __u8 peer_addr_type;
1578 bdaddr_t peer_addr;
1579 __u8 phys;
1580 __u8 data[0];
1581} __packed;
1582
1583struct hci_cp_le_ext_conn_param {
1584 __le16 scan_interval;
1585 __le16 scan_window;
1586 __le16 conn_interval_min;
1587 __le16 conn_interval_max;
1588 __le16 conn_latency;
1589 __le16 supervision_timeout;
1590 __le16 min_ce_len;
1591 __le16 max_ce_len;
1592} __packed;
1593
1594#define HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS 0x203b
1595struct hci_rp_le_read_num_supported_adv_sets {
1596 __u8 status;
1597 __u8 num_of_sets;
1598} __packed;
1599
1600#define HCI_OP_LE_SET_EXT_ADV_PARAMS 0x2036
1601struct hci_cp_le_set_ext_adv_params {
1602 __u8 handle;
1603 __le16 evt_properties;
1604 __u8 min_interval[3];
1605 __u8 max_interval[3];
1606 __u8 channel_map;
1607 __u8 own_addr_type;
1608 __u8 peer_addr_type;
1609 bdaddr_t peer_addr;
1610 __u8 filter_policy;
1611 __u8 tx_power;
1612 __u8 primary_phy;
1613 __u8 secondary_max_skip;
1614 __u8 secondary_phy;
1615 __u8 sid;
1616 __u8 notif_enable;
1617} __packed;
1618
1619#define HCI_ADV_PHY_1M 0X01
1620#define HCI_ADV_PHY_2M 0x02
1621#define HCI_ADV_PHY_CODED 0x03
1622
1623struct hci_rp_le_set_ext_adv_params {
1624 __u8 status;
1625 __u8 tx_power;
1626} __packed;
1627
1628#define HCI_OP_LE_SET_EXT_ADV_ENABLE 0x2039
1629struct hci_cp_le_set_ext_adv_enable {
1630 __u8 enable;
1631 __u8 num_of_sets;
1632 __u8 data[0];
1633} __packed;
1634
1635struct hci_cp_ext_adv_set {
1636 __u8 handle;
1637 __le16 duration;
1638 __u8 max_events;
1639} __packed;
1640
1641#define HCI_OP_LE_SET_EXT_ADV_DATA 0x2037
1642struct hci_cp_le_set_ext_adv_data {
1643 __u8 handle;
1644 __u8 operation;
1645 __u8 frag_pref;
1646 __u8 length;
1647 __u8 data[HCI_MAX_AD_LENGTH];
1648} __packed;
1649
1650#define HCI_OP_LE_SET_EXT_SCAN_RSP_DATA 0x2038
1651struct hci_cp_le_set_ext_scan_rsp_data {
1652 __u8 handle;
1653 __u8 operation;
1654 __u8 frag_pref;
1655 __u8 length;
1656 __u8 data[HCI_MAX_AD_LENGTH];
1657} __packed;
1658
1659#define LE_SET_ADV_DATA_OP_COMPLETE 0x03
1660
1661#define LE_SET_ADV_DATA_NO_FRAG 0x01
1662
1663#define HCI_OP_LE_CLEAR_ADV_SETS 0x203d
1664
1665#define HCI_OP_LE_SET_ADV_SET_RAND_ADDR 0x2035
1666struct hci_cp_le_set_adv_set_rand_addr {
1667 __u8 handle;
1668 bdaddr_t bdaddr;
1669} __packed;
1670
1509/* ---- HCI Events ---- */ 1671/* ---- HCI Events ---- */
1510#define HCI_EV_INQUIRY_COMPLETE 0x01 1672#define HCI_EV_INQUIRY_COMPLETE 0x01
1511 1673
@@ -1893,6 +2055,23 @@ struct hci_ev_le_conn_complete {
1893#define LE_ADV_SCAN_IND 0x02 2055#define LE_ADV_SCAN_IND 0x02
1894#define LE_ADV_NONCONN_IND 0x03 2056#define LE_ADV_NONCONN_IND 0x03
1895#define LE_ADV_SCAN_RSP 0x04 2057#define LE_ADV_SCAN_RSP 0x04
2058#define LE_ADV_INVALID 0x05
2059
2060/* Legacy event types in extended adv report */
2061#define LE_LEGACY_ADV_IND 0x0013
2062#define LE_LEGACY_ADV_DIRECT_IND 0x0015
2063#define LE_LEGACY_ADV_SCAN_IND 0x0012
2064#define LE_LEGACY_NONCONN_IND 0x0010
2065#define LE_LEGACY_SCAN_RSP_ADV 0x001b
2066#define LE_LEGACY_SCAN_RSP_ADV_SCAN 0x001a
2067
2068/* Extended Advertising event types */
2069#define LE_EXT_ADV_NON_CONN_IND 0x0000
2070#define LE_EXT_ADV_CONN_IND 0x0001
2071#define LE_EXT_ADV_SCAN_IND 0x0002
2072#define LE_EXT_ADV_DIRECT_IND 0x0004
2073#define LE_EXT_ADV_SCAN_RSP 0x0008
2074#define LE_EXT_ADV_LEGACY_PDU 0x0010
1896 2075
1897#define ADDR_LE_DEV_PUBLIC 0x00 2076#define ADDR_LE_DEV_PUBLIC 0x00
1898#define ADDR_LE_DEV_RANDOM 0x01 2077#define ADDR_LE_DEV_RANDOM 0x01
@@ -1957,6 +2136,46 @@ struct hci_ev_le_direct_adv_info {
1957 __s8 rssi; 2136 __s8 rssi;
1958} __packed; 2137} __packed;
1959 2138
2139#define HCI_EV_LE_EXT_ADV_REPORT 0x0d
2140struct hci_ev_le_ext_adv_report {
2141 __le16 evt_type;
2142 __u8 bdaddr_type;
2143 bdaddr_t bdaddr;
2144 __u8 primary_phy;
2145 __u8 secondary_phy;
2146 __u8 sid;
2147 __u8 tx_power;
2148 __s8 rssi;
2149 __le16 interval;
2150 __u8 direct_addr_type;
2151 bdaddr_t direct_addr;
2152 __u8 length;
2153 __u8 data[0];
2154} __packed;
2155
2156#define HCI_EV_LE_ENHANCED_CONN_COMPLETE 0x0a
2157struct hci_ev_le_enh_conn_complete {
2158 __u8 status;
2159 __le16 handle;
2160 __u8 role;
2161 __u8 bdaddr_type;
2162 bdaddr_t bdaddr;
2163 bdaddr_t local_rpa;
2164 bdaddr_t peer_rpa;
2165 __le16 interval;
2166 __le16 latency;
2167 __le16 supervision_timeout;
2168 __u8 clk_accurancy;
2169} __packed;
2170
2171#define HCI_EV_LE_EXT_ADV_SET_TERM 0x12
2172struct hci_evt_le_ext_adv_set_term {
2173 __u8 status;
2174 __u8 handle;
2175 __le16 conn_handle;
2176 __u8 num_evts;
2177} __packed;
2178
1960/* Internal events generated by Bluetooth stack */ 2179/* Internal events generated by Bluetooth stack */
1961#define HCI_EV_STACK_INTERNAL 0xfd 2180#define HCI_EV_STACK_INTERNAL 0xfd
1962struct hci_ev_stack_internal { 2181struct hci_ev_stack_internal {
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 893bbbb5d2fa..0db1b9b428b7 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -171,6 +171,10 @@ struct adv_info {
171 __u8 adv_data[HCI_MAX_AD_LENGTH]; 171 __u8 adv_data[HCI_MAX_AD_LENGTH];
172 __u16 scan_rsp_len; 172 __u16 scan_rsp_len;
173 __u8 scan_rsp_data[HCI_MAX_AD_LENGTH]; 173 __u8 scan_rsp_data[HCI_MAX_AD_LENGTH];
174 __s8 tx_power;
175 bdaddr_t random_addr;
176 bool rpa_expired;
177 struct delayed_work rpa_expired_cb;
174}; 178};
175 179
176#define HCI_MAX_ADV_INSTANCES 5 180#define HCI_MAX_ADV_INSTANCES 5
@@ -221,6 +225,8 @@ struct hci_dev {
221 __u8 features[HCI_MAX_PAGES][8]; 225 __u8 features[HCI_MAX_PAGES][8];
222 __u8 le_features[8]; 226 __u8 le_features[8];
223 __u8 le_white_list_size; 227 __u8 le_white_list_size;
228 __u8 le_resolv_list_size;
229 __u8 le_num_of_adv_sets;
224 __u8 le_states[8]; 230 __u8 le_states[8];
225 __u8 commands[64]; 231 __u8 commands[64];
226 __u8 hci_ver; 232 __u8 hci_ver;
@@ -314,6 +320,9 @@ struct hci_dev {
314 unsigned long sco_last_tx; 320 unsigned long sco_last_tx;
315 unsigned long le_last_tx; 321 unsigned long le_last_tx;
316 322
323 __u8 le_tx_def_phys;
324 __u8 le_rx_def_phys;
325
317 struct workqueue_struct *workqueue; 326 struct workqueue_struct *workqueue;
318 struct workqueue_struct *req_workqueue; 327 struct workqueue_struct *req_workqueue;
319 328
@@ -367,6 +376,7 @@ struct hci_dev {
367 struct list_head identity_resolving_keys; 376 struct list_head identity_resolving_keys;
368 struct list_head remote_oob_data; 377 struct list_head remote_oob_data;
369 struct list_head le_white_list; 378 struct list_head le_white_list;
379 struct list_head le_resolv_list;
370 struct list_head le_conn_params; 380 struct list_head le_conn_params;
371 struct list_head pend_le_conns; 381 struct list_head pend_le_conns;
372 struct list_head pend_le_reports; 382 struct list_head pend_le_reports;
@@ -1106,6 +1116,7 @@ int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
1106 u16 scan_rsp_len, u8 *scan_rsp_data, 1116 u16 scan_rsp_len, u8 *scan_rsp_data,
1107 u16 timeout, u16 duration); 1117 u16 timeout, u16 duration);
1108int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance); 1118int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance);
1119void hci_adv_instances_set_rpa_expired(struct hci_dev *hdev, bool rpa_expired);
1109 1120
1110void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb); 1121void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb);
1111 1122
@@ -1136,6 +1147,10 @@ void hci_conn_del_sysfs(struct hci_conn *conn);
1136#define lmp_inq_tx_pwr_capable(dev) ((dev)->features[0][7] & LMP_INQ_TX_PWR) 1147#define lmp_inq_tx_pwr_capable(dev) ((dev)->features[0][7] & LMP_INQ_TX_PWR)
1137#define lmp_ext_feat_capable(dev) ((dev)->features[0][7] & LMP_EXTFEATURES) 1148#define lmp_ext_feat_capable(dev) ((dev)->features[0][7] & LMP_EXTFEATURES)
1138#define lmp_transp_capable(dev) ((dev)->features[0][2] & LMP_TRANSPARENT) 1149#define lmp_transp_capable(dev) ((dev)->features[0][2] & LMP_TRANSPARENT)
1150#define lmp_edr_2m_capable(dev) ((dev)->features[0][3] & LMP_EDR_2M)
1151#define lmp_edr_3m_capable(dev) ((dev)->features[0][3] & LMP_EDR_3M)
1152#define lmp_edr_3slot_capable(dev) ((dev)->features[0][4] & LMP_EDR_3SLOT)
1153#define lmp_edr_5slot_capable(dev) ((dev)->features[0][5] & LMP_EDR_5SLOT)
1139 1154
1140/* ----- Extended LMP capabilities ----- */ 1155/* ----- Extended LMP capabilities ----- */
1141#define lmp_csb_master_capable(dev) ((dev)->features[2][0] & LMP_CSB_MASTER) 1156#define lmp_csb_master_capable(dev) ((dev)->features[2][0] & LMP_CSB_MASTER)
@@ -1156,6 +1171,24 @@ void hci_conn_del_sysfs(struct hci_conn *conn);
1156#define bredr_sc_enabled(dev) (lmp_sc_capable(dev) && \ 1171#define bredr_sc_enabled(dev) (lmp_sc_capable(dev) && \
1157 hci_dev_test_flag(dev, HCI_SC_ENABLED)) 1172 hci_dev_test_flag(dev, HCI_SC_ENABLED))
1158 1173
1174#define scan_1m(dev) (((dev)->le_tx_def_phys & HCI_LE_SET_PHY_1M) || \
1175 ((dev)->le_rx_def_phys & HCI_LE_SET_PHY_1M))
1176
1177#define scan_2m(dev) (((dev)->le_tx_def_phys & HCI_LE_SET_PHY_2M) || \
1178 ((dev)->le_rx_def_phys & HCI_LE_SET_PHY_2M))
1179
1180#define scan_coded(dev) (((dev)->le_tx_def_phys & HCI_LE_SET_PHY_CODED) || \
1181 ((dev)->le_rx_def_phys & HCI_LE_SET_PHY_CODED))
1182
1183/* Use ext scanning if set ext scan param and ext scan enable is supported */
1184#define use_ext_scan(dev) (((dev)->commands[37] & 0x20) && \
1185 ((dev)->commands[37] & 0x40))
1186/* Use ext create connection if command is supported */
1187#define use_ext_conn(dev) ((dev)->commands[37] & 0x80)
1188
1189/* Extended advertising support */
1190#define ext_adv_capable(dev) (((dev)->le_features[1] & HCI_LE_EXT_ADV))
1191
1159/* ----- HCI protocols ----- */ 1192/* ----- HCI protocols ----- */
1160#define HCI_PROTO_DEFER 0x01 1193#define HCI_PROTO_DEFER 0x01
1161 1194
@@ -1529,6 +1562,7 @@ void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev,
1529 u8 instance); 1562 u8 instance);
1530void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev, 1563void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1531 u8 instance); 1564 u8 instance);
1565int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip);
1532 1566
1533u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency, 1567u8 hci_le_conn_update(struct hci_conn *conn, u16 min, u16 max, u16 latency,
1534 u16 to_multiplier); 1568 u16 to_multiplier);
diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h
index e7303eee65cd..9cee7ddc6741 100644
--- a/include/net/bluetooth/mgmt.h
+++ b/include/net/bluetooth/mgmt.h
@@ -101,6 +101,7 @@ struct mgmt_rp_read_index_list {
101#define MGMT_SETTING_PRIVACY 0x00002000 101#define MGMT_SETTING_PRIVACY 0x00002000
102#define MGMT_SETTING_CONFIGURATION 0x00004000 102#define MGMT_SETTING_CONFIGURATION 0x00004000
103#define MGMT_SETTING_STATIC_ADDRESS 0x00008000 103#define MGMT_SETTING_STATIC_ADDRESS 0x00008000
104#define MGMT_SETTING_PHY_CONFIGURATION 0x00010000
104 105
105#define MGMT_OP_READ_INFO 0x0004 106#define MGMT_OP_READ_INFO 0x0004
106#define MGMT_READ_INFO_SIZE 0 107#define MGMT_READ_INFO_SIZE 0
@@ -561,6 +562,12 @@ struct mgmt_rp_add_advertising {
561#define MGMT_ADV_FLAG_TX_POWER BIT(4) 562#define MGMT_ADV_FLAG_TX_POWER BIT(4)
562#define MGMT_ADV_FLAG_APPEARANCE BIT(5) 563#define MGMT_ADV_FLAG_APPEARANCE BIT(5)
563#define MGMT_ADV_FLAG_LOCAL_NAME BIT(6) 564#define MGMT_ADV_FLAG_LOCAL_NAME BIT(6)
565#define MGMT_ADV_FLAG_SEC_1M BIT(7)
566#define MGMT_ADV_FLAG_SEC_2M BIT(8)
567#define MGMT_ADV_FLAG_SEC_CODED BIT(9)
568
569#define MGMT_ADV_FLAG_SEC_MASK (MGMT_ADV_FLAG_SEC_1M | MGMT_ADV_FLAG_SEC_2M | \
570 MGMT_ADV_FLAG_SEC_CODED)
564 571
565#define MGMT_OP_REMOVE_ADVERTISING 0x003F 572#define MGMT_OP_REMOVE_ADVERTISING 0x003F
566struct mgmt_cp_remove_advertising { 573struct mgmt_cp_remove_advertising {
@@ -604,6 +611,49 @@ struct mgmt_cp_set_appearance {
604} __packed; 611} __packed;
605#define MGMT_SET_APPEARANCE_SIZE 2 612#define MGMT_SET_APPEARANCE_SIZE 2
606 613
614#define MGMT_OP_GET_PHY_CONFIGURATION 0x0044
615struct mgmt_rp_get_phy_confguration {
616 __le32 supported_phys;
617 __le32 configurable_phys;
618 __le32 selected_phys;
619} __packed;
620#define MGMT_GET_PHY_CONFIGURATION_SIZE 0
621
622#define MGMT_PHY_BR_1M_1SLOT 0x00000001
623#define MGMT_PHY_BR_1M_3SLOT 0x00000002
624#define MGMT_PHY_BR_1M_5SLOT 0x00000004
625#define MGMT_PHY_EDR_2M_1SLOT 0x00000008
626#define MGMT_PHY_EDR_2M_3SLOT 0x00000010
627#define MGMT_PHY_EDR_2M_5SLOT 0x00000020
628#define MGMT_PHY_EDR_3M_1SLOT 0x00000040
629#define MGMT_PHY_EDR_3M_3SLOT 0x00000080
630#define MGMT_PHY_EDR_3M_5SLOT 0x00000100
631#define MGMT_PHY_LE_1M_TX 0x00000200
632#define MGMT_PHY_LE_1M_RX 0x00000400
633#define MGMT_PHY_LE_2M_TX 0x00000800
634#define MGMT_PHY_LE_2M_RX 0x00001000
635#define MGMT_PHY_LE_CODED_TX 0x00002000
636#define MGMT_PHY_LE_CODED_RX 0x00004000
637
638#define MGMT_PHY_BREDR_MASK (MGMT_PHY_BR_1M_1SLOT | MGMT_PHY_BR_1M_3SLOT | \
639 MGMT_PHY_BR_1M_5SLOT | MGMT_PHY_EDR_2M_1SLOT | \
640 MGMT_PHY_EDR_2M_3SLOT | MGMT_PHY_EDR_2M_5SLOT | \
641 MGMT_PHY_EDR_3M_1SLOT | MGMT_PHY_EDR_3M_3SLOT | \
642 MGMT_PHY_EDR_3M_5SLOT)
643#define MGMT_PHY_LE_MASK (MGMT_PHY_LE_1M_TX | MGMT_PHY_LE_1M_RX | \
644 MGMT_PHY_LE_2M_TX | MGMT_PHY_LE_2M_RX | \
645 MGMT_PHY_LE_CODED_TX | MGMT_PHY_LE_CODED_RX)
646#define MGMT_PHY_LE_TX_MASK (MGMT_PHY_LE_1M_TX | MGMT_PHY_LE_2M_TX | \
647 MGMT_PHY_LE_CODED_TX)
648#define MGMT_PHY_LE_RX_MASK (MGMT_PHY_LE_1M_RX | MGMT_PHY_LE_2M_RX | \
649 MGMT_PHY_LE_CODED_RX)
650
651#define MGMT_OP_SET_PHY_CONFIGURATION 0x0045
652struct mgmt_cp_set_phy_confguration {
653 __le32 selected_phys;
654} __packed;
655#define MGMT_SET_PHY_CONFIGURATION_SIZE 4
656
607#define MGMT_EV_CMD_COMPLETE 0x0001 657#define MGMT_EV_CMD_COMPLETE 0x0001
608struct mgmt_ev_cmd_complete { 658struct mgmt_ev_cmd_complete {
609 __le16 opcode; 659 __le16 opcode;
@@ -824,3 +874,8 @@ struct mgmt_ev_ext_info_changed {
824 __le16 eir_len; 874 __le16 eir_len;
825 __u8 eir[0]; 875 __u8 eir[0];
826} __packed; 876} __packed;
877
878#define MGMT_EV_PHY_CONFIGURATION_CHANGED 0x0026
879struct mgmt_ev_phy_configuration_changed {
880 __le32 selected_phys;
881} __packed;
diff --git a/net/6lowpan/iphc.c b/net/6lowpan/iphc.c
index 6b1042e21656..52fad5dad9f7 100644
--- a/net/6lowpan/iphc.c
+++ b/net/6lowpan/iphc.c
@@ -770,6 +770,7 @@ int lowpan_header_decompress(struct sk_buff *skb, const struct net_device *dev,
770 hdr.hop_limit, &hdr.daddr); 770 hdr.hop_limit, &hdr.daddr);
771 771
772 skb_push(skb, sizeof(hdr)); 772 skb_push(skb, sizeof(hdr));
773 skb_reset_mac_header(skb);
773 skb_reset_network_header(skb); 774 skb_reset_network_header(skb);
774 skb_copy_to_linear_data(skb, &hdr, sizeof(hdr)); 775 skb_copy_to_linear_data(skb, &hdr, sizeof(hdr));
775 776
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 3264e1873219..deacc52d7ff1 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -159,7 +159,7 @@ void bt_accept_enqueue(struct sock *parent, struct sock *sk)
159 BT_DBG("parent %p, sk %p", parent, sk); 159 BT_DBG("parent %p, sk %p", parent, sk);
160 160
161 sock_hold(sk); 161 sock_hold(sk);
162 lock_sock(sk); 162 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
163 list_add_tail(&bt_sk(sk)->accept_q, &bt_sk(parent)->accept_q); 163 list_add_tail(&bt_sk(sk)->accept_q, &bt_sk(parent)->accept_q);
164 bt_sk(sk)->parent = parent; 164 bt_sk(sk)->parent = parent;
165 release_sock(sk); 165 release_sock(sk);
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 45ff5dc124cc..bd4978ce8c45 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -748,11 +748,30 @@ static bool conn_use_rpa(struct hci_conn *conn)
748 return hci_dev_test_flag(hdev, HCI_PRIVACY); 748 return hci_dev_test_flag(hdev, HCI_PRIVACY);
749} 749}
750 750
751static void set_ext_conn_params(struct hci_conn *conn,
752 struct hci_cp_le_ext_conn_param *p)
753{
754 struct hci_dev *hdev = conn->hdev;
755
756 memset(p, 0, sizeof(*p));
757
758 /* Set window to be the same value as the interval to
759 * enable continuous scanning.
760 */
761 p->scan_interval = cpu_to_le16(hdev->le_scan_interval);
762 p->scan_window = p->scan_interval;
763 p->conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
764 p->conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
765 p->conn_latency = cpu_to_le16(conn->le_conn_latency);
766 p->supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
767 p->min_ce_len = cpu_to_le16(0x0000);
768 p->max_ce_len = cpu_to_le16(0x0000);
769}
770
751static void hci_req_add_le_create_conn(struct hci_request *req, 771static void hci_req_add_le_create_conn(struct hci_request *req,
752 struct hci_conn *conn, 772 struct hci_conn *conn,
753 bdaddr_t *direct_rpa) 773 bdaddr_t *direct_rpa)
754{ 774{
755 struct hci_cp_le_create_conn cp;
756 struct hci_dev *hdev = conn->hdev; 775 struct hci_dev *hdev = conn->hdev;
757 u8 own_addr_type; 776 u8 own_addr_type;
758 777
@@ -775,25 +794,71 @@ static void hci_req_add_le_create_conn(struct hci_request *req,
775 return; 794 return;
776 } 795 }
777 796
778 memset(&cp, 0, sizeof(cp)); 797 if (use_ext_conn(hdev)) {
798 struct hci_cp_le_ext_create_conn *cp;
799 struct hci_cp_le_ext_conn_param *p;
800 u8 data[sizeof(*cp) + sizeof(*p) * 3];
801 u32 plen;
779 802
780 /* Set window to be the same value as the interval to enable 803 cp = (void *) data;
781 * continuous scanning. 804 p = (void *) cp->data;
782 */ 805
783 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval); 806 memset(cp, 0, sizeof(*cp));
784 cp.scan_window = cp.scan_interval;
785 807
786 bacpy(&cp.peer_addr, &conn->dst); 808 bacpy(&cp->peer_addr, &conn->dst);
787 cp.peer_addr_type = conn->dst_type; 809 cp->peer_addr_type = conn->dst_type;
788 cp.own_address_type = own_addr_type; 810 cp->own_addr_type = own_addr_type;
789 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
790 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
791 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
792 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
793 cp.min_ce_len = cpu_to_le16(0x0000);
794 cp.max_ce_len = cpu_to_le16(0x0000);
795 811
796 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp); 812 plen = sizeof(*cp);
813
814 if (scan_1m(hdev)) {
815 cp->phys |= LE_SCAN_PHY_1M;
816 set_ext_conn_params(conn, p);
817
818 p++;
819 plen += sizeof(*p);
820 }
821
822 if (scan_2m(hdev)) {
823 cp->phys |= LE_SCAN_PHY_2M;
824 set_ext_conn_params(conn, p);
825
826 p++;
827 plen += sizeof(*p);
828 }
829
830 if (scan_coded(hdev)) {
831 cp->phys |= LE_SCAN_PHY_CODED;
832 set_ext_conn_params(conn, p);
833
834 plen += sizeof(*p);
835 }
836
837 hci_req_add(req, HCI_OP_LE_EXT_CREATE_CONN, plen, data);
838
839 } else {
840 struct hci_cp_le_create_conn cp;
841
842 memset(&cp, 0, sizeof(cp));
843
844 /* Set window to be the same value as the interval to enable
845 * continuous scanning.
846 */
847 cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);
848 cp.scan_window = cp.scan_interval;
849
850 bacpy(&cp.peer_addr, &conn->dst);
851 cp.peer_addr_type = conn->dst_type;
852 cp.own_address_type = own_addr_type;
853 cp.conn_interval_min = cpu_to_le16(conn->le_conn_min_interval);
854 cp.conn_interval_max = cpu_to_le16(conn->le_conn_max_interval);
855 cp.conn_latency = cpu_to_le16(conn->le_conn_latency);
856 cp.supervision_timeout = cpu_to_le16(conn->le_supv_timeout);
857 cp.min_ce_len = cpu_to_le16(0x0000);
858 cp.max_ce_len = cpu_to_le16(0x0000);
859
860 hci_req_add(req, HCI_OP_LE_CREATE_CONN, sizeof(cp), &cp);
861 }
797 862
798 conn->state = BT_CONNECT; 863 conn->state = BT_CONNECT;
799 clear_bit(HCI_CONN_SCANNING, &conn->flags); 864 clear_bit(HCI_CONN_SCANNING, &conn->flags);
@@ -803,35 +868,81 @@ static void hci_req_directed_advertising(struct hci_request *req,
803 struct hci_conn *conn) 868 struct hci_conn *conn)
804{ 869{
805 struct hci_dev *hdev = req->hdev; 870 struct hci_dev *hdev = req->hdev;
806 struct hci_cp_le_set_adv_param cp;
807 u8 own_addr_type; 871 u8 own_addr_type;
808 u8 enable; 872 u8 enable;
809 873
810 /* Clear the HCI_LE_ADV bit temporarily so that the 874 if (ext_adv_capable(hdev)) {
811 * hci_update_random_address knows that it's safe to go ahead 875 struct hci_cp_le_set_ext_adv_params cp;
812 * and write a new random address. The flag will be set back on 876 bdaddr_t random_addr;
813 * as soon as the SET_ADV_ENABLE HCI command completes.
814 */
815 hci_dev_clear_flag(hdev, HCI_LE_ADV);
816 877
817 /* Set require_privacy to false so that the remote device has a 878 /* Set require_privacy to false so that the remote device has a
818 * chance of identifying us. 879 * chance of identifying us.
819 */ 880 */
820 if (hci_update_random_address(req, false, conn_use_rpa(conn), 881 if (hci_get_random_address(hdev, false, conn_use_rpa(conn), NULL,
821 &own_addr_type) < 0) 882 &own_addr_type, &random_addr) < 0)
822 return; 883 return;
823 884
824 memset(&cp, 0, sizeof(cp)); 885 memset(&cp, 0, sizeof(cp));
825 cp.type = LE_ADV_DIRECT_IND;
826 cp.own_address_type = own_addr_type;
827 cp.direct_addr_type = conn->dst_type;
828 bacpy(&cp.direct_addr, &conn->dst);
829 cp.channel_map = hdev->le_adv_channel_map;
830 886
831 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp); 887 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_DIRECT_IND);
888 cp.own_addr_type = own_addr_type;
889 cp.channel_map = hdev->le_adv_channel_map;
890 cp.tx_power = HCI_TX_POWER_INVALID;
891 cp.primary_phy = HCI_ADV_PHY_1M;
892 cp.secondary_phy = HCI_ADV_PHY_1M;
893 cp.handle = 0; /* Use instance 0 for directed adv */
894 cp.own_addr_type = own_addr_type;
895 cp.peer_addr_type = conn->dst_type;
896 bacpy(&cp.peer_addr, &conn->dst);
897
898 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(cp), &cp);
899
900 if (own_addr_type == ADDR_LE_DEV_RANDOM &&
901 bacmp(&random_addr, BDADDR_ANY) &&
902 bacmp(&random_addr, &hdev->random_addr)) {
903 struct hci_cp_le_set_adv_set_rand_addr cp;
904
905 memset(&cp, 0, sizeof(cp));
906
907 cp.handle = 0;
908 bacpy(&cp.bdaddr, &random_addr);
909
910 hci_req_add(req,
911 HCI_OP_LE_SET_ADV_SET_RAND_ADDR,
912 sizeof(cp), &cp);
913 }
832 914
833 enable = 0x01; 915 __hci_req_enable_ext_advertising(req);
834 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 916 } else {
917 struct hci_cp_le_set_adv_param cp;
918
919 /* Clear the HCI_LE_ADV bit temporarily so that the
920 * hci_update_random_address knows that it's safe to go ahead
921 * and write a new random address. The flag will be set back on
922 * as soon as the SET_ADV_ENABLE HCI command completes.
923 */
924 hci_dev_clear_flag(hdev, HCI_LE_ADV);
925
926 /* Set require_privacy to false so that the remote device has a
927 * chance of identifying us.
928 */
929 if (hci_update_random_address(req, false, conn_use_rpa(conn),
930 &own_addr_type) < 0)
931 return;
932
933 memset(&cp, 0, sizeof(cp));
934 cp.type = LE_ADV_DIRECT_IND;
935 cp.own_address_type = own_addr_type;
936 cp.direct_addr_type = conn->dst_type;
937 bacpy(&cp.direct_addr, &conn->dst);
938 cp.channel_map = hdev->le_adv_channel_map;
939
940 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
941
942 enable = 0x01;
943 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable),
944 &enable);
945 }
835 946
836 conn->state = BT_CONNECT; 947 conn->state = BT_CONNECT;
837} 948}
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index ee8ef1228263..74b29c7d841c 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -695,11 +695,42 @@ static int hci_init3_req(struct hci_request *req, unsigned long opt)
695 if (hdev->commands[35] & (0x20 | 0x40)) 695 if (hdev->commands[35] & (0x20 | 0x40))
696 events[1] |= 0x08; /* LE PHY Update Complete */ 696 events[1] |= 0x08; /* LE PHY Update Complete */
697 697
698 /* If the controller supports LE Set Extended Scan Parameters
699 * and LE Set Extended Scan Enable commands, enable the
700 * corresponding event.
701 */
702 if (use_ext_scan(hdev))
703 events[1] |= 0x10; /* LE Extended Advertising
704 * Report
705 */
706
707 /* If the controller supports the LE Extended Create Connection
708 * command, enable the corresponding event.
709 */
710 if (use_ext_conn(hdev))
711 events[1] |= 0x02; /* LE Enhanced Connection
712 * Complete
713 */
714
715 /* If the controller supports the LE Extended Advertising
716 * command, enable the corresponding event.
717 */
718 if (ext_adv_capable(hdev))
719 events[2] |= 0x02; /* LE Advertising Set
720 * Terminated
721 */
722
698 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events), 723 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
699 events); 724 events);
700 725
701 if (hdev->commands[25] & 0x40) { 726 /* Read LE Advertising Channel TX Power */
702 /* Read LE Advertising Channel TX Power */ 727 if ((hdev->commands[25] & 0x40) && !ext_adv_capable(hdev)) {
728 /* HCI TS spec forbids mixing of legacy and extended
729 * advertising commands wherein READ_ADV_TX_POWER is
730 * also included. So do not call it if extended adv
731 * is supported otherwise controller will return
732 * COMMAND_DISALLOWED for extended commands.
733 */
703 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL); 734 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
704 } 735 }
705 736
@@ -714,6 +745,17 @@ static int hci_init3_req(struct hci_request *req, unsigned long opt)
714 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL); 745 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
715 } 746 }
716 747
748 if (hdev->commands[34] & 0x40) {
749 /* Read LE Resolving List Size */
750 hci_req_add(req, HCI_OP_LE_READ_RESOLV_LIST_SIZE,
751 0, NULL);
752 }
753
754 if (hdev->commands[34] & 0x20) {
755 /* Clear LE Resolving List */
756 hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
757 }
758
717 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) { 759 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
718 /* Read LE Maximum Data Length */ 760 /* Read LE Maximum Data Length */
719 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL); 761 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
@@ -722,6 +764,12 @@ static int hci_init3_req(struct hci_request *req, unsigned long opt)
722 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL); 764 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
723 } 765 }
724 766
767 if (ext_adv_capable(hdev)) {
768 /* Read LE Number of Supported Advertising Sets */
769 hci_req_add(req, HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS,
770 0, NULL);
771 }
772
725 hci_set_le_support(req); 773 hci_set_le_support(req);
726 } 774 }
727 775
@@ -802,10 +850,9 @@ static int hci_init4_req(struct hci_request *req, unsigned long opt)
802 if (hdev->commands[35] & 0x20) { 850 if (hdev->commands[35] & 0x20) {
803 struct hci_cp_le_set_default_phy cp; 851 struct hci_cp_le_set_default_phy cp;
804 852
805 /* No transmitter PHY or receiver PHY preferences */ 853 cp.all_phys = 0x00;
806 cp.all_phys = 0x03; 854 cp.tx_phys = hdev->le_tx_def_phys;
807 cp.tx_phys = 0; 855 cp.rx_phys = hdev->le_rx_def_phys;
808 cp.rx_phys = 0;
809 856
810 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp); 857 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp);
811 } 858 }
@@ -1368,7 +1415,8 @@ static int hci_dev_do_open(struct hci_dev *hdev)
1368 atomic_set(&hdev->cmd_cnt, 1); 1415 atomic_set(&hdev->cmd_cnt, 1);
1369 set_bit(HCI_INIT, &hdev->flags); 1416 set_bit(HCI_INIT, &hdev->flags);
1370 1417
1371 if (hci_dev_test_flag(hdev, HCI_SETUP)) { 1418 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1419 test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
1372 hci_sock_dev_event(hdev, HCI_DEV_SETUP); 1420 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1373 1421
1374 if (hdev->setup) 1422 if (hdev->setup)
@@ -1432,6 +1480,7 @@ static int hci_dev_do_open(struct hci_dev *hdev)
1432 if (!ret) { 1480 if (!ret) {
1433 hci_dev_hold(hdev); 1481 hci_dev_hold(hdev);
1434 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 1482 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1483 hci_adv_instances_set_rpa_expired(hdev, true);
1435 set_bit(HCI_UP, &hdev->flags); 1484 set_bit(HCI_UP, &hdev->flags);
1436 hci_sock_dev_event(hdev, HCI_DEV_UP); 1485 hci_sock_dev_event(hdev, HCI_DEV_UP);
1437 hci_leds_update_powered(hdev, true); 1486 hci_leds_update_powered(hdev, true);
@@ -1587,9 +1636,15 @@ int hci_dev_do_close(struct hci_dev *hdev)
1587 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) 1636 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1588 cancel_delayed_work(&hdev->service_cache); 1637 cancel_delayed_work(&hdev->service_cache);
1589 1638
1590 if (hci_dev_test_flag(hdev, HCI_MGMT)) 1639 if (hci_dev_test_flag(hdev, HCI_MGMT)) {
1640 struct adv_info *adv_instance;
1641
1591 cancel_delayed_work_sync(&hdev->rpa_expired); 1642 cancel_delayed_work_sync(&hdev->rpa_expired);
1592 1643
1644 list_for_each_entry(adv_instance, &hdev->adv_instances, list)
1645 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
1646 }
1647
1593 /* Avoid potential lockdep warnings from the *_flush() calls by 1648 /* Avoid potential lockdep warnings from the *_flush() calls by
1594 * ensuring the workqueue is empty up front. 1649 * ensuring the workqueue is empty up front.
1595 */ 1650 */
@@ -1897,7 +1952,11 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
1897 break; 1952 break;
1898 1953
1899 case HCISETPTYPE: 1954 case HCISETPTYPE:
1955 if (hdev->pkt_type == (__u16) dr.dev_opt)
1956 break;
1957
1900 hdev->pkt_type = (__u16) dr.dev_opt; 1958 hdev->pkt_type = (__u16) dr.dev_opt;
1959 mgmt_phy_configuration_changed(hdev, NULL);
1901 break; 1960 break;
1902 1961
1903 case HCISETACLMTU: 1962 case HCISETACLMTU:
@@ -2661,6 +2720,8 @@ int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2661 hdev->cur_adv_instance = 0x00; 2720 hdev->cur_adv_instance = 0x00;
2662 } 2721 }
2663 2722
2723 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2724
2664 list_del(&adv_instance->list); 2725 list_del(&adv_instance->list);
2665 kfree(adv_instance); 2726 kfree(adv_instance);
2666 2727
@@ -2669,6 +2730,14 @@ int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2669 return 0; 2730 return 0;
2670} 2731}
2671 2732
2733void hci_adv_instances_set_rpa_expired(struct hci_dev *hdev, bool rpa_expired)
2734{
2735 struct adv_info *adv_instance, *n;
2736
2737 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list)
2738 adv_instance->rpa_expired = rpa_expired;
2739}
2740
2672/* This function requires the caller holds hdev->lock */ 2741/* This function requires the caller holds hdev->lock */
2673void hci_adv_instances_clear(struct hci_dev *hdev) 2742void hci_adv_instances_clear(struct hci_dev *hdev)
2674{ 2743{
@@ -2680,6 +2749,7 @@ void hci_adv_instances_clear(struct hci_dev *hdev)
2680 } 2749 }
2681 2750
2682 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) { 2751 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2752 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2683 list_del(&adv_instance->list); 2753 list_del(&adv_instance->list);
2684 kfree(adv_instance); 2754 kfree(adv_instance);
2685 } 2755 }
@@ -2688,6 +2758,16 @@ void hci_adv_instances_clear(struct hci_dev *hdev)
2688 hdev->cur_adv_instance = 0x00; 2758 hdev->cur_adv_instance = 0x00;
2689} 2759}
2690 2760
2761static void adv_instance_rpa_expired(struct work_struct *work)
2762{
2763 struct adv_info *adv_instance = container_of(work, struct adv_info,
2764 rpa_expired_cb.work);
2765
2766 BT_DBG("");
2767
2768 adv_instance->rpa_expired = true;
2769}
2770
2691/* This function requires the caller holds hdev->lock */ 2771/* This function requires the caller holds hdev->lock */
2692int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags, 2772int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2693 u16 adv_data_len, u8 *adv_data, 2773 u16 adv_data_len, u8 *adv_data,
@@ -2736,6 +2816,11 @@ int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2736 else 2816 else
2737 adv_instance->duration = duration; 2817 adv_instance->duration = duration;
2738 2818
2819 adv_instance->tx_power = HCI_TX_POWER_INVALID;
2820
2821 INIT_DELAYED_WORK(&adv_instance->rpa_expired_cb,
2822 adv_instance_rpa_expired);
2823
2739 BT_DBG("%s for %dMR", hdev->name, instance); 2824 BT_DBG("%s for %dMR", hdev->name, instance);
2740 2825
2741 return 0; 2826 return 0;
@@ -2999,6 +3084,8 @@ struct hci_dev *hci_alloc_dev(void)
2999 hdev->le_max_tx_time = 0x0148; 3084 hdev->le_max_tx_time = 0x0148;
3000 hdev->le_max_rx_len = 0x001b; 3085 hdev->le_max_rx_len = 0x001b;
3001 hdev->le_max_rx_time = 0x0148; 3086 hdev->le_max_rx_time = 0x0148;
3087 hdev->le_tx_def_phys = HCI_LE_SET_PHY_1M;
3088 hdev->le_rx_def_phys = HCI_LE_SET_PHY_1M;
3002 3089
3003 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT; 3090 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3004 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT; 3091 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
@@ -3017,6 +3104,7 @@ struct hci_dev *hci_alloc_dev(void)
3017 INIT_LIST_HEAD(&hdev->identity_resolving_keys); 3104 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3018 INIT_LIST_HEAD(&hdev->remote_oob_data); 3105 INIT_LIST_HEAD(&hdev->remote_oob_data);
3019 INIT_LIST_HEAD(&hdev->le_white_list); 3106 INIT_LIST_HEAD(&hdev->le_white_list);
3107 INIT_LIST_HEAD(&hdev->le_resolv_list);
3020 INIT_LIST_HEAD(&hdev->le_conn_params); 3108 INIT_LIST_HEAD(&hdev->le_conn_params);
3021 INIT_LIST_HEAD(&hdev->pend_le_conns); 3109 INIT_LIST_HEAD(&hdev->pend_le_conns);
3022 INIT_LIST_HEAD(&hdev->pend_le_reports); 3110 INIT_LIST_HEAD(&hdev->pend_le_reports);
@@ -3218,6 +3306,7 @@ void hci_unregister_dev(struct hci_dev *hdev)
3218 hci_remote_oob_data_clear(hdev); 3306 hci_remote_oob_data_clear(hdev);
3219 hci_adv_instances_clear(hdev); 3307 hci_adv_instances_clear(hdev);
3220 hci_bdaddr_list_clear(&hdev->le_white_list); 3308 hci_bdaddr_list_clear(&hdev->le_white_list);
3309 hci_bdaddr_list_clear(&hdev->le_resolv_list);
3221 hci_conn_params_clear_all(hdev); 3310 hci_conn_params_clear_all(hdev);
3222 hci_discovery_filter_clear(hdev); 3311 hci_discovery_filter_clear(hdev);
3223 hci_dev_unlock(hdev); 3312 hci_dev_unlock(hdev);
diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c
index 0d8ab5b3c177..51f5b1efc3a5 100644
--- a/net/bluetooth/hci_debugfs.c
+++ b/net/bluetooth/hci_debugfs.c
@@ -694,6 +694,21 @@ static int white_list_show(struct seq_file *f, void *ptr)
694 694
695DEFINE_SHOW_ATTRIBUTE(white_list); 695DEFINE_SHOW_ATTRIBUTE(white_list);
696 696
697static int resolv_list_show(struct seq_file *f, void *ptr)
698{
699 struct hci_dev *hdev = f->private;
700 struct bdaddr_list *b;
701
702 hci_dev_lock(hdev);
703 list_for_each_entry(b, &hdev->le_resolv_list, list)
704 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
705 hci_dev_unlock(hdev);
706
707 return 0;
708}
709
710DEFINE_SHOW_ATTRIBUTE(resolv_list);
711
697static int identity_resolving_keys_show(struct seq_file *f, void *ptr) 712static int identity_resolving_keys_show(struct seq_file *f, void *ptr)
698{ 713{
699 struct hci_dev *hdev = f->private; 714 struct hci_dev *hdev = f->private;
@@ -955,6 +970,10 @@ void hci_debugfs_create_le(struct hci_dev *hdev)
955 &hdev->le_white_list_size); 970 &hdev->le_white_list_size);
956 debugfs_create_file("white_list", 0444, hdev->debugfs, hdev, 971 debugfs_create_file("white_list", 0444, hdev->debugfs, hdev,
957 &white_list_fops); 972 &white_list_fops);
973 debugfs_create_u8("resolv_list_size", 0444, hdev->debugfs,
974 &hdev->le_resolv_list_size);
975 debugfs_create_file("resolv_list", 0444, hdev->debugfs, hdev,
976 &resolv_list_fops);
958 debugfs_create_file("identity_resolving_keys", 0400, hdev->debugfs, 977 debugfs_create_file("identity_resolving_keys", 0400, hdev->debugfs,
959 hdev, &identity_resolving_keys_fops); 978 hdev, &identity_resolving_keys_fops);
960 debugfs_create_file("long_term_keys", 0400, hdev->debugfs, hdev, 979 debugfs_create_file("long_term_keys", 0400, hdev->debugfs, hdev,
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 235b5aaab23d..754714c8d752 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -221,6 +221,7 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
221 hdev->ssp_debug_mode = 0; 221 hdev->ssp_debug_mode = 0;
222 222
223 hci_bdaddr_list_clear(&hdev->le_white_list); 223 hci_bdaddr_list_clear(&hdev->le_white_list);
224 hci_bdaddr_list_clear(&hdev->le_resolv_list);
224} 225}
225 226
226static void hci_cc_read_stored_link_key(struct hci_dev *hdev, 227static void hci_cc_read_stored_link_key(struct hci_dev *hdev,
@@ -1041,6 +1042,57 @@ static void hci_cc_le_set_random_addr(struct hci_dev *hdev, struct sk_buff *skb)
1041 hci_dev_unlock(hdev); 1042 hci_dev_unlock(hdev);
1042} 1043}
1043 1044
1045static void hci_cc_le_set_default_phy(struct hci_dev *hdev, struct sk_buff *skb)
1046{
1047 __u8 status = *((__u8 *) skb->data);
1048 struct hci_cp_le_set_default_phy *cp;
1049
1050 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1051
1052 if (status)
1053 return;
1054
1055 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_DEFAULT_PHY);
1056 if (!cp)
1057 return;
1058
1059 hci_dev_lock(hdev);
1060
1061 hdev->le_tx_def_phys = cp->tx_phys;
1062 hdev->le_rx_def_phys = cp->rx_phys;
1063
1064 hci_dev_unlock(hdev);
1065}
1066
1067static void hci_cc_le_set_adv_set_random_addr(struct hci_dev *hdev,
1068 struct sk_buff *skb)
1069{
1070 __u8 status = *((__u8 *) skb->data);
1071 struct hci_cp_le_set_adv_set_rand_addr *cp;
1072 struct adv_info *adv_instance;
1073
1074 if (status)
1075 return;
1076
1077 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_ADV_SET_RAND_ADDR);
1078 if (!cp)
1079 return;
1080
1081 hci_dev_lock(hdev);
1082
1083 if (!hdev->cur_adv_instance) {
1084 /* Store in hdev for instance 0 (Set adv and Directed advs) */
1085 bacpy(&hdev->random_addr, &cp->bdaddr);
1086 } else {
1087 adv_instance = hci_find_adv_instance(hdev,
1088 hdev->cur_adv_instance);
1089 if (adv_instance)
1090 bacpy(&adv_instance->random_addr, &cp->bdaddr);
1091 }
1092
1093 hci_dev_unlock(hdev);
1094}
1095
1044static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb) 1096static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1045{ 1097{
1046 __u8 *sent, status = *((__u8 *) skb->data); 1098 __u8 *sent, status = *((__u8 *) skb->data);
@@ -1076,6 +1128,43 @@ static void hci_cc_le_set_adv_enable(struct hci_dev *hdev, struct sk_buff *skb)
1076 hci_dev_unlock(hdev); 1128 hci_dev_unlock(hdev);
1077} 1129}
1078 1130
1131static void hci_cc_le_set_ext_adv_enable(struct hci_dev *hdev,
1132 struct sk_buff *skb)
1133{
1134 struct hci_cp_le_set_ext_adv_enable *cp;
1135 struct hci_cp_ext_adv_set *adv_set;
1136 __u8 status = *((__u8 *) skb->data);
1137
1138 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1139
1140 if (status)
1141 return;
1142
1143 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_ENABLE);
1144 if (!cp)
1145 return;
1146
1147 adv_set = (void *) cp->data;
1148
1149 hci_dev_lock(hdev);
1150
1151 if (cp->enable) {
1152 struct hci_conn *conn;
1153
1154 hci_dev_set_flag(hdev, HCI_LE_ADV);
1155
1156 conn = hci_lookup_le_connect(hdev);
1157 if (conn)
1158 queue_delayed_work(hdev->workqueue,
1159 &conn->le_conn_timeout,
1160 conn->conn_timeout);
1161 } else {
1162 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1163 }
1164
1165 hci_dev_unlock(hdev);
1166}
1167
1079static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb) 1168static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1080{ 1169{
1081 struct hci_cp_le_set_scan_param *cp; 1170 struct hci_cp_le_set_scan_param *cp;
@@ -1097,6 +1186,31 @@ static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1097 hci_dev_unlock(hdev); 1186 hci_dev_unlock(hdev);
1098} 1187}
1099 1188
1189static void hci_cc_le_set_ext_scan_param(struct hci_dev *hdev,
1190 struct sk_buff *skb)
1191{
1192 struct hci_cp_le_set_ext_scan_params *cp;
1193 __u8 status = *((__u8 *) skb->data);
1194 struct hci_cp_le_scan_phy_params *phy_param;
1195
1196 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1197
1198 if (status)
1199 return;
1200
1201 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_PARAMS);
1202 if (!cp)
1203 return;
1204
1205 phy_param = (void *)cp->data;
1206
1207 hci_dev_lock(hdev);
1208
1209 hdev->le_scan_type = phy_param->type;
1210
1211 hci_dev_unlock(hdev);
1212}
1213
1100static bool has_pending_adv_report(struct hci_dev *hdev) 1214static bool has_pending_adv_report(struct hci_dev *hdev)
1101{ 1215{
1102 struct discovery_state *d = &hdev->discovery; 1216 struct discovery_state *d = &hdev->discovery;
@@ -1126,24 +1240,11 @@ static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
1126 d->last_adv_data_len = len; 1240 d->last_adv_data_len = len;
1127} 1241}
1128 1242
1129static void hci_cc_le_set_scan_enable(struct hci_dev *hdev, 1243static void le_set_scan_enable_complete(struct hci_dev *hdev, u8 enable)
1130 struct sk_buff *skb)
1131{ 1244{
1132 struct hci_cp_le_set_scan_enable *cp;
1133 __u8 status = *((__u8 *) skb->data);
1134
1135 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1136
1137 if (status)
1138 return;
1139
1140 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1141 if (!cp)
1142 return;
1143
1144 hci_dev_lock(hdev); 1245 hci_dev_lock(hdev);
1145 1246
1146 switch (cp->enable) { 1247 switch (enable) {
1147 case LE_SCAN_ENABLE: 1248 case LE_SCAN_ENABLE:
1148 hci_dev_set_flag(hdev, HCI_LE_SCAN); 1249 hci_dev_set_flag(hdev, HCI_LE_SCAN);
1149 if (hdev->le_scan_type == LE_SCAN_ACTIVE) 1250 if (hdev->le_scan_type == LE_SCAN_ACTIVE)
@@ -1189,13 +1290,63 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1189 1290
1190 default: 1291 default:
1191 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d", 1292 bt_dev_err(hdev, "use of reserved LE_Scan_Enable param %d",
1192 cp->enable); 1293 enable);
1193 break; 1294 break;
1194 } 1295 }
1195 1296
1196 hci_dev_unlock(hdev); 1297 hci_dev_unlock(hdev);
1197} 1298}
1198 1299
1300static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1301 struct sk_buff *skb)
1302{
1303 struct hci_cp_le_set_scan_enable *cp;
1304 __u8 status = *((__u8 *) skb->data);
1305
1306 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1307
1308 if (status)
1309 return;
1310
1311 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1312 if (!cp)
1313 return;
1314
1315 le_set_scan_enable_complete(hdev, cp->enable);
1316}
1317
1318static void hci_cc_le_set_ext_scan_enable(struct hci_dev *hdev,
1319 struct sk_buff *skb)
1320{
1321 struct hci_cp_le_set_ext_scan_enable *cp;
1322 __u8 status = *((__u8 *) skb->data);
1323
1324 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1325
1326 if (status)
1327 return;
1328
1329 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_SCAN_ENABLE);
1330 if (!cp)
1331 return;
1332
1333 le_set_scan_enable_complete(hdev, cp->enable);
1334}
1335
1336static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
1337 struct sk_buff *skb)
1338{
1339 struct hci_rp_le_read_num_supported_adv_sets *rp = (void *) skb->data;
1340
1341 BT_DBG("%s status 0x%2.2x No of Adv sets %u", hdev->name, rp->status,
1342 rp->num_of_sets);
1343
1344 if (rp->status)
1345 return;
1346
1347 hdev->le_num_of_adv_sets = rp->num_of_sets;
1348}
1349
1199static void hci_cc_le_read_white_list_size(struct hci_dev *hdev, 1350static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
1200 struct sk_buff *skb) 1351 struct sk_buff *skb)
1201{ 1352{
@@ -1306,6 +1457,32 @@ static void hci_cc_le_write_def_data_len(struct hci_dev *hdev,
1306 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time); 1457 hdev->le_def_tx_time = le16_to_cpu(sent->tx_time);
1307} 1458}
1308 1459
1460static void hci_cc_le_clear_resolv_list(struct hci_dev *hdev,
1461 struct sk_buff *skb)
1462{
1463 __u8 status = *((__u8 *) skb->data);
1464
1465 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1466
1467 if (status)
1468 return;
1469
1470 hci_bdaddr_list_clear(&hdev->le_resolv_list);
1471}
1472
1473static void hci_cc_le_read_resolv_list_size(struct hci_dev *hdev,
1474 struct sk_buff *skb)
1475{
1476 struct hci_rp_le_read_resolv_list_size *rp = (void *) skb->data;
1477
1478 BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
1479
1480 if (rp->status)
1481 return;
1482
1483 hdev->le_resolv_list_size = rp->size;
1484}
1485
1309static void hci_cc_le_read_max_data_len(struct hci_dev *hdev, 1486static void hci_cc_le_read_max_data_len(struct hci_dev *hdev,
1310 struct sk_buff *skb) 1487 struct sk_buff *skb)
1311{ 1488{
@@ -1375,6 +1552,37 @@ static void hci_cc_set_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1375 hci_dev_unlock(hdev); 1552 hci_dev_unlock(hdev);
1376} 1553}
1377 1554
1555static void hci_cc_set_ext_adv_param(struct hci_dev *hdev, struct sk_buff *skb)
1556{
1557 struct hci_rp_le_set_ext_adv_params *rp = (void *) skb->data;
1558 struct hci_cp_le_set_ext_adv_params *cp;
1559 struct adv_info *adv_instance;
1560
1561 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1562
1563 if (rp->status)
1564 return;
1565
1566 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS);
1567 if (!cp)
1568 return;
1569
1570 hci_dev_lock(hdev);
1571 hdev->adv_addr_type = cp->own_addr_type;
1572 if (!hdev->cur_adv_instance) {
1573 /* Store in hdev for instance 0 */
1574 hdev->adv_tx_power = rp->tx_power;
1575 } else {
1576 adv_instance = hci_find_adv_instance(hdev,
1577 hdev->cur_adv_instance);
1578 if (adv_instance)
1579 adv_instance->tx_power = rp->tx_power;
1580 }
1581 /* Update adv data as tx power is known now */
1582 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1583 hci_dev_unlock(hdev);
1584}
1585
1378static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb) 1586static void hci_cc_read_rssi(struct hci_dev *hdev, struct sk_buff *skb)
1379{ 1587{
1380 struct hci_rp_read_rssi *rp = (void *) skb->data; 1588 struct hci_rp_read_rssi *rp = (void *) skb->data;
@@ -1896,10 +2104,44 @@ static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1896 hci_dev_unlock(hdev); 2104 hci_dev_unlock(hdev);
1897} 2105}
1898 2106
2107static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
2108 u8 peer_addr_type, u8 own_address_type,
2109 u8 filter_policy)
2110{
2111 struct hci_conn *conn;
2112
2113 conn = hci_conn_hash_lookup_le(hdev, peer_addr,
2114 peer_addr_type);
2115 if (!conn)
2116 return;
2117
2118 /* Store the initiator and responder address information which
2119 * is needed for SMP. These values will not change during the
2120 * lifetime of the connection.
2121 */
2122 conn->init_addr_type = own_address_type;
2123 if (own_address_type == ADDR_LE_DEV_RANDOM)
2124 bacpy(&conn->init_addr, &hdev->random_addr);
2125 else
2126 bacpy(&conn->init_addr, &hdev->bdaddr);
2127
2128 conn->resp_addr_type = peer_addr_type;
2129 bacpy(&conn->resp_addr, peer_addr);
2130
2131 /* We don't want the connection attempt to stick around
2132 * indefinitely since LE doesn't have a page timeout concept
2133 * like BR/EDR. Set a timer for any connection that doesn't use
2134 * the white list for connecting.
2135 */
2136 if (filter_policy == HCI_LE_USE_PEER_ADDR)
2137 queue_delayed_work(conn->hdev->workqueue,
2138 &conn->le_conn_timeout,
2139 conn->conn_timeout);
2140}
2141
1899static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status) 2142static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1900{ 2143{
1901 struct hci_cp_le_create_conn *cp; 2144 struct hci_cp_le_create_conn *cp;
1902 struct hci_conn *conn;
1903 2145
1904 BT_DBG("%s status 0x%2.2x", hdev->name, status); 2146 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1905 2147
@@ -1916,35 +2158,34 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, u8 status)
1916 2158
1917 hci_dev_lock(hdev); 2159 hci_dev_lock(hdev);
1918 2160
1919 conn = hci_conn_hash_lookup_le(hdev, &cp->peer_addr, 2161 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
1920 cp->peer_addr_type); 2162 cp->own_address_type, cp->filter_policy);
1921 if (!conn)
1922 goto unlock;
1923 2163
1924 /* Store the initiator and responder address information which 2164 hci_dev_unlock(hdev);
1925 * is needed for SMP. These values will not change during the 2165}
1926 * lifetime of the connection.
1927 */
1928 conn->init_addr_type = cp->own_address_type;
1929 if (cp->own_address_type == ADDR_LE_DEV_RANDOM)
1930 bacpy(&conn->init_addr, &hdev->random_addr);
1931 else
1932 bacpy(&conn->init_addr, &hdev->bdaddr);
1933 2166
1934 conn->resp_addr_type = cp->peer_addr_type; 2167static void hci_cs_le_ext_create_conn(struct hci_dev *hdev, u8 status)
1935 bacpy(&conn->resp_addr, &cp->peer_addr); 2168{
2169 struct hci_cp_le_ext_create_conn *cp;
1936 2170
1937 /* We don't want the connection attempt to stick around 2171 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1938 * indefinitely since LE doesn't have a page timeout concept 2172
1939 * like BR/EDR. Set a timer for any connection that doesn't use 2173 /* All connection failure handling is taken care of by the
1940 * the white list for connecting. 2174 * hci_le_conn_failed function which is triggered by the HCI
2175 * request completion callbacks used for connecting.
1941 */ 2176 */
1942 if (cp->filter_policy == HCI_LE_USE_PEER_ADDR) 2177 if (status)
1943 queue_delayed_work(conn->hdev->workqueue, 2178 return;
1944 &conn->le_conn_timeout, 2179
1945 conn->conn_timeout); 2180 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_EXT_CREATE_CONN);
2181 if (!cp)
2182 return;
2183
2184 hci_dev_lock(hdev);
2185
2186 cs_le_create_conn(hdev, &cp->peer_addr, cp->peer_addr_type,
2187 cp->own_addr_type, cp->filter_policy);
1946 2188
1947unlock:
1948 hci_dev_unlock(hdev); 2189 hci_dev_unlock(hdev);
1949} 2190}
1950 2191
@@ -2618,8 +2859,10 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2618 /* We should disregard the current RPA and generate a new one 2859 /* We should disregard the current RPA and generate a new one
2619 * whenever the encryption procedure fails. 2860 * whenever the encryption procedure fails.
2620 */ 2861 */
2621 if (ev->status && conn->type == LE_LINK) 2862 if (ev->status && conn->type == LE_LINK) {
2622 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 2863 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
2864 hci_adv_instances_set_rpa_expired(hdev, true);
2865 }
2623 2866
2624 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags); 2867 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2625 2868
@@ -3015,6 +3258,14 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3015 hci_cc_le_write_def_data_len(hdev, skb); 3258 hci_cc_le_write_def_data_len(hdev, skb);
3016 break; 3259 break;
3017 3260
3261 case HCI_OP_LE_CLEAR_RESOLV_LIST:
3262 hci_cc_le_clear_resolv_list(hdev, skb);
3263 break;
3264
3265 case HCI_OP_LE_READ_RESOLV_LIST_SIZE:
3266 hci_cc_le_read_resolv_list_size(hdev, skb);
3267 break;
3268
3018 case HCI_OP_LE_READ_MAX_DATA_LEN: 3269 case HCI_OP_LE_READ_MAX_DATA_LEN:
3019 hci_cc_le_read_max_data_len(hdev, skb); 3270 hci_cc_le_read_max_data_len(hdev, skb);
3020 break; 3271 break;
@@ -3039,6 +3290,34 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
3039 hci_cc_write_ssp_debug_mode(hdev, skb); 3290 hci_cc_write_ssp_debug_mode(hdev, skb);
3040 break; 3291 break;
3041 3292
3293 case HCI_OP_LE_SET_EXT_SCAN_PARAMS:
3294 hci_cc_le_set_ext_scan_param(hdev, skb);
3295 break;
3296
3297 case HCI_OP_LE_SET_EXT_SCAN_ENABLE:
3298 hci_cc_le_set_ext_scan_enable(hdev, skb);
3299 break;
3300
3301 case HCI_OP_LE_SET_DEFAULT_PHY:
3302 hci_cc_le_set_default_phy(hdev, skb);
3303 break;
3304
3305 case HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS:
3306 hci_cc_le_read_num_adv_sets(hdev, skb);
3307 break;
3308
3309 case HCI_OP_LE_SET_EXT_ADV_PARAMS:
3310 hci_cc_set_ext_adv_param(hdev, skb);
3311 break;
3312
3313 case HCI_OP_LE_SET_EXT_ADV_ENABLE:
3314 hci_cc_le_set_ext_adv_enable(hdev, skb);
3315 break;
3316
3317 case HCI_OP_LE_SET_ADV_SET_RAND_ADDR:
3318 hci_cc_le_set_adv_set_random_addr(hdev, skb);
3319 break;
3320
3042 default: 3321 default:
3043 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode); 3322 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3044 break; 3323 break;
@@ -3134,6 +3413,10 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb,
3134 hci_cs_le_start_enc(hdev, ev->status); 3413 hci_cs_le_start_enc(hdev, ev->status);
3135 break; 3414 break;
3136 3415
3416 case HCI_OP_LE_EXT_CREATE_CONN:
3417 hci_cs_le_ext_create_conn(hdev, ev->status);
3418 break;
3419
3137 default: 3420 default:
3138 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode); 3421 BT_DBG("%s opcode 0x%4.4x", hdev->name, *opcode);
3139 break; 3422 break;
@@ -4460,16 +4743,15 @@ static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
4460} 4743}
4461#endif 4744#endif
4462 4745
4463static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) 4746static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
4747 bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle,
4748 u16 interval, u16 latency, u16 supervision_timeout)
4464{ 4749{
4465 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4466 struct hci_conn_params *params; 4750 struct hci_conn_params *params;
4467 struct hci_conn *conn; 4751 struct hci_conn *conn;
4468 struct smp_irk *irk; 4752 struct smp_irk *irk;
4469 u8 addr_type; 4753 u8 addr_type;
4470 4754
4471 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4472
4473 hci_dev_lock(hdev); 4755 hci_dev_lock(hdev);
4474 4756
4475 /* All controllers implicitly stop advertising in the event of a 4757 /* All controllers implicitly stop advertising in the event of a
@@ -4479,13 +4761,13 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4479 4761
4480 conn = hci_lookup_le_connect(hdev); 4762 conn = hci_lookup_le_connect(hdev);
4481 if (!conn) { 4763 if (!conn) {
4482 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr, ev->role); 4764 conn = hci_conn_add(hdev, LE_LINK, bdaddr, role);
4483 if (!conn) { 4765 if (!conn) {
4484 bt_dev_err(hdev, "no memory for new connection"); 4766 bt_dev_err(hdev, "no memory for new connection");
4485 goto unlock; 4767 goto unlock;
4486 } 4768 }
4487 4769
4488 conn->dst_type = ev->bdaddr_type; 4770 conn->dst_type = bdaddr_type;
4489 4771
4490 /* If we didn't have a hci_conn object previously 4772 /* If we didn't have a hci_conn object previously
4491 * but we're in master role this must be something 4773 * but we're in master role this must be something
@@ -4496,8 +4778,8 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4496 * initiator address based on the HCI_PRIVACY flag. 4778 * initiator address based on the HCI_PRIVACY flag.
4497 */ 4779 */
4498 if (conn->out) { 4780 if (conn->out) {
4499 conn->resp_addr_type = ev->bdaddr_type; 4781 conn->resp_addr_type = bdaddr_type;
4500 bacpy(&conn->resp_addr, &ev->bdaddr); 4782 bacpy(&conn->resp_addr, bdaddr);
4501 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) { 4783 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
4502 conn->init_addr_type = ADDR_LE_DEV_RANDOM; 4784 conn->init_addr_type = ADDR_LE_DEV_RANDOM;
4503 bacpy(&conn->init_addr, &hdev->rpa); 4785 bacpy(&conn->init_addr, &hdev->rpa);
@@ -4516,13 +4798,18 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4516 * the advertising address type. 4798 * the advertising address type.
4517 */ 4799 */
4518 conn->resp_addr_type = hdev->adv_addr_type; 4800 conn->resp_addr_type = hdev->adv_addr_type;
4519 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) 4801 if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) {
4520 bacpy(&conn->resp_addr, &hdev->random_addr); 4802 /* In case of ext adv, resp_addr will be updated in
4521 else 4803 * Adv Terminated event.
4804 */
4805 if (!ext_adv_capable(hdev))
4806 bacpy(&conn->resp_addr, &hdev->random_addr);
4807 } else {
4522 bacpy(&conn->resp_addr, &hdev->bdaddr); 4808 bacpy(&conn->resp_addr, &hdev->bdaddr);
4809 }
4523 4810
4524 conn->init_addr_type = ev->bdaddr_type; 4811 conn->init_addr_type = bdaddr_type;
4525 bacpy(&conn->init_addr, &ev->bdaddr); 4812 bacpy(&conn->init_addr, bdaddr);
4526 4813
4527 /* For incoming connections, set the default minimum 4814 /* For incoming connections, set the default minimum
4528 * and maximum connection interval. They will be used 4815 * and maximum connection interval. They will be used
@@ -4548,8 +4835,8 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4548 conn->dst_type = irk->addr_type; 4835 conn->dst_type = irk->addr_type;
4549 } 4836 }
4550 4837
4551 if (ev->status) { 4838 if (status) {
4552 hci_le_conn_failed(conn, ev->status); 4839 hci_le_conn_failed(conn, status);
4553 goto unlock; 4840 goto unlock;
4554 } 4841 }
4555 4842
@@ -4568,17 +4855,17 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4568 mgmt_device_connected(hdev, conn, 0, NULL, 0); 4855 mgmt_device_connected(hdev, conn, 0, NULL, 0);
4569 4856
4570 conn->sec_level = BT_SECURITY_LOW; 4857 conn->sec_level = BT_SECURITY_LOW;
4571 conn->handle = __le16_to_cpu(ev->handle); 4858 conn->handle = handle;
4572 conn->state = BT_CONFIG; 4859 conn->state = BT_CONFIG;
4573 4860
4574 conn->le_conn_interval = le16_to_cpu(ev->interval); 4861 conn->le_conn_interval = interval;
4575 conn->le_conn_latency = le16_to_cpu(ev->latency); 4862 conn->le_conn_latency = latency;
4576 conn->le_supv_timeout = le16_to_cpu(ev->supervision_timeout); 4863 conn->le_supv_timeout = supervision_timeout;
4577 4864
4578 hci_debugfs_create_conn(conn); 4865 hci_debugfs_create_conn(conn);
4579 hci_conn_add_sysfs(conn); 4866 hci_conn_add_sysfs(conn);
4580 4867
4581 if (!ev->status) { 4868 if (!status) {
4582 /* The remote features procedure is defined for master 4869 /* The remote features procedure is defined for master
4583 * role only. So only in case of an initiated connection 4870 * role only. So only in case of an initiated connection
4584 * request the remote features. 4871 * request the remote features.
@@ -4600,10 +4887,10 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4600 hci_conn_hold(conn); 4887 hci_conn_hold(conn);
4601 } else { 4888 } else {
4602 conn->state = BT_CONNECTED; 4889 conn->state = BT_CONNECTED;
4603 hci_connect_cfm(conn, ev->status); 4890 hci_connect_cfm(conn, status);
4604 } 4891 }
4605 } else { 4892 } else {
4606 hci_connect_cfm(conn, ev->status); 4893 hci_connect_cfm(conn, status);
4607 } 4894 }
4608 4895
4609 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst, 4896 params = hci_pend_le_action_lookup(&hdev->pend_le_conns, &conn->dst,
@@ -4622,6 +4909,61 @@ unlock:
4622 hci_dev_unlock(hdev); 4909 hci_dev_unlock(hdev);
4623} 4910}
4624 4911
4912static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
4913{
4914 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
4915
4916 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4917
4918 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
4919 ev->role, le16_to_cpu(ev->handle),
4920 le16_to_cpu(ev->interval),
4921 le16_to_cpu(ev->latency),
4922 le16_to_cpu(ev->supervision_timeout));
4923}
4924
4925static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev,
4926 struct sk_buff *skb)
4927{
4928 struct hci_ev_le_enh_conn_complete *ev = (void *) skb->data;
4929
4930 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4931
4932 le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type,
4933 ev->role, le16_to_cpu(ev->handle),
4934 le16_to_cpu(ev->interval),
4935 le16_to_cpu(ev->latency),
4936 le16_to_cpu(ev->supervision_timeout));
4937}
4938
4939static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb)
4940{
4941 struct hci_evt_le_ext_adv_set_term *ev = (void *) skb->data;
4942 struct hci_conn *conn;
4943
4944 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4945
4946 if (ev->status)
4947 return;
4948
4949 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->conn_handle));
4950 if (conn) {
4951 struct adv_info *adv_instance;
4952
4953 if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM)
4954 return;
4955
4956 if (!hdev->cur_adv_instance) {
4957 bacpy(&conn->resp_addr, &hdev->random_addr);
4958 return;
4959 }
4960
4961 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
4962 if (adv_instance)
4963 bacpy(&conn->resp_addr, &adv_instance->random_addr);
4964 }
4965}
4966
4625static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, 4967static void hci_le_conn_update_complete_evt(struct hci_dev *hdev,
4626 struct sk_buff *skb) 4968 struct sk_buff *skb)
4627{ 4969{
@@ -4957,6 +5299,78 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
4957 hci_dev_unlock(hdev); 5299 hci_dev_unlock(hdev);
4958} 5300}
4959 5301
5302static u8 ext_evt_type_to_legacy(u16 evt_type)
5303{
5304 if (evt_type & LE_EXT_ADV_LEGACY_PDU) {
5305 switch (evt_type) {
5306 case LE_LEGACY_ADV_IND:
5307 return LE_ADV_IND;
5308 case LE_LEGACY_ADV_DIRECT_IND:
5309 return LE_ADV_DIRECT_IND;
5310 case LE_LEGACY_ADV_SCAN_IND:
5311 return LE_ADV_SCAN_IND;
5312 case LE_LEGACY_NONCONN_IND:
5313 return LE_ADV_NONCONN_IND;
5314 case LE_LEGACY_SCAN_RSP_ADV:
5315 case LE_LEGACY_SCAN_RSP_ADV_SCAN:
5316 return LE_ADV_SCAN_RSP;
5317 }
5318
5319 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5320 evt_type);
5321
5322 return LE_ADV_INVALID;
5323 }
5324
5325 if (evt_type & LE_EXT_ADV_CONN_IND) {
5326 if (evt_type & LE_EXT_ADV_DIRECT_IND)
5327 return LE_ADV_DIRECT_IND;
5328
5329 return LE_ADV_IND;
5330 }
5331
5332 if (evt_type & LE_EXT_ADV_SCAN_RSP)
5333 return LE_ADV_SCAN_RSP;
5334
5335 if (evt_type & LE_EXT_ADV_SCAN_IND)
5336 return LE_ADV_SCAN_IND;
5337
5338 if (evt_type == LE_EXT_ADV_NON_CONN_IND ||
5339 evt_type & LE_EXT_ADV_DIRECT_IND)
5340 return LE_ADV_NONCONN_IND;
5341
5342 BT_ERR_RATELIMITED("Unknown advertising packet type: 0x%02x",
5343 evt_type);
5344
5345 return LE_ADV_INVALID;
5346}
5347
5348static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
5349{
5350 u8 num_reports = skb->data[0];
5351 void *ptr = &skb->data[1];
5352
5353 hci_dev_lock(hdev);
5354
5355 while (num_reports--) {
5356 struct hci_ev_le_ext_adv_report *ev = ptr;
5357 u8 legacy_evt_type;
5358 u16 evt_type;
5359
5360 evt_type = __le16_to_cpu(ev->evt_type);
5361 legacy_evt_type = ext_evt_type_to_legacy(evt_type);
5362 if (legacy_evt_type != LE_ADV_INVALID) {
5363 process_adv_report(hdev, legacy_evt_type, &ev->bdaddr,
5364 ev->bdaddr_type, NULL, 0, ev->rssi,
5365 ev->data, ev->length);
5366 }
5367
5368 ptr += sizeof(*ev) + ev->length + 1;
5369 }
5370
5371 hci_dev_unlock(hdev);
5372}
5373
4960static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev, 5374static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev,
4961 struct sk_buff *skb) 5375 struct sk_buff *skb)
4962{ 5376{
@@ -5189,6 +5603,18 @@ static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
5189 hci_le_direct_adv_report_evt(hdev, skb); 5603 hci_le_direct_adv_report_evt(hdev, skb);
5190 break; 5604 break;
5191 5605
5606 case HCI_EV_LE_EXT_ADV_REPORT:
5607 hci_le_ext_adv_report_evt(hdev, skb);
5608 break;
5609
5610 case HCI_EV_LE_ENHANCED_CONN_COMPLETE:
5611 hci_le_enh_conn_complete_evt(hdev, skb);
5612 break;
5613
5614 case HCI_EV_LE_EXT_ADV_SET_TERM:
5615 hci_le_ext_adv_term_evt(hdev, skb);
5616 break;
5617
5192 default: 5618 default:
5193 break; 5619 break;
5194 } 5620 }
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index e44d34734834..e8c9ef1e1922 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -647,11 +647,22 @@ void __hci_req_update_eir(struct hci_request *req)
647 647
648void hci_req_add_le_scan_disable(struct hci_request *req) 648void hci_req_add_le_scan_disable(struct hci_request *req)
649{ 649{
650 struct hci_cp_le_set_scan_enable cp; 650 struct hci_dev *hdev = req->hdev;
651 651
652 memset(&cp, 0, sizeof(cp)); 652 if (use_ext_scan(hdev)) {
653 cp.enable = LE_SCAN_DISABLE; 653 struct hci_cp_le_set_ext_scan_enable cp;
654 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 654
655 memset(&cp, 0, sizeof(cp));
656 cp.enable = LE_SCAN_DISABLE;
657 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE, sizeof(cp),
658 &cp);
659 } else {
660 struct hci_cp_le_set_scan_enable cp;
661
662 memset(&cp, 0, sizeof(cp));
663 cp.enable = LE_SCAN_DISABLE;
664 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
665 }
655} 666}
656 667
657static void add_to_white_list(struct hci_request *req, 668static void add_to_white_list(struct hci_request *req,
@@ -767,10 +778,86 @@ static bool scan_use_rpa(struct hci_dev *hdev)
767 return hci_dev_test_flag(hdev, HCI_PRIVACY); 778 return hci_dev_test_flag(hdev, HCI_PRIVACY);
768} 779}
769 780
781static void hci_req_start_scan(struct hci_request *req, u8 type, u16 interval,
782 u16 window, u8 own_addr_type, u8 filter_policy)
783{
784 struct hci_dev *hdev = req->hdev;
785
786 /* Use ext scanning if set ext scan param and ext scan enable is
787 * supported
788 */
789 if (use_ext_scan(hdev)) {
790 struct hci_cp_le_set_ext_scan_params *ext_param_cp;
791 struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
792 struct hci_cp_le_scan_phy_params *phy_params;
793 u8 data[sizeof(*ext_param_cp) + sizeof(*phy_params) * 2];
794 u32 plen;
795
796 ext_param_cp = (void *)data;
797 phy_params = (void *)ext_param_cp->data;
798
799 memset(ext_param_cp, 0, sizeof(*ext_param_cp));
800 ext_param_cp->own_addr_type = own_addr_type;
801 ext_param_cp->filter_policy = filter_policy;
802
803 plen = sizeof(*ext_param_cp);
804
805 if (scan_1m(hdev) || scan_2m(hdev)) {
806 ext_param_cp->scanning_phys |= LE_SCAN_PHY_1M;
807
808 memset(phy_params, 0, sizeof(*phy_params));
809 phy_params->type = type;
810 phy_params->interval = cpu_to_le16(interval);
811 phy_params->window = cpu_to_le16(window);
812
813 plen += sizeof(*phy_params);
814 phy_params++;
815 }
816
817 if (scan_coded(hdev)) {
818 ext_param_cp->scanning_phys |= LE_SCAN_PHY_CODED;
819
820 memset(phy_params, 0, sizeof(*phy_params));
821 phy_params->type = type;
822 phy_params->interval = cpu_to_le16(interval);
823 phy_params->window = cpu_to_le16(window);
824
825 plen += sizeof(*phy_params);
826 phy_params++;
827 }
828
829 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_PARAMS,
830 plen, ext_param_cp);
831
832 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
833 ext_enable_cp.enable = LE_SCAN_ENABLE;
834 ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
835
836 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
837 sizeof(ext_enable_cp), &ext_enable_cp);
838 } else {
839 struct hci_cp_le_set_scan_param param_cp;
840 struct hci_cp_le_set_scan_enable enable_cp;
841
842 memset(&param_cp, 0, sizeof(param_cp));
843 param_cp.type = type;
844 param_cp.interval = cpu_to_le16(interval);
845 param_cp.window = cpu_to_le16(window);
846 param_cp.own_address_type = own_addr_type;
847 param_cp.filter_policy = filter_policy;
848 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
849 &param_cp);
850
851 memset(&enable_cp, 0, sizeof(enable_cp));
852 enable_cp.enable = LE_SCAN_ENABLE;
853 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
854 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
855 &enable_cp);
856 }
857}
858
770void hci_req_add_le_passive_scan(struct hci_request *req) 859void hci_req_add_le_passive_scan(struct hci_request *req)
771{ 860{
772 struct hci_cp_le_set_scan_param param_cp;
773 struct hci_cp_le_set_scan_enable enable_cp;
774 struct hci_dev *hdev = req->hdev; 861 struct hci_dev *hdev = req->hdev;
775 u8 own_addr_type; 862 u8 own_addr_type;
776 u8 filter_policy; 863 u8 filter_policy;
@@ -804,20 +891,26 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
804 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)) 891 (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
805 filter_policy |= 0x02; 892 filter_policy |= 0x02;
806 893
807 memset(&param_cp, 0, sizeof(param_cp)); 894 hci_req_start_scan(req, LE_SCAN_PASSIVE, hdev->le_scan_interval,
808 param_cp.type = LE_SCAN_PASSIVE; 895 hdev->le_scan_window, own_addr_type, filter_policy);
809 param_cp.interval = cpu_to_le16(hdev->le_scan_interval); 896}
810 param_cp.window = cpu_to_le16(hdev->le_scan_window); 897
811 param_cp.own_address_type = own_addr_type; 898static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance)
812 param_cp.filter_policy = filter_policy; 899{
813 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp), 900 struct adv_info *adv_instance;
814 &param_cp); 901
902 /* Ignore instance 0 */
903 if (instance == 0x00)
904 return 0;
905
906 adv_instance = hci_find_adv_instance(hdev, instance);
907 if (!adv_instance)
908 return 0;
815 909
816 memset(&enable_cp, 0, sizeof(enable_cp)); 910 /* TODO: Take into account the "appearance" and "local-name" flags here.
817 enable_cp.enable = LE_SCAN_ENABLE; 911 * These are currently being ignored as they are not supported.
818 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 912 */
819 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp), 913 return adv_instance->scan_rsp_len;
820 &enable_cp);
821} 914}
822 915
823static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev) 916static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
@@ -841,9 +934,19 @@ static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
841 934
842void __hci_req_disable_advertising(struct hci_request *req) 935void __hci_req_disable_advertising(struct hci_request *req)
843{ 936{
844 u8 enable = 0x00; 937 if (ext_adv_capable(req->hdev)) {
938 struct hci_cp_le_set_ext_adv_enable cp;
845 939
846 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable); 940 cp.enable = 0x00;
941 /* Disable all sets since we only support one set at the moment */
942 cp.num_of_sets = 0x00;
943
944 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE, sizeof(cp), &cp);
945 } else {
946 u8 enable = 0x00;
947
948 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
949 }
847} 950}
848 951
849static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance) 952static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
@@ -1081,29 +1184,58 @@ static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
1081void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance) 1184void __hci_req_update_scan_rsp_data(struct hci_request *req, u8 instance)
1082{ 1185{
1083 struct hci_dev *hdev = req->hdev; 1186 struct hci_dev *hdev = req->hdev;
1084 struct hci_cp_le_set_scan_rsp_data cp;
1085 u8 len; 1187 u8 len;
1086 1188
1087 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1189 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1088 return; 1190 return;
1089 1191
1090 memset(&cp, 0, sizeof(cp)); 1192 if (ext_adv_capable(hdev)) {
1193 struct hci_cp_le_set_ext_scan_rsp_data cp;
1091 1194
1092 if (instance) 1195 memset(&cp, 0, sizeof(cp));
1093 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
1094 else
1095 len = create_default_scan_rsp_data(hdev, cp.data);
1096 1196
1097 if (hdev->scan_rsp_data_len == len && 1197 if (instance)
1098 !memcmp(cp.data, hdev->scan_rsp_data, len)) 1198 len = create_instance_scan_rsp_data(hdev, instance,
1099 return; 1199 cp.data);
1200 else
1201 len = create_default_scan_rsp_data(hdev, cp.data);
1202
1203 if (hdev->scan_rsp_data_len == len &&
1204 !memcmp(cp.data, hdev->scan_rsp_data, len))
1205 return;
1100 1206
1101 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data)); 1207 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1102 hdev->scan_rsp_data_len = len; 1208 hdev->scan_rsp_data_len = len;
1103 1209
1104 cp.length = len; 1210 cp.handle = 0;
1211 cp.length = len;
1212 cp.operation = LE_SET_ADV_DATA_OP_COMPLETE;
1213 cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1214
1215 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_RSP_DATA, sizeof(cp),
1216 &cp);
1217 } else {
1218 struct hci_cp_le_set_scan_rsp_data cp;
1219
1220 memset(&cp, 0, sizeof(cp));
1221
1222 if (instance)
1223 len = create_instance_scan_rsp_data(hdev, instance,
1224 cp.data);
1225 else
1226 len = create_default_scan_rsp_data(hdev, cp.data);
1227
1228 if (hdev->scan_rsp_data_len == len &&
1229 !memcmp(cp.data, hdev->scan_rsp_data, len))
1230 return;
1105 1231
1106 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp); 1232 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
1233 hdev->scan_rsp_data_len = len;
1234
1235 cp.length = len;
1236
1237 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
1238 }
1107} 1239}
1108 1240
1109static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr) 1241static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
@@ -1160,15 +1292,27 @@ static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1160 ptr += adv_instance->adv_data_len; 1292 ptr += adv_instance->adv_data_len;
1161 } 1293 }
1162 1294
1163 /* Provide Tx Power only if we can provide a valid value for it */ 1295 if (instance_flags & MGMT_ADV_FLAG_TX_POWER) {
1164 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID && 1296 s8 adv_tx_power;
1165 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1166 ptr[0] = 0x02;
1167 ptr[1] = EIR_TX_POWER;
1168 ptr[2] = (u8)hdev->adv_tx_power;
1169 1297
1170 ad_len += 3; 1298 if (ext_adv_capable(hdev)) {
1171 ptr += 3; 1299 if (adv_instance)
1300 adv_tx_power = adv_instance->tx_power;
1301 else
1302 adv_tx_power = hdev->adv_tx_power;
1303 } else {
1304 adv_tx_power = hdev->adv_tx_power;
1305 }
1306
1307 /* Provide Tx Power only if we can provide a valid value for it */
1308 if (adv_tx_power != HCI_TX_POWER_INVALID) {
1309 ptr[0] = 0x02;
1310 ptr[1] = EIR_TX_POWER;
1311 ptr[2] = (u8)adv_tx_power;
1312
1313 ad_len += 3;
1314 ptr += 3;
1315 }
1172 } 1316 }
1173 1317
1174 return ad_len; 1318 return ad_len;
@@ -1177,27 +1321,51 @@ static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1177void __hci_req_update_adv_data(struct hci_request *req, u8 instance) 1321void __hci_req_update_adv_data(struct hci_request *req, u8 instance)
1178{ 1322{
1179 struct hci_dev *hdev = req->hdev; 1323 struct hci_dev *hdev = req->hdev;
1180 struct hci_cp_le_set_adv_data cp;
1181 u8 len; 1324 u8 len;
1182 1325
1183 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) 1326 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1184 return; 1327 return;
1185 1328
1186 memset(&cp, 0, sizeof(cp)); 1329 if (ext_adv_capable(hdev)) {
1330 struct hci_cp_le_set_ext_adv_data cp;
1187 1331
1188 len = create_instance_adv_data(hdev, instance, cp.data); 1332 memset(&cp, 0, sizeof(cp));
1189 1333
1190 /* There's nothing to do if the data hasn't changed */ 1334 len = create_instance_adv_data(hdev, instance, cp.data);
1191 if (hdev->adv_data_len == len && 1335
1192 memcmp(cp.data, hdev->adv_data, len) == 0) 1336 /* There's nothing to do if the data hasn't changed */
1193 return; 1337 if (hdev->adv_data_len == len &&
1338 memcmp(cp.data, hdev->adv_data, len) == 0)
1339 return;
1340
1341 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1342 hdev->adv_data_len = len;
1343
1344 cp.length = len;
1345 cp.handle = 0;
1346 cp.operation = LE_SET_ADV_DATA_OP_COMPLETE;
1347 cp.frag_pref = LE_SET_ADV_DATA_NO_FRAG;
1348
1349 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_DATA, sizeof(cp), &cp);
1350 } else {
1351 struct hci_cp_le_set_adv_data cp;
1352
1353 memset(&cp, 0, sizeof(cp));
1354
1355 len = create_instance_adv_data(hdev, instance, cp.data);
1356
1357 /* There's nothing to do if the data hasn't changed */
1358 if (hdev->adv_data_len == len &&
1359 memcmp(cp.data, hdev->adv_data, len) == 0)
1360 return;
1194 1361
1195 memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); 1362 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1196 hdev->adv_data_len = len; 1363 hdev->adv_data_len = len;
1197 1364
1198 cp.length = len; 1365 cp.length = len;
1199 1366
1200 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp); 1367 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1368 }
1201} 1369}
1202 1370
1203int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance) 1371int hci_req_update_adv_data(struct hci_dev *hdev, u8 instance)
@@ -1229,9 +1397,13 @@ void hci_req_reenable_advertising(struct hci_dev *hdev)
1229 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance, 1397 __hci_req_schedule_adv_instance(&req, hdev->cur_adv_instance,
1230 true); 1398 true);
1231 } else { 1399 } else {
1232 __hci_req_update_adv_data(&req, 0x00); 1400 if (ext_adv_capable(hdev)) {
1233 __hci_req_update_scan_rsp_data(&req, 0x00); 1401 __hci_req_start_ext_adv(&req, 0x00);
1234 __hci_req_enable_advertising(&req); 1402 } else {
1403 __hci_req_update_adv_data(&req, 0x00);
1404 __hci_req_update_scan_rsp_data(&req, 0x00);
1405 __hci_req_enable_advertising(&req);
1406 }
1235 } 1407 }
1236 1408
1237 hci_req_run(&req, adv_enable_complete); 1409 hci_req_run(&req, adv_enable_complete);
@@ -1268,6 +1440,245 @@ unlock:
1268 hci_dev_unlock(hdev); 1440 hci_dev_unlock(hdev);
1269} 1441}
1270 1442
1443int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
1444 bool use_rpa, struct adv_info *adv_instance,
1445 u8 *own_addr_type, bdaddr_t *rand_addr)
1446{
1447 int err;
1448
1449 bacpy(rand_addr, BDADDR_ANY);
1450
1451 /* If privacy is enabled use a resolvable private address. If
1452 * current RPA has expired then generate a new one.
1453 */
1454 if (use_rpa) {
1455 int to;
1456
1457 *own_addr_type = ADDR_LE_DEV_RANDOM;
1458
1459 if (adv_instance) {
1460 if (!adv_instance->rpa_expired &&
1461 !bacmp(&adv_instance->random_addr, &hdev->rpa))
1462 return 0;
1463
1464 adv_instance->rpa_expired = false;
1465 } else {
1466 if (!hci_dev_test_and_clear_flag(hdev, HCI_RPA_EXPIRED) &&
1467 !bacmp(&hdev->random_addr, &hdev->rpa))
1468 return 0;
1469 }
1470
1471 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
1472 if (err < 0) {
1473 BT_ERR("%s failed to generate new RPA", hdev->name);
1474 return err;
1475 }
1476
1477 bacpy(rand_addr, &hdev->rpa);
1478
1479 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
1480 if (adv_instance)
1481 queue_delayed_work(hdev->workqueue,
1482 &adv_instance->rpa_expired_cb, to);
1483 else
1484 queue_delayed_work(hdev->workqueue,
1485 &hdev->rpa_expired, to);
1486
1487 return 0;
1488 }
1489
1490 /* In case of required privacy without resolvable private address,
1491 * use an non-resolvable private address. This is useful for
1492 * non-connectable advertising.
1493 */
1494 if (require_privacy) {
1495 bdaddr_t nrpa;
1496
1497 while (true) {
1498 /* The non-resolvable private address is generated
1499 * from random six bytes with the two most significant
1500 * bits cleared.
1501 */
1502 get_random_bytes(&nrpa, 6);
1503 nrpa.b[5] &= 0x3f;
1504
1505 /* The non-resolvable private address shall not be
1506 * equal to the public address.
1507 */
1508 if (bacmp(&hdev->bdaddr, &nrpa))
1509 break;
1510 }
1511
1512 *own_addr_type = ADDR_LE_DEV_RANDOM;
1513 bacpy(rand_addr, &nrpa);
1514
1515 return 0;
1516 }
1517
1518 /* No privacy so use a public address. */
1519 *own_addr_type = ADDR_LE_DEV_PUBLIC;
1520
1521 return 0;
1522}
1523
1524void __hci_req_clear_ext_adv_sets(struct hci_request *req)
1525{
1526 hci_req_add(req, HCI_OP_LE_CLEAR_ADV_SETS, 0, NULL);
1527}
1528
1529int __hci_req_setup_ext_adv_instance(struct hci_request *req, u8 instance)
1530{
1531 struct hci_cp_le_set_ext_adv_params cp;
1532 struct hci_dev *hdev = req->hdev;
1533 bool connectable;
1534 u32 flags;
1535 bdaddr_t random_addr;
1536 u8 own_addr_type;
1537 int err;
1538 struct adv_info *adv_instance;
1539 bool secondary_adv;
1540 /* In ext adv set param interval is 3 octets */
1541 const u8 adv_interval[3] = { 0x00, 0x08, 0x00 };
1542
1543 if (instance > 0) {
1544 adv_instance = hci_find_adv_instance(hdev, instance);
1545 if (!adv_instance)
1546 return -EINVAL;
1547 } else {
1548 adv_instance = NULL;
1549 }
1550
1551 flags = get_adv_instance_flags(hdev, instance);
1552
1553 /* If the "connectable" instance flag was not set, then choose between
1554 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1555 */
1556 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1557 mgmt_get_connectable(hdev);
1558
1559 if (!is_advertising_allowed(hdev, connectable))
1560 return -EPERM;
1561
1562 /* Set require_privacy to true only when non-connectable
1563 * advertising is used. In that case it is fine to use a
1564 * non-resolvable private address.
1565 */
1566 err = hci_get_random_address(hdev, !connectable,
1567 adv_use_rpa(hdev, flags), adv_instance,
1568 &own_addr_type, &random_addr);
1569 if (err < 0)
1570 return err;
1571
1572 memset(&cp, 0, sizeof(cp));
1573
1574 memcpy(cp.min_interval, adv_interval, sizeof(cp.min_interval));
1575 memcpy(cp.max_interval, adv_interval, sizeof(cp.max_interval));
1576
1577 secondary_adv = (flags & MGMT_ADV_FLAG_SEC_MASK);
1578
1579 if (connectable) {
1580 if (secondary_adv)
1581 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_CONN_IND);
1582 else
1583 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_IND);
1584 } else if (get_adv_instance_scan_rsp_len(hdev, instance)) {
1585 if (secondary_adv)
1586 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_SCAN_IND);
1587 else
1588 cp.evt_properties = cpu_to_le16(LE_LEGACY_ADV_SCAN_IND);
1589 } else {
1590 if (secondary_adv)
1591 cp.evt_properties = cpu_to_le16(LE_EXT_ADV_NON_CONN_IND);
1592 else
1593 cp.evt_properties = cpu_to_le16(LE_LEGACY_NONCONN_IND);
1594 }
1595
1596 cp.own_addr_type = own_addr_type;
1597 cp.channel_map = hdev->le_adv_channel_map;
1598 cp.tx_power = 127;
1599 cp.handle = 0;
1600
1601 if (flags & MGMT_ADV_FLAG_SEC_2M) {
1602 cp.primary_phy = HCI_ADV_PHY_1M;
1603 cp.secondary_phy = HCI_ADV_PHY_2M;
1604 } else if (flags & MGMT_ADV_FLAG_SEC_CODED) {
1605 cp.primary_phy = HCI_ADV_PHY_CODED;
1606 cp.secondary_phy = HCI_ADV_PHY_CODED;
1607 } else {
1608 /* In all other cases use 1M */
1609 cp.primary_phy = HCI_ADV_PHY_1M;
1610 cp.secondary_phy = HCI_ADV_PHY_1M;
1611 }
1612
1613 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(cp), &cp);
1614
1615 if (own_addr_type == ADDR_LE_DEV_RANDOM &&
1616 bacmp(&random_addr, BDADDR_ANY)) {
1617 struct hci_cp_le_set_adv_set_rand_addr cp;
1618
1619 /* Check if random address need to be updated */
1620 if (adv_instance) {
1621 if (!bacmp(&random_addr, &adv_instance->random_addr))
1622 return 0;
1623 } else {
1624 if (!bacmp(&random_addr, &hdev->random_addr))
1625 return 0;
1626 }
1627
1628 memset(&cp, 0, sizeof(cp));
1629
1630 cp.handle = 0;
1631 bacpy(&cp.bdaddr, &random_addr);
1632
1633 hci_req_add(req,
1634 HCI_OP_LE_SET_ADV_SET_RAND_ADDR,
1635 sizeof(cp), &cp);
1636 }
1637
1638 return 0;
1639}
1640
1641void __hci_req_enable_ext_advertising(struct hci_request *req)
1642{
1643 struct hci_cp_le_set_ext_adv_enable *cp;
1644 struct hci_cp_ext_adv_set *adv_set;
1645 u8 data[sizeof(*cp) + sizeof(*adv_set) * 1];
1646
1647 cp = (void *) data;
1648 adv_set = (void *) cp->data;
1649
1650 memset(cp, 0, sizeof(*cp));
1651
1652 cp->enable = 0x01;
1653 cp->num_of_sets = 0x01;
1654
1655 memset(adv_set, 0, sizeof(*adv_set));
1656
1657 adv_set->handle = 0;
1658
1659 hci_req_add(req, HCI_OP_LE_SET_EXT_ADV_ENABLE,
1660 sizeof(*cp) + sizeof(*adv_set) * cp->num_of_sets,
1661 data);
1662}
1663
1664int __hci_req_start_ext_adv(struct hci_request *req, u8 instance)
1665{
1666 struct hci_dev *hdev = req->hdev;
1667 int err;
1668
1669 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1670 __hci_req_disable_advertising(req);
1671
1672 err = __hci_req_setup_ext_adv_instance(req, instance);
1673 if (err < 0)
1674 return err;
1675
1676 __hci_req_update_scan_rsp_data(req, instance);
1677 __hci_req_enable_ext_advertising(req);
1678
1679 return 0;
1680}
1681
1271int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance, 1682int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
1272 bool force) 1683 bool force)
1273{ 1684{
@@ -1321,9 +1732,13 @@ int __hci_req_schedule_adv_instance(struct hci_request *req, u8 instance,
1321 return 0; 1732 return 0;
1322 1733
1323 hdev->cur_adv_instance = instance; 1734 hdev->cur_adv_instance = instance;
1324 __hci_req_update_adv_data(req, instance); 1735 if (ext_adv_capable(hdev)) {
1325 __hci_req_update_scan_rsp_data(req, instance); 1736 __hci_req_start_ext_adv(req, instance);
1326 __hci_req_enable_advertising(req); 1737 } else {
1738 __hci_req_update_adv_data(req, instance);
1739 __hci_req_update_scan_rsp_data(req, instance);
1740 __hci_req_enable_advertising(req);
1741 }
1327 1742
1328 return 0; 1743 return 0;
1329} 1744}
@@ -1594,8 +2009,12 @@ static int connectable_update(struct hci_request *req, unsigned long opt)
1594 2009
1595 /* Update the advertising parameters if necessary */ 2010 /* Update the advertising parameters if necessary */
1596 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 2011 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
1597 !list_empty(&hdev->adv_instances)) 2012 !list_empty(&hdev->adv_instances)) {
1598 __hci_req_enable_advertising(req); 2013 if (ext_adv_capable(hdev))
2014 __hci_req_start_ext_adv(req, hdev->cur_adv_instance);
2015 else
2016 __hci_req_enable_advertising(req);
2017 }
1599 2018
1600 __hci_update_background_scan(req); 2019 __hci_update_background_scan(req);
1601 2020
@@ -1704,8 +2123,12 @@ static int discoverable_update(struct hci_request *req, unsigned long opt)
1704 /* Discoverable mode affects the local advertising 2123 /* Discoverable mode affects the local advertising
1705 * address in limited privacy mode. 2124 * address in limited privacy mode.
1706 */ 2125 */
1707 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) 2126 if (hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY)) {
1708 __hci_req_enable_advertising(req); 2127 if (ext_adv_capable(hdev))
2128 __hci_req_start_ext_adv(req, 0x00);
2129 else
2130 __hci_req_enable_advertising(req);
2131 }
1709 } 2132 }
1710 2133
1711 hci_dev_unlock(hdev); 2134 hci_dev_unlock(hdev);
@@ -1940,7 +2363,6 @@ discov_stopped:
1940static int le_scan_restart(struct hci_request *req, unsigned long opt) 2363static int le_scan_restart(struct hci_request *req, unsigned long opt)
1941{ 2364{
1942 struct hci_dev *hdev = req->hdev; 2365 struct hci_dev *hdev = req->hdev;
1943 struct hci_cp_le_set_scan_enable cp;
1944 2366
1945 /* If controller is not scanning we are done. */ 2367 /* If controller is not scanning we are done. */
1946 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN)) 2368 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
@@ -1948,10 +2370,23 @@ static int le_scan_restart(struct hci_request *req, unsigned long opt)
1948 2370
1949 hci_req_add_le_scan_disable(req); 2371 hci_req_add_le_scan_disable(req);
1950 2372
1951 memset(&cp, 0, sizeof(cp)); 2373 if (use_ext_scan(hdev)) {
1952 cp.enable = LE_SCAN_ENABLE; 2374 struct hci_cp_le_set_ext_scan_enable ext_enable_cp;
1953 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE; 2375
1954 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 2376 memset(&ext_enable_cp, 0, sizeof(ext_enable_cp));
2377 ext_enable_cp.enable = LE_SCAN_ENABLE;
2378 ext_enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2379
2380 hci_req_add(req, HCI_OP_LE_SET_EXT_SCAN_ENABLE,
2381 sizeof(ext_enable_cp), &ext_enable_cp);
2382 } else {
2383 struct hci_cp_le_set_scan_enable cp;
2384
2385 memset(&cp, 0, sizeof(cp));
2386 cp.enable = LE_SCAN_ENABLE;
2387 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2388 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
2389 }
1955 2390
1956 return 0; 2391 return 0;
1957} 2392}
@@ -2010,8 +2445,6 @@ static int active_scan(struct hci_request *req, unsigned long opt)
2010{ 2445{
2011 uint16_t interval = opt; 2446 uint16_t interval = opt;
2012 struct hci_dev *hdev = req->hdev; 2447 struct hci_dev *hdev = req->hdev;
2013 struct hci_cp_le_set_scan_param param_cp;
2014 struct hci_cp_le_set_scan_enable enable_cp;
2015 u8 own_addr_type; 2448 u8 own_addr_type;
2016 int err; 2449 int err;
2017 2450
@@ -2050,22 +2483,8 @@ static int active_scan(struct hci_request *req, unsigned long opt)
2050 if (err < 0) 2483 if (err < 0)
2051 own_addr_type = ADDR_LE_DEV_PUBLIC; 2484 own_addr_type = ADDR_LE_DEV_PUBLIC;
2052 2485
2053 memset(&param_cp, 0, sizeof(param_cp)); 2486 hci_req_start_scan(req, LE_SCAN_ACTIVE, interval, DISCOV_LE_SCAN_WIN,
2054 param_cp.type = LE_SCAN_ACTIVE; 2487 own_addr_type, 0);
2055 param_cp.interval = cpu_to_le16(interval);
2056 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2057 param_cp.own_address_type = own_addr_type;
2058
2059 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2060 &param_cp);
2061
2062 memset(&enable_cp, 0, sizeof(enable_cp));
2063 enable_cp.enable = LE_SCAN_ENABLE;
2064 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2065
2066 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2067 &enable_cp);
2068
2069 return 0; 2488 return 0;
2070} 2489}
2071 2490
@@ -2302,11 +2721,26 @@ static int powered_update_hci(struct hci_request *req, unsigned long opt)
2302 */ 2721 */
2303 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || 2722 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2304 list_empty(&hdev->adv_instances)) { 2723 list_empty(&hdev->adv_instances)) {
2305 __hci_req_update_adv_data(req, 0x00); 2724 int err;
2306 __hci_req_update_scan_rsp_data(req, 0x00); 2725
2307 2726 if (ext_adv_capable(hdev)) {
2308 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) 2727 err = __hci_req_setup_ext_adv_instance(req,
2309 __hci_req_enable_advertising(req); 2728 0x00);
2729 if (!err)
2730 __hci_req_update_scan_rsp_data(req,
2731 0x00);
2732 } else {
2733 err = 0;
2734 __hci_req_update_adv_data(req, 0x00);
2735 __hci_req_update_scan_rsp_data(req, 0x00);
2736 }
2737
2738 if (hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2739 if (!ext_adv_capable(hdev))
2740 __hci_req_enable_advertising(req);
2741 else if (!err)
2742 __hci_req_enable_ext_advertising(req);
2743 }
2310 } else if (!list_empty(&hdev->adv_instances)) { 2744 } else if (!list_empty(&hdev->adv_instances)) {
2311 struct adv_info *adv_instance; 2745 struct adv_info *adv_instance;
2312 2746
diff --git a/net/bluetooth/hci_request.h b/net/bluetooth/hci_request.h
index 702beb140d9f..692cc8b13368 100644
--- a/net/bluetooth/hci_request.h
+++ b/net/bluetooth/hci_request.h
@@ -80,6 +80,14 @@ void hci_req_clear_adv_instance(struct hci_dev *hdev, struct sock *sk,
80 struct hci_request *req, u8 instance, 80 struct hci_request *req, u8 instance,
81 bool force); 81 bool force);
82 82
83int __hci_req_setup_ext_adv_instance(struct hci_request *req, u8 instance);
84int __hci_req_start_ext_adv(struct hci_request *req, u8 instance);
85void __hci_req_enable_ext_advertising(struct hci_request *req);
86void __hci_req_clear_ext_adv_sets(struct hci_request *req);
87int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
88 bool use_rpa, struct adv_info *adv_instance,
89 u8 *own_addr_type, bdaddr_t *rand_addr);
90
83void __hci_req_update_class(struct hci_request *req); 91void __hci_req_update_class(struct hci_request *req);
84 92
85/* Returns true if HCI commands were queued */ 93/* Returns true if HCI commands were queued */
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 1036e4fa1ea2..253975cce943 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -431,8 +431,8 @@ static void hidp_del_timer(struct hidp_session *session)
431 del_timer(&session->timer); 431 del_timer(&session->timer);
432} 432}
433 433
434static void hidp_process_report(struct hidp_session *session, 434static void hidp_process_report(struct hidp_session *session, int type,
435 int type, const u8 *data, int len, int intr) 435 const u8 *data, unsigned int len, int intr)
436{ 436{
437 if (len > HID_MAX_BUFFER_SIZE) 437 if (len > HID_MAX_BUFFER_SIZE)
438 len = HID_MAX_BUFFER_SIZE; 438 len = HID_MAX_BUFFER_SIZE;
@@ -775,7 +775,7 @@ static int hidp_setup_hid(struct hidp_session *session,
775 hid->version = req->version; 775 hid->version = req->version;
776 hid->country = req->country; 776 hid->country = req->country;
777 777
778 strncpy(hid->name, req->name, sizeof(req->name) - 1); 778 strncpy(hid->name, req->name, sizeof(hid->name));
779 779
780 snprintf(hid->phys, sizeof(hid->phys), "%pMR", 780 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
781 &l2cap_pi(session->ctrl_sock->sk)->chan->src); 781 &l2cap_pi(session->ctrl_sock->sk)->chan->src);
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 8a80d48d89c4..231602f7cb66 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -617,6 +617,127 @@ static int read_config_info(struct sock *sk, struct hci_dev *hdev,
617 &rp, sizeof(rp)); 617 &rp, sizeof(rp));
618} 618}
619 619
620static u32 get_supported_phys(struct hci_dev *hdev)
621{
622 u32 supported_phys = 0;
623
624 if (lmp_bredr_capable(hdev)) {
625 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
626
627 if (hdev->features[0][0] & LMP_3SLOT)
628 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
629
630 if (hdev->features[0][0] & LMP_5SLOT)
631 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
632
633 if (lmp_edr_2m_capable(hdev)) {
634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
635
636 if (lmp_edr_3slot_capable(hdev))
637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
638
639 if (lmp_edr_5slot_capable(hdev))
640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
641
642 if (lmp_edr_3m_capable(hdev)) {
643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
644
645 if (lmp_edr_3slot_capable(hdev))
646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
647
648 if (lmp_edr_5slot_capable(hdev))
649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
650 }
651 }
652 }
653
654 if (lmp_le_capable(hdev)) {
655 supported_phys |= MGMT_PHY_LE_1M_TX;
656 supported_phys |= MGMT_PHY_LE_1M_RX;
657
658 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
659 supported_phys |= MGMT_PHY_LE_2M_TX;
660 supported_phys |= MGMT_PHY_LE_2M_RX;
661 }
662
663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
664 supported_phys |= MGMT_PHY_LE_CODED_TX;
665 supported_phys |= MGMT_PHY_LE_CODED_RX;
666 }
667 }
668
669 return supported_phys;
670}
671
672static u32 get_selected_phys(struct hci_dev *hdev)
673{
674 u32 selected_phys = 0;
675
676 if (lmp_bredr_capable(hdev)) {
677 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
678
679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
680 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
681
682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
683 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
684
685 if (lmp_edr_2m_capable(hdev)) {
686 if (!(hdev->pkt_type & HCI_2DH1))
687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
688
689 if (lmp_edr_3slot_capable(hdev) &&
690 !(hdev->pkt_type & HCI_2DH3))
691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
692
693 if (lmp_edr_5slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH5))
695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
696
697 if (lmp_edr_3m_capable(hdev)) {
698 if (!(hdev->pkt_type & HCI_3DH1))
699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
700
701 if (lmp_edr_3slot_capable(hdev) &&
702 !(hdev->pkt_type & HCI_3DH3))
703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
704
705 if (lmp_edr_5slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH5))
707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
708 }
709 }
710 }
711
712 if (lmp_le_capable(hdev)) {
713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
714 selected_phys |= MGMT_PHY_LE_1M_TX;
715
716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
717 selected_phys |= MGMT_PHY_LE_1M_RX;
718
719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
720 selected_phys |= MGMT_PHY_LE_2M_TX;
721
722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
723 selected_phys |= MGMT_PHY_LE_2M_RX;
724
725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
726 selected_phys |= MGMT_PHY_LE_CODED_TX;
727
728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
729 selected_phys |= MGMT_PHY_LE_CODED_RX;
730 }
731
732 return selected_phys;
733}
734
735static u32 get_configurable_phys(struct hci_dev *hdev)
736{
737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
739}
740
620static u32 get_supported_settings(struct hci_dev *hdev) 741static u32 get_supported_settings(struct hci_dev *hdev)
621{ 742{
622 u32 settings = 0; 743 u32 settings = 0;
@@ -654,6 +775,8 @@ static u32 get_supported_settings(struct hci_dev *hdev)
654 hdev->set_bdaddr) 775 hdev->set_bdaddr)
655 settings |= MGMT_SETTING_CONFIGURATION; 776 settings |= MGMT_SETTING_CONFIGURATION;
656 777
778 settings |= MGMT_SETTING_PHY_CONFIGURATION;
779
657 return settings; 780 return settings;
658} 781}
659 782
@@ -817,7 +940,10 @@ static void rpa_expired(struct work_struct *work)
817 * function. 940 * function.
818 */ 941 */
819 hci_req_init(&req, hdev); 942 hci_req_init(&req, hdev);
820 __hci_req_enable_advertising(&req); 943 if (ext_adv_capable(hdev))
944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
945 else
946 __hci_req_enable_advertising(&req);
821 hci_req_run(&req, NULL); 947 hci_req_run(&req, NULL);
822} 948}
823 949
@@ -1721,10 +1847,17 @@ static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1721 */ 1847 */
1722 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) { 1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1723 struct hci_request req; 1849 struct hci_request req;
1724
1725 hci_req_init(&req, hdev); 1850 hci_req_init(&req, hdev);
1726 __hci_req_update_adv_data(&req, 0x00); 1851 if (ext_adv_capable(hdev)) {
1727 __hci_req_update_scan_rsp_data(&req, 0x00); 1852 int err;
1853
1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1855 if (!err)
1856 __hci_req_update_scan_rsp_data(&req, 0x00);
1857 } else {
1858 __hci_req_update_adv_data(&req, 0x00);
1859 __hci_req_update_scan_rsp_data(&req, 0x00);
1860 }
1728 hci_req_run(&req, NULL); 1861 hci_req_run(&req, NULL);
1729 hci_update_background_scan(hdev); 1862 hci_update_background_scan(hdev);
1730 } 1863 }
@@ -1823,6 +1956,9 @@ static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1823 } else { 1956 } else {
1824 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) 1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1825 __hci_req_disable_advertising(&req); 1958 __hci_req_disable_advertising(&req);
1959
1960 if (ext_adv_capable(hdev))
1961 __hci_req_clear_ext_adv_sets(&req);
1826 } 1962 }
1827 1963
1828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp), 1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
@@ -3184,6 +3320,228 @@ static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3184 return err; 3320 return err;
3185} 3321}
3186 3322
3323static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3324 void *data, u16 len)
3325{
3326 struct mgmt_rp_get_phy_confguration rp;
3327
3328 BT_DBG("sock %p %s", sk, hdev->name);
3329
3330 hci_dev_lock(hdev);
3331
3332 memset(&rp, 0, sizeof(rp));
3333
3334 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3335 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3336 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3337
3338 hci_dev_unlock(hdev);
3339
3340 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3341 &rp, sizeof(rp));
3342}
3343
3344int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3345{
3346 struct mgmt_ev_phy_configuration_changed ev;
3347
3348 memset(&ev, 0, sizeof(ev));
3349
3350 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3351
3352 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3353 sizeof(ev), skip);
3354}
3355
3356static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3357 u16 opcode, struct sk_buff *skb)
3358{
3359 struct mgmt_cp_set_phy_confguration *cp;
3360 struct mgmt_pending_cmd *cmd;
3361
3362 BT_DBG("status 0x%02x", status);
3363
3364 hci_dev_lock(hdev);
3365
3366 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3367 if (!cmd)
3368 goto unlock;
3369
3370 cp = cmd->param;
3371
3372 if (status) {
3373 mgmt_cmd_status(cmd->sk, hdev->id,
3374 MGMT_OP_SET_PHY_CONFIGURATION,
3375 mgmt_status(status));
3376 } else {
3377 mgmt_cmd_complete(cmd->sk, hdev->id,
3378 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3379 NULL, 0);
3380
3381 mgmt_phy_configuration_changed(hdev, cmd->sk);
3382 }
3383
3384 mgmt_pending_remove(cmd);
3385
3386unlock:
3387 hci_dev_unlock(hdev);
3388}
3389
3390static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3391 void *data, u16 len)
3392{
3393 struct mgmt_cp_set_phy_confguration *cp = data;
3394 struct hci_cp_le_set_default_phy cp_phy;
3395 struct mgmt_pending_cmd *cmd;
3396 struct hci_request req;
3397 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3398 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3399 bool changed = false;
3400 int err;
3401
3402 BT_DBG("sock %p %s", sk, hdev->name);
3403
3404 configurable_phys = get_configurable_phys(hdev);
3405 supported_phys = get_supported_phys(hdev);
3406 selected_phys = __le32_to_cpu(cp->selected_phys);
3407
3408 if (selected_phys & ~supported_phys)
3409 return mgmt_cmd_status(sk, hdev->id,
3410 MGMT_OP_SET_PHY_CONFIGURATION,
3411 MGMT_STATUS_INVALID_PARAMS);
3412
3413 unconfigure_phys = supported_phys & ~configurable_phys;
3414
3415 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3416 return mgmt_cmd_status(sk, hdev->id,
3417 MGMT_OP_SET_PHY_CONFIGURATION,
3418 MGMT_STATUS_INVALID_PARAMS);
3419
3420 if (selected_phys == get_selected_phys(hdev))
3421 return mgmt_cmd_complete(sk, hdev->id,
3422 MGMT_OP_SET_PHY_CONFIGURATION,
3423 0, NULL, 0);
3424
3425 hci_dev_lock(hdev);
3426
3427 if (!hdev_is_powered(hdev)) {
3428 err = mgmt_cmd_status(sk, hdev->id,
3429 MGMT_OP_SET_PHY_CONFIGURATION,
3430 MGMT_STATUS_REJECTED);
3431 goto unlock;
3432 }
3433
3434 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3435 err = mgmt_cmd_status(sk, hdev->id,
3436 MGMT_OP_SET_PHY_CONFIGURATION,
3437 MGMT_STATUS_BUSY);
3438 goto unlock;
3439 }
3440
3441 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3442 pkt_type |= (HCI_DH3 | HCI_DM3);
3443 else
3444 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3445
3446 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3447 pkt_type |= (HCI_DH5 | HCI_DM5);
3448 else
3449 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3450
3451 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3452 pkt_type &= ~HCI_2DH1;
3453 else
3454 pkt_type |= HCI_2DH1;
3455
3456 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3457 pkt_type &= ~HCI_2DH3;
3458 else
3459 pkt_type |= HCI_2DH3;
3460
3461 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3462 pkt_type &= ~HCI_2DH5;
3463 else
3464 pkt_type |= HCI_2DH5;
3465
3466 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3467 pkt_type &= ~HCI_3DH1;
3468 else
3469 pkt_type |= HCI_3DH1;
3470
3471 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3472 pkt_type &= ~HCI_3DH3;
3473 else
3474 pkt_type |= HCI_3DH3;
3475
3476 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3477 pkt_type &= ~HCI_3DH5;
3478 else
3479 pkt_type |= HCI_3DH5;
3480
3481 if (pkt_type != hdev->pkt_type) {
3482 hdev->pkt_type = pkt_type;
3483 changed = true;
3484 }
3485
3486 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3487 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3488 if (changed)
3489 mgmt_phy_configuration_changed(hdev, sk);
3490
3491 err = mgmt_cmd_complete(sk, hdev->id,
3492 MGMT_OP_SET_PHY_CONFIGURATION,
3493 0, NULL, 0);
3494
3495 goto unlock;
3496 }
3497
3498 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3499 len);
3500 if (!cmd) {
3501 err = -ENOMEM;
3502 goto unlock;
3503 }
3504
3505 hci_req_init(&req, hdev);
3506
3507 memset(&cp_phy, 0, sizeof(cp_phy));
3508
3509 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3510 cp_phy.all_phys |= 0x01;
3511
3512 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3513 cp_phy.all_phys |= 0x02;
3514
3515 if (selected_phys & MGMT_PHY_LE_1M_TX)
3516 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3517
3518 if (selected_phys & MGMT_PHY_LE_2M_TX)
3519 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3520
3521 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3522 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3523
3524 if (selected_phys & MGMT_PHY_LE_1M_RX)
3525 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3526
3527 if (selected_phys & MGMT_PHY_LE_2M_RX)
3528 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3529
3530 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3531 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3532
3533 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3534
3535 err = hci_req_run_skb(&req, set_default_phy_complete);
3536 if (err < 0)
3537 mgmt_pending_remove(cmd);
3538
3539unlock:
3540 hci_dev_unlock(hdev);
3541
3542 return err;
3543}
3544
3187static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status, 3545static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3188 u16 opcode, struct sk_buff *skb) 3546 u16 opcode, struct sk_buff *skb)
3189{ 3547{
@@ -4037,9 +4395,14 @@ static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4037 * HCI_ADVERTISING flag is not yet set. 4395 * HCI_ADVERTISING flag is not yet set.
4038 */ 4396 */
4039 hdev->cur_adv_instance = 0x00; 4397 hdev->cur_adv_instance = 0x00;
4040 __hci_req_update_adv_data(&req, 0x00); 4398
4041 __hci_req_update_scan_rsp_data(&req, 0x00); 4399 if (ext_adv_capable(hdev)) {
4042 __hci_req_enable_advertising(&req); 4400 __hci_req_start_ext_adv(&req, 0x00);
4401 } else {
4402 __hci_req_update_adv_data(&req, 0x00);
4403 __hci_req_update_scan_rsp_data(&req, 0x00);
4404 __hci_req_enable_advertising(&req);
4405 }
4043 } else { 4406 } else {
4044 __hci_req_disable_advertising(&req); 4407 __hci_req_disable_advertising(&req);
4045 } 4408 }
@@ -4609,6 +4972,7 @@ static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4609 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY); 4972 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4610 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk)); 4973 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4611 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED); 4974 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4975 hci_adv_instances_set_rpa_expired(hdev, true);
4612 if (cp->privacy == 0x02) 4976 if (cp->privacy == 0x02)
4613 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY); 4977 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4614 else 4978 else
@@ -4617,6 +4981,7 @@ static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4617 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY); 4981 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4618 memset(hdev->irk, 0, sizeof(hdev->irk)); 4982 memset(hdev->irk, 0, sizeof(hdev->irk));
4619 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED); 4983 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4984 hci_adv_instances_set_rpa_expired(hdev, false);
4620 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY); 4985 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4621 } 4986 }
4622 4987
@@ -5967,9 +6332,23 @@ static u32 get_supported_adv_flags(struct hci_dev *hdev)
5967 flags |= MGMT_ADV_FLAG_APPEARANCE; 6332 flags |= MGMT_ADV_FLAG_APPEARANCE;
5968 flags |= MGMT_ADV_FLAG_LOCAL_NAME; 6333 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5969 6334
5970 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) 6335 /* In extended adv TX_POWER returned from Set Adv Param
6336 * will be always valid.
6337 */
6338 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6339 ext_adv_capable(hdev))
5971 flags |= MGMT_ADV_FLAG_TX_POWER; 6340 flags |= MGMT_ADV_FLAG_TX_POWER;
5972 6341
6342 if (ext_adv_capable(hdev)) {
6343 flags |= MGMT_ADV_FLAG_SEC_1M;
6344
6345 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6346 flags |= MGMT_ADV_FLAG_SEC_2M;
6347
6348 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6349 flags |= MGMT_ADV_FLAG_SEC_CODED;
6350 }
6351
5973 return flags; 6352 return flags;
5974} 6353}
5975 6354
@@ -6175,7 +6554,7 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6175 struct mgmt_cp_add_advertising *cp = data; 6554 struct mgmt_cp_add_advertising *cp = data;
6176 struct mgmt_rp_add_advertising rp; 6555 struct mgmt_rp_add_advertising rp;
6177 u32 flags; 6556 u32 flags;
6178 u32 supported_flags; 6557 u32 supported_flags, phy_flags;
6179 u8 status; 6558 u8 status;
6180 u16 timeout, duration; 6559 u16 timeout, duration;
6181 unsigned int prev_instance_cnt = hdev->adv_instance_cnt; 6560 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
@@ -6205,10 +6584,12 @@ static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6205 duration = __le16_to_cpu(cp->duration); 6584 duration = __le16_to_cpu(cp->duration);
6206 6585
6207 /* The current implementation only supports a subset of the specified 6586 /* The current implementation only supports a subset of the specified
6208 * flags. 6587 * flags. Also need to check mutual exclusiveness of sec flags.
6209 */ 6588 */
6210 supported_flags = get_supported_adv_flags(hdev); 6589 supported_flags = get_supported_adv_flags(hdev);
6211 if (flags & ~supported_flags) 6590 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6591 if (flags & ~supported_flags ||
6592 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
6212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING, 6593 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6213 MGMT_STATUS_INVALID_PARAMS); 6594 MGMT_STATUS_INVALID_PARAMS);
6214 6595
@@ -6544,6 +6925,8 @@ static const struct hci_mgmt_handler mgmt_handlers[] = {
6544 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE, 6925 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6545 HCI_MGMT_UNTRUSTED }, 6926 HCI_MGMT_UNTRUSTED },
6546 { set_appearance, MGMT_SET_APPEARANCE_SIZE }, 6927 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6928 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
6929 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
6547}; 6930};
6548 6931
6549void mgmt_index_added(struct hci_dev *hdev) 6932void mgmt_index_added(struct hci_dev *hdev)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 413b8ee49fec..8f0f9279eac9 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -393,7 +393,8 @@ static void sco_sock_cleanup_listen(struct sock *parent)
393 */ 393 */
394static void sco_sock_kill(struct sock *sk) 394static void sco_sock_kill(struct sock *sk)
395{ 395{
396 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) 396 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket ||
397 sock_flag(sk, SOCK_DEAD))
397 return; 398 return;
398 399
399 BT_DBG("sk %p state %d", sk, sk->sk_state); 400 BT_DBG("sk %p state %d", sk, sk->sk_state);
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-19 10:47:47 -0400