From 6e518111060c2290427d79c43d4add9600ad852b Mon Sep 17 00:00:00 2001 From: Loic Poulain Date: Tue, 5 Sep 2017 12:26:03 +0200 Subject: [PATCH 01/32] Bluetooth: btqcomsmd: Add support for BD address setup This patch implements the hdev setup function since wcnss-bt does not have persistent memory to store an allocated BD address. The device is therefore marked as unconfigured if no BD address has been previously retrieved. Signed-off-by: Loic Poulain Signed-off-by: Marcel Holtmann Cc: stable@vger.kernel.org --- drivers/bluetooth/btqcomsmd.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/drivers/bluetooth/btqcomsmd.c b/drivers/bluetooth/btqcomsmd.c index d00c4fdae924..bd810d01538a 100644 --- a/drivers/bluetooth/btqcomsmd.c +++ b/drivers/bluetooth/btqcomsmd.c @@ -26,6 +26,7 @@ struct btqcomsmd { struct hci_dev *hdev; + bdaddr_t bdaddr; struct rpmsg_endpoint *acl_channel; struct rpmsg_endpoint *cmd_channel; }; @@ -100,6 +101,38 @@ static int btqcomsmd_close(struct hci_dev *hdev) return 0; } +static int btqcomsmd_setup(struct hci_dev *hdev) +{ + struct btqcomsmd *btq = hci_get_drvdata(hdev); + struct sk_buff *skb; + int err; + + skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL, HCI_INIT_TIMEOUT); + if (IS_ERR(skb)) + return PTR_ERR(skb); + kfree_skb(skb); + + /* Devices do not have persistent storage for BD address. If no + * BD address has been retrieved during probe, mark the device + * as having an invalid BD address. + */ + if (!bacmp(&btq->bdaddr, BDADDR_ANY)) { + set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); + return 0; + } + + /* When setting a configured BD address fails, mark the device + * as having an invalid BD address. + */ + err = qca_set_bdaddr_rome(hdev, &btq->bdaddr); + if (err) { + set_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks); + return 0; + } + + return 0; +} + static int btqcomsmd_probe(struct platform_device *pdev) { struct btqcomsmd *btq; @@ -135,6 +168,7 @@ static int btqcomsmd_probe(struct platform_device *pdev) hdev->open = btqcomsmd_open; hdev->close = btqcomsmd_close; hdev->send = btqcomsmd_send; + hdev->setup = btqcomsmd_setup; hdev->set_bdaddr = qca_set_bdaddr_rome; ret = hci_register_dev(hdev); From 28517c02e1dd8fef7a0eab5e9f18013a0e297aba Mon Sep 17 00:00:00 2001 From: Loic Poulain Date: Fri, 8 Sep 2017 15:57:53 +0200 Subject: [PATCH 02/32] dt-bindings: net: document Bluetooth bindings in one place In the same way as Ethernet, gather the Bluetooth related bindings in one file. Introduce the bluetooth-bd-address property which can be used to store the assigned BD address. Signed-off-by: Loic Poulain Signed-off-by: Marcel Holtmann --- Documentation/devicetree/bindings/net/bluetooth.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 Documentation/devicetree/bindings/net/bluetooth.txt diff --git a/Documentation/devicetree/bindings/net/bluetooth.txt b/Documentation/devicetree/bindings/net/bluetooth.txt new file mode 100644 index 000000000000..94797df751b8 --- /dev/null +++ b/Documentation/devicetree/bindings/net/bluetooth.txt @@ -0,0 +1,5 @@ +The following properties are common to the Bluetooth controllers: + +- local-bd-address: array of 6 bytes, specifies the BD address that was + uniquely assigned to the Bluetooth device, formatted with least significant + byte first (little-endian). From e7868a2f71bd9f81494f0c90a64e4dd454248850 Mon Sep 17 00:00:00 2001 From: Loic Poulain Date: Fri, 8 Sep 2017 15:57:54 +0200 Subject: [PATCH 03/32] dt-bindings: soc: qcom: Add local-bd-address property to WCNSS-BT Add optional local-bd-address property which is a 6-byte array storing the assigned BD address. Since having a unique BD address is critical, a per-device property value should be allocated. This property is usually added by the boot loader which has access to the provisioned data. Signed-off-by: Loic Poulain Signed-off-by: Marcel Holtmann --- Documentation/devicetree/bindings/soc/qcom/qcom,wcnss.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Documentation/devicetree/bindings/soc/qcom/qcom,wcnss.txt b/Documentation/devicetree/bindings/soc/qcom/qcom,wcnss.txt index 4ea39e9186a7..042a2e4159bd 100644 --- a/Documentation/devicetree/bindings/soc/qcom/qcom,wcnss.txt +++ b/Documentation/devicetree/bindings/soc/qcom/qcom,wcnss.txt @@ -37,6 +37,11 @@ The following properties are defined to the bluetooth node: Definition: must be: "qcom,wcnss-bt" +- local-bd-address: + Usage: optional + Value type: + Definition: see Documentation/devicetree/bindings/net/bluetooth.txt + == WiFi The following properties are defined to the WiFi node: @@ -91,6 +96,9 @@ smd { bt { compatible = "qcom,wcnss-bt"; + + /* BD address 00:11:22:33:44:55 */ + local-bd-address = [ 55 44 33 22 11 00 ]; }; wlan { From 766154b7d47b092605171df8930b864efc8ef5c8 Mon Sep 17 00:00:00 2001 From: Loic Poulain Date: Fri, 8 Sep 2017 15:57:55 +0200 Subject: [PATCH 04/32] Bluetooth: btqcomsmd: retrieve BD address from DT property Retrieve BD address from the local-bd-address property. This address must be unique and is usually added in the DT by the bootloader which has access to the provisioned data. Signed-off-by: Loic Poulain Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btqcomsmd.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/bluetooth/btqcomsmd.c b/drivers/bluetooth/btqcomsmd.c index bd810d01538a..663bed63b871 100644 --- a/drivers/bluetooth/btqcomsmd.c +++ b/drivers/bluetooth/btqcomsmd.c @@ -15,6 +15,8 @@ #include #include #include +#include + #include #include @@ -156,6 +158,15 @@ static int btqcomsmd_probe(struct platform_device *pdev) if (IS_ERR(btq->cmd_channel)) return PTR_ERR(btq->cmd_channel); + /* The local-bd-address property is usually injected by the + * bootloader which has access to the allocated BD address. + */ + if (!of_property_read_u8_array(pdev->dev.of_node, "local-bd-address", + (u8 *)&btq->bdaddr, sizeof(bdaddr_t))) { + dev_info(&pdev->dev, "BD address %pMR retrieved from device-tree", + &btq->bdaddr); + } + hdev = hci_alloc_dev(); if (!hdev) return -ENOMEM; From 753f5d91d35b4d709505b73e640e64448857be37 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Tue, 12 Sep 2017 12:16:24 +0200 Subject: [PATCH 05/32] ieee802154: fix gcc-4.9 warnings All older compiler versions up to gcc-4.9 produce these harmless warnings: drivers/net/ieee802154/ca8210.c: In function 'ca8210_skb_tx': drivers/net/ieee802154/ca8210.c:1947:9: warning: missing braces around initializer [-Wmissing-braces] This changes the syntax to something that works on all versions without warnings. Fixes: ded845a781a5 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") Signed-off-by: Arnd Bergmann Acked-by: Stefan Schmidt Signed-off-by: Marcel Holtmann --- drivers/net/ieee802154/ca8210.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ieee802154/ca8210.c b/drivers/net/ieee802154/ca8210.c index 24a1eabbbc9d..e6b8ce81a6c3 100644 --- a/drivers/net/ieee802154/ca8210.c +++ b/drivers/net/ieee802154/ca8210.c @@ -1944,7 +1944,7 @@ static int ca8210_skb_tx( ) { int status; - struct ieee802154_hdr header = { 0 }; + struct ieee802154_hdr header = { }; struct secspec secspec; unsigned int mac_len; From 24a3a32a99ca9dcd8b2cdbaf5c99e6d99878cdb0 Mon Sep 17 00:00:00 2001 From: Arvind Yadav Date: Mon, 25 Sep 2017 13:07:39 +0530 Subject: [PATCH 06/32] Bluetooth: btmrvl: *_err() and *_info() strings should end with newlines pr_err(), dev_err() and pr_info() messages should terminated with a new-line to avoid other messages being concatenated onto the end. Signed-off-by: Arvind Yadav Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btmrvl_sdio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c index 03341ce98c32..7dbb4463b539 100644 --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c @@ -64,7 +64,7 @@ static irqreturn_t btmrvl_wake_irq_bt(int irq, void *priv) struct btmrvl_sdio_card *card = priv; struct btmrvl_plt_wake_cfg *cfg = card->plt_wake_cfg; - pr_info("%s: wake by bt", __func__); + pr_info("%s: wake by bt\n", __func__); cfg->wake_by_bt = true; disable_irq_nosync(irq); @@ -87,7 +87,7 @@ static int btmrvl_sdio_probe_of(struct device *dev, if (!dev->of_node || !of_match_node(btmrvl_sdio_of_match_table, dev->of_node)) { - pr_err("sdio platform data not available"); + pr_err("sdio platform data not available\n"); return -1; } @@ -99,7 +99,7 @@ static int btmrvl_sdio_probe_of(struct device *dev, if (cfg && card->plt_of_node) { cfg->irq_bt = irq_of_parse_and_map(card->plt_of_node, 0); if (!cfg->irq_bt) { - dev_err(dev, "fail to parse irq_bt from device tree"); + dev_err(dev, "fail to parse irq_bt from device tree\n"); cfg->irq_bt = -1; } else { ret = devm_request_irq(dev, cfg->irq_bt, From 47eb2ac809189e0a60ad78eec6db9e84004e11be Mon Sep 17 00:00:00 2001 From: Tudor Ambarus Date: Thu, 28 Sep 2017 17:14:51 +0300 Subject: [PATCH 07/32] Bluetooth: move ecdh allocation outside of ecdh_helper Before this change, a new crypto tfm was allocated, each time, for both key generation and shared secret computation. Allocate a single tfm for both cases. Signed-off-by: Tudor Ambarus Signed-off-by: Marcel Holtmann --- net/bluetooth/ecdh_helper.c | 32 ++++------------- net/bluetooth/ecdh_helper.h | 8 +++-- net/bluetooth/selftest.c | 29 +++++++++++----- net/bluetooth/smp.c | 68 ++++++++++++++++++++++++++++++------- 4 files changed, 87 insertions(+), 50 deletions(-) diff --git a/net/bluetooth/ecdh_helper.c b/net/bluetooth/ecdh_helper.c index c7b1a9aee579..ac2c7087921d 100644 --- a/net/bluetooth/ecdh_helper.c +++ b/net/bluetooth/ecdh_helper.c @@ -23,7 +23,6 @@ #include "ecdh_helper.h" #include -#include #include struct ecdh_completion { @@ -50,10 +49,9 @@ static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) out[i] = __swab64(in[ndigits - 1 - i]); } -bool compute_ecdh_secret(const u8 public_key[64], const u8 private_key[32], - u8 secret[32]) +bool compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], + const u8 private_key[32], u8 secret[32]) { - struct crypto_kpp *tfm; struct kpp_request *req; struct ecdh p; struct ecdh_completion result; @@ -66,16 +64,9 @@ bool compute_ecdh_secret(const u8 public_key[64], const u8 private_key[32], if (!tmp) return false; - tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); - if (IS_ERR(tfm)) { - pr_err("alg: kpp: Failed to load tfm for kpp: %ld\n", - PTR_ERR(tfm)); - goto free_tmp; - } - req = kpp_request_alloc(tfm, GFP_KERNEL); if (!req) - goto free_kpp; + goto free_tmp; init_completion(&result.completion); @@ -126,16 +117,14 @@ bool compute_ecdh_secret(const u8 public_key[64], const u8 private_key[32], kzfree(buf); free_req: kpp_request_free(req); -free_kpp: - crypto_free_kpp(tfm); free_tmp: kfree(tmp); return (err == 0); } -bool generate_ecdh_keys(u8 public_key[64], u8 private_key[32]) +bool generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], + u8 private_key[32]) { - struct crypto_kpp *tfm; struct kpp_request *req; struct ecdh p; struct ecdh_completion result; @@ -150,16 +139,9 @@ bool generate_ecdh_keys(u8 public_key[64], u8 private_key[32]) if (!tmp) return false; - tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); - if (IS_ERR(tfm)) { - pr_err("alg: kpp: Failed to load tfm for kpp: %ld\n", - PTR_ERR(tfm)); - goto free_tmp; - } - req = kpp_request_alloc(tfm, GFP_KERNEL); if (!req) - goto free_kpp; + goto free_tmp; init_completion(&result.completion); @@ -218,8 +200,6 @@ bool generate_ecdh_keys(u8 public_key[64], u8 private_key[32]) kzfree(buf); free_req: kpp_request_free(req); -free_kpp: - crypto_free_kpp(tfm); free_tmp: kfree(tmp); return (err == 0); diff --git a/net/bluetooth/ecdh_helper.h b/net/bluetooth/ecdh_helper.h index 7a423faf76e5..5cde37d12fd9 100644 --- a/net/bluetooth/ecdh_helper.h +++ b/net/bluetooth/ecdh_helper.h @@ -20,8 +20,10 @@ * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS * SOFTWARE IS DISCLAIMED. */ +#include #include -bool compute_ecdh_secret(const u8 pub_a[64], const u8 priv_b[32], - u8 secret[32]); -bool generate_ecdh_keys(u8 public_key[64], u8 private_key[32]); +bool compute_ecdh_secret(struct crypto_kpp *tfm, const u8 pub_a[64], + const u8 priv_b[32], u8 secret[32]); +bool generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], + u8 private_key[32]); diff --git a/net/bluetooth/selftest.c b/net/bluetooth/selftest.c index 34a1227f4391..126bdc5a77a7 100644 --- a/net/bluetooth/selftest.c +++ b/net/bluetooth/selftest.c @@ -138,9 +138,9 @@ static const u8 dhkey_3[32] __initconst = { 0x7c, 0x1c, 0xf9, 0x49, 0xe6, 0xd7, 0xaa, 0x70, }; -static int __init test_ecdh_sample(const u8 priv_a[32], const u8 priv_b[32], - const u8 pub_a[64], const u8 pub_b[64], - const u8 dhkey[32]) +static int __init test_ecdh_sample(struct crypto_kpp *tfm, const u8 priv_a[32], + const u8 priv_b[32], const u8 pub_a[64], + const u8 pub_b[64], const u8 dhkey[32]) { u8 *tmp, *dhkey_a, *dhkey_b; int ret = 0; @@ -152,8 +152,8 @@ static int __init test_ecdh_sample(const u8 priv_a[32], const u8 priv_b[32], dhkey_a = &tmp[0]; dhkey_b = &tmp[32]; - compute_ecdh_secret(pub_b, priv_a, dhkey_a); - compute_ecdh_secret(pub_a, priv_b, dhkey_b); + compute_ecdh_secret(tfm, pub_b, priv_a, dhkey_a); + compute_ecdh_secret(tfm, pub_a, priv_b, dhkey_b); if (memcmp(dhkey_a, dhkey, 32)) { ret = -EINVAL; @@ -185,30 +185,43 @@ static const struct file_operations test_ecdh_fops = { static int __init test_ecdh(void) { + struct crypto_kpp *tfm; ktime_t calltime, delta, rettime; unsigned long long duration; int err; calltime = ktime_get(); - err = test_ecdh_sample(priv_a_1, priv_b_1, pub_a_1, pub_b_1, dhkey_1); + tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); + if (IS_ERR(tfm)) { + BT_ERR("Unable to create ECDH crypto context"); + err = PTR_ERR(tfm); + goto done; + } + + err = test_ecdh_sample(tfm, priv_a_1, priv_b_1, pub_a_1, pub_b_1, + dhkey_1); if (err) { BT_ERR("ECDH sample 1 failed"); goto done; } - err = test_ecdh_sample(priv_a_2, priv_b_2, pub_a_2, pub_b_2, dhkey_2); + err = test_ecdh_sample(tfm, priv_a_2, priv_b_2, pub_a_2, pub_b_2, + dhkey_2); if (err) { BT_ERR("ECDH sample 2 failed"); goto done; } - err = test_ecdh_sample(priv_a_3, priv_a_3, pub_a_3, pub_a_3, dhkey_3); + err = test_ecdh_sample(tfm, priv_a_3, priv_a_3, pub_a_3, pub_a_3, + dhkey_3); if (err) { BT_ERR("ECDH sample 3 failed"); goto done; } + crypto_free_kpp(tfm); + rettime = ktime_get(); delta = ktime_sub(rettime, calltime); duration = (unsigned long long) ktime_to_ns(delta) >> 10; diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index a0ef89772c36..31b64bc3cf16 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -92,6 +93,7 @@ struct smp_dev { struct crypto_cipher *tfm_aes; struct crypto_shash *tfm_cmac; + struct crypto_kpp *tfm_ecdh; }; struct smp_chan { @@ -131,6 +133,7 @@ struct smp_chan { struct crypto_cipher *tfm_aes; struct crypto_shash *tfm_cmac; + struct crypto_kpp *tfm_ecdh; }; /* These debug key values are defined in the SMP section of the core @@ -574,7 +577,8 @@ int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16]) get_random_bytes(smp->local_sk, 32); /* Generate local key pair for Secure Connections */ - if (!generate_ecdh_keys(smp->local_pk, smp->local_sk)) + if (!generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk, + smp->local_sk)) return -EIO; /* This is unlikely, but we need to check that @@ -771,6 +775,7 @@ static void smp_chan_destroy(struct l2cap_conn *conn) crypto_free_cipher(smp->tfm_aes); crypto_free_shash(smp->tfm_cmac); + crypto_free_kpp(smp->tfm_ecdh); /* Ensure that we don't leave any debug key around if debug key * support hasn't been explicitly enabled. @@ -1391,16 +1396,19 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) smp->tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC); if (IS_ERR(smp->tfm_aes)) { BT_ERR("Unable to create AES crypto context"); - kzfree(smp); - return NULL; + goto zfree_smp; } smp->tfm_cmac = crypto_alloc_shash("cmac(aes)", 0, 0); if (IS_ERR(smp->tfm_cmac)) { BT_ERR("Unable to create CMAC crypto context"); - crypto_free_cipher(smp->tfm_aes); - kzfree(smp); - return NULL; + goto free_cipher; + } + + smp->tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); + if (IS_ERR(smp->tfm_ecdh)) { + BT_ERR("Unable to create ECDH crypto context"); + goto free_shash; } smp->conn = conn; @@ -1413,6 +1421,14 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn) hci_conn_hold(conn->hcon); return smp; + +free_shash: + crypto_free_shash(smp->tfm_cmac); +free_cipher: + crypto_free_cipher(smp->tfm_aes); +zfree_smp: + kzfree(smp); + return NULL; } static int sc_mackey_and_ltk(struct smp_chan *smp, u8 mackey[16], u8 ltk[16]) @@ -1903,7 +1919,8 @@ static u8 sc_send_public_key(struct smp_chan *smp) get_random_bytes(smp->local_sk, 32); /* Generate local key pair for Secure Connections */ - if (!generate_ecdh_keys(smp->local_pk, smp->local_sk)) + if (!generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk, + smp->local_sk)) return SMP_UNSPECIFIED; /* This is unlikely, but we need to check that @@ -2677,7 +2694,8 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb) SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk); SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32); - if (!compute_ecdh_secret(smp->remote_pk, smp->local_sk, smp->dhkey)) + if (!compute_ecdh_secret(smp->tfm_ecdh, smp->remote_pk, smp->local_sk, + smp->dhkey)) return SMP_UNSPECIFIED; SMP_DBG("DHKey %32phN", smp->dhkey); @@ -3169,6 +3187,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) struct smp_dev *smp; struct crypto_cipher *tfm_aes; struct crypto_shash *tfm_cmac; + struct crypto_kpp *tfm_ecdh; if (cid == L2CAP_CID_SMP_BREDR) { smp = NULL; @@ -3194,8 +3213,18 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) return ERR_CAST(tfm_cmac); } + tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); + if (IS_ERR(tfm_ecdh)) { + BT_ERR("Unable to create ECDH crypto context"); + crypto_free_shash(tfm_cmac); + crypto_free_cipher(tfm_aes); + kzfree(smp); + return ERR_CAST(tfm_ecdh); + } + smp->tfm_aes = tfm_aes; smp->tfm_cmac = tfm_cmac; + smp->tfm_ecdh = tfm_ecdh; smp->min_key_size = SMP_MIN_ENC_KEY_SIZE; smp->max_key_size = SMP_MAX_ENC_KEY_SIZE; @@ -3205,6 +3234,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) if (smp) { crypto_free_cipher(smp->tfm_aes); crypto_free_shash(smp->tfm_cmac); + crypto_free_kpp(smp->tfm_ecdh); kzfree(smp); } return ERR_PTR(-ENOMEM); @@ -3252,6 +3282,7 @@ static void smp_del_chan(struct l2cap_chan *chan) chan->data = NULL; crypto_free_cipher(smp->tfm_aes); crypto_free_shash(smp->tfm_cmac); + crypto_free_kpp(smp->tfm_ecdh); kzfree(smp); } @@ -3498,13 +3529,13 @@ static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) out[i] = __swab64(in[ndigits - 1 - i]); } -static int __init test_debug_key(void) +static int __init test_debug_key(struct crypto_kpp *tfm_ecdh) { u8 pk[64], sk[32]; swap_digits((u64 *)debug_sk, (u64 *)sk, 4); - if (!generate_ecdh_keys(pk, sk)) + if (!generate_ecdh_keys(tfm_ecdh, pk, sk)) return -EINVAL; if (crypto_memneq(sk, debug_sk, 32)) @@ -3763,7 +3794,8 @@ static const struct file_operations test_smp_fops = { }; static int __init run_selftests(struct crypto_cipher *tfm_aes, - struct crypto_shash *tfm_cmac) + struct crypto_shash *tfm_cmac, + struct crypto_kpp *tfm_ecdh) { ktime_t calltime, delta, rettime; unsigned long long duration; @@ -3771,7 +3803,7 @@ static int __init run_selftests(struct crypto_cipher *tfm_aes, calltime = ktime_get(); - err = test_debug_key(); + err = test_debug_key(tfm_ecdh); if (err) { BT_ERR("debug_key test failed"); goto done; @@ -3848,6 +3880,7 @@ int __init bt_selftest_smp(void) { struct crypto_cipher *tfm_aes; struct crypto_shash *tfm_cmac; + struct crypto_kpp *tfm_ecdh; int err; tfm_aes = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC); @@ -3863,10 +3896,19 @@ int __init bt_selftest_smp(void) return PTR_ERR(tfm_cmac); } - err = run_selftests(tfm_aes, tfm_cmac); + tfm_ecdh = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); + if (IS_ERR(tfm_ecdh)) { + BT_ERR("Unable to create ECDH crypto context"); + crypto_free_shash(tfm_cmac); + crypto_free_cipher(tfm_aes); + return PTR_ERR(tfm_ecdh); + } + + err = run_selftests(tfm_aes, tfm_cmac, tfm_ecdh); crypto_free_shash(tfm_cmac); crypto_free_cipher(tfm_aes); + crypto_free_kpp(tfm_ecdh); return err; } From a297641610963bbb238ea77b32a2e958c4f7b184 Mon Sep 17 00:00:00 2001 From: Tudor Ambarus Date: Thu, 28 Sep 2017 17:14:52 +0300 Subject: [PATCH 08/32] Bluetooth: ecdh_helper - reveal error codes ecdh_helper functions were hiding the error codes and chose to return the return value of an relational operator, "==". Remove the unnecessary query and reveal the error codes. While updating the return values, code in a way that compilers will warn in case of uninitialized err. Signed-off-by: Tudor Ambarus Signed-off-by: Marcel Holtmann --- net/bluetooth/ecdh_helper.c | 32 +++++++++++++++++++------------- net/bluetooth/ecdh_helper.h | 8 ++++---- net/bluetooth/smp.c | 17 ++++++++++------- 3 files changed, 33 insertions(+), 24 deletions(-) diff --git a/net/bluetooth/ecdh_helper.c b/net/bluetooth/ecdh_helper.c index ac2c7087921d..22c8daa0b451 100644 --- a/net/bluetooth/ecdh_helper.c +++ b/net/bluetooth/ecdh_helper.c @@ -49,8 +49,8 @@ static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) out[i] = __swab64(in[ndigits - 1 - i]); } -bool compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], - const u8 private_key[32], u8 secret[32]) +int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], + const u8 private_key[32], u8 secret[32]) { struct kpp_request *req; struct ecdh p; @@ -58,15 +58,17 @@ bool compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], struct scatterlist src, dst; u8 *tmp, *buf; unsigned int buf_len; - int err = -ENOMEM; + int err; tmp = kmalloc(64, GFP_KERNEL); if (!tmp) - return false; + return -ENOMEM; req = kpp_request_alloc(tfm, GFP_KERNEL); - if (!req) + if (!req) { + err = -ENOMEM; goto free_tmp; + } init_completion(&result.completion); @@ -80,8 +82,10 @@ bool compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], p.curve_id = ECC_CURVE_NIST_P256; buf_len = crypto_ecdh_key_len(&p); buf = kmalloc(buf_len, GFP_KERNEL); - if (!buf) + if (!buf) { + err = -ENOMEM; goto free_req; + } crypto_ecdh_encode_key(buf, buf_len, &p); @@ -119,11 +123,11 @@ bool compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], kpp_request_free(req); free_tmp: kfree(tmp); - return (err == 0); + return err; } -bool generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], - u8 private_key[32]) +int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], + u8 private_key[32]) { struct kpp_request *req; struct ecdh p; @@ -131,17 +135,19 @@ bool generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], struct scatterlist dst; u8 *tmp, *buf; unsigned int buf_len; - int err = -ENOMEM; + int err; const unsigned short max_tries = 16; unsigned short tries = 0; tmp = kmalloc(64, GFP_KERNEL); if (!tmp) - return false; + return -ENOMEM; req = kpp_request_alloc(tfm, GFP_KERNEL); - if (!req) + if (!req) { + err = -ENOMEM; goto free_tmp; + } init_completion(&result.completion); @@ -202,5 +208,5 @@ bool generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], kpp_request_free(req); free_tmp: kfree(tmp); - return (err == 0); + return err; } diff --git a/net/bluetooth/ecdh_helper.h b/net/bluetooth/ecdh_helper.h index 5cde37d12fd9..50e6676aebf5 100644 --- a/net/bluetooth/ecdh_helper.h +++ b/net/bluetooth/ecdh_helper.h @@ -23,7 +23,7 @@ #include #include -bool compute_ecdh_secret(struct crypto_kpp *tfm, const u8 pub_a[64], - const u8 priv_b[32], u8 secret[32]); -bool generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], - u8 private_key[32]); +int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 pub_a[64], + const u8 priv_b[32], u8 secret[32]); +int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], + u8 private_key[32]); diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 31b64bc3cf16..af7e6100e55b 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -577,9 +577,10 @@ int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16]) get_random_bytes(smp->local_sk, 32); /* Generate local key pair for Secure Connections */ - if (!generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk, - smp->local_sk)) - return -EIO; + err = generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk, + smp->local_sk); + if (err) + return err; /* This is unlikely, but we need to check that * we didn't accidentially generate a debug key. @@ -1919,8 +1920,8 @@ static u8 sc_send_public_key(struct smp_chan *smp) get_random_bytes(smp->local_sk, 32); /* Generate local key pair for Secure Connections */ - if (!generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk, - smp->local_sk)) + if (generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk, + smp->local_sk)) return SMP_UNSPECIFIED; /* This is unlikely, but we need to check that @@ -3532,11 +3533,13 @@ static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) static int __init test_debug_key(struct crypto_kpp *tfm_ecdh) { u8 pk[64], sk[32]; + int err; swap_digits((u64 *)debug_sk, (u64 *)sk, 4); - if (!generate_ecdh_keys(tfm_ecdh, pk, sk)) - return -EINVAL; + err = generate_ecdh_keys(tfm_ecdh, pk, sk); + if (err) + return err; if (crypto_memneq(sk, debug_sk, 32)) return -EINVAL; From 3814baf3f2473226e479fc1f4f48d01de2ce0a7b Mon Sep 17 00:00:00 2001 From: Tudor Ambarus Date: Thu, 28 Sep 2017 17:14:53 +0300 Subject: [PATCH 09/32] Bluetooth: selftest - check for errors when computing ZZ Signed-off-by: Tudor Ambarus Signed-off-by: Marcel Holtmann --- net/bluetooth/selftest.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/net/bluetooth/selftest.c b/net/bluetooth/selftest.c index 126bdc5a77a7..ce99648ed870 100644 --- a/net/bluetooth/selftest.c +++ b/net/bluetooth/selftest.c @@ -143,7 +143,7 @@ static int __init test_ecdh_sample(struct crypto_kpp *tfm, const u8 priv_a[32], const u8 pub_b[64], const u8 dhkey[32]) { u8 *tmp, *dhkey_a, *dhkey_b; - int ret = 0; + int ret; tmp = kmalloc(64, GFP_KERNEL); if (!tmp) @@ -152,8 +152,13 @@ static int __init test_ecdh_sample(struct crypto_kpp *tfm, const u8 priv_a[32], dhkey_a = &tmp[0]; dhkey_b = &tmp[32]; - compute_ecdh_secret(tfm, pub_b, priv_a, dhkey_a); - compute_ecdh_secret(tfm, pub_a, priv_b, dhkey_b); + ret = compute_ecdh_secret(tfm, pub_b, priv_a, dhkey_a); + if (ret) + goto out; + + ret = compute_ecdh_secret(tfm, pub_a, priv_b, dhkey_b); + if (ret) + goto out; if (memcmp(dhkey_a, dhkey, 32)) { ret = -EINVAL; From 168ed65483a1777c2570f4c0a4a64e20a823cf25 Mon Sep 17 00:00:00 2001 From: Tudor Ambarus Date: Thu, 28 Sep 2017 17:14:54 +0300 Subject: [PATCH 10/32] Bluetooth: ecdh_helper - fix leak of private key tmp buffer contains the swapped private key. In case the setkey call failed, the tmp buffer was freed without clearing the private key. Zeroize the temporary buffer so we don't leak the private key. Signed-off-by: Tudor Ambarus Signed-off-by: Marcel Holtmann --- net/bluetooth/ecdh_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bluetooth/ecdh_helper.c b/net/bluetooth/ecdh_helper.c index 22c8daa0b451..16e022f5ab27 100644 --- a/net/bluetooth/ecdh_helper.c +++ b/net/bluetooth/ecdh_helper.c @@ -122,7 +122,7 @@ int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], free_req: kpp_request_free(req); free_tmp: - kfree(tmp); + kzfree(tmp); return err; } From c0153b0b901a16663ff91504fea25fb51d57cc29 Mon Sep 17 00:00:00 2001 From: Tudor Ambarus Date: Thu, 28 Sep 2017 17:14:55 +0300 Subject: [PATCH 11/32] Bluetooth: let the crypto subsystem generate the ecc privkey That Bluetooth SMP knows about the private key is pointless, since the detection of debug key usage is actually via the public key portion. With this patch, the Bluetooth SMP will stop keeping a copy of the ecdh private key and will let the crypto subsystem to generate and handle the ecdh private key, potentially benefiting of hardware ecc private key generation and retention. The loop that tries to generate a correct private key is now removed and we trust the crypto subsystem to generate a correct private key. This backup logic should be done in crypto, if really needed. Signed-off-by: Tudor Ambarus Signed-off-by: Marcel Holtmann --- net/bluetooth/ecdh_helper.c | 188 ++++++++++++++++++++---------------- net/bluetooth/ecdh_helper.h | 9 +- net/bluetooth/selftest.c | 14 ++- net/bluetooth/smp.c | 66 ++++++------- 4 files changed, 148 insertions(+), 129 deletions(-) diff --git a/net/bluetooth/ecdh_helper.c b/net/bluetooth/ecdh_helper.c index 16e022f5ab27..2155ce802877 100644 --- a/net/bluetooth/ecdh_helper.c +++ b/net/bluetooth/ecdh_helper.c @@ -49,15 +49,21 @@ static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) out[i] = __swab64(in[ndigits - 1 - i]); } +/* compute_ecdh_secret() - function assumes that the private key was + * already set. + * @tfm: KPP tfm handle allocated with crypto_alloc_kpp(). + * @public_key: pair's ecc public key. + * secret: memory where the ecdh computed shared secret will be saved. + * + * Return: zero on success; error code in case of error. + */ int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], - const u8 private_key[32], u8 secret[32]) + u8 secret[32]) { struct kpp_request *req; - struct ecdh p; + u8 *tmp; struct ecdh_completion result; struct scatterlist src, dst; - u8 *tmp, *buf; - unsigned int buf_len; int err; tmp = kmalloc(64, GFP_KERNEL); @@ -72,28 +78,6 @@ int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], init_completion(&result.completion); - /* Security Manager Protocol holds digits in litte-endian order - * while ECC API expect big-endian data - */ - swap_digits((u64 *)private_key, (u64 *)tmp, 4); - p.key = (char *)tmp; - p.key_size = 32; - /* Set curve_id */ - p.curve_id = ECC_CURVE_NIST_P256; - buf_len = crypto_ecdh_key_len(&p); - buf = kmalloc(buf_len, GFP_KERNEL); - if (!buf) { - err = -ENOMEM; - goto free_req; - } - - crypto_ecdh_encode_key(buf, buf_len, &p); - - /* Set A private Key */ - err = crypto_kpp_set_secret(tfm, (void *)buf, buf_len); - if (err) - goto free_all; - swap_digits((u64 *)public_key, (u64 *)tmp, 4); /* x */ swap_digits((u64 *)&public_key[32], (u64 *)&tmp[32], 4); /* y */ @@ -118,26 +102,76 @@ int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], memcpy(secret, tmp, 32); free_all: - kzfree(buf); -free_req: kpp_request_free(req); free_tmp: kzfree(tmp); return err; } -int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], - u8 private_key[32]) +/* set_ecdh_privkey() - set or generate ecc private key. + * + * Function generates an ecc private key in the crypto subsystem when receiving + * a NULL private key or sets the received key when not NULL. + * + * @tfm: KPP tfm handle allocated with crypto_alloc_kpp(). + * @private_key: user's ecc private key. When not NULL, the key is expected + * in little endian format. + * + * Return: zero on success; error code in case of error. + */ +int set_ecdh_privkey(struct crypto_kpp *tfm, const u8 private_key[32]) { - struct kpp_request *req; - struct ecdh p; - struct ecdh_completion result; - struct scatterlist dst; - u8 *tmp, *buf; + u8 *buf, *tmp = NULL; unsigned int buf_len; int err; - const unsigned short max_tries = 16; - unsigned short tries = 0; + struct ecdh p = {0}; + + p.curve_id = ECC_CURVE_NIST_P256; + + if (private_key) { + tmp = kmalloc(32, GFP_KERNEL); + if (!tmp) + return -ENOMEM; + swap_digits((u64 *)private_key, (u64 *)tmp, 4); + p.key = tmp; + p.key_size = 32; + } + + buf_len = crypto_ecdh_key_len(&p); + buf = kmalloc(buf_len, GFP_KERNEL); + if (!buf) { + err = -ENOMEM; + goto free_tmp; + } + + err = crypto_ecdh_encode_key(buf, buf_len, &p); + if (err) + goto free_all; + + err = crypto_kpp_set_secret(tfm, buf, buf_len); + /* fall through */ +free_all: + kzfree(buf); +free_tmp: + kzfree(tmp); + return err; +} + +/* generate_ecdh_public_key() - function assumes that the private key was + * already set. + * + * @tfm: KPP tfm handle allocated with crypto_alloc_kpp(). + * @public_key: memory where the computed ecc public key will be saved. + * + * Return: zero on success; error code in case of error. + */ +int generate_ecdh_public_key(struct crypto_kpp *tfm, u8 public_key[64]) +{ + struct kpp_request *req; + u8 *tmp; + struct ecdh_completion result; + struct scatterlist dst; + int err; tmp = kmalloc(64, GFP_KERNEL); if (!tmp) @@ -150,63 +184,47 @@ int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], } init_completion(&result.completion); + sg_init_one(&dst, tmp, 64); + kpp_request_set_input(req, NULL, 0); + kpp_request_set_output(req, &dst, 64); + kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, + ecdh_complete, &result); - /* Set curve_id */ - p.curve_id = ECC_CURVE_NIST_P256; - p.key_size = 32; - buf_len = crypto_ecdh_key_len(&p); - buf = kmalloc(buf_len, GFP_KERNEL); - if (!buf) - goto free_req; + err = crypto_kpp_generate_public_key(req); + if (err == -EINPROGRESS) { + wait_for_completion(&result.completion); + err = result.err; + } + if (err < 0) + goto free_all; - do { - if (tries++ >= max_tries) - goto free_all; - - /* Set private Key */ - p.key = (char *)private_key; - crypto_ecdh_encode_key(buf, buf_len, &p); - err = crypto_kpp_set_secret(tfm, buf, buf_len); - if (err) - goto free_all; - - sg_init_one(&dst, tmp, 64); - kpp_request_set_input(req, NULL, 0); - kpp_request_set_output(req, &dst, 64); - kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - ecdh_complete, &result); - - err = crypto_kpp_generate_public_key(req); - - if (err == -EINPROGRESS) { - wait_for_completion(&result.completion); - err = result.err; - } - - /* Private key is not valid. Regenerate */ - if (err == -EINVAL) - continue; - - if (err < 0) - goto free_all; - else - break; - - } while (true); - - /* Keys are handed back in little endian as expected by Security - * Manager Protocol + /* The public key is handed back in little endian as expected by + * the Security Manager Protocol. */ swap_digits((u64 *)tmp, (u64 *)public_key, 4); /* x */ swap_digits((u64 *)&tmp[32], (u64 *)&public_key[32], 4); /* y */ - swap_digits((u64 *)private_key, (u64 *)tmp, 4); - memcpy(private_key, tmp, 32); free_all: - kzfree(buf); -free_req: kpp_request_free(req); free_tmp: kfree(tmp); return err; } + +/* generate_ecdh_keys() - generate ecc key pair. + * + * @tfm: KPP tfm handle allocated with crypto_alloc_kpp(). + * @public_key: memory where the computed ecc public key will be saved. + * + * Return: zero on success; error code in case of error. + */ +int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64]) +{ + int err; + + err = set_ecdh_privkey(tfm, NULL); + if (err) + return err; + + return generate_ecdh_public_key(tfm, public_key); +} diff --git a/net/bluetooth/ecdh_helper.h b/net/bluetooth/ecdh_helper.h index 50e6676aebf5..a6f8d03d4aaf 100644 --- a/net/bluetooth/ecdh_helper.h +++ b/net/bluetooth/ecdh_helper.h @@ -23,7 +23,8 @@ #include #include -int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 pub_a[64], - const u8 priv_b[32], u8 secret[32]); -int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], - u8 private_key[32]); +int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 pair_public_key[64], + u8 secret[32]); +int set_ecdh_privkey(struct crypto_kpp *tfm, const u8 *private_key); +int generate_ecdh_public_key(struct crypto_kpp *tfm, u8 public_key[64]); +int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64]); diff --git a/net/bluetooth/selftest.c b/net/bluetooth/selftest.c index ce99648ed870..2d1519d0affa 100644 --- a/net/bluetooth/selftest.c +++ b/net/bluetooth/selftest.c @@ -152,11 +152,11 @@ static int __init test_ecdh_sample(struct crypto_kpp *tfm, const u8 priv_a[32], dhkey_a = &tmp[0]; dhkey_b = &tmp[32]; - ret = compute_ecdh_secret(tfm, pub_b, priv_a, dhkey_a); + ret = set_ecdh_privkey(tfm, priv_a); if (ret) goto out; - ret = compute_ecdh_secret(tfm, pub_a, priv_b, dhkey_b); + ret = compute_ecdh_secret(tfm, pub_b, dhkey_a); if (ret) goto out; @@ -165,9 +165,17 @@ static int __init test_ecdh_sample(struct crypto_kpp *tfm, const u8 priv_a[32], goto out; } + ret = set_ecdh_privkey(tfm, priv_b); + if (ret) + goto out; + + ret = compute_ecdh_secret(tfm, pub_a, dhkey_b); + if (ret) + goto out; + if (memcmp(dhkey_b, dhkey, 32)) ret = -EINVAL; - + /* fall through*/ out: kfree(tmp); return ret; diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index af7e6100e55b..d41449b9e9d6 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -84,7 +84,6 @@ enum { struct smp_dev { /* Secure Connections OOB data */ u8 local_pk[64]; - u8 local_sk[32]; u8 local_rand[16]; bool debug_key; @@ -126,7 +125,6 @@ struct smp_chan { /* Secure Connections variables */ u8 local_pk[64]; - u8 local_sk[32]; u8 remote_pk[64]; u8 dhkey[32]; u8 mackey[16]; @@ -568,24 +566,22 @@ int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16]) if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) { BT_DBG("Using debug keys"); + err = set_ecdh_privkey(smp->tfm_ecdh, debug_sk); + if (err) + return err; memcpy(smp->local_pk, debug_pk, 64); - memcpy(smp->local_sk, debug_sk, 32); smp->debug_key = true; } else { while (true) { - /* Seed private key with random number */ - get_random_bytes(smp->local_sk, 32); - - /* Generate local key pair for Secure Connections */ - err = generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk, - smp->local_sk); + /* Generate key pair for Secure Connections */ + err = generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk); if (err) return err; /* This is unlikely, but we need to check that * we didn't accidentially generate a debug key. */ - if (crypto_memneq(smp->local_sk, debug_sk, 32)) + if (crypto_memneq(smp->local_pk, debug_pk, 64)) break; } smp->debug_key = false; @@ -593,7 +589,6 @@ int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16]) SMP_DBG("OOB Public Key X: %32phN", smp->local_pk); SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32); - SMP_DBG("OOB Private Key: %32phN", smp->local_sk); get_random_bytes(smp->local_rand, 16); @@ -1900,7 +1895,6 @@ static u8 sc_send_public_key(struct smp_chan *smp) smp_dev = chan->data; memcpy(smp->local_pk, smp_dev->local_pk, 64); - memcpy(smp->local_sk, smp_dev->local_sk, 32); memcpy(smp->lr, smp_dev->local_rand, 16); if (smp_dev->debug_key) @@ -1911,23 +1905,20 @@ static u8 sc_send_public_key(struct smp_chan *smp) if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS)) { BT_DBG("Using debug keys"); + if (set_ecdh_privkey(smp->tfm_ecdh, debug_sk)) + return SMP_UNSPECIFIED; memcpy(smp->local_pk, debug_pk, 64); - memcpy(smp->local_sk, debug_sk, 32); set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags); } else { while (true) { - /* Seed private key with random number */ - get_random_bytes(smp->local_sk, 32); - - /* Generate local key pair for Secure Connections */ - if (generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk, - smp->local_sk)) + /* Generate key pair for Secure Connections */ + if (generate_ecdh_keys(smp->tfm_ecdh, smp->local_pk)) return SMP_UNSPECIFIED; /* This is unlikely, but we need to check that * we didn't accidentially generate a debug key. */ - if (crypto_memneq(smp->local_sk, debug_sk, 32)) + if (crypto_memneq(smp->local_pk, debug_pk, 64)) break; } } @@ -1935,7 +1926,6 @@ static u8 sc_send_public_key(struct smp_chan *smp) done: SMP_DBG("Local Public Key X: %32phN", smp->local_pk); SMP_DBG("Local Public Key Y: %32phN", smp->local_pk + 32); - SMP_DBG("Local Private Key: %32phN", smp->local_sk); smp_send_cmd(smp->conn, SMP_CMD_PUBLIC_KEY, 64, smp->local_pk); @@ -2663,6 +2653,7 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb) struct l2cap_chan *chan = conn->smp; struct smp_chan *smp = chan->data; struct hci_dev *hdev = hcon->hdev; + struct crypto_kpp *tfm_ecdh; struct smp_cmd_pairing_confirm cfm; int err; @@ -2695,8 +2686,18 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb) SMP_DBG("Remote Public Key X: %32phN", smp->remote_pk); SMP_DBG("Remote Public Key Y: %32phN", smp->remote_pk + 32); - if (!compute_ecdh_secret(smp->tfm_ecdh, smp->remote_pk, smp->local_sk, - smp->dhkey)) + /* Compute the shared secret on the same crypto tfm on which the private + * key was set/generated. + */ + if (test_bit(SMP_FLAG_LOCAL_OOB, &smp->flags)) { + struct smp_dev *smp_dev = chan->data; + + tfm_ecdh = smp_dev->tfm_ecdh; + } else { + tfm_ecdh = smp->tfm_ecdh; + } + + if (compute_ecdh_secret(tfm_ecdh, smp->remote_pk, smp->dhkey)) return SMP_UNSPECIFIED; SMP_DBG("DHKey %32phN", smp->dhkey); @@ -3522,27 +3523,18 @@ void smp_unregister(struct hci_dev *hdev) #if IS_ENABLED(CONFIG_BT_SELFTEST_SMP) -static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) -{ - int i; - - for (i = 0; i < ndigits; i++) - out[i] = __swab64(in[ndigits - 1 - i]); -} - static int __init test_debug_key(struct crypto_kpp *tfm_ecdh) { - u8 pk[64], sk[32]; + u8 pk[64]; int err; - swap_digits((u64 *)debug_sk, (u64 *)sk, 4); - - err = generate_ecdh_keys(tfm_ecdh, pk, sk); + err = set_ecdh_privkey(tfm_ecdh, debug_sk); if (err) return err; - if (crypto_memneq(sk, debug_sk, 32)) - return -EINVAL; + err = generate_ecdh_public_key(tfm_ecdh, pk); + if (err) + return err; if (crypto_memneq(pk, debug_pk, 64)) return -EINVAL; From 7841d554809b518a22349e7e39b6b63f8a48d0fb Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:35 +0200 Subject: [PATCH 12/32] Bluetooth: hci_uart_set_flow_control: Fix NULL deref when using serdev Fix a NULL pointer deref (hu->tty) when calling hci_uart_set_flow_control on hci_uart-s using serdev. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_ldisc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index a746627e784e..eec95019f15c 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c @@ -41,6 +41,7 @@ #include #include #include +#include #include #include @@ -298,6 +299,12 @@ void hci_uart_set_flow_control(struct hci_uart *hu, bool enable) unsigned int set = 0; unsigned int clear = 0; + if (hu->serdev) { + serdev_device_set_flow_control(hu->serdev, !enable); + serdev_device_set_rts(hu->serdev, !enable); + return; + } + if (enable) { /* Disable hardware flow control */ ktermios = tty->termios; From 227630cccdbb8f8a1b24ac26517b75079c9a69c9 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:36 +0200 Subject: [PATCH 13/32] Bluetooth: hci_bcm: Fix setting of irq trigger type This commit fixes 2 issues with host-wake irq trigger type handling in hci_bcm: 1) bcm_setup_sleep sets sleep_params.host_wake_active based on bcm_device.irq_polarity, but bcm_request_irq was always requesting IRQF_TRIGGER_RISING as trigger type independent of irq_polarity. This was a problem when the irq is described as a GpioInt rather then an Interrupt in the DSDT as for GpioInt-s the value passed to request_irq is honored. This commit fixes this by requesting the correct trigger type depending on bcm_device.irq_polarity. 2) bcm_device.irq_polarity was used to directly store an ACPI polarity value (ACPI_ACTIVE_*). This is undesirable because hci_bcm is also used with device-tree and checking for something like ACPI_ACTIVE_LOW in a non ACPI specific function like bcm_request_irq feels wrong. This commit fixes this by renaming irq_polarity to irq_active_low and changing its type to a bool. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index e2540113d0da..73d2d88ddc03 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -68,7 +68,7 @@ struct bcm_device { u32 init_speed; u32 oper_speed; int irq; - u8 irq_polarity; + bool irq_active_low; #ifdef CONFIG_PM struct hci_uart *hu; @@ -213,7 +213,9 @@ static int bcm_request_irq(struct bcm_data *bcm) } err = devm_request_irq(&bdev->pdev->dev, bdev->irq, bcm_host_wake, - IRQF_TRIGGER_RISING, "host_wake", bdev); + bdev->irq_active_low ? IRQF_TRIGGER_FALLING : + IRQF_TRIGGER_RISING, + "host_wake", bdev); if (err) goto unlock; @@ -253,7 +255,7 @@ static int bcm_setup_sleep(struct hci_uart *hu) struct sk_buff *skb; struct bcm_set_sleep_mode sleep_params = default_sleep_params; - sleep_params.host_wake_active = !bcm->dev->irq_polarity; + sleep_params.host_wake_active = !bcm->dev->irq_active_low; skb = __hci_cmd_sync(hu->hdev, 0xfc27, sizeof(sleep_params), &sleep_params, HCI_INIT_TIMEOUT); @@ -690,10 +692,8 @@ static const struct acpi_gpio_mapping acpi_bcm_int_first_gpios[] = { }; #ifdef CONFIG_ACPI -static u8 acpi_active_low = ACPI_ACTIVE_LOW; - /* IRQ polarity of some chipsets are not defined correctly in ACPI table. */ -static const struct dmi_system_id bcm_wrong_irq_dmi_table[] = { +static const struct dmi_system_id bcm_active_low_irq_dmi_table[] = { { .ident = "Asus T100TA", .matches = { @@ -701,7 +701,6 @@ static const struct dmi_system_id bcm_wrong_irq_dmi_table[] = { "ASUSTeK COMPUTER INC."), DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), }, - .driver_data = &acpi_active_low, }, { .ident = "Asus T100CHI", @@ -710,7 +709,6 @@ static const struct dmi_system_id bcm_wrong_irq_dmi_table[] = { "ASUSTeK COMPUTER INC."), DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100CHI"), }, - .driver_data = &acpi_active_low, }, { /* Handle ThinkPad 8 tablets with BCM2E55 chipset ACPI ID */ .ident = "Lenovo ThinkPad 8", @@ -718,7 +716,6 @@ static const struct dmi_system_id bcm_wrong_irq_dmi_table[] = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "LENOVO"), DMI_EXACT_MATCH(DMI_PRODUCT_VERSION, "ThinkPad 8"), }, - .driver_data = &acpi_active_low, }, { } }; @@ -733,13 +730,13 @@ static int bcm_resource(struct acpi_resource *ares, void *data) switch (ares->type) { case ACPI_RESOURCE_TYPE_EXTENDED_IRQ: irq = &ares->data.extended_irq; - dev->irq_polarity = irq->polarity; + dev->irq_active_low = irq->polarity == ACPI_ACTIVE_LOW; break; case ACPI_RESOURCE_TYPE_GPIO: gpio = &ares->data.gpio; if (gpio->connection_type == ACPI_RESOURCE_GPIO_TYPE_INT) - dev->irq_polarity = gpio->polarity; + dev->irq_active_low = gpio->polarity == ACPI_ACTIVE_LOW; break; case ACPI_RESOURCE_TYPE_SERIAL_BUS: @@ -834,11 +831,11 @@ static int bcm_acpi_probe(struct bcm_device *dev) return ret; acpi_dev_free_resource_list(&resources); - dmi_id = dmi_first_match(bcm_wrong_irq_dmi_table); + dmi_id = dmi_first_match(bcm_active_low_irq_dmi_table); if (dmi_id) { bt_dev_warn(dev, "%s: Overwriting IRQ polarity to active low", dmi_id->ident); - dev->irq_polarity = *(u8 *)dmi_id->driver_data; + dev->irq_active_low = true; } return 0; From 201762e21f308ec23bebe8bc0c4c033afb2879d5 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:37 +0200 Subject: [PATCH 14/32] Bluetooth: hci_bcm: Move bcm_platform_probe call out of bcm_acpi_probe Since bcm_acpi_probe calls bcm_platform_probe, bcm_probe always ends up calling bcm_platform_probe. This commit simplifies things by making bcm_probe always call bcm_platform_probe itself. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 73d2d88ddc03..1a9ce68b9a9b 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -820,10 +820,6 @@ static int bcm_acpi_probe(struct bcm_device *dev) if (ret) return ret; - ret = bcm_platform_probe(dev); - if (ret) - return ret; - /* Retrieve UART ACPI info */ ret = acpi_dev_get_resources(ACPI_COMPANION(&dev->pdev->dev), &resources, bcm_resource, dev); @@ -858,10 +854,13 @@ static int bcm_probe(struct platform_device *pdev) dev->pdev = pdev; - if (has_acpi_companion(&pdev->dev)) + if (has_acpi_companion(&pdev->dev)) { ret = bcm_acpi_probe(dev); - else - ret = bcm_platform_probe(dev); + if (ret) + return ret; + } + + ret = bcm_platform_probe(dev); if (ret) return ret; From 4a56f891efceee88d422af2e99d00c8321c671c1 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:38 +0200 Subject: [PATCH 15/32] Bluetooth: hci_bcm: Move platform_get_irq call to bcm_probe The ACPI subsys is going to move over to instantiating ACPI enumerated HCIs as serdevs, rather then as platform devices. Most of the code in bcm_platform_probe is actually not platform specific and will work with any struct device passed to it, the one platform specific call in bcm_platform_probe is platform_get_irq. This commit moves platform_get_irq call to the platform-driver's bcm_probe function, this is a preparation patch for adding (runtime)pm support to the serdev path. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 1a9ce68b9a9b..3cbd7dab112a 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -776,7 +776,6 @@ static int bcm_platform_probe(struct bcm_device *dev) return PTR_ERR(dev->shutdown); /* IRQ can be declared in ACPI table as Interrupt or GpioInt */ - dev->irq = platform_get_irq(pdev, 0); if (dev->irq <= 0) { struct gpio_desc *gpio; @@ -853,6 +852,7 @@ static int bcm_probe(struct platform_device *pdev) return -ENOMEM; dev->pdev = pdev; + dev->irq = platform_get_irq(pdev, 0); if (has_acpi_companion(&pdev->dev)) { ret = bcm_acpi_probe(dev); From c0d3ce580b7c8f0b7c14306f7d8654a4f30a665d Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:39 +0200 Subject: [PATCH 16/32] Bluetooth: hci_bcm: Store device pointer instead of platform_device pointer The ACPI subsys is going to move over to instantiating ACPI enumerated HCIs as serdevs, rather then as platform devices. This means that the serdev driver paths of hci_bcm.c also need to start supporting (runtime)pm through GPIOs and a host-wake IRQ. The hci_bcm code is already mostly independent of how the HCI gets instantiated, but even though the code only cares about pdev->dev, it was storing pdev itself in struct bcm_device. This commit stores pdev->dev rather then pdev in struct bcm_device, this is a preparation patch for adding (runtime)pm support to the serdev path. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 73 ++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 38 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 3cbd7dab112a..101b17ae9aa7 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -56,7 +56,7 @@ struct bcm_device { struct list_head list; - struct platform_device *pdev; + struct device *dev; const char *name; struct gpio_desc *device_wakeup; @@ -188,9 +188,9 @@ static irqreturn_t bcm_host_wake(int irq, void *data) bt_dev_dbg(bdev, "Host wake IRQ"); - pm_runtime_get(&bdev->pdev->dev); - pm_runtime_mark_last_busy(&bdev->pdev->dev); - pm_runtime_put_autosuspend(&bdev->pdev->dev); + pm_runtime_get(bdev->dev); + pm_runtime_mark_last_busy(bdev->dev); + pm_runtime_put_autosuspend(bdev->dev); return IRQ_HANDLED; } @@ -212,20 +212,20 @@ static int bcm_request_irq(struct bcm_data *bcm) goto unlock; } - err = devm_request_irq(&bdev->pdev->dev, bdev->irq, bcm_host_wake, + err = devm_request_irq(bdev->dev, bdev->irq, bcm_host_wake, bdev->irq_active_low ? IRQF_TRIGGER_FALLING : IRQF_TRIGGER_RISING, "host_wake", bdev); if (err) goto unlock; - device_init_wakeup(&bdev->pdev->dev, true); + device_init_wakeup(bdev->dev, true); - pm_runtime_set_autosuspend_delay(&bdev->pdev->dev, + pm_runtime_set_autosuspend_delay(bdev->dev, BCM_AUTOSUSPEND_DELAY); - pm_runtime_use_autosuspend(&bdev->pdev->dev); - pm_runtime_set_active(&bdev->pdev->dev); - pm_runtime_enable(&bdev->pdev->dev); + pm_runtime_use_autosuspend(bdev->dev); + pm_runtime_set_active(bdev->dev); + pm_runtime_enable(bdev->dev); unlock: mutex_unlock(&bcm_device_lock); @@ -332,7 +332,7 @@ static int bcm_open(struct hci_uart *hu) * platform device (saved during device probe) and * parent of tty device used by hci_uart */ - if (hu->tty->dev->parent == dev->pdev->dev.parent) { + if (hu->tty->dev->parent == dev->dev->parent) { bcm->dev = dev; hu->init_speed = dev->init_speed; hu->oper_speed = dev->oper_speed; @@ -367,12 +367,12 @@ static int bcm_close(struct hci_uart *hu) if (bcm_device_exists(bdev)) { bcm_gpio_set_power(bdev, false); #ifdef CONFIG_PM - pm_runtime_disable(&bdev->pdev->dev); - pm_runtime_set_suspended(&bdev->pdev->dev); + pm_runtime_disable(bdev->dev); + pm_runtime_set_suspended(bdev->dev); - if (device_can_wakeup(&bdev->pdev->dev)) { - devm_free_irq(&bdev->pdev->dev, bdev->irq, bdev); - device_init_wakeup(&bdev->pdev->dev, false); + if (device_can_wakeup(bdev->dev)) { + devm_free_irq(bdev->dev, bdev->irq, bdev); + device_init_wakeup(bdev->dev, false); } bdev->hu = NULL; @@ -506,9 +506,9 @@ static int bcm_recv(struct hci_uart *hu, const void *data, int count) /* Delay auto-suspend when receiving completed packet */ mutex_lock(&bcm_device_lock); if (bcm->dev && bcm_device_exists(bcm->dev)) { - pm_runtime_get(&bcm->dev->pdev->dev); - pm_runtime_mark_last_busy(&bcm->dev->pdev->dev); - pm_runtime_put_autosuspend(&bcm->dev->pdev->dev); + pm_runtime_get(bcm->dev->dev); + pm_runtime_mark_last_busy(bcm->dev->dev); + pm_runtime_put_autosuspend(bcm->dev->dev); } mutex_unlock(&bcm_device_lock); } @@ -539,15 +539,15 @@ static struct sk_buff *bcm_dequeue(struct hci_uart *hu) if (bcm_device_exists(bcm->dev)) { bdev = bcm->dev; - pm_runtime_get_sync(&bdev->pdev->dev); + pm_runtime_get_sync(bdev->dev); /* Shall be resumed here */ } skb = skb_dequeue(&bcm->txq); if (bdev) { - pm_runtime_mark_last_busy(&bdev->pdev->dev); - pm_runtime_put_autosuspend(&bdev->pdev->dev); + pm_runtime_mark_last_busy(bdev->dev); + pm_runtime_put_autosuspend(bdev->dev); } mutex_unlock(&bcm_device_lock); @@ -623,7 +623,7 @@ static int bcm_suspend(struct device *dev) if (pm_runtime_active(dev)) bcm_suspend_device(dev); - if (device_may_wakeup(&bdev->pdev->dev)) { + if (device_may_wakeup(dev)) { error = enable_irq_wake(bdev->irq); if (!error) bt_dev_dbg(bdev, "BCM irq: enabled"); @@ -651,7 +651,7 @@ static int bcm_resume(struct device *dev) if (!bdev->hu) goto unlock; - if (device_may_wakeup(&bdev->pdev->dev)) { + if (device_may_wakeup(dev)) { disable_irq_wake(bdev->irq); bt_dev_dbg(bdev, "BCM irq: disabled"); } @@ -758,19 +758,17 @@ static int bcm_resource(struct acpi_resource *ares, void *data) static int bcm_platform_probe(struct bcm_device *dev) { - struct platform_device *pdev = dev->pdev; + dev->name = dev_name(dev->dev); - dev->name = dev_name(&pdev->dev); + dev->clk = devm_clk_get(dev->dev, NULL); - dev->clk = devm_clk_get(&pdev->dev, NULL); - - dev->device_wakeup = devm_gpiod_get_optional(&pdev->dev, + dev->device_wakeup = devm_gpiod_get_optional(dev->dev, "device-wakeup", GPIOD_OUT_LOW); if (IS_ERR(dev->device_wakeup)) return PTR_ERR(dev->device_wakeup); - dev->shutdown = devm_gpiod_get_optional(&pdev->dev, "shutdown", + dev->shutdown = devm_gpiod_get_optional(dev->dev, "shutdown", GPIOD_OUT_LOW); if (IS_ERR(dev->shutdown)) return PTR_ERR(dev->shutdown); @@ -779,7 +777,7 @@ static int bcm_platform_probe(struct bcm_device *dev) if (dev->irq <= 0) { struct gpio_desc *gpio; - gpio = devm_gpiod_get_optional(&pdev->dev, "host-wakeup", + gpio = devm_gpiod_get_optional(dev->dev, "host-wakeup", GPIOD_IN); if (IS_ERR(gpio)) return PTR_ERR(gpio); @@ -787,13 +785,13 @@ static int bcm_platform_probe(struct bcm_device *dev) dev->irq = gpiod_to_irq(gpio); } - dev_info(&pdev->dev, "BCM irq: %d\n", dev->irq); + dev_info(dev->dev, "BCM irq: %d\n", dev->irq); /* Make sure at-least one of the GPIO is defined and that * a name is specified for this instance */ if ((!dev->device_wakeup && !dev->shutdown) || !dev->name) { - dev_err(&pdev->dev, "invalid platform data\n"); + dev_err(dev->dev, "invalid platform data\n"); return -EINVAL; } @@ -803,7 +801,6 @@ static int bcm_platform_probe(struct bcm_device *dev) #ifdef CONFIG_ACPI static int bcm_acpi_probe(struct bcm_device *dev) { - struct platform_device *pdev = dev->pdev; LIST_HEAD(resources); const struct dmi_system_id *dmi_id; const struct acpi_gpio_mapping *gpio_mapping = acpi_bcm_int_last_gpios; @@ -811,16 +808,16 @@ static int bcm_acpi_probe(struct bcm_device *dev) int ret; /* Retrieve GPIO data */ - id = acpi_match_device(pdev->dev.driver->acpi_match_table, &pdev->dev); + id = acpi_match_device(dev->dev->driver->acpi_match_table, dev->dev); if (id) gpio_mapping = (const struct acpi_gpio_mapping *) id->driver_data; - ret = devm_acpi_dev_add_driver_gpios(&pdev->dev, gpio_mapping); + ret = devm_acpi_dev_add_driver_gpios(dev->dev, gpio_mapping); if (ret) return ret; /* Retrieve UART ACPI info */ - ret = acpi_dev_get_resources(ACPI_COMPANION(&dev->pdev->dev), + ret = acpi_dev_get_resources(ACPI_COMPANION(dev->dev), &resources, bcm_resource, dev); if (ret < 0) return ret; @@ -851,7 +848,7 @@ static int bcm_probe(struct platform_device *pdev) if (!dev) return -ENOMEM; - dev->pdev = pdev; + dev->dev = &pdev->dev; dev->irq = platform_get_irq(pdev, 0); if (has_acpi_companion(&pdev->dev)) { From 42ef18f09f593e6dd84777948a5e8189502cba0c Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:40 +0200 Subject: [PATCH 17/32] Bluetooth: hci_bcm: Rename bcm_platform_probe to bcm_get_resources After our previous changes, there is nothing platform specific about bcm_platform_probe anymore, rename it to bcm_get_resources. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 101b17ae9aa7..7f1971adeea8 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -756,7 +756,7 @@ static int bcm_resource(struct acpi_resource *ares, void *data) } #endif /* CONFIG_ACPI */ -static int bcm_platform_probe(struct bcm_device *dev) +static int bcm_get_resources(struct bcm_device *dev) { dev->name = dev_name(dev->dev); @@ -857,7 +857,7 @@ static int bcm_probe(struct platform_device *pdev) return ret; } - ret = bcm_platform_probe(dev); + ret = bcm_get_resources(dev); if (ret) return ret; From 9d54fd6a90ff1a85b66873e67004cfe61563408a Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:41 +0200 Subject: [PATCH 18/32] Bluetooth: hci_bcm: Make acpi_probe get irq from ACPI resources The ACPI subsys is going to move over to instantiating ACPI enumerated HCIs as serdevs, rather then as platform devices. So we need to make bcm_acpi_probe() suitable for use on non platform- devices too, which means that we cannot rely on platform_get_irq() getting called. This commit modifies bcm_acpi_probe() to directly get the irq from the ACPI resources, this is a preparation patch for adding (runtime)pm support to the serdev path. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 7f1971adeea8..cadf6291c615 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -751,8 +751,7 @@ static int bcm_resource(struct acpi_resource *ares, void *data) break; } - /* Always tell the ACPI core to skip this resource */ - return 1; + return 0; } #endif /* CONFIG_ACPI */ @@ -805,6 +804,7 @@ static int bcm_acpi_probe(struct bcm_device *dev) const struct dmi_system_id *dmi_id; const struct acpi_gpio_mapping *gpio_mapping = acpi_bcm_int_last_gpios; const struct acpi_device_id *id; + struct resource_entry *entry; int ret; /* Retrieve GPIO data */ @@ -821,6 +821,13 @@ static int bcm_acpi_probe(struct bcm_device *dev) &resources, bcm_resource, dev); if (ret < 0) return ret; + + resource_list_for_each_entry(entry, &resources) { + if (resource_type(entry->res) == IORESOURCE_IRQ) { + dev->irq = entry->res->start; + break; + } + } acpi_dev_free_resource_list(&resources); dmi_id = dmi_first_match(bcm_active_low_irq_dmi_table); From 78277d73714a1381a80d96de68074c9503b2c014 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:42 +0200 Subject: [PATCH 19/32] Bluetooth: hci_bcm: Make suspend/resume functions platform_dev independent Use dev_get_drvdata instead of platform_get_drvdata in the suspend / resume functions. This is a preparation patch for adding (runtime)pm support to the serdev path. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index cadf6291c615..a9acb1af983c 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -558,7 +558,7 @@ static struct sk_buff *bcm_dequeue(struct hci_uart *hu) #ifdef CONFIG_PM static int bcm_suspend_device(struct device *dev) { - struct bcm_device *bdev = platform_get_drvdata(to_platform_device(dev)); + struct bcm_device *bdev = dev_get_drvdata(dev); bt_dev_dbg(bdev, ""); @@ -581,7 +581,7 @@ static int bcm_suspend_device(struct device *dev) static int bcm_resume_device(struct device *dev) { - struct bcm_device *bdev = platform_get_drvdata(to_platform_device(dev)); + struct bcm_device *bdev = dev_get_drvdata(dev); bt_dev_dbg(bdev, ""); @@ -606,7 +606,7 @@ static int bcm_resume_device(struct device *dev) /* Platform suspend callback */ static int bcm_suspend(struct device *dev) { - struct bcm_device *bdev = platform_get_drvdata(to_platform_device(dev)); + struct bcm_device *bdev = dev_get_drvdata(dev); int error; bt_dev_dbg(bdev, "suspend: is_suspended %d", bdev->is_suspended); @@ -638,7 +638,7 @@ static int bcm_suspend(struct device *dev) /* Platform resume callback */ static int bcm_resume(struct device *dev) { - struct bcm_device *bdev = platform_get_drvdata(to_platform_device(dev)); + struct bcm_device *bdev = dev_get_drvdata(dev); bt_dev_dbg(bdev, "resume: is_suspended %d", bdev->is_suspended); From 8a92056837fd5168fce730c5e21eaf3af7cf0b16 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Wed, 4 Oct 2017 20:43:43 +0200 Subject: [PATCH 20/32] Bluetooth: hci_bcm: Add (runtime)pm support to the serdev driver Make the serdev driver use struct bcm_device as its driver data and share all the pm / GPIO / IRQ related code paths with the platform driver. After this commit the 2 drivers are in essence the same and the serdev driver interface can be used for all ACPI enumerated HCI UARTs. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 118 +++++++++++++++++++++--------------- 1 file changed, 68 insertions(+), 50 deletions(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index a9acb1af983c..ab1455e63b92 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -52,8 +52,10 @@ #define BCM_AUTOSUSPEND_DELAY 5000 /* default autosleep delay */ -/* platform device driver resources */ +/* device driver resources */ struct bcm_device { + /* Must be the first member, hci_serdev.c expects this. */ + struct hci_uart serdev_hu; struct list_head list; struct device *dev; @@ -76,11 +78,6 @@ struct bcm_device { #endif }; -/* serdev driver resources */ -struct bcm_serdev { - struct hci_uart hu; -}; - /* generic bcm uart resources */ struct bcm_data { struct sk_buff *rx_skb; @@ -155,6 +152,10 @@ static bool bcm_device_exists(struct bcm_device *device) { struct list_head *p; + /* Devices using serdev always exist */ + if (device && device->hu && device->hu->serdev) + return true; + list_for_each(p, &bcm_device_list) { struct bcm_device *dev = list_entry(p, struct bcm_device, list); @@ -200,7 +201,6 @@ static int bcm_request_irq(struct bcm_data *bcm) struct bcm_device *bdev = bcm->dev; int err; - /* If this is not a platform device, do not enable PM functionalities */ mutex_lock(&bcm_device_lock); if (!bcm_device_exists(bdev)) { err = -ENODEV; @@ -313,18 +313,17 @@ static int bcm_open(struct hci_uart *hu) hu->priv = bcm; - /* If this is a serdev defined device, then only use - * serdev open primitive and skip the rest. - */ + mutex_lock(&bcm_device_lock); + if (hu->serdev) { serdev_device_open(hu->serdev); + bcm->dev = serdev_device_get_drvdata(hu->serdev); goto out; } if (!hu->tty->dev) goto out; - mutex_lock(&bcm_device_lock); list_for_each(p, &bcm_device_list) { struct bcm_device *dev = list_entry(p, struct bcm_device, list); @@ -334,37 +333,45 @@ static int bcm_open(struct hci_uart *hu) */ if (hu->tty->dev->parent == dev->dev->parent) { bcm->dev = dev; - hu->init_speed = dev->init_speed; - hu->oper_speed = dev->oper_speed; #ifdef CONFIG_PM dev->hu = hu; #endif - bcm_gpio_set_power(bcm->dev, true); break; } } - mutex_unlock(&bcm_device_lock); out: + if (bcm->dev) { + hu->init_speed = bcm->dev->init_speed; + hu->oper_speed = bcm->dev->oper_speed; + bcm_gpio_set_power(bcm->dev, true); + } + + mutex_unlock(&bcm_device_lock); return 0; } static int bcm_close(struct hci_uart *hu) { struct bcm_data *bcm = hu->priv; - struct bcm_device *bdev = bcm->dev; + struct bcm_device *bdev = NULL; bt_dev_dbg(hu->hdev, "hu %p", hu); - /* If this is a serdev defined device, only use serdev - * close primitive and then continue as usual. - */ - if (hu->serdev) - serdev_device_close(hu->serdev); - /* Protect bcm->dev against removal of the device or driver */ mutex_lock(&bcm_device_lock); - if (bcm_device_exists(bdev)) { + + if (hu->serdev) { + serdev_device_close(hu->serdev); + bdev = serdev_device_get_drvdata(hu->serdev); + } else if (bcm_device_exists(bcm->dev)) { + bdev = bcm->dev; +#ifdef CONFIG_PM + bdev->hu = NULL; +#endif + } + + if (bdev) { bcm_gpio_set_power(bdev, false); #ifdef CONFIG_PM pm_runtime_disable(bdev->dev); @@ -374,8 +381,6 @@ static int bcm_close(struct hci_uart *hu) devm_free_irq(bdev->dev, bdev->irq, bdev); device_init_wakeup(bdev->dev, false); } - - bdev->hu = NULL; #endif } mutex_unlock(&bcm_device_lock); @@ -603,7 +608,7 @@ static int bcm_resume_device(struct device *dev) #endif #ifdef CONFIG_PM_SLEEP -/* Platform suspend callback */ +/* suspend callback */ static int bcm_suspend(struct device *dev) { struct bcm_device *bdev = dev_get_drvdata(dev); @@ -611,8 +616,10 @@ static int bcm_suspend(struct device *dev) bt_dev_dbg(bdev, "suspend: is_suspended %d", bdev->is_suspended); - /* bcm_suspend can be called at any time as long as platform device is - * bound, so it should use bcm_device_lock to protect access to hci_uart + /* + * When used with a device instantiated as platform_device, bcm_suspend + * can be called at any time as long as the platform device is bound, + * so it should use bcm_device_lock to protect access to hci_uart * and device_wake-up GPIO. */ mutex_lock(&bcm_device_lock); @@ -635,15 +642,17 @@ static int bcm_suspend(struct device *dev) return 0; } -/* Platform resume callback */ +/* resume callback */ static int bcm_resume(struct device *dev) { struct bcm_device *bdev = dev_get_drvdata(dev); bt_dev_dbg(bdev, "resume: is_suspended %d", bdev->is_suspended); - /* bcm_resume can be called at any time as long as platform device is - * bound, so it should use bcm_device_lock to protect access to hci_uart + /* + * When used with a device instantiated as platform_device, bcm_resume + * can be called at any time as long as platform device is bound, + * so it should use bcm_device_lock to protect access to hci_uart * and device_wake-up GPIO. */ mutex_lock(&bcm_device_lock); @@ -785,15 +794,6 @@ static int bcm_get_resources(struct bcm_device *dev) } dev_info(dev->dev, "BCM irq: %d\n", dev->irq); - - /* Make sure at-least one of the GPIO is defined and that - * a name is specified for this instance - */ - if ((!dev->device_wakeup && !dev->shutdown) || !dev->name) { - dev_err(dev->dev, "invalid platform data\n"); - return -EINVAL; - } - return 0; } @@ -846,6 +846,12 @@ static int bcm_acpi_probe(struct bcm_device *dev) } #endif /* CONFIG_ACPI */ +static int bcm_of_probe(struct bcm_device *bdev) +{ + device_property_read_u32(bdev->dev, "max-speed", &bdev->oper_speed); + return 0; +} + static int bcm_probe(struct platform_device *pdev) { struct bcm_device *dev; @@ -933,7 +939,7 @@ static const struct acpi_device_id bcm_acpi_match[] = { MODULE_DEVICE_TABLE(acpi, bcm_acpi_match); #endif -/* Platform suspend and resume callbacks */ +/* suspend and resume callbacks */ static const struct dev_pm_ops bcm_pm_ops = { SET_SYSTEM_SLEEP_PM_OPS(bcm_suspend, bcm_resume) SET_RUNTIME_PM_OPS(bcm_suspend_device, bcm_resume_device, NULL) @@ -951,29 +957,39 @@ static struct platform_driver bcm_driver = { static int bcm_serdev_probe(struct serdev_device *serdev) { - struct bcm_serdev *bcmdev; - u32 speed; + struct bcm_device *bcmdev; int err; bcmdev = devm_kzalloc(&serdev->dev, sizeof(*bcmdev), GFP_KERNEL); if (!bcmdev) return -ENOMEM; - bcmdev->hu.serdev = serdev; + bcmdev->dev = &serdev->dev; + bcmdev->hu = &bcmdev->serdev_hu; + bcmdev->serdev_hu.serdev = serdev; serdev_device_set_drvdata(serdev, bcmdev); - err = device_property_read_u32(&serdev->dev, "max-speed", &speed); - if (!err) - bcmdev->hu.oper_speed = speed; + if (has_acpi_companion(&serdev->dev)) + err = bcm_acpi_probe(bcmdev); + else + err = bcm_of_probe(bcmdev); + if (err) + return err; - return hci_uart_register_device(&bcmdev->hu, &bcm_proto); + err = bcm_get_resources(bcmdev); + if (err) + return err; + + bcm_gpio_set_power(bcmdev, false); + + return hci_uart_register_device(&bcmdev->serdev_hu, &bcm_proto); } static void bcm_serdev_remove(struct serdev_device *serdev) { - struct bcm_serdev *bcmdev = serdev_device_get_drvdata(serdev); + struct bcm_device *bcmdev = serdev_device_get_drvdata(serdev); - hci_uart_unregister_device(&bcmdev->hu); + hci_uart_unregister_device(&bcmdev->serdev_hu); } #ifdef CONFIG_OF @@ -990,6 +1006,8 @@ static struct serdev_device_driver bcm_serdev_driver = { .driver = { .name = "hci_uart_bcm", .of_match_table = of_match_ptr(bcm_bluetooth_of_match), + .acpi_match_table = ACPI_PTR(bcm_acpi_match), + .pm = &bcm_pm_ops, }, }; From 0435605289298a7311f78d02eb6a015cae7dbaf7 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Wed, 4 Oct 2017 17:54:29 -0700 Subject: [PATCH 21/32] Bluetooth: Convert timers to use timer_setup() In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. As already done in hci_qca, add struct hci_uart pointer to priv structure. Signed-off-by: Kees Cook Signed-off-by: Marcel Holtmann --- drivers/bluetooth/bluecard_cs.c | 7 +++---- drivers/bluetooth/hci_bcsp.c | 10 ++++++---- drivers/bluetooth/hci_h5.c | 10 ++++++---- drivers/bluetooth/hci_qca.c | 17 ++++++++--------- 4 files changed, 23 insertions(+), 21 deletions(-) diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c index b07ca9565291..d513ef4743dc 100644 --- a/drivers/bluetooth/bluecard_cs.c +++ b/drivers/bluetooth/bluecard_cs.c @@ -156,9 +156,9 @@ static void bluecard_detach(struct pcmcia_device *p_dev); /* ======================== LED handling routines ======================== */ -static void bluecard_activity_led_timeout(u_long arg) +static void bluecard_activity_led_timeout(struct timer_list *t) { - struct bluecard_info *info = (struct bluecard_info *)arg; + struct bluecard_info *info = from_timer(info, t, timer); unsigned int iobase = info->p_dev->resource[0]->start; if (test_bit(CARD_ACTIVITY, &(info->hw_state))) { @@ -691,8 +691,7 @@ static int bluecard_open(struct bluecard_info *info) spin_lock_init(&(info->lock)); - setup_timer(&(info->timer), &bluecard_activity_led_timeout, - (u_long)info); + timer_setup(&info->timer, bluecard_activity_led_timeout, 0); skb_queue_head_init(&(info->txq)); diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c index d880f4e33c75..1a7f0c82fb36 100644 --- a/drivers/bluetooth/hci_bcsp.c +++ b/drivers/bluetooth/hci_bcsp.c @@ -65,6 +65,7 @@ struct bcsp_struct { u8 rxseq_txack; /* rxseq == txack. */ u8 rxack; /* Last packet sent by us that the peer ack'ed */ struct timer_list tbcsp; + struct hci_uart *hu; enum { BCSP_W4_PKT_DELIMITER, @@ -697,10 +698,10 @@ static int bcsp_recv(struct hci_uart *hu, const void *data, int count) } /* Arrange to retransmit all messages in the relq. */ -static void bcsp_timed_event(unsigned long arg) +static void bcsp_timed_event(struct timer_list *t) { - struct hci_uart *hu = (struct hci_uart *)arg; - struct bcsp_struct *bcsp = hu->priv; + struct bcsp_struct *bcsp = from_timer(bcsp, t, tbcsp); + struct hci_uart *hu = bcsp->hu; struct sk_buff *skb; unsigned long flags; @@ -729,11 +730,12 @@ static int bcsp_open(struct hci_uart *hu) return -ENOMEM; hu->priv = bcsp; + bcsp->hu = hu; skb_queue_head_init(&bcsp->unack); skb_queue_head_init(&bcsp->rel); skb_queue_head_init(&bcsp->unrel); - setup_timer(&bcsp->tbcsp, bcsp_timed_event, (u_long)hu); + timer_setup(&bcsp->tbcsp, bcsp_timed_event, 0); bcsp->rx_state = BCSP_W4_PKT_DELIMITER; diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c index c0e4e26dc30d..6a8d0d06aba7 100644 --- a/drivers/bluetooth/hci_h5.c +++ b/drivers/bluetooth/hci_h5.c @@ -78,6 +78,7 @@ struct h5 { int (*rx_func)(struct hci_uart *hu, u8 c); struct timer_list timer; /* Retransmission timer */ + struct hci_uart *hu; /* Parent HCI UART */ u8 tx_seq; /* Next seq number to send */ u8 tx_ack; /* Next ack number to send */ @@ -120,12 +121,12 @@ static u8 h5_cfg_field(struct h5 *h5) return h5->tx_win & 0x07; } -static void h5_timed_event(unsigned long arg) +static void h5_timed_event(struct timer_list *t) { const unsigned char sync_req[] = { 0x01, 0x7e }; unsigned char conf_req[3] = { 0x03, 0xfc }; - struct hci_uart *hu = (struct hci_uart *)arg; - struct h5 *h5 = hu->priv; + struct h5 *h5 = from_timer(h5, t, timer); + struct hci_uart *hu = h5->hu; struct sk_buff *skb; unsigned long flags; @@ -197,6 +198,7 @@ static int h5_open(struct hci_uart *hu) return -ENOMEM; hu->priv = h5; + h5->hu = hu; skb_queue_head_init(&h5->unack); skb_queue_head_init(&h5->rel); @@ -204,7 +206,7 @@ static int h5_open(struct hci_uart *hu) h5_reset_rx(h5); - setup_timer(&h5->timer, h5_timed_event, (unsigned long)hu); + timer_setup(&h5->timer, h5_timed_event, 0); h5->tx_win = H5_TX_WIN_MAX; diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 392f412b4575..4a949bb60394 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -307,10 +307,10 @@ static void qca_wq_serial_tx_clock_vote_off(struct work_struct *work) serial_clock_vote(HCI_IBS_TX_VOTE_CLOCK_OFF, hu); } -static void hci_ibs_tx_idle_timeout(unsigned long arg) +static void hci_ibs_tx_idle_timeout(struct timer_list *t) { - struct hci_uart *hu = (struct hci_uart *)arg; - struct qca_data *qca = hu->priv; + struct qca_data *qca = from_timer(qca, t, tx_idle_timer); + struct hci_uart *hu = qca->hu; unsigned long flags; BT_DBG("hu %p idle timeout in %d state", hu, qca->tx_ibs_state); @@ -342,10 +342,10 @@ static void hci_ibs_tx_idle_timeout(unsigned long arg) spin_unlock_irqrestore(&qca->hci_ibs_lock, flags); } -static void hci_ibs_wake_retrans_timeout(unsigned long arg) +static void hci_ibs_wake_retrans_timeout(struct timer_list *t) { - struct hci_uart *hu = (struct hci_uart *)arg; - struct qca_data *qca = hu->priv; + struct qca_data *qca = from_timer(qca, t, wake_retrans_timer); + struct hci_uart *hu = qca->hu; unsigned long flags, retrans_delay; bool retransmit = false; @@ -438,11 +438,10 @@ static int qca_open(struct hci_uart *hu) hu->priv = qca; - setup_timer(&qca->wake_retrans_timer, hci_ibs_wake_retrans_timeout, - (u_long)hu); + timer_setup(&qca->wake_retrans_timer, hci_ibs_wake_retrans_timeout, 0); qca->wake_retrans = IBS_WAKE_RETRANS_TIMEOUT_MS; - setup_timer(&qca->tx_idle_timer, hci_ibs_tx_idle_timeout, (u_long)hu); + timer_setup(&qca->tx_idle_timer, hci_ibs_tx_idle_timeout, 0); qca->tx_idle_delay = IBS_TX_IDLE_TIMEOUT_MS; BT_DBG("HCI_UART_QCA open, tx_idle_delay=%u, wake_retrans=%u", From b49ef29d72bd2975b8b2cc84b1fa6b40aa2edd5f Mon Sep 17 00:00:00 2001 From: Marcel Holtmann Date: Fri, 6 Oct 2017 20:42:45 +0200 Subject: [PATCH 22/32] Bluetooth: Fix compiler warning with selftest duration calculation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CC net/bluetooth/selftest.o net/bluetooth/selftest.c: In function ‘bt_selftest_init’: net/bluetooth/selftest.c:246:3: warning: ‘duration’ may be used uninitialized in this function [-Wmaybe-uninitialized] snprintf(test_ecdh_buffer, sizeof(test_ecdh_buffer), ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "PASS (%llu usecs)\n", duration); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/bluetooth/selftest.c:203:21: note: ‘duration’ was declared here unsigned long long duration; ^~~~~~~~ Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- net/bluetooth/selftest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bluetooth/selftest.c b/net/bluetooth/selftest.c index 2d1519d0affa..03e3c89c3046 100644 --- a/net/bluetooth/selftest.c +++ b/net/bluetooth/selftest.c @@ -200,7 +200,7 @@ static int __init test_ecdh(void) { struct crypto_kpp *tfm; ktime_t calltime, delta, rettime; - unsigned long long duration; + unsigned long long duration = 0; int err; calltime = ktime_get(); From e8bfe868cf2cf364f3f52df8fa01aa6d28927aaf Mon Sep 17 00:00:00 2001 From: Ian W MORRISON Date: Sat, 7 Oct 2017 17:16:08 +1100 Subject: [PATCH 23/32] Bluetooth: hci_bcm: Correct context of IRQ polarity message As the overwriting of IRQ polarity to active low occurs during the driver probe using 'bt_dev_warn' to display the warning results in '(null)' being displayed for the device. This patch uses 'dev_warn' to correctly display the device in the warning instead. Signed-off-by: Ian W MORRISON Reviewed-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index ab1455e63b92..d9d0fc09acdb 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -832,7 +832,7 @@ static int bcm_acpi_probe(struct bcm_device *dev) dmi_id = dmi_first_match(bcm_active_low_irq_dmi_table); if (dmi_id) { - bt_dev_warn(dev, "%s: Overwriting IRQ polarity to active low", + dev_warn(dev->dev, "%s: Overwriting IRQ polarity to active low", dmi_id->ident); dev->irq_active_low = true; } From 4294625e029028854596865be401b9c5c1f906ef Mon Sep 17 00:00:00 2001 From: Johan Hovold Date: Tue, 10 Oct 2017 10:01:52 +0200 Subject: [PATCH 24/32] Bluetooth: avoid silent hci_bcm ACPI PM regression The hci_bcm platform-device hack which was used to implement power management for ACPI devices is being replaced by a serial-device-bus implementation. Unfortunately, when the corresponding change to the ACPI code lands (a change that will stop enumerating and registering the serial-device-node child as a platform device) PM will break silently unless serdev TTY-port controller support has been enabled. Specifically, hciattach (btattach) would still succeed, but power management would no longer work. Although this is strictly a runtime dependency, let's make the driver depend on SERIAL_DEV_CTRL_TTYPORT, which is the particular serdev controller implementation used by the ACPI devices currently managed by this driver, to avoid breaking PM without anyone noticing. Note that the driver already has a (build-time) dependency on the serdev bus code. Signed-off-by: Johan Hovold Signed-off-by: Marcel Holtmann --- drivers/bluetooth/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig index fae5a74dc737..082e1c7329de 100644 --- a/drivers/bluetooth/Kconfig +++ b/drivers/bluetooth/Kconfig @@ -169,6 +169,7 @@ config BT_HCIUART_BCM bool "Broadcom protocol support" depends on BT_HCIUART depends on BT_HCIUART_SERDEV + depends on (!ACPI || SERIAL_DEV_CTRL_TTYPORT) select BT_HCIUART_H4 select BT_BCM help From 1bdb68b2e841a94b4331046ad6a55e94f214dbbf Mon Sep 17 00:00:00 2001 From: Ian W MORRISON Date: Sat, 7 Oct 2017 17:15:25 +1100 Subject: [PATCH 25/32] Bluetooth: hci_bcm: Add support for MINIX Z83-4 based devices The MINIX NEO Z83-4 and MINIX NEO Z83-4 Pro devices use an AP6255 chip for wifi and bluetooth. Bluetooth requires an ACPI device id of BCM2EA4 with BCM4345 rev C0 firmware. This patch adds the device id and to use trigger type IRQF_TRIGGER_FALLING as defined by 'GpioInt' in the ACPI DSDT table: Device (BLT0) { Name (_HID, "BCM2EA4") // _HID: Hardware ID Method (_STA, 0, NotSerialized) // _STA: Status { Return (0x0F) } Method (_CRS, 0, NotSerialized) // _CRS: Current Resource Settings { Name (UBUF, ResourceTemplate () { UartSerialBusV2 (0x0001C200, DataBitsEight, StopBitsOne, 0xFC, LittleEndian, ParityTypeNone, FlowControlHardware, 0x0020, 0x0020, "\\_SB.PCI0.URT1", 0x00, ResourceConsumer, , Exclusive, ) GpioInt (Level, ActiveLow, Exclusive, PullNone, 0x0000, "\\_SB.GPO1", 0x00, ResourceConsumer, , ) { // Pin list 0x0005 } GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly, "\\_SB.GPO1", 0x00, ResourceConsumer, , ) { // Pin list 0x0007 } GpioIo (Exclusive, PullDefault, 0x0000, 0x0000, IoRestrictionOutputOnly, "\\_SB.GPO1", 0x00, ResourceConsumer, , ) { // Pin list 0x0004 } }) Return (UBUF) /* \_SB_.PCI0.URT1.BLT0._CRS.UBUF */ } } Signed-off-by: Ian W MORRISON Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index d9d0fc09acdb..16c2eaaaf72b 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -726,6 +726,13 @@ static const struct dmi_system_id bcm_active_low_irq_dmi_table[] = { DMI_EXACT_MATCH(DMI_PRODUCT_VERSION, "ThinkPad 8"), }, }, + { + .ident = "MINIX Z83-4", + .matches = { + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "MINIX"), + DMI_MATCH(DMI_PRODUCT_NAME, "Z83-4"), + }, + }, { } }; @@ -934,6 +941,7 @@ static const struct acpi_device_id bcm_acpi_match[] = { { "BCM2E7C", (kernel_ulong_t)&acpi_bcm_int_last_gpios }, { "BCM2E95", (kernel_ulong_t)&acpi_bcm_int_first_gpios }, { "BCM2E96", (kernel_ulong_t)&acpi_bcm_int_first_gpios }, + { "BCM2EA4", (kernel_ulong_t)&acpi_bcm_int_first_gpios }, { }, }; MODULE_DEVICE_TABLE(acpi, bcm_acpi_match); From 18a39b9ab27026b5ba55f135648635ed3a870e44 Mon Sep 17 00:00:00 2001 From: Ian W MORRISON Date: Fri, 6 Oct 2017 18:34:18 +1100 Subject: [PATCH 26/32] Bluetooth: btbcm: Add support for MINIX Z83-4 based devices The MINIX NEO Z83-4 and MINIX NEO Z83-4 Pro devices use an AP6255 chip for wifi and bluetooth. Bluetooth requires an ACPI device id of BCM2EA4 with BCM4345 rev C0 firmware. This patch defines the firmware subversion. Signed-off-by: Ian W MORRISON Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btbcm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c index cc4bdefa6648..06e8bed4f5eb 100644 --- a/drivers/bluetooth/btbcm.c +++ b/drivers/bluetooth/btbcm.c @@ -327,6 +327,7 @@ static const struct { { 0x4406, "BCM4324B3" }, /* 002.004.006 */ { 0x610c, "BCM4354" }, /* 003.001.012 */ { 0x2209, "BCM43430A1" }, /* 001.002.009 */ + { 0x6119, "BCM4345C0" }, /* 003.001.025 */ { } }; From 81a1905382a380beeba201ce41276afd9035dc64 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Wed, 11 Oct 2017 15:46:21 +0200 Subject: [PATCH 27/32] Bluetooth: hci_bcm: fix build error without CONFIG_PM This was introduced by the rework adding PM support: drivers/bluetooth/hci_bcm.c: In function 'bcm_device_exists': drivers/bluetooth/hci_bcm.c:156:22: error: 'struct bcm_device' has no member named 'hu' if (device && device->hu && device->hu->serdev) ^~ The pointer is not available otherwise, so I'm enclosing all references in an #ifdef here. Fixes: 8a92056837fd ("Bluetooth: hci_bcm: Add (runtime)pm support to the serdev driver") Signed-off-by: Arnd Bergmann Reviewed-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index 16c2eaaaf72b..c69da0e8b79f 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -152,9 +152,11 @@ static bool bcm_device_exists(struct bcm_device *device) { struct list_head *p; +#ifdef CONFIG_PM /* Devices using serdev always exist */ if (device && device->hu && device->hu->serdev) return true; +#endif list_for_each(p, &bcm_device_list) { struct bcm_device *dev = list_entry(p, struct bcm_device, list); @@ -973,7 +975,9 @@ static int bcm_serdev_probe(struct serdev_device *serdev) return -ENOMEM; bcmdev->dev = &serdev->dev; +#ifdef CONFIG_PM bcmdev->hu = &bcmdev->serdev_hu; +#endif bcmdev->serdev_hu.serdev = serdev; serdev_device_set_drvdata(serdev, bcmdev); From 05e89fb576f580ac95e7a5d00bdb34830b09671a Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Wed, 11 Oct 2017 15:47:54 +0200 Subject: [PATCH 28/32] Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS It is no longer possible to build BT_HCIUART into the kernel when SERIAL_DEV_BUS is a loadable module, even if none of the SERIAL_DEV_BUS based implementations are selected: drivers/bluetooth/hci_ldisc.o: In function `hci_uart_set_flow_control': hci_ldisc.c:(.text+0xb40): undefined reference to `serdev_device_set_flow_control' hci_ldisc.c:(.text+0xb5c): undefined reference to `serdev_device_set_tiocm' This adds a dependency to avoid the broken configuration. Fixes: 7841d554809b ("Bluetooth: hci_uart_set_flow_control: Fix NULL deref when using serdev") Signed-off-by: Arnd Bergmann Signed-off-by: Marcel Holtmann --- drivers/bluetooth/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig index 082e1c7329de..6475f8c0d3b2 100644 --- a/drivers/bluetooth/Kconfig +++ b/drivers/bluetooth/Kconfig @@ -65,6 +65,7 @@ config BT_HCIBTSDIO config BT_HCIUART tristate "HCI UART driver" + depends on SERIAL_DEV_BUS || !SERIAL_DEV_BUS depends on TTY help Bluetooth HCI UART driver. @@ -79,7 +80,6 @@ config BT_HCIUART config BT_HCIUART_SERDEV bool depends on SERIAL_DEV_BUS && BT_HCIUART - depends on SERIAL_DEV_BUS=y || SERIAL_DEV_BUS=BT_HCIUART default y config BT_HCIUART_H4 From b133e0c4bc953a3c156ce7d89ae49cc27957869c Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Fri, 13 Oct 2017 17:54:01 +0200 Subject: [PATCH 29/32] Bluetooth: btbcm: Add entry for BCM4356A2 UART bluetooth This patch adds the device ID for the bluetooth chip used in the Broadcom BCM4356 PCI-E WiFi / UART BT chip. Successfully tested using Firmware version 0273 The upper nibble of the rev field is 2 on this device, so this commit also adds handling of 2 to the switch-case done on the upper nibble. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btbcm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c index 06e8bed4f5eb..ae1fa390f508 100644 --- a/drivers/bluetooth/btbcm.c +++ b/drivers/bluetooth/btbcm.c @@ -328,6 +328,7 @@ static const struct { { 0x610c, "BCM4354" }, /* 003.001.012 */ { 0x2209, "BCM43430A1" }, /* 001.002.009 */ { 0x6119, "BCM4345C0" }, /* 003.001.025 */ + { 0x230f, "BCM4356A2" }, /* 001.003.015 */ { } }; @@ -362,6 +363,7 @@ int btbcm_initialize(struct hci_dev *hdev, char *fw_name, size_t len) switch ((rev & 0xf000) >> 12) { case 0: case 1: + case 2: case 3: for (i = 0; bcm_uart_subver_table[i].name; i++) { if (subver == bcm_uart_subver_table[i].subver) { From 61d220a6c2c001473011d44f34d6f36f09eb2224 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Fri, 13 Oct 2017 17:54:02 +0200 Subject: [PATCH 30/32] Bluetooth: hci_bcm: Add support for BCM2E7E Tested on a GPD win with a BCM4356 PCI-E wifi/bt combo card. Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/hci_bcm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c index c69da0e8b79f..707c2d1b84c7 100644 --- a/drivers/bluetooth/hci_bcm.c +++ b/drivers/bluetooth/hci_bcm.c @@ -941,6 +941,7 @@ static const struct acpi_device_id bcm_acpi_match[] = { { "BCM2E71", (kernel_ulong_t)&acpi_bcm_int_last_gpios }, { "BCM2E7B", (kernel_ulong_t)&acpi_bcm_int_last_gpios }, { "BCM2E7C", (kernel_ulong_t)&acpi_bcm_int_last_gpios }, + { "BCM2E7E", (kernel_ulong_t)&acpi_bcm_int_first_gpios }, { "BCM2E95", (kernel_ulong_t)&acpi_bcm_int_first_gpios }, { "BCM2E96", (kernel_ulong_t)&acpi_bcm_int_first_gpios }, { "BCM2EA4", (kernel_ulong_t)&acpi_bcm_int_first_gpios }, From 2d13e347498f69b4f4e95830eda88937c72d7ba6 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Fri, 13 Oct 2017 17:54:03 +0200 Subject: [PATCH 31/32] Revert "Bluetooth: btusb: Add workaround for Broadcom devices without product id" Commit 9834e586fa66 ("Bluetooth: btusb: Add workaround for Broadcom devices without product id") was added to deal with the BT part of the BCM4356A2 on GPD pocket laptops having an usb vid:pid of 0000:0000. After another commit to add support for the BCM UART connected BT ACPI-id BCM2E7E used on the GPD win, it turns out that the BT on the GPD pocket is connected via both USB and UART. Adding support for the BCM2E7E ACPI-id causes it to switch to UART mode. The Windows shipped with the device is using it in UART mode and the presence of the BCM2E7E ACPI-id combined with the all 0 USB vid:pid indicates that the BT part was never meant to be used in USB mode. With the recent patches to use serdev device enumeration / instantiation for UART attached ACPI enumerated BT devices, everything work OOTB in UART mode and the workaround for the all 0 USB vid:pid is no longer needed. This reverts commit 9834e586fa ("Bluetooth: btusb: Add workaround for Broadcom devices without product id"). Signed-off-by: Hans de Goede Signed-off-by: Marcel Holtmann --- drivers/bluetooth/btusb.c | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 7a5c06aaa181..c054d7bce490 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -66,7 +66,6 @@ static struct usb_driver btusb_driver; #define BTUSB_BCM2045 0x40000 #define BTUSB_IFNUM_2 0x80000 #define BTUSB_CW6622 0x100000 -#define BTUSB_BCM_NO_PRODID 0x200000 static const struct usb_device_id btusb_table[] = { /* Generic Bluetooth USB device */ @@ -171,10 +170,6 @@ static const struct usb_device_id btusb_table[] = { { USB_VENDOR_AND_INTERFACE_INFO(0x0930, 0xff, 0x01, 0x01), .driver_info = BTUSB_BCM_PATCHRAM }, - /* Broadcom devices with missing product id */ - { USB_DEVICE_AND_INTERFACE_INFO(0x0000, 0x0000, 0xff, 0x01, 0x01), - .driver_info = BTUSB_BCM_PATCHRAM | BTUSB_BCM_NO_PRODID }, - /* Intel Bluetooth USB Bootloader (RAM module) */ { USB_DEVICE(0x8087, 0x0a5a), .driver_info = BTUSB_INTEL_BOOT | BTUSB_BROKEN_ISOC }, @@ -2909,19 +2904,6 @@ static int btusb_probe(struct usb_interface *intf, if (id->driver_info == BTUSB_IGNORE) return -ENODEV; - if (id->driver_info & BTUSB_BCM_NO_PRODID) { - struct usb_device *udev = interface_to_usbdev(intf); - - /* For the broken Broadcom devices that show 0000:0000 - * as USB vendor and product information, check that the - * manufacturer string identifies them as Broadcom based - * devices. - */ - if (!udev->manufacturer || - strcmp(udev->manufacturer, "Broadcom Corp")) - return -ENODEV; - } - if (id->driver_info & BTUSB_ATH3012) { struct usb_device *udev = interface_to_usbdev(intf); From fac72b243cc789bb209e6eca824919b42d98cfe2 Mon Sep 17 00:00:00 2001 From: "Gustavo A. R. Silva" Date: Thu, 12 Oct 2017 17:24:02 -0500 Subject: [PATCH 32/32] Bluetooth: mark expected switch fall-throughs In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. In this particular case, notice that I replaced the "deliberate fall-through..." comment with a "fall through" comment, which is what GCC is expecting to find. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Marcel Holtmann --- drivers/bluetooth/bcm203x.c | 2 +- drivers/bluetooth/hci_ll.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/bcm203x.c b/drivers/bluetooth/bcm203x.c index 5ce6d4176dc3..8e9547f195ef 100644 --- a/drivers/bluetooth/bcm203x.c +++ b/drivers/bluetooth/bcm203x.c @@ -121,7 +121,7 @@ static void bcm203x_complete(struct urb *urb) } data->state = BCM203X_LOAD_FIRMWARE; - + /* fall through */ case BCM203X_LOAD_FIRMWARE: if (data->fw_sent == data->fw_size) { usb_fill_int_urb(urb, udev, usb_rcvintpipe(udev, BCM203X_IN_EP), diff --git a/drivers/bluetooth/hci_ll.c b/drivers/bluetooth/hci_ll.c index 424c15aa7bb7..e2c078d61730 100644 --- a/drivers/bluetooth/hci_ll.c +++ b/drivers/bluetooth/hci_ll.c @@ -242,7 +242,7 @@ static void ll_device_want_to_wakeup(struct hci_uart *hu) * perfectly safe to always send one. */ BT_DBG("dual wake-up-indication"); - /* deliberate fall-through - do not add break */ + /* fall through */ case HCILL_ASLEEP: /* acknowledge device wake up */ if (send_hcill_cmd(HCILL_WAKE_UP_ACK, hu) < 0) {