Bluetooth: btmtk: Remove the resetting step before downloading the fw

Remove the resetting step before downloading the fw, as it may cause
other usb devices to fail to initialise when connected duri

Bluetooth: btmtk: Remove the resetting step before downloading the fw

Remove the resetting step before downloading the fw, as it may cause
other usb devices to fail to initialise when connected during boot
on kernels 6.11 and newer.

Signed-off-by: Hao Qin <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: Remove resetting mt7921 before downloading the fw

Remove resetting mt7921 before downloading the fw, as it may cause
command timeout when performing the reset.

Signed-off-by: Hao

Bluetooth: btmtk: Remove resetting mt7921 before downloading the fw

Remove resetting mt7921 before downloading the fw, as it may cause
command timeout when performing the reset.

Signed-off-by: Hao Qin <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: Fix failed to send func ctrl for MediaTek devices.

Use usb_autopm_get_interface() and usb_autopm_put_interface()
in btmtk_usb_shutdown(), it could send func ctrl after enabling
aut

Bluetooth: btmtk: Fix failed to send func ctrl for MediaTek devices.

Use usb_autopm_get_interface() and usb_autopm_put_interface()
in btmtk_usb_shutdown(), it could send func ctrl after enabling
autosuspend.

Bluetooth: btmtk_usb_hci_wmt_sync() hci0: Execution of wmt command
timed out
Bluetooth: btmtk_usb_shutdown() hci0: Failed to send wmt func ctrl
(-110)

Fixes: 5c5e8c52e3ca ("Bluetooth: btmtk: move btusb_mtk_[setup, shutdown] to btmtk.c")
Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: avoid UAF in btmtk_process_coredump

hci_devcd_append may lead to the release of the skb, so it cannot be
accessed once it is called.

==============================================

Bluetooth: btmtk: avoid UAF in btmtk_process_coredump

hci_devcd_append may lead to the release of the skb, so it cannot be
accessed once it is called.

==================================================================
BUG: KASAN: slab-use-after-free in btmtk_process_coredump+0x2a7/0x2d0 [btmtk]
Read of size 4 at addr ffff888033cfabb0 by task kworker/0:3/82

CPU: 0 PID: 82 Comm: kworker/0:3 Tainted: G U 6.6.40-lockdep-03464-g1d8b4eb3060e #1 b0b3c1cc0c842735643fb411799d97921d1f688c
Hardware name: Google Yaviks_Ufs/Yaviks_Ufs, BIOS Google_Yaviks_Ufs.15217.552.0 05/07/2024
Workqueue: events btusb_rx_work [btusb]
Call Trace:
<TASK>
dump_stack_lvl+0xfd/0x150
print_report+0x131/0x780
kasan_report+0x177/0x1c0
btmtk_process_coredump+0x2a7/0x2d0 [btmtk 03edd567dd71a65958807c95a65db31d433e1d01]
btusb_recv_acl_mtk+0x11c/0x1a0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec]
btusb_rx_work+0x9e/0xe0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec]
worker_thread+0xe44/0x2cc0
kthread+0x2ff/0x3a0
ret_from_fork+0x51/0x80
ret_from_fork_asm+0x1b/0x30
</TASK>

Allocated by task 82:
stack_trace_save+0xdc/0x190
kasan_set_track+0x4e/0x80
__kasan_slab_alloc+0x4e/0x60
kmem_cache_alloc+0x19f/0x360
skb_clone+0x132/0xf70
btusb_recv_acl_mtk+0x104/0x1a0 [btusb]
btusb_rx_work+0x9e/0xe0 [btusb]
worker_thread+0xe44/0x2cc0
kthread+0x2ff/0x3a0
ret_from_fork+0x51/0x80
ret_from_fork_asm+0x1b/0x30

Freed by task 1733:
stack_trace_save+0xdc/0x190
kasan_set_track+0x4e/0x80
kasan_save_free_info+0x28/0xb0
____kasan_slab_free+0xfd/0x170
kmem_cache_free+0x183/0x3f0
hci_devcd_rx+0x91a/0x2060 [bluetooth]
worker_thread+0xe44/0x2cc0
kthread+0x2ff/0x3a0
ret_from_fork+0x51/0x80
ret_from_fork_asm+0x1b/0x30

The buggy address belongs to the object at ffff888033cfab40
which belongs to the cache skbuff_head_cache of size 232
The buggy address is located 112 bytes inside of
freed 232-byte region [ffff888033cfab40, ffff888033cfac28)

The buggy address belongs to the physical page:
page:00000000a174ba93 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33cfa
head:00000000a174ba93 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0x4000000000000840(slab|head|zone=1)
page_type: 0xffffffff()
raw: 4000000000000840 ffff888100848a00 0000000000000000 0000000000000001
raw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
ffff888033cfaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
ffff888033cfab00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
>ffff888033cfab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888033cfac00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
ffff888033cfac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

Check if we need to call hci_devcd_complete before calling
hci_devcd_append. That requires that we check data->cd_info.cnt >=
MTK_COREDUMP_NUM instead of data->cd_info.cnt > MTK_COREDUMP_NUM, as we
increment data->cd_info.cnt only once the call to hci_devcd_append
succeeds.

Fixes: 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Signed-off-by: Thadeu Lima de Souza Cascardo <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: adjust the position to init iso data anchor

MediaTek iso data anchor init should be moved to where MediaTek
claims iso data interface.
If there is an unexpected BT usb disconnect d

Bluetooth: btmtk: adjust the position to init iso data anchor

MediaTek iso data anchor init should be moved to where MediaTek
claims iso data interface.
If there is an unexpected BT usb disconnect during setup flow,
it will cause a NULL pointer crash issue when releasing iso
anchor since the anchor wasn't been init yet. Adjust the position
to do iso data anchor init.

[ 17.137991] pc : usb_kill_anchored_urbs+0x60/0x168
[ 17.137998] lr : usb_kill_anchored_urbs+0x44/0x168
[ 17.137999] sp : ffffffc0890cb5f0
[ 17.138000] x29: ffffffc0890cb5f0 x28: ffffff80bb6c2e80
[ 17.144081] gpio gpiochip0: registered chardev handle for 1 lines
[ 17.148421] x27: 0000000000000000
[ 17.148422] x26: ffffffd301ff4298 x25: 0000000000000003 x24: 00000000000000f0
[ 17.148424] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000000001
[ 17.148425] x20: ffffffffffffffd8 x19: ffffff80c0f25560 x18: 0000000000000000
[ 17.148427] x17: ffffffd33864e408 x16: ffffffd33808f7c8 x15: 0000000000200000
[ 17.232789] x14: e0cd73cf80ffffff x13: 50f2137c0a0338c9 x12: 0000000000000001
[ 17.239912] x11: 0000000080150011 x10: 0000000000000002 x9 : 0000000000000001
[ 17.247035] x8 : 0000000000000000 x7 : 0000000000008080 x6 : 8080000000000000
[ 17.254158] x5 : ffffffd33808ebc0 x4 : fffffffe033dcf20 x3 : 0000000080150011
[ 17.261281] x2 : ffffff8087a91400 x1 : 0000000000000000 x0 : ffffff80c0f25588
[ 17.268404] Call trace:
[ 17.270841] usb_kill_anchored_urbs+0x60/0x168
[ 17.275274] btusb_mtk_release_iso_intf+0x2c/0xd8 [btusb (HASH:5afe 6)]
[ 17.284226] btusb_mtk_disconnect+0x14/0x28 [btusb (HASH:5afe 6)]
[ 17.292652] btusb_disconnect+0x70/0x140 [btusb (HASH:5afe 6)]
[ 17.300818] usb_unbind_interface+0xc4/0x240
[ 17.305079] device_release_driver_internal+0x18c/0x258
[ 17.310296] device_release_driver+0x1c/0x30
[ 17.314557] bus_remove_device+0x140/0x160
[ 17.318643] device_del+0x1c0/0x330
[ 17.322121] usb_disable_device+0x80/0x180
[ 17.326207] usb_disconnect+0xec/0x300
[ 17.329948] hub_quiesce+0x80/0xd0
[ 17.333339] hub_disconnect+0x44/0x190
[ 17.337078] usb_unbind_interface+0xc4/0x240
[ 17.341337] device_release_driver_internal+0x18c/0x258
[ 17.346551] device_release_driver+0x1c/0x30
[ 17.350810] usb_driver_release_interface+0x70/0x88
[ 17.355677] proc_ioctl+0x13c/0x228
[ 17.359157] proc_ioctl_default+0x50/0x80
[ 17.363155] usbdev_ioctl+0x830/0xd08
[ 17.366808] __arm64_sys_ioctl+0x94/0xd0
[ 17.370723] invoke_syscall+0x6c/0xf8
[ 17.374377] el0_svc_common+0x84/0xe0
[ 17.378030] do_el0_svc+0x20/0x30
[ 17.381334] el0_svc+0x34/0x60
[ 17.384382] el0t_64_sync_handler+0x88/0xf0
[ 17.388554] el0t_64_sync+0x180/0x188
[ 17.392208] Code: f9400677 f100a2f4 54fffea0 d503201f (b8350288)
[ 17.398289] ---[ end trace 0000000000000000 ]---

Fixes: ceac1cb0259d ("Bluetooth: btusb: mediatek: add ISO data transmission functions")
Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

bluetooth: Fix typos in the comments

Correctly spelled comments make it easier for the reader to understand
the code.

Fix typos:
'fragement' ==> 'fragment',
'genration' ==> 'generation',
'funciton'

bluetooth: Fix typos in the comments

Correctly spelled comments make it easier for the reader to understand
the code.

Fix typos:
'fragement' ==> 'fragment',
'genration' ==> 'generation',
'funciton' ==> 'function',
'Explitly' ==> 'Explicitly',
'explaination' ==> 'explanation',
'Tranlate' ==> 'Translate',
'immediatelly' ==> 'immediately',
'isntance' ==> 'instance',
'transmittion' ==> 'transmission',
'recevie' ==> 'receive',
'outselves' ==> 'ourselves',
'conrol' ==> 'control'.

Signed-off-by: Yan Zhen <[email protected]>
Reviewed-by: AngeloGioacchino Del Regno <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

move asm/unaligned.h to linux/unaligned.h

asm/unaligned.h is always an include of asm-generic/unaligned.h;
might as well move that thing to linux/unaligned.h and include
that - there's nothing arch-

move asm/unaligned.h to linux/unaligned.h

asm/unaligned.h is always an include of asm-generic/unaligned.h;
might as well move that thing to linux/unaligned.h and include
that - there's nothing arch-specific in that header.

auto-generated by the following:

for i in `git grep -l -w asm/unaligned.h`; do
sed -i -e "s/asm\/unaligned.h/linux\/unaligned.h/" $i
done
for i in `git grep -l -w asm-generic/unaligned.h`; do
sed -i -e "s/asm-generic\/unaligned.h/linux\/unaligned.h/" $i
done
git mv include/asm-generic/unaligned.h include/linux/unaligned.h
git mv tools/include/asm-generic/unaligned.h tools/include/linux/unaligned.h
sed -i -e "/unaligned.h/d" include/asm-generic/Kbuild
sed -i -e "s/__ASM_GENERIC/__LINUX/" include/linux/unaligned.h tools/include/linux/unaligned.h

show more ...

Bluetooth: btmtk: Fix btmtk.c undefined reference build error

MediaTek moved some usb interface related function to btmtk.c which
may cause build failed if BT USB Kconfig wasn't enabled.
Fix undefin

Bluetooth: btmtk: Fix btmtk.c undefined reference build error

MediaTek moved some usb interface related function to btmtk.c which
may cause build failed if BT USB Kconfig wasn't enabled.
Fix undefined reference by adding config check.

btmtk.c:(.text+0x89c): undefined reference to `usb_alloc_urb'
btmtk.c:(.text+0x8e3): undefined reference to `usb_free_urb'
btmtk.c:(.text+0x956): undefined reference to `usb_free_urb'
btmtk.c:(.text+0xa0e): undefined reference to `usb_anchor_urb'
btmtk.c:(.text+0xb43): undefined reference to `usb_autopm_get_interface'
btmtk.c:(.text+0xb7e): undefined reference to `usb_autopm_put_interface'
btmtk.c:(.text+0xf70): undefined reference to `usb_disable_autosuspend'
btmtk.c:(.text+0x133a): undefined reference to `usb_control_msg'

Fixes: d019930b0049 ("Bluetooth: btmtk: move btusb_mtk_hci_wmt_sync to btmtk.c")
Reported-by: kernel test robot <[email protected]>
Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: Fix kernel crash when entering btmtk_usb_suspend

If MediaTek's Bluetooth setup is unsuccessful, a NULL pointer issue
occur when the system is suspended and the anchored kill functi

Bluetooth: btmtk: Fix kernel crash when entering btmtk_usb_suspend

If MediaTek's Bluetooth setup is unsuccessful, a NULL pointer issue
occur when the system is suspended and the anchored kill function
is called. To avoid this, add protection to prevent executing the
anchored kill function if the setup is unsuccessful.

[ 6.922106] Hardware name: Acer Tomato (rev2) board (DT)
[ 6.922114] Workqueue: pm pm_runtime_work
[ 6.922132] pstate: 804000c9
(Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 6.922147] pc : usb_kill_anchored_urbs+0x6c/0x1e0
[ 6.922164] lr : usb_kill_anchored_urbs+0x48/0x1e0
[ 6.922181] sp : ffff800080903b60
[ 6.922187] x29: ffff800080903b60
x28: ffff2c7b85c32b80 x27: ffff2c7bbb370930
[ 6.922211] x26: 00000000000f4240
x25: 00000000ffffffff x24: ffffd49ece2dcb48
[ 6.922255] x20: ffffffffffffffd8
x19: 0000000000000000 x18: 0000000000000006
[ 6.922276] x17: 6531656337386238
x16: 3632373862333863 x15: ffff800080903480
[ 6.922297] x14: 0000000000000000
x13: 303278302f303178 x12: ffffd49ecf090e30
[ 6.922318] x11: 0000000000000001
x10: 0000000000000001 x9 : ffffd49ecd2c5bb4
[ 6.922339] x8 : c0000000ffffdfff
x7 : ffffd49ecefe0db8 x6 : 00000000000affa8
[ 6.922360] x5 : ffff2c7bbb35dd48
x4 : 0000000000000000 x3 : 0000000000000000
[ 6.922379] x2 : 0000000000000000
x1 : 0000000000000003 x0 : ffffffffffffffd8
[ 6.922400] Call trace:
[ 6.922405] usb_kill_anchored_urbs+0x6c/0x1e0
[ 6.922422] btmtk_usb_suspend+0x20/0x38
[btmtk 5f200a97badbdfda4266773fee49acfc8e0224d5]
[ 6.922444] btusb_suspend+0xd0/0x210
[btusb 0bfbf19a87ff406c83b87268b87ce1e80e9a829b]
[ 6.922469] usb_suspend_both+0x90/0x288
[ 6.922487] usb_runtime_suspend+0x3c/0xa8
[ 6.922507] __rpm_callback+0x50/0x1f0
[ 6.922523] rpm_callback+0x70/0x88
[ 6.922538] rpm_suspend+0xe4/0x5a0
[ 6.922553] pm_runtime_work+0xd4/0xe0
[ 6.922569] process_one_work+0x18c/0x440
[ 6.922588] worker_thread+0x314/0x428
[ 6.922606] kthread+0x128/0x138
[ 6.922621] ret_from_fork+0x10/0x20
[ 6.922644] Code: f100a274 54000520 d503201f d100a260 (b8370000)
[ 6.922654] ---[ end trace 0000000000000000 ]---

Fixes: ceac1cb0259d ("Bluetooth: btusb: mediatek: add ISO data transmission functions")
Signed-off-by: Chris Lu <[email protected]>
Reported-by: Nícolas F. R. A. Prado <[email protected]> #KernelCI
Tested-by: Nícolas F. R. A. Prado <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btusb: mediatek: add ISO data transmission functions

This patch implements functions for ISO data send and receive in btusb
driver for MediaTek's controller.

MediaTek defines a specific

Bluetooth: btusb: mediatek: add ISO data transmission functions

This patch implements functions for ISO data send and receive in btusb
driver for MediaTek's controller.

MediaTek defines a specific interrupt endpoint for ISO data transmissin
because the characteristics of interrupt endpoint are similar to the
application of ISO data which can support guaranteed transmissin
bandwidth, enough maximum data length and error checking mechanism.

Driver sets up ISO interface and endpoints in btusb_mtk_setup and clears
the setup in btusb_mtk_shutdown. These flow can't move to btmtk.c due to
btusb_driver is only defined in btusb.c when claiming/relaesing interface.
ISO packet anchor stops when driver suspending and resubmit interrupt urb
for ISO data when driver resuming.

Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: move btusb_recv_acl_mtk to btmtk.c

Move btusb_recv_acl_mtk from btusb.c to btmtk.c which holds
vendor specific stuff and would make btusb.c clean.

Signed-off-by: Sean Wang <sean.w

Bluetooth: btmtk: move btusb_recv_acl_mtk to btmtk.c

Move btusb_recv_acl_mtk from btusb.c to btmtk.c which holds
vendor specific stuff and would make btusb.c clean.

Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: move btusb_mtk_[setup, shutdown] to btmtk.c

Move btusb_mtk_[setup, shutdown] and related function from
btusb.c to btmtk.c which holds vendor specific stuff and
would make btusb.c c

Bluetooth: btmtk: move btusb_mtk_[setup, shutdown] to btmtk.c

Move btusb_mtk_[setup, shutdown] and related function from
btusb.c to btmtk.c which holds vendor specific stuff and
would make btusb.c clean.

Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: move btusb_mtk_hci_wmt_sync to btmtk.c

Move btusb_mtk_hci_wmt_sync from btusb.c to btmtk.c which holds
vendor specific stuff and would make btusb.c clean.

Add usb.h header to btmt

Bluetooth: btmtk: move btusb_mtk_hci_wmt_sync to btmtk.c

Move btusb_mtk_hci_wmt_sync from btusb.c to btmtk.c which holds
vendor specific stuff and would make btusb.c clean.

Add usb.h header to btmtksdio.c/btmtkuart.c for usb related element
defined in btmtk.h

Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: rename btmediatek_data

Rename btmediatek_data to have a consistent prefix throughout the driver.

Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Chris Lu <chris.l

Bluetooth: btmtk: rename btmediatek_data

Rename btmediatek_data to have a consistent prefix throughout the driver.

Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: add the function to get the fw name

Include a shared function to get the firmware name, to prevent repeating
code for similar chipsets.

Signed-off-by: Sean Wang <sean.wang@mediate

Bluetooth: btmtk: add the function to get the fw name

Include a shared function to get the firmware name, to prevent repeating
code for similar chipsets.

Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btusb: mediatek: Fix double free of skb in coredump

hci_devcd_append() would free the skb on error so the caller don't
have to free it again otherwise it would cause the double free of sk

Bluetooth: btusb: mediatek: Fix double free of skb in coredump

hci_devcd_append() would free the skb on error so the caller don't
have to free it again otherwise it would cause the double free of skb.

Fixes: 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Reported-by : Dan Carpenter <[email protected]>
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922

Since dracut refers to the module info for defining the required
firmware files and btmtk driver doesn't provide the firmware info for
MT7922, the

Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922

Since dracut refers to the module info for defining the required
firmware files and btmtk driver doesn't provide the firmware info for
MT7922, the generate initrd misses the firmware, resulting in the
broken Bluetooth.

This patch simply adds the MODULE_FIRMWARE() for the missing entry
for covering that.

Link: https://bugzilla.suse.com/show_bug.cgi?id=1214133
Signed-off-by: Takashi Iwai <[email protected]>
Reviewed-by: Paul Menzel <[email protected]>
Reviewed-by: Matthias Brugger <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btusb: Fix memory leak

This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone
the skb and also make sure btmtk_process_coredump frees the skb passed
following the same l

Bluetooth: btusb: Fix memory leak

This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone
the skb and also make sure btmtk_process_coredump frees the skb passed
following the same logic.

Fixes: 0b7015132878 ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: Fix kernel crash when processing coredump

There may be a potential kernel crash risk if 'skb->len
- MTK_COREDUMP_END_LEN' value is less than 0 when doing
memcmp in btmtk_process_co

Bluetooth: btmtk: Fix kernel crash when processing coredump

There may be a potential kernel crash risk if 'skb->len
- MTK_COREDUMP_END_LEN' value is less than 0 when doing
memcmp in btmtk_process_coredump().
Check the value is valid before doing memcmp.

[215.021695] Unable to handle kernel paging request at
virtual address ffffff939fffd3c5
[215.021781] Mem abort info:
[215.021805] ESR = 0x96000005
[215.021833] EC = 0x25: DABT (current EL), IL = 32 bits
[215.021861] SET = 0, FnV = 0
[215.021875] EA = 0, S1PTW = 0
[215.021886] Data abort info:
[215.021899] ISV = 0, ISS = 0x00000005
[215.021912] CM = 0, WnR = 0
[215.021929] swapper pgtable: 4k pages, 39-bit VAs,
pgdp=00000000410de000
[215.021943] [ffffff939fffd3c5] pgd=0000000000000000,
p4d=0000000000000000, pud=0000000000000000
[215.021979] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[215.022496] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.186#3
(HASH:ad23 4)
[215.022511] Hardware name: MediaTek Tomato board (DT)
[215.022530] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
[215.022556] pc : __pi_memcmp+0xd0/0x1b8
[215.022579] lr : btmtk_process_coredump+0xb0/0x5f8 [btmtk]
[215.022593] sp : ffffffc010003d40
[215.022607] x29: ffffffc010003d40 x28: 0000000000000006
[215.022633] x27: ffffffda696350c0 x26: 0000000000000002
[215.022659] x25: 00000000000003ff x24: ffffff9360cca804
[215.022685] x23: 0000000000000000 x22: ffffff9365638500
[215.022710] x21: ffffff9365638700 x20: 0000000000000000
[215.022736] x19: ffffff936002e000 x18: 0000000000000000
[215.022761] x17: 0000000000000180 x16: ffffffda6881b8b4
[215.022787] x15: 0000000000000001 x14: 0000000000002d00
[215.022812] x13: 0000000000060000 x12: 0000000000000181
[215.022837] x11: 0000000000000006 x10: fffffffffffffffd
[215.022862] x9 : 0000000000000006 x8 : 0000000000000003
[215.022887] x7 : 0000000000000000 x6 : 0000000000000000
[215.022913] x5 : ffffff93656387b8 x4 : 0000000000000000
[215.022938] x3 : ffffffc010003c18 x2 : 0000000000000006
[215.022963] x1 : ffffffda09d4124a x0 : ffffff939fffd3c5
[215.022989] Call trace:
[215.023012] __pi_memcmp+0xd0/0x1b8
[215.023053] btusb_recv_acl_mtk+0x64/0x90 [btusb (HASH:dc6b 5)]
[215.023087] btusb_recv_bulk+0x118/0x170 [btusb (HASH:dc6b 5)]
[215.023121] btusb_bulk_complete+0x8c/0x148 [btusb (HASH:dc6b 5)]
[215.023144] __usb_hcd_giveback_urb+0xbc/0x148
[215.023164] usb_giveback_urb_bh+0xb4/0x190
[215.023184] tasklet_action_common+0x98/0x1a0
[215.023201] tasklet_action+0x2c/0x38
[215.023220] __do_softirq+0xe0/0x38c
[215.023241] invoke_softirq+0x34/0x6c
[215.023258] irq_exit+0x6c/0xb0
[215.023279] __handle_domain_irq+0x98/0xd4
[215.023296] gic_handle_irq+0x5c/0x11c
[215.023313] el1_irq+0xd0/0x180
[215.023332] cpuidle_enter_state+0xac/0x338
[215.023349] cpuidle_enter+0x40/0x70
[215.023366] do_idle+0x150/0x278
[215.023384] cpu_startup_entry+0x2c/0x58
[215.023401] rest_init+0xdc/0xec
[215.023419] arch_call_rest_init+0x18/0x24
[215.023435] start_kernel+0x334/0x400
[215.023460] Code: 91002129 eb09010a 9a89810b cb0b0042 (38401403)
[215.023478] ---[ end trace 28668fd20c7a90cd ]

Fixes: 2822cd0173ad ("Bluetooth: btusb: mediatek: add MediaTek devcoredump support")
Signed-off-by: Chris Lu <[email protected]>
Co-developed-by: Sean Wang <[email protected]>
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btusb: mediatek: add MediaTek devcoredump support

This patch implement function .coredump() and dmp_hdr() in btusb
driver for MediaTek controller. FW core dump was triggered by FW
specif

Bluetooth: btusb: mediatek: add MediaTek devcoredump support

This patch implement function .coredump() and dmp_hdr() in btusb
driver for MediaTek controller. FW core dump was triggered by FW
specific event to show something unexpected happened in the controller.

The driver would be responsible for collecting and uploading the device
core dump pieces in hci driver using core dump API. Once we finished
the whole process, the driver would reset the controller to recover the
kind of fatal error.

Co-developed-by: Chris Lu <[email protected]>
Signed-off-by: Chris Lu <[email protected]>
Co-developed-by: Sean Wang <[email protected]>
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Jing Cai <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: introduce btmtk reset work

Introduce btmtk_reset_work which can be called whenever the firmware abort,
HCI command timeout, other fatal error happen.

Co-developed-by: Chris Lu <ch

Bluetooth: btmtk: introduce btmtk reset work

Introduce btmtk_reset_work which can be called whenever the firmware abort,
HCI command timeout, other fatal error happen.

Co-developed-by: Chris Lu <[email protected]>
Signed-off-by: Chris Lu <[email protected]>
Co-developed-by: Sean Wang <[email protected]>
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Jing Cai <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtk: add printing firmware information

Add printing firmware information part when driver loading firmware that
user can get mediatek bluetooth information.

Co-developed-by: Sean Wang

Bluetooth: btmtk: add printing firmware information

Add printing firmware information part when driver loading firmware that
user can get mediatek bluetooth information.

Co-developed-by: Sean Wang <[email protected]>
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Chris Lu <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btusb: Add support Mediatek MT7925

This patch is added support Mediatek MT7925.
1. The firmware location of MT7925 will set to
/lib/firmware/mediatek/mt7925
2. Add Mediatek private data i

Bluetooth: btusb: Add support Mediatek MT7925

This patch is added support Mediatek MT7925.
1. The firmware location of MT7925 will set to
/lib/firmware/mediatek/mt7925
2. Add Mediatek private data in hdev
to record the device for handle MT7925 flow.
3. Use the recoreded dev_id to condition chip reset flow.

The information in /sys/kernel/debug/usb/devices about the MT7925U
Bluetooth device is listed as the below

T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 27 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0e8d ProdID=7925 Rev= 1.00
S: Manufacturer=MediaTek Inc.
S: Product=Wireless_Device
S: SerialNumber=000000000
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=100mA
A: FirstIf#= 0 IfCount= 3 Cls=e0(wlcon) Sub=01 Prot=01
I:* If#= 0 Alt= 0 #EPs= 5 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=125us
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8f(I) Atr=03(Int.) MxPS= 2 Ivl=125us
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
I: If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 63 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 63 Ivl=1ms
I:* If#= 2 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=8a(I) Atr=03(Int.) MxPS= 64 Ivl=125us
E: Ad=0a(O) Atr=03(Int.) MxPS= 64 Ivl=125us
I: If#= 2 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=8a(I) Atr=03(Int.) MxPS= 512 Ivl=125us
E: Ad=0a(O) Atr=03(Int.) MxPS= 512 Ivl=125us
I:* If#= 3 Alt= 0 #EPs= 9 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=08(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=09(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 2 Ivl=125us

Signed-off-by: Peter Tsao <[email protected]>
Signed-off-by: Luiz Augusto von Dentz <[email protected]>

show more ...

Bluetooth: btmtkuart: rely on BT_MTK module

Rely on btmtk module to reduce duplicated code

Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>

Bluetooth: btusb: Return error code when getting patch status failed

If there are failure cases in getting patch status, it should return the
error code (-EIO).

Fixes: fc342c4dc4087 ("Bluetooth: bt

Bluetooth: btusb: Return error code when getting patch status failed

If there are failure cases in getting patch status, it should return the
error code (-EIO).

Fixes: fc342c4dc4087 ("Bluetooth: btusb: Add protocol support for MediaTek MT7921U USB devices")
Co-developed-by: Sean Wang <[email protected]>
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Mark Chen <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>

show more ...