* RE: [v1] Bluetooth: hci_sync: Add support for HCI_LE_Set_Host_Feature [v2]
From: bluez.test.bot @ 2026-05-26 18:15 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
In-Reply-To: <20260526170341.3529825-1-luiz.dentz@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2204 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1101148
---Test result---
Test Summary:
CheckPatch PASS 0.99 seconds
VerifyFixes PASS 0.13 seconds
VerifySignedoff PASS 0.14 seconds
GitLint PASS 0.33 seconds
SubjectPrefix PASS 0.17 seconds
BuildKernel PASS 25.82 seconds
CheckAllWarning PASS 28.25 seconds
CheckSparse PASS 27.01 seconds
BuildKernel32 PASS 24.90 seconds
TestRunnerSetup PASS 530.10 seconds
TestRunner_l2cap-tester PASS 61.24 seconds
TestRunner_iso-tester PASS 79.43 seconds
TestRunner_bnep-tester PASS 19.32 seconds
TestRunner_mgmt-tester FAIL 211.47 seconds
TestRunner_rfcomm-tester PASS 25.26 seconds
TestRunner_sco-tester PASS 32.76 seconds
TestRunner_ioctl-tester PASS 26.30 seconds
TestRunner_mesh-tester FAIL 26.01 seconds
TestRunner_smp-tester PASS 23.28 seconds
TestRunner_userchan-tester PASS 20.37 seconds
TestRunner_6lowpan-tester PASS 23.07 seconds
IncrementalBuild PASS 24.29 seconds
Details
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4
Failed Test Cases
Read Exp Feature - Success Failed 0.281 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 2.204 seconds
Mesh - Send cancel - 2 Timed out 1.990 seconds
https://github.com/bluez/bluetooth-next/pull/246
---
Regards,
Linux Bluetooth
^ permalink raw reply
* RE: [v4] Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp
From: bluez.test.bot @ 2026-05-26 18:07 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
In-Reply-To: <20260526152650.3487624-1-luiz.dentz@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1042 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1101090
---Test result---
Test Summary:
CheckPatch PASS 0.77 seconds
VerifyFixes PASS 0.14 seconds
VerifySignedoff PASS 0.14 seconds
GitLint PASS 0.34 seconds
SubjectPrefix PASS 0.13 seconds
BuildKernel PASS 25.16 seconds
CheckAllWarning PASS 27.60 seconds
CheckSparse PASS 26.45 seconds
BuildKernel32 PASS 24.58 seconds
TestRunnerSetup PASS 523.22 seconds
TestRunner_l2cap-tester PASS 58.41 seconds
IncrementalBuild PASS 24.30 seconds
https://github.com/bluez/bluetooth-next/pull/245
---
Regards,
Linux Bluetooth
^ permalink raw reply
* Re: [PATCH bluetooth] Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
To: Zhenghang Xiao; +Cc: marcel, luiz.dentz, linux-bluetooth
In-Reply-To: <20260526105152.78178-1-kipreyyy@gmail.com>
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Tue, 26 May 2026 18:51:52 +0800 you wrote:
> l2cap_ecred_reconf_rsp() returns early on success without clearing
> chan->ident. Every other L2CAP response handler (l2cap_ecred_conn_rsp,
> l2cap_le_connect_rsp, l2cap_config_rsp) clears chan->ident after a
> successful transaction to prevent the channel from matching subsequent
> responses with the recycled ident value.
>
> A remote attacker that completed a reconfiguration as the peer can
> replay a failure response with the stale ident, causing the kernel to
> match and destroy the already-established channel via
> l2cap_chan_del(chan, ECONNRESET).
>
> [...]
Here is the summary with links:
- Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success
https://git.kernel.org/bluetooth/bluetooth-next/c/3149687089e0
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* Re: [PATCH] Bluetooth: btusb: Add USB ID 2c4e:0128 for Mercusys MA60XNB
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
To: Zenm Chen
Cc: marcel, luiz.dentz, linux-bluetooth, linux-kernel, pkshih,
max.chou, hildawu, rtl8821cerfe2, guillem, stable
In-Reply-To: <20260525161942.5206-1-zenmchen@gmail.com>
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Tue, 26 May 2026 00:19:42 +0800 you wrote:
> Add USB ID 2c4e:0128 for Mercusys MA60XNB, an RTL8851BU-based
> Wi-Fi + Bluetooth adapter.
>
> The information in /sys/kernel/debug/usb/devices about the Bluetooth
> device is listed as the below:
>
> T: Bus=03 Lev=01 Prnt=01 Port=04 Cnt=01 Dev#= 3 Spd=480 MxCh= 0
> D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
> P: Vendor=2c4e ProdID=0128 Rev= 0.00
> S: Manufacturer=Realtek
> S: Product=802.11ax WLAN Adapter
> S: SerialNumber=00e04c000001
> C:* #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=500mA
> A: FirstIf#= 0 IfCount= 2 Cls=e0(wlcon) Sub=01 Prot=01
> I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
> E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
> E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
> I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
> E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
> I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
> E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
> I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
> E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
> I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
> E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
> I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
> E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
> I: If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E: Ad=03(O) Atr=01(Isoc) MxPS= 63 Ivl=1ms
> E: Ad=83(I) Atr=01(Isoc) MxPS= 63 Ivl=1ms
> I:* If#= 2 Alt= 0 #EPs= 8 Cls=ff(vend.) Sub=ff Prot=ff Driver=rtw89_8851bu
> E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E: Ad=09(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E: Ad=0a(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E: Ad=0b(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E: Ad=0c(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
>
> [...]
Here is the summary with links:
- Bluetooth: btusb: Add USB ID 2c4e:0128 for Mercusys MA60XNB
https://git.kernel.org/bluetooth/bluetooth-next/c/29289e705913
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* Re: [PATCH v4] Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
In-Reply-To: <20260526152650.3487624-1-luiz.dentz@gmail.com>
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Tue, 26 May 2026 11:26:50 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> If dcid is received for an already-assigned destination CID the spec
> requires that both channels to be discarded, but calling l2cap_chan_del
> may invalidate the tmp cursor created by list_for_each_entry_safe and
> in fact it is the wrong procedure as the chan->dcid may be assigned
> previously it really needs to be disconnected.
>
> [...]
Here is the summary with links:
- [v4] Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp
https://git.kernel.org/bluetooth/bluetooth-next/c/0a39e3eccf85
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* Re: [PATCH v1] Bluetooth: hci_sync: Add support for HCI_LE_Set_Host_Feature [v2]
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
In-Reply-To: <20260526170341.3529825-1-luiz.dentz@gmail.com>
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Tue, 26 May 2026 13:03:41 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> This adds support for using HCI_LE_Set_Host_Feature [v2] instead of v1
> if LL Extented Features is supported and the controller supports the
> command.
>
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> [...]
Here is the summary with links:
- [v1] Bluetooth: hci_sync: Add support for HCI_LE_Set_Host_Feature [v2]
https://git.kernel.org/bluetooth/bluetooth-next/c/ec9b9c3b31f3
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* Re: [PATCH v2] Bluetooth: hci_qca: Use 100 ms SSR delay for rampatch and NVM loading
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
To: Shuai Zhang
Cc: brgl, marcel, luiz.dentz, linux-arm-msm, linux-bluetooth,
linux-kernel, cheng.jiang, quic_chezhou, wei.deng, jinwang.li,
mengshi.wu, stable, dmitry.baryshkov
In-Reply-To: <20260525065156.2213123-1-shuai.zhang@oss.qualcomm.com>
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Mon, 25 May 2026 14:51:56 +0800 you wrote:
> When bt_en is pulled high by hardware, the host does not re-download
> the firmware after SSR. The controller loads the rampatch and NVM
> internally.
>
> On HMT chip, the rampatch is ~264 KB and the NVM is ~9.4 KB. The
> loading process takes approximately 70 ms. The previous 50 ms delay is
> too short, causing the controller to not respond to the reset command
> sent by the host, which leads to BT initialization failure:
>
> [...]
Here is the summary with links:
- [v2] Bluetooth: hci_qca: Use 100 ms SSR delay for rampatch and NVM loading
https://git.kernel.org/bluetooth/bluetooth-next/c/b74b39bc6d9d
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* Re: [PATCH] Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt()
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
To: Zhao Dongdong; +Cc: marcel, luiz.dentz, linux-bluetooth, zhaodongdong
In-Reply-To: <tencent_859B04510A77948C6A97FF769CBB9262A007@qq.com>
Hello:
This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Tue, 26 May 2026 11:21:39 +0800 you wrote:
> From: Zhao Dongdong <zhaodongdong@kylinos.cn>
>
> The skb_clone() function can return NULL if memory allocation fails.
> send_mcast_pkt() calls skb_clone() without checking the return value, which
> can lead to a NULL pointer dereference in send_pkt() when it dereferences
> skb->data.
> Add a NULL check after skb_clone() and skip the peer if the clone fails.
>
> [...]
Here is the summary with links:
- Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt()
https://git.kernel.org/bluetooth/bluetooth-next/c/ba550f4bd304
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* [bluez/bluez]
From: BluezTestBot @ 2026-05-26 17:40 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1099306
Home: https://github.com/bluez/bluez
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [bluez/bluez]
From: BluezTestBot @ 2026-05-26 17:40 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1099512
Home: https://github.com/bluez/bluez
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [bluez/bluez] 633d91: emulator/btdev: Add LE Set Host Feature V2 command...
From: Luiz Augusto von Dentz @ 2026-05-26 17:40 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/1101147
Home: https://github.com/bluez/bluez
Commit: 633d913df34b169a102b873ae55495852947361e
https://github.com/bluez/bluez/commit/633d913df34b169a102b873ae55495852947361e
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: 2026-05-26 (Tue, 26 May 2026)
Changed paths:
M emulator/btdev.c
Log Message:
-----------
emulator/btdev: Add LE Set Host Feature V2 command emulation
Add emulation for LE Set Host Feature V2 (0x2097) command which
uses a 16-bit bit_number field (vs 8-bit in v1) to allow setting
extended LE feature bits. The command bit is set at byte 47 bit 4
as defined in bt.h.
Assisted-by: OpenCode:claude-opus-4.6
Commit: c81b48b8a7195b1cc00d1d562a4de2e294da240f
https://github.com/bluez/bluez/commit/c81b48b8a7195b1cc00d1d562a4de2e294da240f
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: 2026-05-26 (Tue, 26 May 2026)
Changed paths:
M monitor/bt.h
M monitor/packet.c
Log Message:
-----------
monitor: Add decoding support for LE Set Host Feature V2
Add decoding support for LE Set Host Feature V2 (0x2097) command
which uses a 16-bit bit_number field to support extended LE feature
pages:
< HCI Command: LE Set Host F.. (0x08|0x0097) plen 3
Bit Number: 32
Features[0/0][8]:
00 00 00 00 01 00 00 00 ........
Connected Isochronous Stream (Host Support)
Bit Value: 1
> HCI Event: Command Complete (0x0e) plen 4
LE Set Host Feature V2 (0x08|0x0097) ncmd 1
Status: Success (0x00)
Assisted-by: OpenCode:claude-opus-4.6
Compare: https://github.com/bluez/bluez/compare/633d913df34b%5E...c81b48b8a719
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [bluez/bluez] b8d42b: test-mesh-crypto: Don't attempt to run test if AF_...
From: apusaka @ 2026-05-26 17:39 UTC (permalink / raw)
To: linux-bluetooth
Branch: refs/heads/master
Home: https://github.com/bluez/bluez
Commit: b8d42b282b3c17f1f4838039fa23ba24f07db723
https://github.com/bluez/bluez/commit/b8d42b282b3c17f1f4838039fa23ba24f07db723
Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: 2026-05-22 (Fri, 22 May 2026)
Changed paths:
M unit/test-mesh-crypto.c
Log Message:
-----------
test-mesh-crypto: Don't attempt to run test if AF_ALG is not available
This make use of mesh_crypto_check_avail to check if AF_ALG is available
and if not just bail out which is similar to how test-crypto handles
when bt_crypto_new returns NULL.
Commit: b493164ffbff277bdb540f6d779ba4b4645b3679
https://github.com/bluez/bluez/commit/b493164ffbff277bdb540f6d779ba4b4645b3679
Author: Archie Pusaka <apusaka@chromium.org>
Date: 2026-05-26 (Tue, 26 May 2026)
Changed paths:
M monitor/bt.h
M monitor/packet.c
Log Message:
-----------
monitor: Add support for HCI Event Encryption Change v2
> HCI Event: Encryption Change v2 (0x59) plen 5
Status: Success (0x00)
Handle: 256 (BR-ACL) Address: 00:11:22:34:56:78
Encryption: Enabled with E0 (0x01)
Key size: 16
Compare: https://github.com/bluez/bluez/compare/f818e9d0c9df...b493164ffbff
To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
^ permalink raw reply
* [PATCH v1] Bluetooth: hci_sync: Add support for HCI_LE_Set_Host_Feature [v2]
From: Luiz Augusto von Dentz @ 2026-05-26 17:03 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds support for using HCI_LE_Set_Host_Feature [v2] instead of v1
if LL Extented Features is supported and the controller supports the
command.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
include/net/bluetooth/hci.h | 6 ++++++
net/bluetooth/hci_sync.c | 21 ++++++++++++++++++++-
2 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 572b1c620c5d..26a84dbf548a 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -2486,6 +2486,12 @@ struct hci_rp_le_cs_test {
#define HCI_OP_LE_CS_TEST_END 0x2096
+#define HCI_OP_LE_SET_HOST_FEATURE_V2 0x2097
+struct hci_cp_le_set_host_feature_v2 {
+ __u16 bit_number;
+ __u8 bit_value;
+} __packed;
+
/* ---- HCI Events ---- */
struct hci_ev_status {
__u8 status;
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index aff8562a8690..944bd29394c2 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -4583,11 +4583,30 @@ static int hci_set_le_support_sync(struct hci_dev *hdev)
sizeof(cp), &cp, HCI_CMD_TIMEOUT);
}
+/* LE Set Host Feature V2 */
+static int hci_le_set_host_feature_v2_sync(struct hci_dev *hdev, u16 bit,
+ u8 value)
+{
+ struct hci_cp_le_set_host_feature_v2 cp;
+
+ memset(&cp, 0, sizeof(cp));
+
+ /* Connected Isochronous Channels (Host Support) */
+ cp.bit_number = bit;
+ cp.bit_value = value;
+
+ return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_HOST_FEATURE_V2,
+ sizeof(cp), &cp, HCI_CMD_TIMEOUT);
+}
+
/* LE Set Host Feature */
-static int hci_le_set_host_feature_sync(struct hci_dev *hdev, u8 bit, u8 value)
+static int hci_le_set_host_feature_sync(struct hci_dev *hdev, u16 bit, u8 value)
{
struct hci_cp_le_set_host_feature cp;
+ if (ll_ext_feature_capable(hdev) && hdev->commands[47] & BIT(4))
+ return hci_le_set_host_feature_v2_sync(hdev, bit, value);
+
memset(&cp, 0, sizeof(cp));
/* Connected Isochronous Channels (Host Support) */
--
2.53.0
^ permalink raw reply related
* [PATCH BlueZ v1 2/2] monitor: Add decoding support for LE Set Host Feature V2
From: Luiz Augusto von Dentz @ 2026-05-26 17:03 UTC (permalink / raw)
To: linux-bluetooth
In-Reply-To: <20260526170309.3529062-1-luiz.dentz@gmail.com>
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Add decoding support for LE Set Host Feature V2 (0x2097) command
which uses a 16-bit bit_number field to support extended LE feature
pages:
< HCI Command: LE Set Host F.. (0x08|0x0097) plen 3
Bit Number: 32
Features[0/0][8]:
00 00 00 00 01 00 00 00 ........
Connected Isochronous Stream (Host Support)
Bit Value: 1
> HCI Event: Command Complete (0x0e) plen 4
LE Set Host Feature V2 (0x08|0x0097) ncmd 1
Status: Success (0x00)
Assisted-by: OpenCode:claude-opus-4.6
---
monitor/bt.h | 7 +++++++
monitor/packet.c | 32 ++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+)
diff --git a/monitor/bt.h b/monitor/bt.h
index a849c18a96b5..6efccb27e758 100644
--- a/monitor/bt.h
+++ b/monitor/bt.h
@@ -3186,6 +3186,13 @@ struct bt_hci_rsp_le_cs_test {
#define BT_HCI_CMD_LE_CS_TEST_END 0x2096
#define BT_HCI_BIT_LE_CS_TEST_END BT_HCI_CMD_BIT(23, 4)
+#define BT_HCI_CMD_LE_SET_HOST_FEATURE_V2 0x2097
+#define BT_HCI_BIT_LE_SET_HOST_FEATURE_V2 BT_HCI_CMD_BIT(47, 4)
+struct bt_hci_cmd_le_set_host_feature_v2 {
+ uint16_t bit_number;
+ uint8_t bit_value;
+} __attribute__ ((packed));
+
#define BT_HCI_CMD_LE_FSU 0x209d
#define BT_HCI_BIT_LE_FSU BT_HCI_CMD_BIT(48, 1)
struct bt_hci_cmd_le_fsu {
diff --git a/monitor/packet.c b/monitor/packet.c
index 41f0226c39f8..dcb067ce874f 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -9820,6 +9820,33 @@ static void le_cs_test_cmd(uint16_t index, const void *data, uint8_t size)
cmd->override_parameters_length);
}
+static void le_set_host_feature_v2_cmd(uint16_t index, const void *data,
+ uint8_t size)
+{
+ const struct bt_hci_cmd_le_set_host_feature_v2 *cmd = data;
+ uint8_t page;
+ uint8_t features[24] = {};
+ uint16_t bit_number = le16_to_cpu(cmd->bit_number);
+
+ print_field("Bit Number: %u", bit_number);
+
+ if (bit_number < 64) {
+ features[bit_number / 8] |= (1 << (bit_number % 8));
+ print_features(0, features, 0x01);
+ } else {
+ uint16_t bit;
+
+ page = (bit_number - 64) / 24 + 1;
+ /* Adjust the bit number to be relative to the page */
+ bit = (bit_number - 64) % 24;
+ /* Set the bit in the features array */
+ features[bit / 8] |= (1 << ((bit % 8)));
+ print_features(page, features, 0x01);
+ }
+
+ print_field("Bit Value: %u", cmd->bit_value);
+}
+
static void le_cs_test_rsp(uint16_t index, const void *data, uint8_t size)
{
const struct bt_hci_rsp_le_cs_test *rsp = data;
@@ -11013,6 +11040,11 @@ static const struct opcode_data opcode_table[] = {
true},
{ BT_HCI_CMD_LE_CS_TEST_END, BT_HCI_BIT_LE_CS_TEST_END,
"LE CS Test End" },
+ { BT_HCI_CMD_LE_SET_HOST_FEATURE_V2, BT_HCI_BIT_LE_SET_HOST_FEATURE_V2,
+ "LE Set Host Feature V2",
+ le_set_host_feature_v2_cmd,
+ sizeof(struct bt_hci_cmd_le_set_host_feature_v2),
+ true, status_rsp, 1, true },
{ BT_HCI_CMD_LE_FSU, BT_HCI_BIT_LE_FSU,
"LE Frame Space Update", le_fsu_cmd,
sizeof(struct bt_hci_cmd_le_fsu),
--
2.53.0
^ permalink raw reply related
* [PATCH BlueZ v1 1/2] emulator/btdev: Add LE Set Host Feature V2 command emulation
From: Luiz Augusto von Dentz @ 2026-05-26 17:03 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Add emulation for LE Set Host Feature V2 (0x2097) command which
uses a 16-bit bit_number field (vs 8-bit in v1) to allow setting
extended LE feature bits. The command bit is set at byte 47 bit 4
as defined in bt.h.
Assisted-by: OpenCode:claude-opus-4.6
---
emulator/btdev.c | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/emulator/btdev.c b/emulator/btdev.c
index ad2e025d1b45..3206caf5be86 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -7907,11 +7907,40 @@ static int cmd_le_read_all_remote_features(struct btdev *dev, const void *data,
return 0;
}
+static int cmd_set_host_feature_v2(struct btdev *dev, const void *data,
+ uint8_t len)
+{
+ const struct bt_hci_cmd_le_set_host_feature_v2 *cmd = data;
+ uint8_t status = BT_HCI_ERR_SUCCESS;
+ uint16_t bit = le16_to_cpu(cmd->bit_number);
+ uint8_t page = bit / 8;
+ uint8_t mask = BIT(bit % 8);
+
+ /* Only allow setting host controlled features */
+ if (page >= sizeof(dev->le_features)) {
+ status = BT_HCI_ERR_INVALID_PARAMETERS;
+ goto done;
+ }
+
+ if (cmd->bit_value)
+ dev->le_features[page] |= mask;
+ else
+ dev->le_features[page] &= ~mask;
+
+done:
+ cmd_complete(dev, BT_HCI_CMD_LE_SET_HOST_FEATURE_V2, &status,
+ sizeof(status));
+
+ return 0;
+}
+
#define CMD_LE_60 \
CMD(BT_HCI_CMD_LE_READ_ALL_LOCAL_FEATURES, \
cmd_le_read_all_local_features, NULL), \
CMD(BT_HCI_CMD_LE_READ_ALL_REMOTE_FEATURES, \
- cmd_le_read_all_remote_features, NULL)
+ cmd_le_read_all_remote_features, NULL), \
+ CMD(BT_HCI_CMD_LE_SET_HOST_FEATURE_V2, \
+ cmd_set_host_feature_v2, NULL)
static const struct btdev_cmd cmd_le_6_0[] = {
CMD_COMMON_ALL,
@@ -7930,6 +7959,7 @@ static void set_le_60_commands(struct btdev *btdev)
{
btdev->commands[47] |= BIT(2); /* LE Read All Local Features */
btdev->commands[47] |= BIT(3); /* LE Read All Remote Features */
+ btdev->commands[47] |= BIT(4); /* LE Set Host Feature V2 */
btdev->cmds = cmd_le_6_0;
}
--
2.53.0
^ permalink raw reply related
* Re: [PATCH BlueZ] monitor: Add support for HCI Event Encryption Change v2
From: patchwork-bot+bluetooth @ 2026-05-26 15:40 UTC (permalink / raw)
To: Archie Pusaka
Cc: linux-bluetooth, luiz.dentz, chromeos-bluetooth-upstreaming,
apusaka
In-Reply-To: <20260522111540.581113-1-apusaka@google.com>
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Fri, 22 May 2026 19:15:12 +0800 you wrote:
> From: Archie Pusaka <apusaka@chromium.org>
>
> > HCI Event: Encryption Change v2 (0x59) plen 5
> Status: Success (0x00)
> Handle: 256 (BR-ACL) Address: 00:11:22:34:56:78
> Encryption: Enabled with E0 (0x01)
> Key size: 16
>
> [...]
Here is the summary with links:
- [BlueZ] monitor: Add support for HCI Event Encryption Change v2
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=b493164ffbff
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* Re: [PATCH BlueZ v1] test-mesh-crypto: Don't attempt to run test if AF_ALG is not available
From: patchwork-bot+bluetooth @ 2026-05-26 15:40 UTC (permalink / raw)
To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
In-Reply-To: <20260522164912.3253018-1-luiz.dentz@gmail.com>
Hello:
This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Fri, 22 May 2026 12:49:12 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> This make use of mesh_crypto_check_avail to check if AF_ALG is available
> and if not just bail out which is similar to how test-crypto handles
> when bt_crypto_new returns NULL.
> ---
> unit/test-mesh-crypto.c | 3 +++
> 1 file changed, 3 insertions(+)
Here is the summary with links:
- [BlueZ,v1] test-mesh-crypto: Don't attempt to run test if AF_ALG is not available
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=b8d42b282b3c
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* [PATCH v4] Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp
From: Luiz Augusto von Dentz @ 2026-05-26 15:26 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
If dcid is received for an already-assigned destination CID the spec
requires that both channels to be discarded, but calling l2cap_chan_del
may invalidate the tmp cursor created by list_for_each_entry_safe and
in fact it is the wrong procedure as the chan->dcid may be assigned
previously it really needs to be disconnected.
Calling l2cap_chan_clone directly may still lead to l2cap_chan_del so
instead schedule l2cap_chan_timeout with delay 0 to close the channel
asynchronously.
Fixes: 15f02b910562 ("Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
net/bluetooth/l2cap_core.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 5668c92b3f58..74a82a547cca 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -5262,6 +5262,7 @@ static inline int l2cap_ecred_conn_rsp(struct l2cap_conn *conn,
cmd_len -= sizeof(*rsp);
list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
+ struct l2cap_chan *orig;
u16 dcid;
if (chan->ident != cmd->ident ||
@@ -5283,8 +5284,10 @@ static inline int l2cap_ecred_conn_rsp(struct l2cap_conn *conn,
BT_DBG("dcid[%d] 0x%4.4x", i, dcid);
+ orig = __l2cap_get_chan_by_dcid(conn, dcid);
+
/* Check if dcid is already in use */
- if (dcid && __l2cap_get_chan_by_dcid(conn, dcid)) {
+ if (dcid && orig) {
/* If a device receives a
* L2CAP_CREDIT_BASED_CONNECTION_RSP packet with an
* already-assigned Destination CID, then both the
@@ -5293,10 +5296,24 @@ static inline int l2cap_ecred_conn_rsp(struct l2cap_conn *conn,
*/
l2cap_chan_del(chan, ECONNREFUSED);
l2cap_chan_unlock(chan);
- chan = __l2cap_get_chan_by_dcid(conn, dcid);
- l2cap_chan_lock(chan);
- l2cap_chan_del(chan, ECONNRESET);
- l2cap_chan_unlock(chan);
+
+ /* Check that the dcid channel mode is
+ * L2CAP_MODE_EXT_FLOWCTL since this procedure is only
+ * valid for that mode and shouldn't disconnect a dcid
+ * in other modes.
+ */
+ if (orig->mode == L2CAP_MODE_EXT_FLOWCTL) {
+ l2cap_chan_lock(orig);
+ /* Disconnect the original channel as it may be
+ * considered connected since dcid has already
+ * been assigned; don't call l2cap_chan_close
+ * directly since that could lead to
+ * l2cap_chan_del and then removing the channel
+ * from the list while we're iterating over it.
+ */
+ __set_chan_timer(orig, 0);
+ l2cap_chan_unlock(orig);
+ }
continue;
}
--
2.53.0
^ permalink raw reply related
* RE: Bluetooth: hci_core: Refactor HCI reset functions
From: bluez.test.bot @ 2026-05-26 14:57 UTC (permalink / raw)
To: linux-bluetooth, halves
In-Reply-To: <20260526-hci_send-v2-1-596977a9a814@igalia.com>
[-- Attachment #1: Type: text/plain, Size: 2489 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1100995
---Test result---
Test Summary:
CheckPatch PASS 1.61 seconds
VerifyFixes PASS 0.07 seconds
VerifySignedoff PASS 0.08 seconds
GitLint FAIL 0.65 seconds
SubjectPrefix PASS 0.20 seconds
BuildKernel PASS 27.79 seconds
CheckAllWarning PASS 30.33 seconds
CheckSparse PASS 29.14 seconds
BuildKernel32 PASS 26.84 seconds
TestRunnerSetup PASS 583.48 seconds
TestRunner_l2cap-tester PASS 59.20 seconds
TestRunner_iso-tester PASS 81.41 seconds
TestRunner_bnep-tester PASS 24.55 seconds
TestRunner_mgmt-tester FAIL 215.80 seconds
TestRunner_rfcomm-tester PASS 26.17 seconds
TestRunner_sco-tester PASS 33.02 seconds
TestRunner_ioctl-tester PASS 26.08 seconds
TestRunner_mesh-tester FAIL 25.85 seconds
TestRunner_smp-tester PASS 23.24 seconds
TestRunner_userchan-tester PASS 20.11 seconds
TestRunner_6lowpan-tester PASS 22.78 seconds
IncrementalBuild PASS 30.90 seconds
Details
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[v2,1/3] Bluetooth: hci_core: Rework hci_dev_do_reset() to use hci_sync functions
1: T1 Title exceeds max length (81>80): "[v2,1/3] Bluetooth: hci_core: Rework hci_dev_do_reset() to use hci_sync functions"
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4
Failed Test Cases
Read Exp Feature - Success Failed 0.256 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0
Failed Test Cases
Mesh - Send cancel - 1 Timed out 2.635 seconds
Mesh - Send cancel - 2 Timed out 1.989 seconds
https://github.com/bluez/bluetooth-next/pull/244
---
Regards,
Linux Bluetooth
^ permalink raw reply
* RE: [bluetooth-next] Bluetooth: L2CAP: fix list corruption in l2cap_ecred_conn_rsp
From: bluez.test.bot @ 2026-05-26 14:48 UTC (permalink / raw)
To: linux-bluetooth, kipreyyy
In-Reply-To: <20260526103441.73180-1-kipreyyy@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2115 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1100866
---Test result---
Test Summary:
CheckPatch FAIL 0.75 seconds
VerifyFixes PASS 0.14 seconds
VerifySignedoff PASS 0.14 seconds
GitLint PASS 0.34 seconds
SubjectPrefix PASS 0.13 seconds
BuildKernel PASS 27.86 seconds
CheckAllWarning PASS 30.00 seconds
CheckSparse PASS 29.08 seconds
BuildKernel32 PASS 26.70 seconds
TestRunnerSetup PASS 591.10 seconds
TestRunner_l2cap-tester FAIL 61.70 seconds
IncrementalBuild PASS 25.95 seconds
Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[bluetooth-next] Bluetooth: L2CAP: fix list corruption in l2cap_ecred_conn_rsp
WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?)
#103:
KASAN: wild-memory-access in range [0xdead000000000100-0xdead000000000107]
total: 0 errors, 1 warnings, 0 checks, 16 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/patch/14594665.patch has style problems, please review.
NOTE: Ignored message types: UNKNOWN_COMMIT_ID
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
##############################
Test: TestRunner_l2cap-tester - FAIL
Desc: Run l2cap-tester with test-runner
Output:
Total: 96, Passed: 95 (99.0%), Failed: 1, Not Run: 0
Failed Test Cases
L2CAP BR/EDR Server - Set PHY 3M Failed 0.277 seconds
https://github.com/bluez/bluetooth-next/pull/242
---
Regards,
Linux Bluetooth
^ permalink raw reply
* RE: Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success
From: bluez.test.bot @ 2026-05-26 14:46 UTC (permalink / raw)
To: linux-bluetooth, kipreyyy
In-Reply-To: <20260526105152.78178-1-kipreyyy@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1042 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1100882
---Test result---
Test Summary:
CheckPatch PASS 0.77 seconds
VerifyFixes PASS 0.14 seconds
VerifySignedoff PASS 0.14 seconds
GitLint PASS 0.34 seconds
SubjectPrefix PASS 0.15 seconds
BuildKernel PASS 24.89 seconds
CheckAllWarning PASS 27.98 seconds
CheckSparse PASS 26.57 seconds
BuildKernel32 PASS 24.68 seconds
TestRunnerSetup PASS 524.16 seconds
TestRunner_l2cap-tester PASS 59.46 seconds
IncrementalBuild PASS 23.70 seconds
https://github.com/bluez/bluetooth-next/pull/243
---
Regards,
Linux Bluetooth
^ permalink raw reply
* Re: [PATCH BlueZ 1/1] adapter: Add configurable default LE PHYs
From: Luiz Augusto von Dentz @ 2026-05-26 14:27 UTC (permalink / raw)
To: Tarjei Bitustøyl; +Cc: linux-bluetooth
In-Reply-To: <20260524221421.258593-2-tarjeib@gmail.com>
Hi Tarjei,
On Sun, May 24, 2026 at 6:14 PM Tarjei Bitustøyl <tarjeib@gmail.com> wrote:
>
> Some controllers mis-handle LE procedures on specific PHYs with
> certain peers. On an Intel AX210-class controller, connecting to a
> Frostbay BLE device can fail during early ATT/GATT setup unless the
> adapter is limited to LE 1M TX/RX.
Perhaps there should be a GitHub issue explaining exactly what the
problem is with btmon logs, etc, Then we can evaluate if this needs a
workaround like this or if we should detect that certain PHYs should
not be used.
> Add an opt-in [LE] DefaultPHYs setting to bluetoothd and apply it at
> adapter startup using MGMT_OP_GET/SET_PHY_CONFIGURATION while
> preserving non-configurable PHY bits.
>
> This provides a generic, adapter-wide workaround for controller-
> specific LE PHY interoperability problems affecting scanning and
> connection establishment, without adding device-specific quirks.
Well it is not really controller specific though, since it applies to
any controller on the system. Also, I believe this could be a device
specific problem so you might be taking away 2M support entirely when
it could actually be supported with another device.
> ---
> src/adapter.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++
> src/btd.h | 2 ++
> src/main.c | 61 +++++++++++++++++++++++++++++++++++++++++
> src/main.conf | 8 ++++++
> 4 files changed, 147 insertions(+)
>
> diff --git a/src/adapter.c b/src/adapter.c
> index 20f7c3e03..fcbb65e38 100644
> --- a/src/adapter.c
> +++ b/src/adapter.c
> @@ -4972,6 +4972,81 @@ done:
> mgmt_tlv_list_free(list);
> }
>
> +static void set_default_le_phys_complete(uint8_t status, uint16_t length,
> + const void *param, void *user_data)
> +{
> + struct btd_adapter *adapter = user_data;
> +
> + if (status != MGMT_STATUS_SUCCESS)
> + btd_error(adapter->dev_id,
> + "Failed to set default LE PHYs for hci%u: %s (0x%02x)",
> + adapter->dev_id, mgmt_errstr(status), status);
> +}
> +
> +static void get_default_le_phys_complete(uint8_t status, uint16_t length,
> + const void *param, void *user_data)
> +{
> + struct btd_adapter *adapter = user_data;
> + const struct mgmt_rp_get_phy_confguration *rp = param;
> + struct mgmt_cp_set_phy_confguration cp;
> + uint32_t configurable_phys;
> + uint32_t selected_phys;
> + uint32_t next_phys;
> +
> + if (status != MGMT_STATUS_SUCCESS) {
> + btd_error(adapter->dev_id,
> + "Failed to read PHY configuration for hci%u: %s (0x%02x)",
> + adapter->dev_id, mgmt_errstr(status), status);
> + return;
> + }
> +
> + if (length < sizeof(*rp)) {
> + btd_error(adapter->dev_id,
> + "Too small get PHY configuration response for hci%u",
> + adapter->dev_id);
> + return;
> + }
> +
> + configurable_phys = btohl(rp->configurable_phys);
> + selected_phys = btohl(rp->selected_phys);
> +
> + configurable_phys &= MGMT_PHY_LE_TX_MASK | MGMT_PHY_LE_RX_MASK;
> + next_phys = selected_phys & ~configurable_phys;
> + next_phys |= btd_opts.default_le_phys & configurable_phys;
> +
> + if (next_phys == selected_phys)
> + return;
> +
> + cp.selected_phys = cpu_to_le32(next_phys);
> +
> + if (mgmt_send(adapter->mgmt, MGMT_OP_SET_PHY_CONFIGURATION,
> + adapter->dev_id, sizeof(cp), &cp,
> + set_default_le_phys_complete, adapter, NULL) > 0)
> + return;
> +
> + btd_error(adapter->dev_id,
> + "Failed to set default LE PHYs for hci%u",
> + adapter->dev_id);
> +}
> +
> +static void load_default_le_phys(struct btd_adapter *adapter)
> +{
> + if (!btd_opts.default_le_phys_configured)
> + return;
> +
> + if (!(adapter->supported_settings & MGMT_SETTING_LE))
> + return;
> +
> + if (mgmt_send(adapter->mgmt, MGMT_OP_GET_PHY_CONFIGURATION,
> + adapter->dev_id, 0, NULL,
> + get_default_le_phys_complete, adapter, NULL) > 0)
> + return;
> +
> + btd_error(adapter->dev_id,
> + "Failed to read PHY configuration for hci%u",
> + adapter->dev_id);
> +}
> +
> static void load_devices(struct btd_adapter *adapter)
> {
> char dirname[PATH_MAX];
> @@ -9455,6 +9530,7 @@ load:
> btd_profile_foreach(probe_profile, adapter);
> clear_blocked(adapter);
> load_defaults(adapter);
> + load_default_le_phys(adapter);
> load_devices(adapter);
>
> /* restore Service Changed CCC value for bonded devices */
> diff --git a/src/btd.h b/src/btd.h
> index db2e81239..59f44dc8c 100644
> --- a/src/btd.h
> +++ b/src/btd.h
> @@ -140,6 +140,8 @@ struct btd_opts {
> bool device_privacy;
> uint32_t name_request_retry_delay;
> uint8_t secure_conn;
> + uint32_t default_le_phys;
> + bool default_le_phys_configured;
>
> struct btd_defaults defaults;
>
> diff --git a/src/main.c b/src/main.c
> index 8aa19a3e3..97c64845b 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -32,6 +32,7 @@
> #include <dbus/dbus.h>
>
> #include "bluetooth/bluetooth.h"
> +#include "bluetooth/mgmt.h"
> #include "bluetooth/sdp.h"
>
> #include "gdbus/gdbus.h"
> @@ -132,6 +133,7 @@ static const char *le_options[] = {
> "Autoconnecttimeout",
> "AdvMonAllowlistScanDuration",
> "AdvMonNoFilterScanDuration",
> + "DefaultPHYs",
> "EnableAdvMonInterleaveScan",
> NULL
> };
> @@ -145,6 +147,8 @@ static const char *policy_options[] = {
> NULL
> };
>
> +static void parse_default_le_phys(GKeyFile *config);
> +
> static const char *gatt_options[] = {
> "Cache",
> "KeySize",
> @@ -751,6 +755,7 @@ static void parse_le_config(GKeyFile *config)
> return;
>
> parse_mode_config(config, "LE", params, ARRAY_SIZE(params));
> + parse_default_le_phys(config);
> }
>
> static bool match_experimental(const void *data, const void *match_data)
> @@ -966,6 +971,62 @@ static void parse_repairing(GKeyFile *config)
> g_free(str);
> }
>
> +struct phy_config_entry {
> + const char *name;
> + uint32_t bit;
> +};
> +
> +static const struct phy_config_entry le_phy_configs[] = {
> + { "LE1MTX", MGMT_PHY_LE_1M_TX },
> + { "LE1MRX", MGMT_PHY_LE_1M_RX },
> + { "LE2MTX", MGMT_PHY_LE_2M_TX },
> + { "LE2MRX", MGMT_PHY_LE_2M_RX },
> + { "LECODEDTX", MGMT_PHY_LE_CODED_TX },
> + { "LECODEDRX", MGMT_PHY_LE_CODED_RX },
> +};
> +
> +static void parse_default_le_phys(GKeyFile *config)
> +{
> + char *str = NULL;
> + char **tokens;
> + uint32_t phys = 0;
> + bool valid = false;
> + int i;
> +
> + if (!parse_config_string(config, "LE", "DefaultPHYs", &str))
> + return;
> +
> + tokens = g_strsplit_set(str, ", \t", -1);
> +
> + for (i = 0; tokens[i]; i++) {
> + const char *token = tokens[i];
> + size_t j;
> +
> + if (!token[0])
> + continue;
> +
> + for (j = 0; j < ARRAY_SIZE(le_phy_configs); j++) {
> + if (strcasecmp(le_phy_configs[j].name, token) != 0)
> + continue;
> +
> + phys |= le_phy_configs[j].bit;
> + valid = true;
> + break;
> + }
> +
> + if (j == ARRAY_SIZE(le_phy_configs))
> + warn("Invalid DefaultPHYs token: %s", token);
> + }
> +
> + if (valid) {
> + btd_opts.default_le_phys = phys;
> + btd_opts.default_le_phys_configured = true;
> + }
> +
> + g_strfreev(tokens);
> + g_free(str);
> +}
> +
> static bool parse_config_hex(GKeyFile *config, char *group,
> const char *key, uint32_t *val)
> {
> diff --git a/src/main.conf b/src/main.conf
> index 5846ef92d..ed955897e 100644
> --- a/src/main.conf
> +++ b/src/main.conf
> @@ -247,6 +247,14 @@
> # Default: 500
> #AdvMonNoFilterScanDuration=
>
> +# Configure the controller's default LE PHY policy used for scanning and
> +# connection establishment. Only configurable LE PHYs are changed; mandatory
> +# PHYs remain selected automatically.
> +# Possible values: comma or space separated list of LE1MTX, LE1MRX, LE2MTX,
> +# LE2MRX, LECODEDTX, LECODEDRX.
> +# Example: keep LE on 1M only.
> +#DefaultPHYs = LE1MTX LE1MRX
> +
> # Enable/Disable Advertisement Monitor interleave scan for power saving.
> # 0: disable
> # 1: enable
> --
> 2.43.0
>
>
--
Luiz Augusto von Dentz
^ permalink raw reply
* [PATCH v2 3/3] Bluetooth: hci_sync: Reset device counters in hci_dev_close_sync()
From: Heitor Alves de Siqueira @ 2026-05-26 13:50 UTC (permalink / raw)
To: Marcel Holtmann, Luiz Augusto von Dentz, Gustavo Padovan,
Schspa Shi
Cc: linux-bluetooth, linux-kernel, kernel-dev,
Heitor Alves de Siqueira, Luiz Augusto von Dentz
In-Reply-To: <20260526-hci_send-v2-0-596977a9a814@igalia.com>
Before resetting or closing the device, protocol counters should also be
zeroed.
Fixes: d0b137062b2d ("Bluetooth: hci_sync: Rework init stages")
Signed-off-by: Heitor Alves de Siqueira <halves@igalia.com>
---
net/bluetooth/hci_sync.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 84d8f457c799..c11d5a1f2dba 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5390,6 +5390,10 @@ int hci_dev_close_sync(struct hci_dev *hdev)
/* Reset device */
skb_queue_purge(&hdev->cmd_q);
atomic_set(&hdev->cmd_cnt, 1);
+ hdev->acl_cnt = 0;
+ hdev->sco_cnt = 0;
+ hdev->le_cnt = 0;
+ hdev->iso_cnt = 0;
if (hci_test_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE) &&
!auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
set_bit(HCI_INIT, &hdev->flags);
--
2.54.0
^ permalink raw reply related
* [PATCH v2 2/3] Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close
From: Heitor Alves de Siqueira @ 2026-05-26 13:50 UTC (permalink / raw)
To: Marcel Holtmann, Luiz Augusto von Dentz, Gustavo Padovan,
Schspa Shi
Cc: linux-bluetooth, linux-kernel, kernel-dev,
Heitor Alves de Siqueira, Luiz Augusto von Dentz
In-Reply-To: <20260526-hci_send-v2-0-596977a9a814@igalia.com>
Since hci_dev_close_sync() can now be called during the reset path, we
should also set HCI_CMD_DRAIN_WORKQUEUE. This avoids queuing timeouts
while the hdev workqueue is being drained.
Fixes: 877afadad2dc ("Bluetooth: When HCI work queue is drained, only queue chained work")
Signed-off-by: Heitor Alves de Siqueira <halves@igalia.com>
---
net/bluetooth/hci_sync.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index fd3aacdea512..84d8f457c799 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5298,6 +5298,12 @@ int hci_dev_close_sync(struct hci_dev *hdev)
bt_dev_dbg(hdev, "");
+ /* Set HCI_DRAIN_WORKQUEUE flag to prevent queuing work during
+ * reset/close. See hci_cmd_work() and handle_cmd_cnt_and_timer().
+ */
+ hci_dev_set_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
+ synchronize_rcu();
+
if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
disable_delayed_work(&hdev->power_off);
disable_delayed_work(&hdev->ncmd_timer);
@@ -5321,6 +5327,7 @@ int hci_dev_close_sync(struct hci_dev *hdev)
if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
cancel_delayed_work_sync(&hdev->cmd_timer);
+ hci_dev_clear_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
return err;
}
@@ -5420,6 +5427,7 @@ int hci_dev_close_sync(struct hci_dev *hdev)
/* Clear flags */
hdev->flags &= BIT(HCI_RAW);
hci_dev_clear_volatile_flags(hdev);
+ hci_dev_clear_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
memset(hdev->eir, 0, sizeof(hdev->eir));
memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
--
2.54.0
^ permalink raw reply related
* [PATCH v2 1/3] Bluetooth: hci_core: Rework hci_dev_do_reset() to use hci_sync functions
From: Heitor Alves de Siqueira @ 2026-05-26 13:50 UTC (permalink / raw)
To: Marcel Holtmann, Luiz Augusto von Dentz, Gustavo Padovan,
Schspa Shi
Cc: linux-bluetooth, linux-kernel, kernel-dev,
Heitor Alves de Siqueira, Luiz Augusto von Dentz
In-Reply-To: <20260526-hci_send-v2-0-596977a9a814@igalia.com>
The current HCI reset function in hci_core.c duplicates most of the work
done by hci_dev_close_sync(), and doesn't handle LE, advertising or
discovery.
Instead of porting these to hci_dev_do_reset(), directly call the
close/open functions from hci_sync to reset the hdev. MGMT now notifies
when a user performs a reset.
Suggested-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Heitor Alves de Siqueira <halves@igalia.com>
---
net/bluetooth/hci_core.c | 43 +++----------------------------------------
1 file changed, 3 insertions(+), 40 deletions(-)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index c46c1236ebfa..28d7929dc593 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -539,46 +539,9 @@ static int hci_dev_do_reset(struct hci_dev *hdev)
hci_req_sync_lock(hdev);
- /* Drop queues */
- skb_queue_purge(&hdev->rx_q);
- skb_queue_purge(&hdev->cmd_q);
-
- /* Cancel these to avoid queueing non-chained pending work */
- hci_dev_set_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
- /* Wait for
- *
- * if (!hci_dev_test_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE))
- * queue_delayed_work(&hdev->{cmd,ncmd}_timer)
- *
- * inside RCU section to see the flag or complete scheduling.
- */
- synchronize_rcu();
- /* Explicitly cancel works in case scheduled after setting the flag. */
- cancel_delayed_work(&hdev->cmd_timer);
- cancel_delayed_work(&hdev->ncmd_timer);
-
- /* Avoid potential lockdep warnings from the *_flush() calls by
- * ensuring the workqueue is empty up front.
- */
- drain_workqueue(hdev->workqueue);
-
- hci_dev_lock(hdev);
- hci_inquiry_cache_flush(hdev);
- hci_conn_hash_flush(hdev);
- hci_dev_unlock(hdev);
-
- if (hdev->flush)
- hdev->flush(hdev);
-
- hci_dev_clear_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
-
- atomic_set(&hdev->cmd_cnt, 1);
- hdev->acl_cnt = 0;
- hdev->sco_cnt = 0;
- hdev->le_cnt = 0;
- hdev->iso_cnt = 0;
-
- ret = hci_reset_sync(hdev);
+ ret = hci_dev_close_sync(hdev);
+ if (!ret)
+ ret = hci_dev_open_sync(hdev);
hci_req_sync_unlock(hdev);
return ret;
--
2.54.0
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox