Linux bluetooth development
 help / color / mirror / Atom feed
* RE: [v1] Bluetooth: hci_sync: Add support for HCI_LE_Set_Host_Feature [v2]
From: bluez.test.bot @ 2026-05-26 18:15 UTC (permalink / raw)
  To: linux-bluetooth, luiz.dentz
In-Reply-To: <20260526170341.3529825-1-luiz.dentz@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2204 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1101148

---Test result---

Test Summary:
CheckPatch                    PASS      0.99 seconds
VerifyFixes                   PASS      0.13 seconds
VerifySignedoff               PASS      0.14 seconds
GitLint                       PASS      0.33 seconds
SubjectPrefix                 PASS      0.17 seconds
BuildKernel                   PASS      25.82 seconds
CheckAllWarning               PASS      28.25 seconds
CheckSparse                   PASS      27.01 seconds
BuildKernel32                 PASS      24.90 seconds
TestRunnerSetup               PASS      530.10 seconds
TestRunner_l2cap-tester       PASS      61.24 seconds
TestRunner_iso-tester         PASS      79.43 seconds
TestRunner_bnep-tester        PASS      19.32 seconds
TestRunner_mgmt-tester        FAIL      211.47 seconds
TestRunner_rfcomm-tester      PASS      25.26 seconds
TestRunner_sco-tester         PASS      32.76 seconds
TestRunner_ioctl-tester       PASS      26.30 seconds
TestRunner_mesh-tester        FAIL      26.01 seconds
TestRunner_smp-tester         PASS      23.28 seconds
TestRunner_userchan-tester    PASS      20.37 seconds
TestRunner_6lowpan-tester     PASS      23.07 seconds
IncrementalBuild              PASS      24.29 seconds

Details
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4

Failed Test Cases
Read Exp Feature - Success                           Failed       0.281 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    2.204 seconds
Mesh - Send cancel - 2                               Timed out    1.990 seconds


https://github.com/bluez/bluetooth-next/pull/246

---
Regards,
Linux Bluetooth


^ permalink raw reply

* RE: [v4] Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp
From: bluez.test.bot @ 2026-05-26 18:07 UTC (permalink / raw)
  To: linux-bluetooth, luiz.dentz
In-Reply-To: <20260526152650.3487624-1-luiz.dentz@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1042 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1101090

---Test result---

Test Summary:
CheckPatch                    PASS      0.77 seconds
VerifyFixes                   PASS      0.14 seconds
VerifySignedoff               PASS      0.14 seconds
GitLint                       PASS      0.34 seconds
SubjectPrefix                 PASS      0.13 seconds
BuildKernel                   PASS      25.16 seconds
CheckAllWarning               PASS      27.60 seconds
CheckSparse                   PASS      26.45 seconds
BuildKernel32                 PASS      24.58 seconds
TestRunnerSetup               PASS      523.22 seconds
TestRunner_l2cap-tester       PASS      58.41 seconds
IncrementalBuild              PASS      24.30 seconds



https://github.com/bluez/bluetooth-next/pull/245

---
Regards,
Linux Bluetooth


^ permalink raw reply

* Re: [PATCH bluetooth] Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
  To: Zhenghang Xiao; +Cc: marcel, luiz.dentz, linux-bluetooth
In-Reply-To: <20260526105152.78178-1-kipreyyy@gmail.com>

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Tue, 26 May 2026 18:51:52 +0800 you wrote:
> l2cap_ecred_reconf_rsp() returns early on success without clearing
> chan->ident. Every other L2CAP response handler (l2cap_ecred_conn_rsp,
> l2cap_le_connect_rsp, l2cap_config_rsp) clears chan->ident after a
> successful transaction to prevent the channel from matching subsequent
> responses with the recycled ident value.
> 
> A remote attacker that completed a reconfiguration as the peer can
> replay a failure response with the stale ident, causing the kernel to
> match and destroy the already-established channel via
> l2cap_chan_del(chan, ECONNRESET).
> 
> [...]

Here is the summary with links:
  - Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success
    https://git.kernel.org/bluetooth/bluetooth-next/c/3149687089e0

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply

* Re: [PATCH] Bluetooth: btusb: Add USB ID 2c4e:0128 for Mercusys MA60XNB
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
  To: Zenm Chen
  Cc: marcel, luiz.dentz, linux-bluetooth, linux-kernel, pkshih,
	max.chou, hildawu, rtl8821cerfe2, guillem, stable
In-Reply-To: <20260525161942.5206-1-zenmchen@gmail.com>

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Tue, 26 May 2026 00:19:42 +0800 you wrote:
> Add USB ID 2c4e:0128 for Mercusys MA60XNB, an RTL8851BU-based
> Wi-Fi + Bluetooth adapter.
> 
> The information in /sys/kernel/debug/usb/devices about the Bluetooth
> device is listed as the below:
> 
> T:  Bus=03 Lev=01 Prnt=01 Port=04 Cnt=01 Dev#=  3 Spd=480  MxCh= 0
> D:  Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
> P:  Vendor=2c4e ProdID=0128 Rev= 0.00
> S:  Manufacturer=Realtek
> S:  Product=802.11ax WLAN Adapter
> S:  SerialNumber=00e04c000001
> C:* #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=500mA
> A:  FirstIf#= 0 IfCount= 2 Cls=e0(wlcon) Sub=01 Prot=01
> I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E:  Ad=81(I) Atr=03(Int.) MxPS=  16 Ivl=1ms
> E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E:  Ad=03(O) Atr=01(Isoc) MxPS=   0 Ivl=1ms
> E:  Ad=83(I) Atr=01(Isoc) MxPS=   0 Ivl=1ms
> I:  If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E:  Ad=03(O) Atr=01(Isoc) MxPS=   9 Ivl=1ms
> E:  Ad=83(I) Atr=01(Isoc) MxPS=   9 Ivl=1ms
> I:  If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E:  Ad=03(O) Atr=01(Isoc) MxPS=  17 Ivl=1ms
> E:  Ad=83(I) Atr=01(Isoc) MxPS=  17 Ivl=1ms
> I:  If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E:  Ad=03(O) Atr=01(Isoc) MxPS=  25 Ivl=1ms
> E:  Ad=83(I) Atr=01(Isoc) MxPS=  25 Ivl=1ms
> I:  If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E:  Ad=03(O) Atr=01(Isoc) MxPS=  33 Ivl=1ms
> E:  Ad=83(I) Atr=01(Isoc) MxPS=  33 Ivl=1ms
> I:  If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E:  Ad=03(O) Atr=01(Isoc) MxPS=  49 Ivl=1ms
> E:  Ad=83(I) Atr=01(Isoc) MxPS=  49 Ivl=1ms
> I:  If#= 1 Alt= 6 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
> E:  Ad=03(O) Atr=01(Isoc) MxPS=  63 Ivl=1ms
> E:  Ad=83(I) Atr=01(Isoc) MxPS=  63 Ivl=1ms
> I:* If#= 2 Alt= 0 #EPs= 8 Cls=ff(vend.) Sub=ff Prot=ff Driver=rtw89_8851bu
> E:  Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E:  Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E:  Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E:  Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E:  Ad=09(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E:  Ad=0a(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E:  Ad=0b(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> E:  Ad=0c(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
> 
> [...]

Here is the summary with links:
  - Bluetooth: btusb: Add USB ID 2c4e:0128 for Mercusys MA60XNB
    https://git.kernel.org/bluetooth/bluetooth-next/c/29289e705913

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply

* Re: [PATCH v4] Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
  To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
In-Reply-To: <20260526152650.3487624-1-luiz.dentz@gmail.com>

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Tue, 26 May 2026 11:26:50 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> If dcid is received for an already-assigned destination CID the spec
> requires that both channels to be discarded, but calling l2cap_chan_del
> may invalidate the tmp cursor created by list_for_each_entry_safe and
> in fact it is the wrong procedure as the chan->dcid may be assigned
> previously it really needs to be disconnected.
> 
> [...]

Here is the summary with links:
  - [v4] Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp
    https://git.kernel.org/bluetooth/bluetooth-next/c/0a39e3eccf85

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply

* Re: [PATCH v1] Bluetooth: hci_sync: Add support for HCI_LE_Set_Host_Feature [v2]
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
  To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
In-Reply-To: <20260526170341.3529825-1-luiz.dentz@gmail.com>

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Tue, 26 May 2026 13:03:41 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> This adds support for using HCI_LE_Set_Host_Feature [v2] instead of v1
> if LL Extented Features is supported and the controller supports the
> command.
> 
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> [...]

Here is the summary with links:
  - [v1] Bluetooth: hci_sync: Add support for HCI_LE_Set_Host_Feature [v2]
    https://git.kernel.org/bluetooth/bluetooth-next/c/ec9b9c3b31f3

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply

* Re: [PATCH v2] Bluetooth: hci_qca: Use 100 ms SSR delay for rampatch and NVM loading
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
  To: Shuai Zhang
  Cc: brgl, marcel, luiz.dentz, linux-arm-msm, linux-bluetooth,
	linux-kernel, cheng.jiang, quic_chezhou, wei.deng, jinwang.li,
	mengshi.wu, stable, dmitry.baryshkov
In-Reply-To: <20260525065156.2213123-1-shuai.zhang@oss.qualcomm.com>

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Mon, 25 May 2026 14:51:56 +0800 you wrote:
> When bt_en is pulled high by hardware, the host does not re-download
> the firmware after SSR. The controller loads the rampatch and NVM
> internally.
> 
> On HMT chip, the rampatch is ~264 KB and the NVM is ~9.4 KB. The
> loading process takes approximately 70 ms. The previous 50 ms delay is
> too short, causing the controller to not respond to the reset command
> sent by the host, which leads to BT initialization failure:
> 
> [...]

Here is the summary with links:
  - [v2] Bluetooth: hci_qca: Use 100 ms SSR delay for rampatch and NVM loading
    https://git.kernel.org/bluetooth/bluetooth-next/c/b74b39bc6d9d

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply

* Re: [PATCH] Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt()
From: patchwork-bot+bluetooth @ 2026-05-26 17:50 UTC (permalink / raw)
  To: Zhao Dongdong; +Cc: marcel, luiz.dentz, linux-bluetooth, zhaodongdong
In-Reply-To: <tencent_859B04510A77948C6A97FF769CBB9262A007@qq.com>

Hello:

This patch was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Tue, 26 May 2026 11:21:39 +0800 you wrote:
> From: Zhao Dongdong <zhaodongdong@kylinos.cn>
> 
> The skb_clone() function can return NULL if memory allocation fails.
> send_mcast_pkt() calls skb_clone() without checking the return value, which
> can lead to a NULL pointer dereference in send_pkt() when it dereferences
> skb->data.
> Add a NULL check after skb_clone() and skip the peer if the clone fails.
> 
> [...]

Here is the summary with links:
  - Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt()
    https://git.kernel.org/bluetooth/bluetooth-next/c/ba550f4bd304

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply

* [bluez/bluez]
From: BluezTestBot @ 2026-05-26 17:40 UTC (permalink / raw)
  To: linux-bluetooth

  Branch: refs/heads/1099306
  Home:   https://github.com/bluez/bluez

To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications

^ permalink raw reply

* [bluez/bluez]
From: BluezTestBot @ 2026-05-26 17:40 UTC (permalink / raw)
  To: linux-bluetooth

  Branch: refs/heads/1099512
  Home:   https://github.com/bluez/bluez

To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications

^ permalink raw reply

* [bluez/bluez] 633d91: emulator/btdev: Add LE Set Host Feature V2 command...
From: Luiz Augusto von Dentz @ 2026-05-26 17:40 UTC (permalink / raw)
  To: linux-bluetooth

  Branch: refs/heads/1101147
  Home:   https://github.com/bluez/bluez
  Commit: 633d913df34b169a102b873ae55495852947361e
      https://github.com/bluez/bluez/commit/633d913df34b169a102b873ae55495852947361e
  Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
  Date:   2026-05-26 (Tue, 26 May 2026)

  Changed paths:
    M emulator/btdev.c

  Log Message:
  -----------
  emulator/btdev: Add LE Set Host Feature V2 command emulation

Add emulation for LE Set Host Feature V2 (0x2097) command which
uses a 16-bit bit_number field (vs 8-bit in v1) to allow setting
extended LE feature bits. The command bit is set at byte 47 bit 4
as defined in bt.h.

Assisted-by: OpenCode:claude-opus-4.6


  Commit: c81b48b8a7195b1cc00d1d562a4de2e294da240f
      https://github.com/bluez/bluez/commit/c81b48b8a7195b1cc00d1d562a4de2e294da240f
  Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
  Date:   2026-05-26 (Tue, 26 May 2026)

  Changed paths:
    M monitor/bt.h
    M monitor/packet.c

  Log Message:
  -----------
  monitor: Add decoding support for LE Set Host Feature V2

Add decoding support for LE Set Host Feature V2 (0x2097) command
which uses a 16-bit bit_number field to support extended LE feature
pages:

< HCI Command: LE Set Host F.. (0x08|0x0097) plen 3
        Bit Number: 32
        Features[0/0][8]:
        00 00 00 00 01 00 00 00                          ........
          Connected Isochronous Stream (Host Support)
        Bit Value: 1
> HCI Event: Command Complete (0x0e) plen 4
      LE Set Host Feature V2 (0x08|0x0097) ncmd 1
        Status: Success (0x00)

Assisted-by: OpenCode:claude-opus-4.6


Compare: https://github.com/bluez/bluez/compare/633d913df34b%5E...c81b48b8a719

To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications

^ permalink raw reply

* [bluez/bluez] b8d42b: test-mesh-crypto: Don't attempt to run test if AF_...
From: apusaka @ 2026-05-26 17:39 UTC (permalink / raw)
  To: linux-bluetooth

  Branch: refs/heads/master
  Home:   https://github.com/bluez/bluez
  Commit: b8d42b282b3c17f1f4838039fa23ba24f07db723
      https://github.com/bluez/bluez/commit/b8d42b282b3c17f1f4838039fa23ba24f07db723
  Author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
  Date:   2026-05-22 (Fri, 22 May 2026)

  Changed paths:
    M unit/test-mesh-crypto.c

  Log Message:
  -----------
  test-mesh-crypto: Don't attempt to run test if AF_ALG is not available

This make use of mesh_crypto_check_avail to check if AF_ALG is available
and if not just bail out which is similar to how test-crypto handles
when bt_crypto_new returns NULL.


  Commit: b493164ffbff277bdb540f6d779ba4b4645b3679
      https://github.com/bluez/bluez/commit/b493164ffbff277bdb540f6d779ba4b4645b3679
  Author: Archie Pusaka <apusaka@chromium.org>
  Date:   2026-05-26 (Tue, 26 May 2026)

  Changed paths:
    M monitor/bt.h
    M monitor/packet.c

  Log Message:
  -----------
  monitor: Add support for HCI Event Encryption Change v2

> HCI Event: Encryption Change v2 (0x59) plen 5
        Status: Success (0x00)
        Handle: 256 (BR-ACL) Address: 00:11:22:34:56:78
        Encryption: Enabled with E0 (0x01)
        Key size: 16


Compare: https://github.com/bluez/bluez/compare/f818e9d0c9df...b493164ffbff

To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications

^ permalink raw reply

* [PATCH v1] Bluetooth: hci_sync: Add support for HCI_LE_Set_Host_Feature [v2]
From: Luiz Augusto von Dentz @ 2026-05-26 17:03 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This adds support for using HCI_LE_Set_Host_Feature [v2] instead of v1
if LL Extented Features is supported and the controller supports the
command.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 include/net/bluetooth/hci.h |  6 ++++++
 net/bluetooth/hci_sync.c    | 21 ++++++++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 572b1c620c5d..26a84dbf548a 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -2486,6 +2486,12 @@ struct hci_rp_le_cs_test {
 
 #define HCI_OP_LE_CS_TEST_END			0x2096
 
+#define HCI_OP_LE_SET_HOST_FEATURE_V2		0x2097
+struct hci_cp_le_set_host_feature_v2 {
+	__u16	bit_number;
+	__u8	bit_value;
+} __packed;
+
 /* ---- HCI Events ---- */
 struct hci_ev_status {
 	__u8    status;
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index aff8562a8690..944bd29394c2 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -4583,11 +4583,30 @@ static int hci_set_le_support_sync(struct hci_dev *hdev)
 				     sizeof(cp), &cp, HCI_CMD_TIMEOUT);
 }
 
+/* LE Set Host Feature V2 */
+static int hci_le_set_host_feature_v2_sync(struct hci_dev *hdev, u16 bit,
+					   u8 value)
+{
+	struct hci_cp_le_set_host_feature_v2 cp;
+
+	memset(&cp, 0, sizeof(cp));
+
+	/* Connected Isochronous Channels (Host Support) */
+	cp.bit_number = bit;
+	cp.bit_value = value;
+
+	return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_HOST_FEATURE_V2,
+				     sizeof(cp), &cp, HCI_CMD_TIMEOUT);
+}
+
 /* LE Set Host Feature */
-static int hci_le_set_host_feature_sync(struct hci_dev *hdev, u8 bit, u8 value)
+static int hci_le_set_host_feature_sync(struct hci_dev *hdev, u16 bit, u8 value)
 {
 	struct hci_cp_le_set_host_feature cp;
 
+	if (ll_ext_feature_capable(hdev) && hdev->commands[47] & BIT(4))
+		return hci_le_set_host_feature_v2_sync(hdev, bit, value);
+
 	memset(&cp, 0, sizeof(cp));
 
 	/* Connected Isochronous Channels (Host Support) */
-- 
2.53.0


^ permalink raw reply related

* [PATCH BlueZ v1 2/2] monitor: Add decoding support for LE Set Host Feature V2
From: Luiz Augusto von Dentz @ 2026-05-26 17:03 UTC (permalink / raw)
  To: linux-bluetooth
In-Reply-To: <20260526170309.3529062-1-luiz.dentz@gmail.com>

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Add decoding support for LE Set Host Feature V2 (0x2097) command
which uses a 16-bit bit_number field to support extended LE feature
pages:

< HCI Command: LE Set Host F.. (0x08|0x0097) plen 3
        Bit Number: 32
        Features[0/0][8]:
        00 00 00 00 01 00 00 00                          ........
          Connected Isochronous Stream (Host Support)
        Bit Value: 1
> HCI Event: Command Complete (0x0e) plen 4
      LE Set Host Feature V2 (0x08|0x0097) ncmd 1
        Status: Success (0x00)

Assisted-by: OpenCode:claude-opus-4.6
---
 monitor/bt.h     |  7 +++++++
 monitor/packet.c | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/monitor/bt.h b/monitor/bt.h
index a849c18a96b5..6efccb27e758 100644
--- a/monitor/bt.h
+++ b/monitor/bt.h
@@ -3186,6 +3186,13 @@ struct bt_hci_rsp_le_cs_test {
 #define BT_HCI_CMD_LE_CS_TEST_END		0x2096
 #define BT_HCI_BIT_LE_CS_TEST_END		BT_HCI_CMD_BIT(23, 4)
 
+#define BT_HCI_CMD_LE_SET_HOST_FEATURE_V2	0x2097
+#define BT_HCI_BIT_LE_SET_HOST_FEATURE_V2	BT_HCI_CMD_BIT(47, 4)
+struct bt_hci_cmd_le_set_host_feature_v2 {
+	uint16_t bit_number;
+	uint8_t  bit_value;
+} __attribute__ ((packed));
+
 #define BT_HCI_CMD_LE_FSU			0x209d
 #define BT_HCI_BIT_LE_FSU			BT_HCI_CMD_BIT(48, 1)
 struct bt_hci_cmd_le_fsu {
diff --git a/monitor/packet.c b/monitor/packet.c
index 41f0226c39f8..dcb067ce874f 100644
--- a/monitor/packet.c
+++ b/monitor/packet.c
@@ -9820,6 +9820,33 @@ static void le_cs_test_cmd(uint16_t index, const void *data, uint8_t size)
 		cmd->override_parameters_length);
 }
 
+static void le_set_host_feature_v2_cmd(uint16_t index, const void *data,
+							uint8_t size)
+{
+	const struct bt_hci_cmd_le_set_host_feature_v2 *cmd = data;
+	uint8_t page;
+	uint8_t features[24] = {};
+	uint16_t bit_number = le16_to_cpu(cmd->bit_number);
+
+	print_field("Bit Number: %u", bit_number);
+
+	if (bit_number < 64) {
+		features[bit_number / 8] |= (1 << (bit_number % 8));
+		print_features(0, features, 0x01);
+	} else {
+		uint16_t bit;
+
+		page = (bit_number - 64) / 24 + 1;
+		/* Adjust the bit number to be relative to the page */
+		bit = (bit_number - 64) % 24;
+		/* Set the bit in the features array */
+		features[bit / 8] |= (1 << ((bit % 8)));
+		print_features(page, features, 0x01);
+	}
+
+	print_field("Bit Value: %u", cmd->bit_value);
+}
+
 static void le_cs_test_rsp(uint16_t index, const void *data, uint8_t size)
 {
 	const struct bt_hci_rsp_le_cs_test *rsp = data;
@@ -11013,6 +11040,11 @@ static const struct opcode_data opcode_table[] = {
 				true},
 	{ BT_HCI_CMD_LE_CS_TEST_END, BT_HCI_BIT_LE_CS_TEST_END,
 				"LE CS Test End" },
+	{ BT_HCI_CMD_LE_SET_HOST_FEATURE_V2, BT_HCI_BIT_LE_SET_HOST_FEATURE_V2,
+			"LE Set Host Feature V2",
+			le_set_host_feature_v2_cmd,
+			sizeof(struct bt_hci_cmd_le_set_host_feature_v2),
+			true, status_rsp, 1, true },
 	{ BT_HCI_CMD_LE_FSU, BT_HCI_BIT_LE_FSU,
 				"LE Frame Space Update", le_fsu_cmd,
 				sizeof(struct bt_hci_cmd_le_fsu),
-- 
2.53.0


^ permalink raw reply related

* [PATCH BlueZ v1 1/2] emulator/btdev: Add LE Set Host Feature V2 command emulation
From: Luiz Augusto von Dentz @ 2026-05-26 17:03 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

Add emulation for LE Set Host Feature V2 (0x2097) command which
uses a 16-bit bit_number field (vs 8-bit in v1) to allow setting
extended LE feature bits. The command bit is set at byte 47 bit 4
as defined in bt.h.

Assisted-by: OpenCode:claude-opus-4.6
---
 emulator/btdev.c | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/emulator/btdev.c b/emulator/btdev.c
index ad2e025d1b45..3206caf5be86 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -7907,11 +7907,40 @@ static int cmd_le_read_all_remote_features(struct btdev *dev, const void *data,
 	return 0;
 }
 
+static int cmd_set_host_feature_v2(struct btdev *dev, const void *data,
+							uint8_t len)
+{
+	const struct bt_hci_cmd_le_set_host_feature_v2 *cmd = data;
+	uint8_t status = BT_HCI_ERR_SUCCESS;
+	uint16_t bit = le16_to_cpu(cmd->bit_number);
+	uint8_t page = bit / 8;
+	uint8_t mask = BIT(bit % 8);
+
+	/* Only allow setting host controlled features */
+	if (page >= sizeof(dev->le_features)) {
+		status = BT_HCI_ERR_INVALID_PARAMETERS;
+		goto done;
+	}
+
+	if (cmd->bit_value)
+		dev->le_features[page] |= mask;
+	else
+		dev->le_features[page] &= ~mask;
+
+done:
+	cmd_complete(dev, BT_HCI_CMD_LE_SET_HOST_FEATURE_V2, &status,
+							sizeof(status));
+
+	return 0;
+}
+
 #define CMD_LE_60 \
 	CMD(BT_HCI_CMD_LE_READ_ALL_LOCAL_FEATURES, \
 			cmd_le_read_all_local_features, NULL), \
 	CMD(BT_HCI_CMD_LE_READ_ALL_REMOTE_FEATURES, \
-			cmd_le_read_all_remote_features, NULL)
+			cmd_le_read_all_remote_features, NULL), \
+	CMD(BT_HCI_CMD_LE_SET_HOST_FEATURE_V2, \
+			cmd_set_host_feature_v2, NULL)
 
 static const struct btdev_cmd cmd_le_6_0[] = {
 	CMD_COMMON_ALL,
@@ -7930,6 +7959,7 @@ static void set_le_60_commands(struct btdev *btdev)
 {
 	btdev->commands[47] |= BIT(2);	/* LE Read All Local Features */
 	btdev->commands[47] |= BIT(3);	/* LE Read All Remote Features */
+	btdev->commands[47] |= BIT(4);	/* LE Set Host Feature V2 */
 	btdev->cmds = cmd_le_6_0;
 }
 
-- 
2.53.0


^ permalink raw reply related

* Re: [PATCH BlueZ] monitor: Add support for HCI Event Encryption Change v2
From: patchwork-bot+bluetooth @ 2026-05-26 15:40 UTC (permalink / raw)
  To: Archie Pusaka
  Cc: linux-bluetooth, luiz.dentz, chromeos-bluetooth-upstreaming,
	apusaka
In-Reply-To: <20260522111540.581113-1-apusaka@google.com>

Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Fri, 22 May 2026 19:15:12 +0800 you wrote:
> From: Archie Pusaka <apusaka@chromium.org>
> 
> > HCI Event: Encryption Change v2 (0x59) plen 5
>         Status: Success (0x00)
>         Handle: 256 (BR-ACL) Address: 00:11:22:34:56:78
>         Encryption: Enabled with E0 (0x01)
>         Key size: 16
> 
> [...]

Here is the summary with links:
  - [BlueZ] monitor: Add support for HCI Event Encryption Change v2
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=b493164ffbff

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply

* Re: [PATCH BlueZ v1] test-mesh-crypto: Don't attempt to run test if AF_ALG is not available
From: patchwork-bot+bluetooth @ 2026-05-26 15:40 UTC (permalink / raw)
  To: Luiz Augusto von Dentz; +Cc: linux-bluetooth
In-Reply-To: <20260522164912.3253018-1-luiz.dentz@gmail.com>

Hello:

This patch was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:

On Fri, 22 May 2026 12:49:12 -0400 you wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> This make use of mesh_crypto_check_avail to check if AF_ALG is available
> and if not just bail out which is similar to how test-crypto handles
> when bt_crypto_new returns NULL.
> ---
>  unit/test-mesh-crypto.c | 3 +++
>  1 file changed, 3 insertions(+)

Here is the summary with links:
  - [BlueZ,v1] test-mesh-crypto: Don't attempt to run test if AF_ALG is not available
    https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=b8d42b282b3c

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply

* [PATCH v4] Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp
From: Luiz Augusto von Dentz @ 2026-05-26 15:26 UTC (permalink / raw)
  To: linux-bluetooth

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

If dcid is received for an already-assigned destination CID the spec
requires that both channels to be discarded, but calling l2cap_chan_del
may invalidate the tmp cursor created by list_for_each_entry_safe and
in fact it is the wrong procedure as the chan->dcid may be assigned
previously it really needs to be disconnected.

Calling l2cap_chan_clone directly may still lead to l2cap_chan_del so
instead schedule l2cap_chan_timeout with delay 0 to close the channel
asynchronously.

Fixes: 15f02b910562 ("Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
 net/bluetooth/l2cap_core.c | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 5668c92b3f58..74a82a547cca 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -5262,6 +5262,7 @@ static inline int l2cap_ecred_conn_rsp(struct l2cap_conn *conn,
 	cmd_len -= sizeof(*rsp);
 
 	list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
+		struct l2cap_chan *orig;
 		u16 dcid;
 
 		if (chan->ident != cmd->ident ||
@@ -5283,8 +5284,10 @@ static inline int l2cap_ecred_conn_rsp(struct l2cap_conn *conn,
 
 		BT_DBG("dcid[%d] 0x%4.4x", i, dcid);
 
+		orig = __l2cap_get_chan_by_dcid(conn, dcid);
+
 		/* Check if dcid is already in use */
-		if (dcid && __l2cap_get_chan_by_dcid(conn, dcid)) {
+		if (dcid && orig) {
 			/* If a device receives a
 			 * L2CAP_CREDIT_BASED_CONNECTION_RSP packet with an
 			 * already-assigned Destination CID, then both the
@@ -5293,10 +5296,24 @@ static inline int l2cap_ecred_conn_rsp(struct l2cap_conn *conn,
 			 */
 			l2cap_chan_del(chan, ECONNREFUSED);
 			l2cap_chan_unlock(chan);
-			chan = __l2cap_get_chan_by_dcid(conn, dcid);
-			l2cap_chan_lock(chan);
-			l2cap_chan_del(chan, ECONNRESET);
-			l2cap_chan_unlock(chan);
+
+			/* Check that the dcid channel mode is
+			 * L2CAP_MODE_EXT_FLOWCTL since this procedure is only
+			 * valid for that mode and shouldn't disconnect a dcid
+			 * in other modes.
+			 */
+			if (orig->mode == L2CAP_MODE_EXT_FLOWCTL) {
+				l2cap_chan_lock(orig);
+				/* Disconnect the original channel as it may be
+				 * considered connected since dcid has already
+				 * been assigned; don't call l2cap_chan_close
+				 * directly since that could lead to
+				 * l2cap_chan_del and then removing the channel
+				 * from the list while we're iterating over it.
+				 */
+				__set_chan_timer(orig, 0);
+				l2cap_chan_unlock(orig);
+			}
 			continue;
 		}
 
-- 
2.53.0


^ permalink raw reply related

* RE: Bluetooth: hci_core: Refactor HCI reset functions
From: bluez.test.bot @ 2026-05-26 14:57 UTC (permalink / raw)
  To: linux-bluetooth, halves
In-Reply-To: <20260526-hci_send-v2-1-596977a9a814@igalia.com>

[-- Attachment #1: Type: text/plain, Size: 2489 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1100995

---Test result---

Test Summary:
CheckPatch                    PASS      1.61 seconds
VerifyFixes                   PASS      0.07 seconds
VerifySignedoff               PASS      0.08 seconds
GitLint                       FAIL      0.65 seconds
SubjectPrefix                 PASS      0.20 seconds
BuildKernel                   PASS      27.79 seconds
CheckAllWarning               PASS      30.33 seconds
CheckSparse                   PASS      29.14 seconds
BuildKernel32                 PASS      26.84 seconds
TestRunnerSetup               PASS      583.48 seconds
TestRunner_l2cap-tester       PASS      59.20 seconds
TestRunner_iso-tester         PASS      81.41 seconds
TestRunner_bnep-tester        PASS      24.55 seconds
TestRunner_mgmt-tester        FAIL      215.80 seconds
TestRunner_rfcomm-tester      PASS      26.17 seconds
TestRunner_sco-tester         PASS      33.02 seconds
TestRunner_ioctl-tester       PASS      26.08 seconds
TestRunner_mesh-tester        FAIL      25.85 seconds
TestRunner_smp-tester         PASS      23.24 seconds
TestRunner_userchan-tester    PASS      20.11 seconds
TestRunner_6lowpan-tester     PASS      22.78 seconds
IncrementalBuild              PASS      30.90 seconds

Details
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[v2,1/3] Bluetooth: hci_core: Rework hci_dev_do_reset() to use hci_sync functions

1: T1 Title exceeds max length (81>80): "[v2,1/3] Bluetooth: hci_core: Rework hci_dev_do_reset() to use hci_sync functions"
##############################
Test: TestRunner_mgmt-tester - FAIL
Desc: Run mgmt-tester with test-runner
Output:
Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4

Failed Test Cases
Read Exp Feature - Success                           Failed       0.256 seconds
##############################
Test: TestRunner_mesh-tester - FAIL
Desc: Run mesh-tester with test-runner
Output:
Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    2.635 seconds
Mesh - Send cancel - 2                               Timed out    1.989 seconds


https://github.com/bluez/bluetooth-next/pull/244

---
Regards,
Linux Bluetooth


^ permalink raw reply

* RE: [bluetooth-next] Bluetooth: L2CAP: fix list corruption in l2cap_ecred_conn_rsp
From: bluez.test.bot @ 2026-05-26 14:48 UTC (permalink / raw)
  To: linux-bluetooth, kipreyyy
In-Reply-To: <20260526103441.73180-1-kipreyyy@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2115 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1100866

---Test result---

Test Summary:
CheckPatch                    FAIL      0.75 seconds
VerifyFixes                   PASS      0.14 seconds
VerifySignedoff               PASS      0.14 seconds
GitLint                       PASS      0.34 seconds
SubjectPrefix                 PASS      0.13 seconds
BuildKernel                   PASS      27.86 seconds
CheckAllWarning               PASS      30.00 seconds
CheckSparse                   PASS      29.08 seconds
BuildKernel32                 PASS      26.70 seconds
TestRunnerSetup               PASS      591.10 seconds
TestRunner_l2cap-tester       FAIL      61.70 seconds
IncrementalBuild              PASS      25.95 seconds

Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[bluetooth-next] Bluetooth: L2CAP: fix list corruption in l2cap_ecred_conn_rsp
WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?)
#103: 
  KASAN: wild-memory-access in range [0xdead000000000100-0xdead000000000107]

total: 0 errors, 1 warnings, 0 checks, 16 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/patch/14594665.patch has style problems, please review.

NOTE: Ignored message types: UNKNOWN_COMMIT_ID

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: TestRunner_l2cap-tester - FAIL
Desc: Run l2cap-tester with test-runner
Output:
Total: 96, Passed: 95 (99.0%), Failed: 1, Not Run: 0

Failed Test Cases
L2CAP BR/EDR Server - Set PHY 3M                     Failed       0.277 seconds


https://github.com/bluez/bluetooth-next/pull/242

---
Regards,
Linux Bluetooth


^ permalink raw reply

* RE: Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success
From: bluez.test.bot @ 2026-05-26 14:46 UTC (permalink / raw)
  To: linux-bluetooth, kipreyyy
In-Reply-To: <20260526105152.78178-1-kipreyyy@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1042 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1100882

---Test result---

Test Summary:
CheckPatch                    PASS      0.77 seconds
VerifyFixes                   PASS      0.14 seconds
VerifySignedoff               PASS      0.14 seconds
GitLint                       PASS      0.34 seconds
SubjectPrefix                 PASS      0.15 seconds
BuildKernel                   PASS      24.89 seconds
CheckAllWarning               PASS      27.98 seconds
CheckSparse                   PASS      26.57 seconds
BuildKernel32                 PASS      24.68 seconds
TestRunnerSetup               PASS      524.16 seconds
TestRunner_l2cap-tester       PASS      59.46 seconds
IncrementalBuild              PASS      23.70 seconds



https://github.com/bluez/bluetooth-next/pull/243

---
Regards,
Linux Bluetooth


^ permalink raw reply

* Re: [PATCH BlueZ 1/1] adapter: Add configurable default LE PHYs
From: Luiz Augusto von Dentz @ 2026-05-26 14:27 UTC (permalink / raw)
  To: Tarjei Bitustøyl; +Cc: linux-bluetooth
In-Reply-To: <20260524221421.258593-2-tarjeib@gmail.com>

Hi Tarjei,

On Sun, May 24, 2026 at 6:14 PM Tarjei Bitustøyl <tarjeib@gmail.com> wrote:
>
> Some controllers mis-handle LE procedures on specific PHYs with
> certain peers. On an Intel AX210-class controller, connecting to a
> Frostbay BLE device can fail during early ATT/GATT setup unless the
> adapter is limited to LE 1M TX/RX.

Perhaps there should be a GitHub issue explaining exactly what the
problem is with btmon logs, etc, Then we can evaluate if this needs a
workaround like this or if we should detect that certain PHYs should
not be used.

> Add an opt-in [LE] DefaultPHYs setting to bluetoothd and apply it at
> adapter startup using MGMT_OP_GET/SET_PHY_CONFIGURATION while
> preserving non-configurable PHY bits.
>
> This provides a generic, adapter-wide workaround for controller-
> specific LE PHY interoperability problems affecting scanning and
> connection establishment, without adding device-specific quirks.

Well it is not really controller specific though, since it applies to
any controller on the system. Also, I believe this could be a device
specific problem so you might be taking away 2M support entirely when
it could actually be supported with another device.

> ---
>  src/adapter.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++
>  src/btd.h     |  2 ++
>  src/main.c    | 61 +++++++++++++++++++++++++++++++++++++++++
>  src/main.conf |  8 ++++++
>  4 files changed, 147 insertions(+)
>
> diff --git a/src/adapter.c b/src/adapter.c
> index 20f7c3e03..fcbb65e38 100644
> --- a/src/adapter.c
> +++ b/src/adapter.c
> @@ -4972,6 +4972,81 @@ done:
>         mgmt_tlv_list_free(list);
>  }
>
> +static void set_default_le_phys_complete(uint8_t status, uint16_t length,
> +                                       const void *param, void *user_data)
> +{
> +       struct btd_adapter *adapter = user_data;
> +
> +       if (status != MGMT_STATUS_SUCCESS)
> +               btd_error(adapter->dev_id,
> +                               "Failed to set default LE PHYs for hci%u: %s (0x%02x)",
> +                               adapter->dev_id, mgmt_errstr(status), status);
> +}
> +
> +static void get_default_le_phys_complete(uint8_t status, uint16_t length,
> +                                       const void *param, void *user_data)
> +{
> +       struct btd_adapter *adapter = user_data;
> +       const struct mgmt_rp_get_phy_confguration *rp = param;
> +       struct mgmt_cp_set_phy_confguration cp;
> +       uint32_t configurable_phys;
> +       uint32_t selected_phys;
> +       uint32_t next_phys;
> +
> +       if (status != MGMT_STATUS_SUCCESS) {
> +               btd_error(adapter->dev_id,
> +                               "Failed to read PHY configuration for hci%u: %s (0x%02x)",
> +                               adapter->dev_id, mgmt_errstr(status), status);
> +               return;
> +       }
> +
> +       if (length < sizeof(*rp)) {
> +               btd_error(adapter->dev_id,
> +                               "Too small get PHY configuration response for hci%u",
> +                               adapter->dev_id);
> +               return;
> +       }
> +
> +       configurable_phys = btohl(rp->configurable_phys);
> +       selected_phys = btohl(rp->selected_phys);
> +
> +       configurable_phys &= MGMT_PHY_LE_TX_MASK | MGMT_PHY_LE_RX_MASK;
> +       next_phys = selected_phys & ~configurable_phys;
> +       next_phys |= btd_opts.default_le_phys & configurable_phys;
> +
> +       if (next_phys == selected_phys)
> +               return;
> +
> +       cp.selected_phys = cpu_to_le32(next_phys);
> +
> +       if (mgmt_send(adapter->mgmt, MGMT_OP_SET_PHY_CONFIGURATION,
> +                       adapter->dev_id, sizeof(cp), &cp,
> +                       set_default_le_phys_complete, adapter, NULL) > 0)
> +               return;
> +
> +       btd_error(adapter->dev_id,
> +                       "Failed to set default LE PHYs for hci%u",
> +                       adapter->dev_id);
> +}
> +
> +static void load_default_le_phys(struct btd_adapter *adapter)
> +{
> +       if (!btd_opts.default_le_phys_configured)
> +               return;
> +
> +       if (!(adapter->supported_settings & MGMT_SETTING_LE))
> +               return;
> +
> +       if (mgmt_send(adapter->mgmt, MGMT_OP_GET_PHY_CONFIGURATION,
> +                       adapter->dev_id, 0, NULL,
> +                       get_default_le_phys_complete, adapter, NULL) > 0)
> +               return;
> +
> +       btd_error(adapter->dev_id,
> +                       "Failed to read PHY configuration for hci%u",
> +                       adapter->dev_id);
> +}
> +
>  static void load_devices(struct btd_adapter *adapter)
>  {
>         char dirname[PATH_MAX];
> @@ -9455,6 +9530,7 @@ load:
>         btd_profile_foreach(probe_profile, adapter);
>         clear_blocked(adapter);
>         load_defaults(adapter);
> +       load_default_le_phys(adapter);
>         load_devices(adapter);
>
>         /* restore Service Changed CCC value for bonded devices */
> diff --git a/src/btd.h b/src/btd.h
> index db2e81239..59f44dc8c 100644
> --- a/src/btd.h
> +++ b/src/btd.h
> @@ -140,6 +140,8 @@ struct btd_opts {
>         bool            device_privacy;
>         uint32_t        name_request_retry_delay;
>         uint8_t         secure_conn;
> +       uint32_t        default_le_phys;
> +       bool            default_le_phys_configured;
>
>         struct btd_defaults defaults;
>
> diff --git a/src/main.c b/src/main.c
> index 8aa19a3e3..97c64845b 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -32,6 +32,7 @@
>  #include <dbus/dbus.h>
>
>  #include "bluetooth/bluetooth.h"
> +#include "bluetooth/mgmt.h"
>  #include "bluetooth/sdp.h"
>
>  #include "gdbus/gdbus.h"
> @@ -132,6 +133,7 @@ static const char *le_options[] = {
>         "Autoconnecttimeout",
>         "AdvMonAllowlistScanDuration",
>         "AdvMonNoFilterScanDuration",
> +       "DefaultPHYs",
>         "EnableAdvMonInterleaveScan",
>         NULL
>  };
> @@ -145,6 +147,8 @@ static const char *policy_options[] = {
>         NULL
>  };
>
> +static void parse_default_le_phys(GKeyFile *config);
> +
>  static const char *gatt_options[] = {
>         "Cache",
>         "KeySize",
> @@ -751,6 +755,7 @@ static void parse_le_config(GKeyFile *config)
>                 return;
>
>         parse_mode_config(config, "LE", params, ARRAY_SIZE(params));
> +       parse_default_le_phys(config);
>  }
>
>  static bool match_experimental(const void *data, const void *match_data)
> @@ -966,6 +971,62 @@ static void parse_repairing(GKeyFile *config)
>         g_free(str);
>  }
>
> +struct phy_config_entry {
> +       const char *name;
> +       uint32_t bit;
> +};
> +
> +static const struct phy_config_entry le_phy_configs[] = {
> +       { "LE1MTX", MGMT_PHY_LE_1M_TX },
> +       { "LE1MRX", MGMT_PHY_LE_1M_RX },
> +       { "LE2MTX", MGMT_PHY_LE_2M_TX },
> +       { "LE2MRX", MGMT_PHY_LE_2M_RX },
> +       { "LECODEDTX", MGMT_PHY_LE_CODED_TX },
> +       { "LECODEDRX", MGMT_PHY_LE_CODED_RX },
> +};
> +
> +static void parse_default_le_phys(GKeyFile *config)
> +{
> +       char *str = NULL;
> +       char **tokens;
> +       uint32_t phys = 0;
> +       bool valid = false;
> +       int i;
> +
> +       if (!parse_config_string(config, "LE", "DefaultPHYs", &str))
> +               return;
> +
> +       tokens = g_strsplit_set(str, ", \t", -1);
> +
> +       for (i = 0; tokens[i]; i++) {
> +               const char *token = tokens[i];
> +               size_t j;
> +
> +               if (!token[0])
> +                       continue;
> +
> +               for (j = 0; j < ARRAY_SIZE(le_phy_configs); j++) {
> +                       if (strcasecmp(le_phy_configs[j].name, token) != 0)
> +                               continue;
> +
> +                       phys |= le_phy_configs[j].bit;
> +                       valid = true;
> +                       break;
> +               }
> +
> +               if (j == ARRAY_SIZE(le_phy_configs))
> +                       warn("Invalid DefaultPHYs token: %s", token);
> +       }
> +
> +       if (valid) {
> +               btd_opts.default_le_phys = phys;
> +               btd_opts.default_le_phys_configured = true;
> +       }
> +
> +       g_strfreev(tokens);
> +       g_free(str);
> +}
> +
>  static bool parse_config_hex(GKeyFile *config, char *group,
>                                         const char *key, uint32_t *val)
>  {
> diff --git a/src/main.conf b/src/main.conf
> index 5846ef92d..ed955897e 100644
> --- a/src/main.conf
> +++ b/src/main.conf
> @@ -247,6 +247,14 @@
>  # Default: 500
>  #AdvMonNoFilterScanDuration=
>
> +# Configure the controller's default LE PHY policy used for scanning and
> +# connection establishment. Only configurable LE PHYs are changed; mandatory
> +# PHYs remain selected automatically.
> +# Possible values: comma or space separated list of LE1MTX, LE1MRX, LE2MTX,
> +# LE2MRX, LECODEDTX, LECODEDRX.
> +# Example: keep LE on 1M only.
> +#DefaultPHYs = LE1MTX LE1MRX
> +
>  # Enable/Disable Advertisement Monitor interleave scan for power saving.
>  # 0: disable
>  # 1: enable
> --
> 2.43.0
>
>


-- 
Luiz Augusto von Dentz

^ permalink raw reply

* [PATCH v2 3/3] Bluetooth: hci_sync: Reset device counters in hci_dev_close_sync()
From: Heitor Alves de Siqueira @ 2026-05-26 13:50 UTC (permalink / raw)
  To: Marcel Holtmann, Luiz Augusto von Dentz, Gustavo Padovan,
	Schspa Shi
  Cc: linux-bluetooth, linux-kernel, kernel-dev,
	Heitor Alves de Siqueira, Luiz Augusto von Dentz
In-Reply-To: <20260526-hci_send-v2-0-596977a9a814@igalia.com>

Before resetting or closing the device, protocol counters should also be
zeroed.

Fixes: d0b137062b2d ("Bluetooth: hci_sync: Rework init stages")
Signed-off-by: Heitor Alves de Siqueira <halves@igalia.com>
---
 net/bluetooth/hci_sync.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 84d8f457c799..c11d5a1f2dba 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5390,6 +5390,10 @@ int hci_dev_close_sync(struct hci_dev *hdev)
 	/* Reset device */
 	skb_queue_purge(&hdev->cmd_q);
 	atomic_set(&hdev->cmd_cnt, 1);
+	hdev->acl_cnt = 0;
+	hdev->sco_cnt = 0;
+	hdev->le_cnt = 0;
+	hdev->iso_cnt = 0;
 	if (hci_test_quirk(hdev, HCI_QUIRK_RESET_ON_CLOSE) &&
 	    !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
 		set_bit(HCI_INIT, &hdev->flags);

-- 
2.54.0


^ permalink raw reply related

* [PATCH v2 2/3] Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close
From: Heitor Alves de Siqueira @ 2026-05-26 13:50 UTC (permalink / raw)
  To: Marcel Holtmann, Luiz Augusto von Dentz, Gustavo Padovan,
	Schspa Shi
  Cc: linux-bluetooth, linux-kernel, kernel-dev,
	Heitor Alves de Siqueira, Luiz Augusto von Dentz
In-Reply-To: <20260526-hci_send-v2-0-596977a9a814@igalia.com>

Since hci_dev_close_sync() can now be called during the reset path, we
should also set HCI_CMD_DRAIN_WORKQUEUE. This avoids queuing timeouts
while the hdev workqueue is being drained.

Fixes: 877afadad2dc ("Bluetooth: When HCI work queue is drained, only queue chained work")
Signed-off-by: Heitor Alves de Siqueira <halves@igalia.com>
---
 net/bluetooth/hci_sync.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index fd3aacdea512..84d8f457c799 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5298,6 +5298,12 @@ int hci_dev_close_sync(struct hci_dev *hdev)
 
 	bt_dev_dbg(hdev, "");
 
+	/* Set HCI_DRAIN_WORKQUEUE flag to prevent queuing work during
+	 * reset/close. See hci_cmd_work() and handle_cmd_cnt_and_timer().
+	 */
+	hci_dev_set_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
+	synchronize_rcu();
+
 	if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
 		disable_delayed_work(&hdev->power_off);
 		disable_delayed_work(&hdev->ncmd_timer);
@@ -5321,6 +5327,7 @@ int hci_dev_close_sync(struct hci_dev *hdev)
 
 	if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
 		cancel_delayed_work_sync(&hdev->cmd_timer);
+		hci_dev_clear_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
 		return err;
 	}
 
@@ -5420,6 +5427,7 @@ int hci_dev_close_sync(struct hci_dev *hdev)
 	/* Clear flags */
 	hdev->flags &= BIT(HCI_RAW);
 	hci_dev_clear_volatile_flags(hdev);
+	hci_dev_clear_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
 
 	memset(hdev->eir, 0, sizeof(hdev->eir));
 	memset(hdev->dev_class, 0, sizeof(hdev->dev_class));

-- 
2.54.0


^ permalink raw reply related

* [PATCH v2 1/3] Bluetooth: hci_core: Rework hci_dev_do_reset() to use hci_sync functions
From: Heitor Alves de Siqueira @ 2026-05-26 13:50 UTC (permalink / raw)
  To: Marcel Holtmann, Luiz Augusto von Dentz, Gustavo Padovan,
	Schspa Shi
  Cc: linux-bluetooth, linux-kernel, kernel-dev,
	Heitor Alves de Siqueira, Luiz Augusto von Dentz
In-Reply-To: <20260526-hci_send-v2-0-596977a9a814@igalia.com>

The current HCI reset function in hci_core.c duplicates most of the work
done by hci_dev_close_sync(), and doesn't handle LE, advertising or
discovery.

Instead of porting these to hci_dev_do_reset(), directly call the
close/open functions from hci_sync to reset the hdev. MGMT now notifies
when a user performs a reset.

Suggested-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Heitor Alves de Siqueira <halves@igalia.com>
---
 net/bluetooth/hci_core.c | 43 +++----------------------------------------
 1 file changed, 3 insertions(+), 40 deletions(-)

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index c46c1236ebfa..28d7929dc593 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -539,46 +539,9 @@ static int hci_dev_do_reset(struct hci_dev *hdev)
 
 	hci_req_sync_lock(hdev);
 
-	/* Drop queues */
-	skb_queue_purge(&hdev->rx_q);
-	skb_queue_purge(&hdev->cmd_q);
-
-	/* Cancel these to avoid queueing non-chained pending work */
-	hci_dev_set_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
-	/* Wait for
-	 *
-	 *    if (!hci_dev_test_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE))
-	 *        queue_delayed_work(&hdev->{cmd,ncmd}_timer)
-	 *
-	 * inside RCU section to see the flag or complete scheduling.
-	 */
-	synchronize_rcu();
-	/* Explicitly cancel works in case scheduled after setting the flag. */
-	cancel_delayed_work(&hdev->cmd_timer);
-	cancel_delayed_work(&hdev->ncmd_timer);
-
-	/* Avoid potential lockdep warnings from the *_flush() calls by
-	 * ensuring the workqueue is empty up front.
-	 */
-	drain_workqueue(hdev->workqueue);
-
-	hci_dev_lock(hdev);
-	hci_inquiry_cache_flush(hdev);
-	hci_conn_hash_flush(hdev);
-	hci_dev_unlock(hdev);
-
-	if (hdev->flush)
-		hdev->flush(hdev);
-
-	hci_dev_clear_flag(hdev, HCI_CMD_DRAIN_WORKQUEUE);
-
-	atomic_set(&hdev->cmd_cnt, 1);
-	hdev->acl_cnt = 0;
-	hdev->sco_cnt = 0;
-	hdev->le_cnt = 0;
-	hdev->iso_cnt = 0;
-
-	ret = hci_reset_sync(hdev);
+	ret = hci_dev_close_sync(hdev);
+	if (!ret)
+		ret = hci_dev_open_sync(hdev);
 
 	hci_req_sync_unlock(hdev);
 	return ret;

-- 
2.54.0


^ permalink raw reply related


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox