projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Rename hci_request to hci_req_sync
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
590051de 4 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI core. */
27
8c520a59 28#include <linux/export.h>
3df92b31 29#include <linux/idr.h>
1da177e4 30
8c520a59 31#include <linux/rfkill.h>
1da177e4
LT		 32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35
b78752cc 36static void hci_rx_work(struct work_struct *work);
c347b765 37static void hci_cmd_work(struct work_struct *work);
3eff45ea 38static void hci_tx_work(struct work_struct *work);
1da177e4 39
1da177e4
LT		 40/* HCI device list */
41LIST_HEAD(hci_dev_list);
42DEFINE_RWLOCK(hci_dev_list_lock);
43
44/* HCI callback list */
45LIST_HEAD(hci_cb_list);
46DEFINE_RWLOCK(hci_cb_list_lock);
47
3df92b31
SL		 48/* HCI ID Numbering */
49static DEFINE_IDA(hci_index_ida);
50
1da177e4
LT		 51/* ---- HCI notifications ---- */
52
6516455d 53static void hci_notify(struct hci_dev *hdev, int event)
1da177e4 54{
040030ef 55 hci_sock_dev_event(hdev, event);
1da177e4
LT		 56}
57
58/* ---- HCI requests ---- */
59
23bb5763 60void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
1da177e4 61{
f0e09510 62 BT_DBG("%s command 0x%4.4x result 0x%2.2x", hdev->name, cmd, result);
23bb5763 63
a5040efa
JH		 64 /* If this is the init phase check if the completed command matches
65 * the last init command, and if not just return.
66 */
75fb0e32
JH		 67 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
68 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1036b890 69 u16 opcode = __le16_to_cpu(sent->opcode);
75fb0e32
JH		 70 struct sk_buff *skb;
71
72 /* Some CSR based controllers generate a spontaneous
73 * reset complete event during init and any pending
74 * command will never be completed. In such a case we
75 * need to resend whatever was the last sent
76 * command.
77 */
78
1036b890 79 if (cmd != HCI_OP_RESET || opcode == HCI_OP_RESET)
75fb0e32
JH		 80 return;
81
82 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
83 if (skb) {
84 skb_queue_head(&hdev->cmd_q, skb);
85 queue_work(hdev->workqueue, &hdev->cmd_work);
86 }
87
23bb5763 88 return;
75fb0e32 89 }
1da177e4
LT		 90
91 if (hdev->req_status == HCI_REQ_PEND) {
92 hdev->req_result = result;
93 hdev->req_status = HCI_REQ_DONE;
94 wake_up_interruptible(&hdev->req_wait_q);
95 }
96}
97
98static void hci_req_cancel(struct hci_dev *hdev, int err)
99{
100 BT_DBG("%s err 0x%2.2x", hdev->name, err);
101
102 if (hdev->req_status == HCI_REQ_PEND) {
103 hdev->req_result = err;
104 hdev->req_status = HCI_REQ_CANCELED;
105 wake_up_interruptible(&hdev->req_wait_q);
106 }
107}
108
109/* Execute request and wait for completion. */
01178cd4
JH		 110static int __hci_req_sync(struct hci_dev *hdev,
111 void (*req)(struct hci_dev *hdev, unsigned long opt),
112 unsigned long opt, __u32 timeout)
1da177e4
LT		 113{
114 DECLARE_WAITQUEUE(wait, current);
115 int err = 0;
116
117 BT_DBG("%s start", hdev->name);
118
119 hdev->req_status = HCI_REQ_PEND;
120
121 add_wait_queue(&hdev->req_wait_q, &wait);
122 set_current_state(TASK_INTERRUPTIBLE);
123
124 req(hdev, opt);
125 schedule_timeout(timeout);
126
127 remove_wait_queue(&hdev->req_wait_q, &wait);
128
129 if (signal_pending(current))
130 return -EINTR;
131
132 switch (hdev->req_status) {
133 case HCI_REQ_DONE:
e175072f 134 err = -bt_to_errno(hdev->req_result);
1da177e4
LT		 135 break;
136
137 case HCI_REQ_CANCELED:
138 err = -hdev->req_result;
139 break;
140
141 default:
142 err = -ETIMEDOUT;
143 break;
3ff50b79 144 }
1da177e4 145
a5040efa 146 hdev->req_status = hdev->req_result = 0;
1da177e4
LT		 147
148 BT_DBG("%s end: err %d", hdev->name, err);
149
150 return err;
151}
152
01178cd4
JH		 153static int hci_req_sync(struct hci_dev *hdev,
154 void (*req)(struct hci_dev *hdev, unsigned long opt),
155 unsigned long opt, __u32 timeout)
1da177e4
LT		 156{
157 int ret;
158
7c6a329e
MH		 159 if (!test_bit(HCI_UP, &hdev->flags))
160 return -ENETDOWN;
161
1da177e4
LT		 162 /* Serialize all requests */
163 hci_req_lock(hdev);
01178cd4 164 ret = __hci_req_sync(hdev, req, opt, timeout);
1da177e4
LT		 165 hci_req_unlock(hdev);
166
167 return ret;
168}
169
170static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
171{
172 BT_DBG("%s %ld", hdev->name, opt);
173
174 /* Reset device */
f630cf0d 175 set_bit(HCI_RESET, &hdev->flags);
a9de9248 176 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
1da177e4
LT		 177}
178
e61ef499 179static void bredr_init(struct hci_dev *hdev)
1da177e4 180{
2455a3ea
AE		 181 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
182
1da177e4 183 /* Read Local Supported Features */
a9de9248 184 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1da177e4 185
1143e5a6 186 /* Read Local Version */
a9de9248 187 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1da177e4
LT		 188}
189
e61ef499
AE		 190static void amp_init(struct hci_dev *hdev)
191{
2455a3ea
AE		 192 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
193
e61ef499
AE		 194 /* Read Local Version */
195 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
6bcbc489
AE		 196
197 /* Read Local AMP Info */
198 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
e71dfaba
AE		 199
200 /* Read Data Blk size */
201 hci_send_cmd(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
e61ef499
AE		 202}
203
204static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
205{
206 struct sk_buff *skb;
207
208 BT_DBG("%s %ld", hdev->name, opt);
209
210 /* Driver initialization */
211
212 /* Special commands */
213 while ((skb = skb_dequeue(&hdev->driver_init))) {
214 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
215 skb->dev = (void *) hdev;
216
217 skb_queue_tail(&hdev->cmd_q, skb);
218 queue_work(hdev->workqueue, &hdev->cmd_work);
219 }
220 skb_queue_purge(&hdev->driver_init);
221
11778716
AE		 222 /* Reset */
223 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
224 hci_reset_req(hdev, 0);
225
e61ef499
AE		 226 switch (hdev->dev_type) {
227 case HCI_BREDR:
228 bredr_init(hdev);
229 break;
230
231 case HCI_AMP:
232 amp_init(hdev);
233 break;
234
235 default:
236 BT_ERR("Unknown device type %d", hdev->dev_type);
237 break;
238 }
e61ef499
AE		 239}
240
1da177e4
LT		 241static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
242{
243 __u8 scan = opt;
244
245 BT_DBG("%s %x", hdev->name, scan);
246
247 /* Inquiry and Page scans */
a9de9248 248 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1da177e4
LT		 249}
250
251static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
252{
253 __u8 auth = opt;
254
255 BT_DBG("%s %x", hdev->name, auth);
256
257 /* Authentication */
a9de9248 258 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1da177e4
LT		 259}
260
261static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
262{
263 __u8 encrypt = opt;
264
265 BT_DBG("%s %x", hdev->name, encrypt);
266
e4e8e37c 267 /* Encryption */
a9de9248 268 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1da177e4
LT		 269}
270
e4e8e37c
MH		 271static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
272{
273 __le16 policy = cpu_to_le16(opt);
274
a418b893 275 BT_DBG("%s %x", hdev->name, policy);
e4e8e37c
MH		 276
277 /* Default link policy */
278 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
279}
280
8e87d142 281/* Get HCI device by index.
1da177e4
LT		 282 * Device is held on return. */
283struct hci_dev *hci_dev_get(int index)
284{
8035ded4 285 struct hci_dev *hdev = NULL, *d;
1da177e4
LT		 286
287 BT_DBG("%d", index);
288
289 if (index < 0)
290 return NULL;
291
292 read_lock(&hci_dev_list_lock);
8035ded4 293 list_for_each_entry(d, &hci_dev_list, list) {
1da177e4
LT		 294 if (d->id == index) {
295 hdev = hci_dev_hold(d);
296 break;
297 }
298 }
299 read_unlock(&hci_dev_list_lock);
300 return hdev;
301}
1da177e4
LT		 302
303/* ---- Inquiry support ---- */
ff9ef578 304
30dc78e1
JH		 305bool hci_discovery_active(struct hci_dev *hdev)
306{
307 struct discovery_state *discov = &hdev->discovery;
308
6fbe195d 309 switch (discov->state) {
343f935b 310 case DISCOVERY_FINDING:
6fbe195d 311 case DISCOVERY_RESOLVING:
30dc78e1
JH		 312 return true;
313
6fbe195d
AG		 314 default:
315 return false;
316 }
30dc78e1
JH		 317}
318
ff9ef578
JH		 319void hci_discovery_set_state(struct hci_dev *hdev, int state)
320{
321 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
322
323 if (hdev->discovery.state == state)
324 return;
325
326 switch (state) {
327 case DISCOVERY_STOPPED:
7b99b659
AG		 328 if (hdev->discovery.state != DISCOVERY_STARTING)
329 mgmt_discovering(hdev, 0);
ff9ef578
JH		 330 break;
331 case DISCOVERY_STARTING:
332 break;
343f935b 333 case DISCOVERY_FINDING:
ff9ef578
JH		 334 mgmt_discovering(hdev, 1);
335 break;
30dc78e1
JH		 336 case DISCOVERY_RESOLVING:
337 break;
ff9ef578
JH		 338 case DISCOVERY_STOPPING:
339 break;
340 }
341
342 hdev->discovery.state = state;
343}
344
1da177e4
LT		 345static void inquiry_cache_flush(struct hci_dev *hdev)
346{
30883512 347 struct discovery_state *cache = &hdev->discovery;
b57c1a56 348 struct inquiry_entry *p, *n;
1da177e4 349
561aafbc
JH		 350 list_for_each_entry_safe(p, n, &cache->all, all) {
351 list_del(&p->all);
b57c1a56 352 kfree(p);
1da177e4 353 }
561aafbc
JH		 354
355 INIT_LIST_HEAD(&cache->unknown);
356 INIT_LIST_HEAD(&cache->resolve);
1da177e4
LT		 357}
358
a8c5fb1a
GP		 359struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
360 bdaddr_t *bdaddr)
1da177e4 361{
30883512 362 struct discovery_state *cache = &hdev->discovery;
1da177e4
LT		 363 struct inquiry_entry *e;
364
6ed93dc6 365 BT_DBG("cache %p, %pMR", cache, bdaddr);
1da177e4 366
561aafbc
JH		 367 list_for_each_entry(e, &cache->all, all) {
368 if (!bacmp(&e->data.bdaddr, bdaddr))
369 return e;
370 }
371
372 return NULL;
373}
374
375struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
04124681 376 bdaddr_t *bdaddr)
561aafbc 377{
30883512 378 struct discovery_state *cache = &hdev->discovery;
561aafbc
JH		 379 struct inquiry_entry *e;
380
6ed93dc6 381 BT_DBG("cache %p, %pMR", cache, bdaddr);
561aafbc
JH		 382
383 list_for_each_entry(e, &cache->unknown, list) {
1da177e4 384 if (!bacmp(&e->data.bdaddr, bdaddr))
b57c1a56
JH		 385 return e;
386 }
387
388 return NULL;
1da177e4
LT		 389}
390
30dc78e1 391struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
04124681
GP		 392 bdaddr_t *bdaddr,
393 int state)
30dc78e1
JH		 394{
395 struct discovery_state *cache = &hdev->discovery;
396 struct inquiry_entry *e;
397
6ed93dc6 398 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
30dc78e1
JH		 399
400 list_for_each_entry(e, &cache->resolve, list) {
401 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
402 return e;
403 if (!bacmp(&e->data.bdaddr, bdaddr))
404 return e;
405 }
406
407 return NULL;
408}
409
a3d4e20a 410void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
04124681 411 struct inquiry_entry *ie)
a3d4e20a
JH		 412{
413 struct discovery_state *cache = &hdev->discovery;
414 struct list_head *pos = &cache->resolve;
415 struct inquiry_entry *p;
416
417 list_del(&ie->list);
418
419 list_for_each_entry(p, &cache->resolve, list) {
420 if (p->name_state != NAME_PENDING &&
a8c5fb1a 421 abs(p->data.rssi) >= abs(ie->data.rssi))
a3d4e20a
JH		 422 break;
423 pos = &p->list;
424 }
425
426 list_add(&ie->list, pos);
427}
428
3175405b 429bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
04124681 430 bool name_known, bool *ssp)
1da177e4 431{
30883512 432 struct discovery_state *cache = &hdev->discovery;
70f23020 433 struct inquiry_entry *ie;
1da177e4 434
6ed93dc6 435 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1da177e4 436
2b2fec4d
SJ		 437 hci_remove_remote_oob_data(hdev, &data->bdaddr);
438
388fc8fa
JH		 439 if (ssp)
440 *ssp = data->ssp_mode;
441
70f23020 442 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
a3d4e20a 443 if (ie) {
388fc8fa
JH		 444 if (ie->data.ssp_mode && ssp)
445 *ssp = true;
446
a3d4e20a 447 if (ie->name_state == NAME_NEEDED &&
a8c5fb1a 448 data->rssi != ie->data.rssi) {
a3d4e20a
JH		 449 ie->data.rssi = data->rssi;
450 hci_inquiry_cache_update_resolve(hdev, ie);
451 }
452
561aafbc 453 goto update;
a3d4e20a 454 }
561aafbc
JH		 455
456 /* Entry not in the cache. Add new one. */
457 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
458 if (!ie)
3175405b 459 return false;
561aafbc
JH		 460
461 list_add(&ie->all, &cache->all);
462
463 if (name_known) {
464 ie->name_state = NAME_KNOWN;
465 } else {
466 ie->name_state = NAME_NOT_KNOWN;
467 list_add(&ie->list, &cache->unknown);
468 }
70f23020 469
561aafbc
JH		 470update:
471 if (name_known && ie->name_state != NAME_KNOWN &&
a8c5fb1a 472 ie->name_state != NAME_PENDING) {
561aafbc
JH		 473 ie->name_state = NAME_KNOWN;
474 list_del(&ie->list);
1da177e4
LT		 475 }
476
70f23020
AE		 477 memcpy(&ie->data, data, sizeof(*data));
478 ie->timestamp = jiffies;
1da177e4 479 cache->timestamp = jiffies;
3175405b
JH		 480
481 if (ie->name_state == NAME_NOT_KNOWN)
482 return false;
483
484 return true;
1da177e4
LT		 485}
486
487static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
488{
30883512 489 struct discovery_state *cache = &hdev->discovery;
1da177e4
LT		 490 struct inquiry_info *info = (struct inquiry_info *) buf;
491 struct inquiry_entry *e;
492 int copied = 0;
493
561aafbc 494 list_for_each_entry(e, &cache->all, all) {
1da177e4 495 struct inquiry_data *data = &e->data;
b57c1a56
JH		 496
497 if (copied >= num)
498 break;
499
1da177e4
LT		 500 bacpy(&info->bdaddr, &data->bdaddr);
501 info->pscan_rep_mode = data->pscan_rep_mode;
502 info->pscan_period_mode = data->pscan_period_mode;
503 info->pscan_mode = data->pscan_mode;
504 memcpy(info->dev_class, data->dev_class, 3);
505 info->clock_offset = data->clock_offset;
b57c1a56 506
1da177e4 507 info++;
b57c1a56 508 copied++;
1da177e4
LT		 509 }
510
511 BT_DBG("cache %p, copied %d", cache, copied);
512 return copied;
513}
514
515static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
516{
517 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
518 struct hci_cp_inquiry cp;
519
520 BT_DBG("%s", hdev->name);
521
522 if (test_bit(HCI_INQUIRY, &hdev->flags))
523 return;
524
525 /* Start Inquiry */
526 memcpy(&cp.lap, &ir->lap, 3);
527 cp.length = ir->length;
528 cp.num_rsp = ir->num_rsp;
a9de9248 529 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1da177e4
LT		 530}
531
532int hci_inquiry(void __user *arg)
533{
534 __u8 __user *ptr = arg;
535 struct hci_inquiry_req ir;
536 struct hci_dev *hdev;
537 int err = 0, do_inquiry = 0, max_rsp;
538 long timeo;
539 __u8 *buf;
540
541 if (copy_from_user(&ir, ptr, sizeof(ir)))
542 return -EFAULT;
543
5a08ecce
AE		 544 hdev = hci_dev_get(ir.dev_id);
545 if (!hdev)
1da177e4
LT		 546 return -ENODEV;
547
09fd0de5 548 hci_dev_lock(hdev);
8e87d142 549 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
a8c5fb1a 550 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1da177e4
LT		 551 inquiry_cache_flush(hdev);
552 do_inquiry = 1;
553 }
09fd0de5 554 hci_dev_unlock(hdev);
1da177e4 555
04837f64 556 timeo = ir.length * msecs_to_jiffies(2000);
70f23020
AE		 557
558 if (do_inquiry) {
01178cd4
JH		 559 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
560 timeo);
70f23020
AE		 561 if (err < 0)
562 goto done;
563 }
1da177e4 564
8fc9ced3
GP		 565 /* for unlimited number of responses we will use buffer with
566 * 255 entries
567 */
1da177e4
LT		 568 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
569
570 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
571 * copy it to the user space.
572 */
01df8c31 573 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
70f23020 574 if (!buf) {
1da177e4
LT		 575 err = -ENOMEM;
576 goto done;
577 }
578
09fd0de5 579 hci_dev_lock(hdev);
1da177e4 580 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
09fd0de5 581 hci_dev_unlock(hdev);
1da177e4
LT		 582
583 BT_DBG("num_rsp %d", ir.num_rsp);
584
585 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
586 ptr += sizeof(ir);
587 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
a8c5fb1a 588 ir.num_rsp))
1da177e4 589 err = -EFAULT;
8e87d142 590 } else
1da177e4
LT		 591 err = -EFAULT;
592
593 kfree(buf);
594
595done:
596 hci_dev_put(hdev);
597 return err;
598}
599
3f0f524b
JH		 600static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
601{
602 u8 ad_len = 0, flags = 0;
603 size_t name_len;
604
605 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
606 flags |= LE_AD_GENERAL;
607
608 if (!lmp_bredr_capable(hdev))
609 flags |= LE_AD_NO_BREDR;
610
611 if (lmp_le_br_capable(hdev))
612 flags |= LE_AD_SIM_LE_BREDR_CTRL;
613
614 if (lmp_host_le_br_capable(hdev))
615 flags |= LE_AD_SIM_LE_BREDR_HOST;
616
617 if (flags) {
618 BT_DBG("adv flags 0x%02x", flags);
619
620 ptr[0] = 2;
621 ptr[1] = EIR_FLAGS;
622 ptr[2] = flags;
623
624 ad_len += 3;
625 ptr += 3;
626 }
627
628 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
629 ptr[0] = 2;
630 ptr[1] = EIR_TX_POWER;
631 ptr[2] = (u8) hdev->adv_tx_power;
632
633 ad_len += 3;
634 ptr += 3;
635 }
636
637 name_len = strlen(hdev->dev_name);
638 if (name_len > 0) {
639 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
640
641 if (name_len > max_len) {
642 name_len = max_len;
643 ptr[1] = EIR_NAME_SHORT;
644 } else
645 ptr[1] = EIR_NAME_COMPLETE;
646
647 ptr[0] = name_len + 1;
648
649 memcpy(ptr + 2, hdev->dev_name, name_len);
650
651 ad_len += (name_len + 2);
652 ptr += (name_len + 2);
653 }
654
655 return ad_len;
656}
657
658int hci_update_ad(struct hci_dev *hdev)
659{
660 struct hci_cp_le_set_adv_data cp;
661 u8 len;
662 int err;
663
664 hci_dev_lock(hdev);
665
666 if (!lmp_le_capable(hdev)) {
667 err = -EINVAL;
668 goto unlock;
669 }
670
671 memset(&cp, 0, sizeof(cp));
672
673 len = create_ad(hdev, cp.data);
674
675 if (hdev->adv_data_len == len &&
676 memcmp(cp.data, hdev->adv_data, len) == 0) {
677 err = 0;
678 goto unlock;
679 }
680
681 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
682 hdev->adv_data_len = len;
683
684 cp.length = len;
685 err = hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
686
687unlock:
688 hci_dev_unlock(hdev);
689
690 return err;
691}
692
1da177e4
LT		 693/* ---- HCI ioctl helpers ---- */
694
695int hci_dev_open(__u16 dev)
696{
697 struct hci_dev *hdev;
698 int ret = 0;
699
5a08ecce
AE		 700 hdev = hci_dev_get(dev);
701 if (!hdev)
1da177e4
LT		 702 return -ENODEV;
703
704 BT_DBG("%s %p", hdev->name, hdev);
705
706 hci_req_lock(hdev);
707
94324962
JH		 708 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
709 ret = -ENODEV;
710 goto done;
711 }
712
611b30f7
MH		 713 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
714 ret = -ERFKILL;
715 goto done;
716 }
717
1da177e4
LT		 718 if (test_bit(HCI_UP, &hdev->flags)) {
719 ret = -EALREADY;
720 goto done;
721 }
722
723 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
724 set_bit(HCI_RAW, &hdev->flags);
725
07e3b94a
AE		 726 /* Treat all non BR/EDR controllers as raw devices if
727 enable_hs is not set */
728 if (hdev->dev_type != HCI_BREDR && !enable_hs)
943da25d
MH		 729 set_bit(HCI_RAW, &hdev->flags);
730
1da177e4
LT		 731 if (hdev->open(hdev)) {
732 ret = -EIO;
733 goto done;
734 }
735
736 if (!test_bit(HCI_RAW, &hdev->flags)) {
737 atomic_set(&hdev->cmd_cnt, 1);
738 set_bit(HCI_INIT, &hdev->flags);
a5040efa 739 hdev->init_last_cmd = 0;
1da177e4 740
01178cd4 741 ret = __hci_req_sync(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
1da177e4
LT		 742
743 clear_bit(HCI_INIT, &hdev->flags);
744 }
745
746 if (!ret) {
747 hci_dev_hold(hdev);
748 set_bit(HCI_UP, &hdev->flags);
749 hci_notify(hdev, HCI_DEV_UP);
3f0f524b 750 hci_update_ad(hdev);
bb4b2a9a
AE		 751 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
752 mgmt_valid_hdev(hdev)) {
09fd0de5 753 hci_dev_lock(hdev);
744cf19e 754 mgmt_powered(hdev, 1);
09fd0de5 755 hci_dev_unlock(hdev);
56e5cb86 756 }
8e87d142 757 } else {
1da177e4 758 /* Init failed, cleanup */
3eff45ea 759 flush_work(&hdev->tx_work);
c347b765 760 flush_work(&hdev->cmd_work);
b78752cc 761 flush_work(&hdev->rx_work);
1da177e4
LT		 762
763 skb_queue_purge(&hdev->cmd_q);
764 skb_queue_purge(&hdev->rx_q);
765
766 if (hdev->flush)
767 hdev->flush(hdev);
768
769 if (hdev->sent_cmd) {
770 kfree_skb(hdev->sent_cmd);
771 hdev->sent_cmd = NULL;
772 }
773
774 hdev->close(hdev);
775 hdev->flags = 0;
776 }
777
778done:
779 hci_req_unlock(hdev);
780 hci_dev_put(hdev);
781 return ret;
782}
783
784static int hci_dev_do_close(struct hci_dev *hdev)
785{
786 BT_DBG("%s %p", hdev->name, hdev);
787
28b75a89
AG		 788 cancel_work_sync(&hdev->le_scan);
789
78c04c0b
VCG		 790 cancel_delayed_work(&hdev->power_off);
791
1da177e4
LT		 792 hci_req_cancel(hdev, ENODEV);
793 hci_req_lock(hdev);
794
795 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
b79f44c1 796 del_timer_sync(&hdev->cmd_timer);
1da177e4
LT		 797 hci_req_unlock(hdev);
798 return 0;
799 }
800
3eff45ea
GP		 801 /* Flush RX and TX works */
802 flush_work(&hdev->tx_work);
b78752cc 803 flush_work(&hdev->rx_work);
1da177e4 804
16ab91ab 805 if (hdev->discov_timeout > 0) {
e0f9309f 806 cancel_delayed_work(&hdev->discov_off);
16ab91ab 807 hdev->discov_timeout = 0;
5e5282bb 808 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
16ab91ab
JH		 809 }
810
a8b2d5c2 811 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 812 cancel_delayed_work(&hdev->service_cache);
813
7ba8b4be
AG		 814 cancel_delayed_work_sync(&hdev->le_scan_disable);
815
09fd0de5 816 hci_dev_lock(hdev);
1da177e4
LT		 817 inquiry_cache_flush(hdev);
818 hci_conn_hash_flush(hdev);
09fd0de5 819 hci_dev_unlock(hdev);
1da177e4
LT		 820
821 hci_notify(hdev, HCI_DEV_DOWN);
822
823 if (hdev->flush)
824 hdev->flush(hdev);
825
826 /* Reset device */
827 skb_queue_purge(&hdev->cmd_q);
828 atomic_set(&hdev->cmd_cnt, 1);
8af59467 829 if (!test_bit(HCI_RAW, &hdev->flags) &&
a6c511c6 830 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
1da177e4 831 set_bit(HCI_INIT, &hdev->flags);
01178cd4 832 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
1da177e4
LT		 833 clear_bit(HCI_INIT, &hdev->flags);
834 }
835
c347b765
GP		 836 /* flush cmd work */
837 flush_work(&hdev->cmd_work);
1da177e4
LT		 838
839 /* Drop queues */
840 skb_queue_purge(&hdev->rx_q);
841 skb_queue_purge(&hdev->cmd_q);
842 skb_queue_purge(&hdev->raw_q);
843
844 /* Drop last sent command */
845 if (hdev->sent_cmd) {
b79f44c1 846 del_timer_sync(&hdev->cmd_timer);
1da177e4
LT		 847 kfree_skb(hdev->sent_cmd);
848 hdev->sent_cmd = NULL;
849 }
850
851 /* After this point our queues are empty
852 * and no tasks are scheduled. */
853 hdev->close(hdev);
854
bb4b2a9a
AE		 855 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
856 mgmt_valid_hdev(hdev)) {
8ee56540
MH		 857 hci_dev_lock(hdev);
858 mgmt_powered(hdev, 0);
859 hci_dev_unlock(hdev);
860 }
5add6af8 861
1da177e4
LT		 862 /* Clear flags */
863 hdev->flags = 0;
864
ced5c338
AE		 865 /* Controller radio is available but is currently powered down */
866 hdev->amp_status = 0;
867
e59fda8d 868 memset(hdev->eir, 0, sizeof(hdev->eir));
09b3c3fb 869 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
e59fda8d 870
1da177e4
LT		 871 hci_req_unlock(hdev);
872
873 hci_dev_put(hdev);
874 return 0;
875}
876
877int hci_dev_close(__u16 dev)
878{
879 struct hci_dev *hdev;
880 int err;
881
70f23020
AE		 882 hdev = hci_dev_get(dev);
883 if (!hdev)
1da177e4 884 return -ENODEV;
8ee56540
MH		 885
886 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
887 cancel_delayed_work(&hdev->power_off);
888
1da177e4 889 err = hci_dev_do_close(hdev);
8ee56540 890
1da177e4
LT		 891 hci_dev_put(hdev);
892 return err;
893}
894
895int hci_dev_reset(__u16 dev)
896{
897 struct hci_dev *hdev;
898 int ret = 0;
899
70f23020
AE		 900 hdev = hci_dev_get(dev);
901 if (!hdev)
1da177e4
LT		 902 return -ENODEV;
903
904 hci_req_lock(hdev);
1da177e4
LT		 905
906 if (!test_bit(HCI_UP, &hdev->flags))
907 goto done;
908
909 /* Drop queues */
910 skb_queue_purge(&hdev->rx_q);
911 skb_queue_purge(&hdev->cmd_q);
912
09fd0de5 913 hci_dev_lock(hdev);
1da177e4
LT		 914 inquiry_cache_flush(hdev);
915 hci_conn_hash_flush(hdev);
09fd0de5 916 hci_dev_unlock(hdev);
1da177e4
LT		 917
918 if (hdev->flush)
919 hdev->flush(hdev);
920
8e87d142 921 atomic_set(&hdev->cmd_cnt, 1);
6ed58ec5 922 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1da177e4
LT		 923
924 if (!test_bit(HCI_RAW, &hdev->flags))
01178cd4 925 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
1da177e4
LT		 926
927done:
1da177e4
LT		 928 hci_req_unlock(hdev);
929 hci_dev_put(hdev);
930 return ret;
931}
932
933int hci_dev_reset_stat(__u16 dev)
934{
935 struct hci_dev *hdev;
936 int ret = 0;
937
70f23020
AE		 938 hdev = hci_dev_get(dev);
939 if (!hdev)
1da177e4
LT		 940 return -ENODEV;
941
942 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
943
944 hci_dev_put(hdev);
945
946 return ret;
947}
948
949int hci_dev_cmd(unsigned int cmd, void __user *arg)
950{
951 struct hci_dev *hdev;
952 struct hci_dev_req dr;
953 int err = 0;
954
955 if (copy_from_user(&dr, arg, sizeof(dr)))
956 return -EFAULT;
957
70f23020
AE		 958 hdev = hci_dev_get(dr.dev_id);
959 if (!hdev)
1da177e4
LT		 960 return -ENODEV;
961
962 switch (cmd) {
963 case HCISETAUTH:
01178cd4
JH		 964 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
965 HCI_INIT_TIMEOUT);
1da177e4
LT		 966 break;
967
968 case HCISETENCRYPT:
969 if (!lmp_encrypt_capable(hdev)) {
970 err = -EOPNOTSUPP;
971 break;
972 }
973
974 if (!test_bit(HCI_AUTH, &hdev->flags)) {
975 /* Auth must be enabled first */
01178cd4
JH		 976 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
977 HCI_INIT_TIMEOUT);
1da177e4
LT		 978 if (err)
979 break;
980 }
981
01178cd4
JH		 982 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
983 HCI_INIT_TIMEOUT);
1da177e4
LT		 984 break;
985
986 case HCISETSCAN:
01178cd4
JH		 987 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
988 HCI_INIT_TIMEOUT);
1da177e4
LT		 989 break;
990
1da177e4 991 case HCISETLINKPOL:
01178cd4
JH		 992 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
993 HCI_INIT_TIMEOUT);
1da177e4
LT		 994 break;
995
996 case HCISETLINKMODE:
e4e8e37c
MH		 997 hdev->link_mode = ((__u16) dr.dev_opt) &
998 (HCI_LM_MASTER | HCI_LM_ACCEPT);
999 break;
1000
1001 case HCISETPTYPE:
1002 hdev->pkt_type = (__u16) dr.dev_opt;
1da177e4
LT		 1003 break;
1004
1005 case HCISETACLMTU:
e4e8e37c
MH		 1006 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1007 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1da177e4
LT		 1008 break;
1009
1010 case HCISETSCOMTU:
e4e8e37c
MH		 1011 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1012 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1da177e4
LT		 1013 break;
1014
1015 default:
1016 err = -EINVAL;
1017 break;
1018 }
e4e8e37c 1019
1da177e4
LT		 1020 hci_dev_put(hdev);
1021 return err;
1022}
1023
1024int hci_get_dev_list(void __user *arg)
1025{
8035ded4 1026 struct hci_dev *hdev;
1da177e4
LT		 1027 struct hci_dev_list_req *dl;
1028 struct hci_dev_req *dr;
1da177e4
LT		 1029 int n = 0, size, err;
1030 __u16 dev_num;
1031
1032 if (get_user(dev_num, (__u16 __user *) arg))
1033 return -EFAULT;
1034
1035 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1036 return -EINVAL;
1037
1038 size = sizeof(*dl) + dev_num * sizeof(*dr);
1039
70f23020
AE		 1040 dl = kzalloc(size, GFP_KERNEL);
1041 if (!dl)
1da177e4
LT		 1042 return -ENOMEM;
1043
1044 dr = dl->dev_req;
1045
f20d09d5 1046 read_lock(&hci_dev_list_lock);
8035ded4 1047 list_for_each_entry(hdev, &hci_dev_list, list) {
a8b2d5c2 1048 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
e0f9309f 1049 cancel_delayed_work(&hdev->power_off);
c542a06c 1050
a8b2d5c2
JH		 1051 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1052 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1053
1da177e4
LT		 1054 (dr + n)->dev_id = hdev->id;
1055 (dr + n)->dev_opt = hdev->flags;
c542a06c 1056
1da177e4
LT		 1057 if (++n >= dev_num)
1058 break;
1059 }
f20d09d5 1060 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 1061
1062 dl->dev_num = n;
1063 size = sizeof(*dl) + n * sizeof(*dr);
1064
1065 err = copy_to_user(arg, dl, size);
1066 kfree(dl);
1067
1068 return err ? -EFAULT : 0;
1069}
1070
1071int hci_get_dev_info(void __user *arg)
1072{
1073 struct hci_dev *hdev;
1074 struct hci_dev_info di;
1075 int err = 0;
1076
1077 if (copy_from_user(&di, arg, sizeof(di)))
1078 return -EFAULT;
1079
70f23020
AE		 1080 hdev = hci_dev_get(di.dev_id);
1081 if (!hdev)
1da177e4
LT		 1082 return -ENODEV;
1083
a8b2d5c2 1084 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
3243553f 1085 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 1086
a8b2d5c2
JH		 1087 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1088 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1089
1da177e4
LT		 1090 strcpy(di.name, hdev->name);
1091 di.bdaddr = hdev->bdaddr;
943da25d 1092 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1da177e4
LT		 1093 di.flags = hdev->flags;
1094 di.pkt_type = hdev->pkt_type;
572c7f84
JH		 1095 if (lmp_bredr_capable(hdev)) {
1096 di.acl_mtu = hdev->acl_mtu;
1097 di.acl_pkts = hdev->acl_pkts;
1098 di.sco_mtu = hdev->sco_mtu;
1099 di.sco_pkts = hdev->sco_pkts;
1100 } else {
1101 di.acl_mtu = hdev->le_mtu;
1102 di.acl_pkts = hdev->le_pkts;
1103 di.sco_mtu = 0;
1104 di.sco_pkts = 0;
1105 }
1da177e4
LT		 1106 di.link_policy = hdev->link_policy;
1107 di.link_mode = hdev->link_mode;
1108
1109 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1110 memcpy(&di.features, &hdev->features, sizeof(di.features));
1111
1112 if (copy_to_user(arg, &di, sizeof(di)))
1113 err = -EFAULT;
1114
1115 hci_dev_put(hdev);
1116
1117 return err;
1118}
1119
1120/* ---- Interface to HCI drivers ---- */
1121
611b30f7
MH		 1122static int hci_rfkill_set_block(void *data, bool blocked)
1123{
1124 struct hci_dev *hdev = data;
1125
1126 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1127
1128 if (!blocked)
1129 return 0;
1130
1131 hci_dev_do_close(hdev);
1132
1133 return 0;
1134}
1135
1136static const struct rfkill_ops hci_rfkill_ops = {
1137 .set_block = hci_rfkill_set_block,
1138};
1139
ab81cbf9
JH		 1140static void hci_power_on(struct work_struct *work)
1141{
1142 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1143
1144 BT_DBG("%s", hdev->name);
1145
1146 if (hci_dev_open(hdev->id) < 0)
1147 return;
1148
a8b2d5c2 1149 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
19202573
JH		 1150 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1151 HCI_AUTO_OFF_TIMEOUT);
ab81cbf9 1152
a8b2d5c2 1153 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
744cf19e 1154 mgmt_index_added(hdev);
ab81cbf9
JH		 1155}
1156
1157static void hci_power_off(struct work_struct *work)
1158{
3243553f 1159 struct hci_dev *hdev = container_of(work, struct hci_dev,
a8c5fb1a 1160 power_off.work);
ab81cbf9
JH		 1161
1162 BT_DBG("%s", hdev->name);
1163
8ee56540 1164 hci_dev_do_close(hdev);
ab81cbf9
JH		 1165}
1166
16ab91ab
JH		 1167static void hci_discov_off(struct work_struct *work)
1168{
1169 struct hci_dev *hdev;
1170 u8 scan = SCAN_PAGE;
1171
1172 hdev = container_of(work, struct hci_dev, discov_off.work);
1173
1174 BT_DBG("%s", hdev->name);
1175
09fd0de5 1176 hci_dev_lock(hdev);
16ab91ab
JH		 1177
1178 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1179
1180 hdev->discov_timeout = 0;
1181
09fd0de5 1182 hci_dev_unlock(hdev);
16ab91ab
JH		 1183}
1184
2aeb9a1a
JH		 1185int hci_uuids_clear(struct hci_dev *hdev)
1186{
4821002c 1187 struct bt_uuid *uuid, *tmp;
2aeb9a1a 1188
4821002c
JH		 1189 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
1190 list_del(&uuid->list);
2aeb9a1a
JH		 1191 kfree(uuid);
1192 }
1193
1194 return 0;
1195}
1196
55ed8ca1
JH		 1197int hci_link_keys_clear(struct hci_dev *hdev)
1198{
1199 struct list_head *p, *n;
1200
1201 list_for_each_safe(p, n, &hdev->link_keys) {
1202 struct link_key *key;
1203
1204 key = list_entry(p, struct link_key, list);
1205
1206 list_del(p);
1207 kfree(key);
1208 }
1209
1210 return 0;
1211}
1212
b899efaf
VCG		 1213int hci_smp_ltks_clear(struct hci_dev *hdev)
1214{
1215 struct smp_ltk *k, *tmp;
1216
1217 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1218 list_del(&k->list);
1219 kfree(k);
1220 }
1221
1222 return 0;
1223}
1224
55ed8ca1
JH		 1225struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1226{
8035ded4 1227 struct link_key *k;
55ed8ca1 1228
8035ded4 1229 list_for_each_entry(k, &hdev->link_keys, list)
55ed8ca1
JH		 1230 if (bacmp(bdaddr, &k->bdaddr) == 0)
1231 return k;
55ed8ca1
JH		 1232
1233 return NULL;
1234}
1235
745c0ce3 1236static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
a8c5fb1a 1237 u8 key_type, u8 old_key_type)
d25e28ab
JH		 1238{
1239 /* Legacy key */
1240 if (key_type < 0x03)
745c0ce3 1241 return true;
d25e28ab
JH		 1242
1243 /* Debug keys are insecure so don't store them persistently */
1244 if (key_type == HCI_LK_DEBUG_COMBINATION)
745c0ce3 1245 return false;
d25e28ab
JH		 1246
1247 /* Changed combination key and there's no previous one */
1248 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
745c0ce3 1249 return false;
d25e28ab
JH		 1250
1251 /* Security mode 3 case */
1252 if (!conn)
745c0ce3 1253 return true;
d25e28ab
JH		 1254
1255 /* Neither local nor remote side had no-bonding as requirement */
1256 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
745c0ce3 1257 return true;
d25e28ab
JH		 1258
1259 /* Local side had dedicated bonding as requirement */
1260 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
745c0ce3 1261 return true;
d25e28ab
JH		 1262
1263 /* Remote side had dedicated bonding as requirement */
1264 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
745c0ce3 1265 return true;
d25e28ab
JH		 1266
1267 /* If none of the above criteria match, then don't store the key
1268 * persistently */
745c0ce3 1269 return false;
d25e28ab
JH		 1270}
1271
c9839a11 1272struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
75d262c2 1273{
c9839a11 1274 struct smp_ltk *k;
75d262c2 1275
c9839a11
VCG		 1276 list_for_each_entry(k, &hdev->long_term_keys, list) {
1277 if (k->ediv != ediv ||
a8c5fb1a 1278 memcmp(rand, k->rand, sizeof(k->rand)))
75d262c2
VCG		 1279 continue;
1280
c9839a11 1281 return k;
75d262c2
VCG		 1282 }
1283
1284 return NULL;
1285}
75d262c2 1286
c9839a11 1287struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1288 u8 addr_type)
75d262c2 1289{
c9839a11 1290 struct smp_ltk *k;
75d262c2 1291
c9839a11
VCG		 1292 list_for_each_entry(k, &hdev->long_term_keys, list)
1293 if (addr_type == k->bdaddr_type &&
a8c5fb1a 1294 bacmp(bdaddr, &k->bdaddr) == 0)
75d262c2
VCG		 1295 return k;
1296
1297 return NULL;
1298}
75d262c2 1299
d25e28ab 1300int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
04124681 1301 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
55ed8ca1
JH		 1302{
1303 struct link_key *key, *old_key;
745c0ce3
VA		 1304 u8 old_key_type;
1305 bool persistent;
55ed8ca1
JH		 1306
1307 old_key = hci_find_link_key(hdev, bdaddr);
1308 if (old_key) {
1309 old_key_type = old_key->type;
1310 key = old_key;
1311 } else {
12adcf3a 1312 old_key_type = conn ? conn->key_type : 0xff;
55ed8ca1
JH		 1313 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1314 if (!key)
1315 return -ENOMEM;
1316 list_add(&key->list, &hdev->link_keys);
1317 }
1318
6ed93dc6 1319 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
55ed8ca1 1320
d25e28ab
JH		 1321 /* Some buggy controller combinations generate a changed
1322 * combination key for legacy pairing even when there's no
1323 * previous key */
1324 if (type == HCI_LK_CHANGED_COMBINATION &&
a8c5fb1a 1325 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
d25e28ab 1326 type = HCI_LK_COMBINATION;
655fe6ec
JH		 1327 if (conn)
1328 conn->key_type = type;
1329 }
d25e28ab 1330
55ed8ca1 1331 bacpy(&key->bdaddr, bdaddr);
9b3b4460 1332 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 1333 key->pin_len = pin_len;
1334
b6020ba0 1335 if (type == HCI_LK_CHANGED_COMBINATION)
55ed8ca1 1336 key->type = old_key_type;
4748fed2
JH		 1337 else
1338 key->type = type;
1339
4df378a1
JH		 1340 if (!new_key)
1341 return 0;
1342
1343 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1344
744cf19e 1345 mgmt_new_link_key(hdev, key, persistent);
4df378a1 1346
6ec5bcad
VA		 1347 if (conn)
1348 conn->flush_key = !persistent;
55ed8ca1
JH		 1349
1350 return 0;
1351}
1352
c9839a11 1353int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
9a006657 1354 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
04124681 1355 ediv, u8 rand[8])
75d262c2 1356{
c9839a11 1357 struct smp_ltk *key, *old_key;
75d262c2 1358
c9839a11
VCG		 1359 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1360 return 0;
75d262c2 1361
c9839a11
VCG		 1362 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1363 if (old_key)
75d262c2 1364 key = old_key;
c9839a11
VCG		 1365 else {
1366 key = kzalloc(sizeof(*key), GFP_ATOMIC);
75d262c2
VCG		 1367 if (!key)
1368 return -ENOMEM;
c9839a11 1369 list_add(&key->list, &hdev->long_term_keys);
75d262c2
VCG		 1370 }
1371
75d262c2 1372 bacpy(&key->bdaddr, bdaddr);
c9839a11
VCG		 1373 key->bdaddr_type = addr_type;
1374 memcpy(key->val, tk, sizeof(key->val));
1375 key->authenticated = authenticated;
1376 key->ediv = ediv;
1377 key->enc_size = enc_size;
1378 key->type = type;
1379 memcpy(key->rand, rand, sizeof(key->rand));
75d262c2 1380
c9839a11
VCG		 1381 if (!new_key)
1382 return 0;
75d262c2 1383
261cc5aa
VCG		 1384 if (type & HCI_SMP_LTK)
1385 mgmt_new_ltk(hdev, key, 1);
1386
75d262c2
VCG		 1387 return 0;
1388}
1389
55ed8ca1
JH		 1390int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1391{
1392 struct link_key *key;
1393
1394 key = hci_find_link_key(hdev, bdaddr);
1395 if (!key)
1396 return -ENOENT;
1397
6ed93dc6 1398 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
55ed8ca1
JH		 1399
1400 list_del(&key->list);
1401 kfree(key);
1402
1403 return 0;
1404}
1405
b899efaf
VCG		 1406int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1407{
1408 struct smp_ltk *k, *tmp;
1409
1410 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1411 if (bacmp(bdaddr, &k->bdaddr))
1412 continue;
1413
6ed93dc6 1414 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
b899efaf
VCG		 1415
1416 list_del(&k->list);
1417 kfree(k);
1418 }
1419
1420 return 0;
1421}
1422
6bd32326 1423/* HCI command timer function */
bda4f23a 1424static void hci_cmd_timeout(unsigned long arg)
6bd32326
VT		 1425{
1426 struct hci_dev *hdev = (void *) arg;
1427
bda4f23a
AE		 1428 if (hdev->sent_cmd) {
1429 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1430 u16 opcode = __le16_to_cpu(sent->opcode);
1431
1432 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1433 } else {
1434 BT_ERR("%s command tx timeout", hdev->name);
1435 }
1436
6bd32326 1437 atomic_set(&hdev->cmd_cnt, 1);
c347b765 1438 queue_work(hdev->workqueue, &hdev->cmd_work);
6bd32326
VT		 1439}
1440
2763eda6 1441struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
04124681 1442 bdaddr_t *bdaddr)
2763eda6
SJ		 1443{
1444 struct oob_data *data;
1445
1446 list_for_each_entry(data, &hdev->remote_oob_data, list)
1447 if (bacmp(bdaddr, &data->bdaddr) == 0)
1448 return data;
1449
1450 return NULL;
1451}
1452
1453int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1454{
1455 struct oob_data *data;
1456
1457 data = hci_find_remote_oob_data(hdev, bdaddr);
1458 if (!data)
1459 return -ENOENT;
1460
6ed93dc6 1461 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2763eda6
SJ		 1462
1463 list_del(&data->list);
1464 kfree(data);
1465
1466 return 0;
1467}
1468
1469int hci_remote_oob_data_clear(struct hci_dev *hdev)
1470{
1471 struct oob_data *data, *n;
1472
1473 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1474 list_del(&data->list);
1475 kfree(data);
1476 }
1477
1478 return 0;
1479}
1480
1481int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
04124681 1482 u8 *randomizer)
2763eda6
SJ		 1483{
1484 struct oob_data *data;
1485
1486 data = hci_find_remote_oob_data(hdev, bdaddr);
1487
1488 if (!data) {
1489 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1490 if (!data)
1491 return -ENOMEM;
1492
1493 bacpy(&data->bdaddr, bdaddr);
1494 list_add(&data->list, &hdev->remote_oob_data);
1495 }
1496
1497 memcpy(data->hash, hash, sizeof(data->hash));
1498 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1499
6ed93dc6 1500 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2763eda6
SJ		 1501
1502 return 0;
1503}
1504
04124681 1505struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
b2a66aad 1506{
8035ded4 1507 struct bdaddr_list *b;
b2a66aad 1508
8035ded4 1509 list_for_each_entry(b, &hdev->blacklist, list)
b2a66aad
AJ		 1510 if (bacmp(bdaddr, &b->bdaddr) == 0)
1511 return b;
b2a66aad
AJ		 1512
1513 return NULL;
1514}
1515
1516int hci_blacklist_clear(struct hci_dev *hdev)
1517{
1518 struct list_head *p, *n;
1519
1520 list_for_each_safe(p, n, &hdev->blacklist) {
1521 struct bdaddr_list *b;
1522
1523 b = list_entry(p, struct bdaddr_list, list);
1524
1525 list_del(p);
1526 kfree(b);
1527 }
1528
1529 return 0;
1530}
1531
88c1fe4b 1532int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
b2a66aad
AJ		 1533{
1534 struct bdaddr_list *entry;
b2a66aad
AJ		 1535
1536 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1537 return -EBADF;
1538
5e762444
AJ		 1539 if (hci_blacklist_lookup(hdev, bdaddr))
1540 return -EEXIST;
b2a66aad
AJ		 1541
1542 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
5e762444
AJ		 1543 if (!entry)
1544 return -ENOMEM;
b2a66aad
AJ		 1545
1546 bacpy(&entry->bdaddr, bdaddr);
1547
1548 list_add(&entry->list, &hdev->blacklist);
1549
88c1fe4b 1550 return mgmt_device_blocked(hdev, bdaddr, type);
b2a66aad
AJ		 1551}
1552
88c1fe4b 1553int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
b2a66aad
AJ		 1554{
1555 struct bdaddr_list *entry;
b2a66aad 1556
1ec918ce 1557 if (bacmp(bdaddr, BDADDR_ANY) == 0)
5e762444 1558 return hci_blacklist_clear(hdev);
b2a66aad
AJ		 1559
1560 entry = hci_blacklist_lookup(hdev, bdaddr);
1ec918ce 1561 if (!entry)
5e762444 1562 return -ENOENT;
b2a66aad
AJ		 1563
1564 list_del(&entry->list);
1565 kfree(entry);
1566
88c1fe4b 1567 return mgmt_device_unblocked(hdev, bdaddr, type);
b2a66aad
AJ		 1568}
1569
7ba8b4be
AG		 1570static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1571{
1572 struct le_scan_params *param = (struct le_scan_params *) opt;
1573 struct hci_cp_le_set_scan_param cp;
1574
1575 memset(&cp, 0, sizeof(cp));
1576 cp.type = param->type;
1577 cp.interval = cpu_to_le16(param->interval);
1578 cp.window = cpu_to_le16(param->window);
1579
1580 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1581}
1582
1583static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1584{
1585 struct hci_cp_le_set_scan_enable cp;
1586
1587 memset(&cp, 0, sizeof(cp));
1588 cp.enable = 1;
0431a43c 1589 cp.filter_dup = 1;
7ba8b4be
AG		 1590
1591 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1592}
1593
1594static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
04124681 1595 u16 window, int timeout)
7ba8b4be
AG		 1596{
1597 long timeo = msecs_to_jiffies(3000);
1598 struct le_scan_params param;
1599 int err;
1600
1601 BT_DBG("%s", hdev->name);
1602
1603 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1604 return -EINPROGRESS;
1605
1606 param.type = type;
1607 param.interval = interval;
1608 param.window = window;
1609
1610 hci_req_lock(hdev);
1611
01178cd4
JH		 1612 err = __hci_req_sync(hdev, le_scan_param_req, (unsigned long) &param,
1613 timeo);
7ba8b4be 1614 if (!err)
01178cd4 1615 err = __hci_req_sync(hdev, le_scan_enable_req, 0, timeo);
7ba8b4be
AG		 1616
1617 hci_req_unlock(hdev);
1618
1619 if (err < 0)
1620 return err;
1621
46818ed5
JH		 1622 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
1623 msecs_to_jiffies(timeout));
7ba8b4be
AG		 1624
1625 return 0;
1626}
1627
7dbfac1d
AG		 1628int hci_cancel_le_scan(struct hci_dev *hdev)
1629{
1630 BT_DBG("%s", hdev->name);
1631
1632 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1633 return -EALREADY;
1634
1635 if (cancel_delayed_work(&hdev->le_scan_disable)) {
1636 struct hci_cp_le_set_scan_enable cp;
1637
1638 /* Send HCI command to disable LE Scan */
1639 memset(&cp, 0, sizeof(cp));
1640 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1641 }
1642
1643 return 0;
1644}
1645
7ba8b4be
AG		 1646static void le_scan_disable_work(struct work_struct *work)
1647{
1648 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1649 le_scan_disable.work);
7ba8b4be
AG		 1650 struct hci_cp_le_set_scan_enable cp;
1651
1652 BT_DBG("%s", hdev->name);
1653
1654 memset(&cp, 0, sizeof(cp));
1655
1656 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1657}
1658
28b75a89
AG		 1659static void le_scan_work(struct work_struct *work)
1660{
1661 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1662 struct le_scan_params *param = &hdev->le_scan_params;
1663
1664 BT_DBG("%s", hdev->name);
1665
04124681
GP		 1666 hci_do_le_scan(hdev, param->type, param->interval, param->window,
1667 param->timeout);
28b75a89
AG		 1668}
1669
1670int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
04124681 1671 int timeout)
28b75a89
AG		 1672{
1673 struct le_scan_params *param = &hdev->le_scan_params;
1674
1675 BT_DBG("%s", hdev->name);
1676
f1550478
JH		 1677 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
1678 return -ENOTSUPP;
1679
28b75a89
AG		 1680 if (work_busy(&hdev->le_scan))
1681 return -EINPROGRESS;
1682
1683 param->type = type;
1684 param->interval = interval;
1685 param->window = window;
1686 param->timeout = timeout;
1687
1688 queue_work(system_long_wq, &hdev->le_scan);
1689
1690 return 0;
1691}
1692
9be0dab7
DH		 1693/* Alloc HCI device */
1694struct hci_dev *hci_alloc_dev(void)
1695{
1696 struct hci_dev *hdev;
1697
1698 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1699 if (!hdev)
1700 return NULL;
1701
b1b813d4
DH		 1702 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1703 hdev->esco_type = (ESCO_HV1);
1704 hdev->link_mode = (HCI_LM_ACCEPT);
1705 hdev->io_capability = 0x03; /* No Input No Output */
bbaf444a
JH		 1706 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
1707 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
b1b813d4 1708
b1b813d4
DH		 1709 hdev->sniff_max_interval = 800;
1710 hdev->sniff_min_interval = 80;
1711
1712 mutex_init(&hdev->lock);
1713 mutex_init(&hdev->req_lock);
1714
1715 INIT_LIST_HEAD(&hdev->mgmt_pending);
1716 INIT_LIST_HEAD(&hdev->blacklist);
1717 INIT_LIST_HEAD(&hdev->uuids);
1718 INIT_LIST_HEAD(&hdev->link_keys);
1719 INIT_LIST_HEAD(&hdev->long_term_keys);
1720 INIT_LIST_HEAD(&hdev->remote_oob_data);
6b536b5e 1721 INIT_LIST_HEAD(&hdev->conn_hash.list);
b1b813d4
DH		 1722
1723 INIT_WORK(&hdev->rx_work, hci_rx_work);
1724 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1725 INIT_WORK(&hdev->tx_work, hci_tx_work);
1726 INIT_WORK(&hdev->power_on, hci_power_on);
1727 INIT_WORK(&hdev->le_scan, le_scan_work);
1728
b1b813d4
DH		 1729 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1730 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1731 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
1732
9be0dab7 1733 skb_queue_head_init(&hdev->driver_init);
b1b813d4
DH		 1734 skb_queue_head_init(&hdev->rx_q);
1735 skb_queue_head_init(&hdev->cmd_q);
1736 skb_queue_head_init(&hdev->raw_q);
1737
1738 init_waitqueue_head(&hdev->req_wait_q);
1739
bda4f23a 1740 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
b1b813d4 1741
b1b813d4
DH		 1742 hci_init_sysfs(hdev);
1743 discovery_init(hdev);
9be0dab7
DH		 1744
1745 return hdev;
1746}
1747EXPORT_SYMBOL(hci_alloc_dev);
1748
1749/* Free HCI device */
1750void hci_free_dev(struct hci_dev *hdev)
1751{
1752 skb_queue_purge(&hdev->driver_init);
1753
1754 /* will free via device release */
1755 put_device(&hdev->dev);
1756}
1757EXPORT_SYMBOL(hci_free_dev);
1758
1da177e4
LT		 1759/* Register HCI device */
1760int hci_register_dev(struct hci_dev *hdev)
1761{
b1b813d4 1762 int id, error;
1da177e4 1763
010666a1 1764 if (!hdev->open || !hdev->close)
1da177e4
LT		 1765 return -EINVAL;
1766
08add513
MM		 1767 /* Do not allow HCI_AMP devices to register at index 0,
1768 * so the index can be used as the AMP controller ID.
1769 */
3df92b31
SL		 1770 switch (hdev->dev_type) {
1771 case HCI_BREDR:
1772 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
1773 break;
1774 case HCI_AMP:
1775 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
1776 break;
1777 default:
1778 return -EINVAL;
1da177e4 1779 }
8e87d142 1780
3df92b31
SL		 1781 if (id < 0)
1782 return id;
1783
1da177e4
LT		 1784 sprintf(hdev->name, "hci%d", id);
1785 hdev->id = id;
2d8b3a11
AE		 1786
1787 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1788
3df92b31
SL		 1789 write_lock(&hci_dev_list_lock);
1790 list_add(&hdev->list, &hci_dev_list);
f20d09d5 1791 write_unlock(&hci_dev_list_lock);
1da177e4 1792
32845eb1 1793 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
a8c5fb1a 1794 WQ_MEM_RECLAIM, 1);
33ca954d
DH		 1795 if (!hdev->workqueue) {
1796 error = -ENOMEM;
1797 goto err;
1798 }
f48fd9c8 1799
6ead1bbc
JH		 1800 hdev->req_workqueue = alloc_workqueue(hdev->name,
1801 WQ_HIGHPRI | WQ_UNBOUND |
1802 WQ_MEM_RECLAIM, 1);
1803 if (!hdev->req_workqueue) {
1804 destroy_workqueue(hdev->workqueue);
1805 error = -ENOMEM;
1806 goto err;
1807 }
1808
33ca954d
DH		 1809 error = hci_add_sysfs(hdev);
1810 if (error < 0)
1811 goto err_wqueue;
1da177e4 1812
611b30f7 1813 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
a8c5fb1a
GP		 1814 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
1815 hdev);
611b30f7
MH		 1816 if (hdev->rfkill) {
1817 if (rfkill_register(hdev->rfkill) < 0) {
1818 rfkill_destroy(hdev->rfkill);
1819 hdev->rfkill = NULL;
1820 }
1821 }
1822
a8b2d5c2 1823 set_bit(HCI_SETUP, &hdev->dev_flags);
ce2be9ac
AE		 1824
1825 if (hdev->dev_type != HCI_AMP)
1826 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1827
1da177e4 1828 hci_notify(hdev, HCI_DEV_REG);
dc946bd8 1829 hci_dev_hold(hdev);
1da177e4 1830
19202573 1831 queue_work(hdev->req_workqueue, &hdev->power_on);
fbe96d6f 1832
1da177e4 1833 return id;
f48fd9c8 1834
33ca954d
DH		 1835err_wqueue:
1836 destroy_workqueue(hdev->workqueue);
6ead1bbc 1837 destroy_workqueue(hdev->req_workqueue);
33ca954d 1838err:
3df92b31 1839 ida_simple_remove(&hci_index_ida, hdev->id);
f20d09d5 1840 write_lock(&hci_dev_list_lock);
f48fd9c8 1841 list_del(&hdev->list);
f20d09d5 1842 write_unlock(&hci_dev_list_lock);
f48fd9c8 1843
33ca954d 1844 return error;
1da177e4
LT		 1845}
1846EXPORT_SYMBOL(hci_register_dev);
1847
1848/* Unregister HCI device */
59735631 1849void hci_unregister_dev(struct hci_dev *hdev)
1da177e4 1850{
3df92b31 1851 int i, id;
ef222013 1852
c13854ce 1853 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1da177e4 1854
94324962
JH		 1855 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1856
3df92b31
SL		 1857 id = hdev->id;
1858
f20d09d5 1859 write_lock(&hci_dev_list_lock);
1da177e4 1860 list_del(&hdev->list);
f20d09d5 1861 write_unlock(&hci_dev_list_lock);
1da177e4
LT		 1862
1863 hci_dev_do_close(hdev);
1864
cd4c5391 1865 for (i = 0; i < NUM_REASSEMBLY; i++)
ef222013
MH		 1866 kfree_skb(hdev->reassembly[i]);
1867
b9b5ef18
GP		 1868 cancel_work_sync(&hdev->power_on);
1869
ab81cbf9 1870 if (!test_bit(HCI_INIT, &hdev->flags) &&
a8c5fb1a 1871 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
09fd0de5 1872 hci_dev_lock(hdev);
744cf19e 1873 mgmt_index_removed(hdev);
09fd0de5 1874 hci_dev_unlock(hdev);
56e5cb86 1875 }
ab81cbf9 1876
2e58ef3e
JH		 1877 /* mgmt_index_removed should take care of emptying the
1878 * pending list */
1879 BUG_ON(!list_empty(&hdev->mgmt_pending));
1880
1da177e4
LT		 1881 hci_notify(hdev, HCI_DEV_UNREG);
1882
611b30f7
MH		 1883 if (hdev->rfkill) {
1884 rfkill_unregister(hdev->rfkill);
1885 rfkill_destroy(hdev->rfkill);
1886 }
1887
ce242970 1888 hci_del_sysfs(hdev);
147e2d59 1889
f48fd9c8 1890 destroy_workqueue(hdev->workqueue);
6ead1bbc 1891 destroy_workqueue(hdev->req_workqueue);
f48fd9c8 1892
09fd0de5 1893 hci_dev_lock(hdev);
e2e0cacb 1894 hci_blacklist_clear(hdev);
2aeb9a1a 1895 hci_uuids_clear(hdev);
55ed8ca1 1896 hci_link_keys_clear(hdev);
b899efaf 1897 hci_smp_ltks_clear(hdev);
2763eda6 1898 hci_remote_oob_data_clear(hdev);
09fd0de5 1899 hci_dev_unlock(hdev);
e2e0cacb 1900
dc946bd8 1901 hci_dev_put(hdev);
3df92b31
SL		 1902
1903 ida_simple_remove(&hci_index_ida, id);
1da177e4
LT		 1904}
1905EXPORT_SYMBOL(hci_unregister_dev);
1906
1907/* Suspend HCI device */
1908int hci_suspend_dev(struct hci_dev *hdev)
1909{
1910 hci_notify(hdev, HCI_DEV_SUSPEND);
1911 return 0;
1912}
1913EXPORT_SYMBOL(hci_suspend_dev);
1914
1915/* Resume HCI device */
1916int hci_resume_dev(struct hci_dev *hdev)
1917{
1918 hci_notify(hdev, HCI_DEV_RESUME);
1919 return 0;
1920}
1921EXPORT_SYMBOL(hci_resume_dev);
1922
76bca880
MH		 1923/* Receive frame from HCI drivers */
1924int hci_recv_frame(struct sk_buff *skb)
1925{
1926 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1927 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
a8c5fb1a 1928 && !test_bit(HCI_INIT, &hdev->flags))) {
76bca880
MH		 1929 kfree_skb(skb);
1930 return -ENXIO;
1931 }
1932
d82603c6 1933 /* Incoming skb */
76bca880
MH		 1934 bt_cb(skb)->incoming = 1;
1935
1936 /* Time stamp */
1937 __net_timestamp(skb);
1938
76bca880 1939 skb_queue_tail(&hdev->rx_q, skb);
b78752cc 1940 queue_work(hdev->workqueue, &hdev->rx_work);
c78ae283 1941
76bca880
MH		 1942 return 0;
1943}
1944EXPORT_SYMBOL(hci_recv_frame);
1945
33e882a5 1946static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
a8c5fb1a 1947 int count, __u8 index)
33e882a5
SS		 1948{
1949 int len = 0;
1950 int hlen = 0;
1951 int remain = count;
1952 struct sk_buff *skb;
1953 struct bt_skb_cb *scb;
1954
1955 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
a8c5fb1a 1956 index >= NUM_REASSEMBLY)
33e882a5
SS		 1957 return -EILSEQ;
1958
1959 skb = hdev->reassembly[index];
1960
1961 if (!skb) {
1962 switch (type) {
1963 case HCI_ACLDATA_PKT:
1964 len = HCI_MAX_FRAME_SIZE;
1965 hlen = HCI_ACL_HDR_SIZE;
1966 break;
1967 case HCI_EVENT_PKT:
1968 len = HCI_MAX_EVENT_SIZE;
1969 hlen = HCI_EVENT_HDR_SIZE;
1970 break;
1971 case HCI_SCODATA_PKT:
1972 len = HCI_MAX_SCO_SIZE;
1973 hlen = HCI_SCO_HDR_SIZE;
1974 break;
1975 }
1976
1e429f38 1977 skb = bt_skb_alloc(len, GFP_ATOMIC);
33e882a5
SS		 1978 if (!skb)
1979 return -ENOMEM;
1980
1981 scb = (void *) skb->cb;
1982 scb->expect = hlen;
1983 scb->pkt_type = type;
1984
1985 skb->dev = (void *) hdev;
1986 hdev->reassembly[index] = skb;
1987 }
1988
1989 while (count) {
1990 scb = (void *) skb->cb;
89bb46d0 1991 len = min_t(uint, scb->expect, count);
33e882a5
SS		 1992
1993 memcpy(skb_put(skb, len), data, len);
1994
1995 count -= len;
1996 data += len;
1997 scb->expect -= len;
1998 remain = count;
1999
2000 switch (type) {
2001 case HCI_EVENT_PKT:
2002 if (skb->len == HCI_EVENT_HDR_SIZE) {
2003 struct hci_event_hdr *h = hci_event_hdr(skb);
2004 scb->expect = h->plen;
2005
2006 if (skb_tailroom(skb) < scb->expect) {
2007 kfree_skb(skb);
2008 hdev->reassembly[index] = NULL;
2009 return -ENOMEM;
2010 }
2011 }
2012 break;
2013
2014 case HCI_ACLDATA_PKT:
2015 if (skb->len == HCI_ACL_HDR_SIZE) {
2016 struct hci_acl_hdr *h = hci_acl_hdr(skb);
2017 scb->expect = __le16_to_cpu(h->dlen);
2018
2019 if (skb_tailroom(skb) < scb->expect) {
2020 kfree_skb(skb);
2021 hdev->reassembly[index] = NULL;
2022 return -ENOMEM;
2023 }
2024 }
2025 break;
2026
2027 case HCI_SCODATA_PKT:
2028 if (skb->len == HCI_SCO_HDR_SIZE) {
2029 struct hci_sco_hdr *h = hci_sco_hdr(skb);
2030 scb->expect = h->dlen;
2031
2032 if (skb_tailroom(skb) < scb->expect) {
2033 kfree_skb(skb);
2034 hdev->reassembly[index] = NULL;
2035 return -ENOMEM;
2036 }
2037 }
2038 break;
2039 }
2040
2041 if (scb->expect == 0) {
2042 /* Complete frame */
2043
2044 bt_cb(skb)->pkt_type = type;
2045 hci_recv_frame(skb);
2046
2047 hdev->reassembly[index] = NULL;
2048 return remain;
2049 }
2050 }
2051
2052 return remain;
2053}
2054
ef222013
MH		 2055int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
2056{
f39a3c06
SS		 2057 int rem = 0;
2058
ef222013
MH		 2059 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
2060 return -EILSEQ;
2061
da5f6c37 2062 while (count) {
1e429f38 2063 rem = hci_reassembly(hdev, type, data, count, type - 1);
f39a3c06
SS		 2064 if (rem < 0)
2065 return rem;
ef222013 2066
f39a3c06
SS		 2067 data += (count - rem);
2068 count = rem;
f81c6224 2069 }
ef222013 2070
f39a3c06 2071 return rem;
ef222013
MH		 2072}
2073EXPORT_SYMBOL(hci_recv_fragment);
2074
99811510
SS		 2075#define STREAM_REASSEMBLY 0
2076
2077int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
2078{
2079 int type;
2080 int rem = 0;
2081
da5f6c37 2082 while (count) {
99811510
SS		 2083 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2084
2085 if (!skb) {
2086 struct { char type; } *pkt;
2087
2088 /* Start of the frame */
2089 pkt = data;
2090 type = pkt->type;
2091
2092 data++;
2093 count--;
2094 } else
2095 type = bt_cb(skb)->pkt_type;
2096
1e429f38 2097 rem = hci_reassembly(hdev, type, data, count,
a8c5fb1a 2098 STREAM_REASSEMBLY);
99811510
SS		 2099 if (rem < 0)
2100 return rem;
2101
2102 data += (count - rem);
2103 count = rem;
f81c6224 2104 }
99811510
SS		 2105
2106 return rem;
2107}
2108EXPORT_SYMBOL(hci_recv_stream_fragment);
2109
1da177e4
LT		 2110/* ---- Interface to upper protocols ---- */
2111
1da177e4
LT		 2112int hci_register_cb(struct hci_cb *cb)
2113{
2114 BT_DBG("%p name %s", cb, cb->name);
2115
f20d09d5 2116 write_lock(&hci_cb_list_lock);
1da177e4 2117 list_add(&cb->list, &hci_cb_list);
f20d09d5 2118 write_unlock(&hci_cb_list_lock);
1da177e4
LT		 2119
2120 return 0;
2121}
2122EXPORT_SYMBOL(hci_register_cb);
2123
2124int hci_unregister_cb(struct hci_cb *cb)
2125{
2126 BT_DBG("%p name %s", cb, cb->name);
2127
f20d09d5 2128 write_lock(&hci_cb_list_lock);
1da177e4 2129 list_del(&cb->list);
f20d09d5 2130 write_unlock(&hci_cb_list_lock);
1da177e4
LT		 2131
2132 return 0;
2133}
2134EXPORT_SYMBOL(hci_unregister_cb);
2135
2136static int hci_send_frame(struct sk_buff *skb)
2137{
2138 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2139
2140 if (!hdev) {
2141 kfree_skb(skb);
2142 return -ENODEV;
2143 }
2144
0d48d939 2145 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1da177e4 2146
cd82e61c
MH		 2147 /* Time stamp */
2148 __net_timestamp(skb);
1da177e4 2149
cd82e61c
MH		 2150 /* Send copy to monitor */
2151 hci_send_to_monitor(hdev, skb);
2152
2153 if (atomic_read(&hdev->promisc)) {
2154 /* Send copy to the sockets */
470fe1b5 2155 hci_send_to_sock(hdev, skb);
1da177e4
LT		 2156 }
2157
2158 /* Get rid of skb owner, prior to sending to the driver. */
2159 skb_orphan(skb);
2160
2161 return hdev->send(skb);
2162}
2163
2164/* Send HCI command */
a9de9248 2165int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1da177e4
LT		 2166{
2167 int len = HCI_COMMAND_HDR_SIZE + plen;
2168 struct hci_command_hdr *hdr;
2169 struct sk_buff *skb;
2170
f0e09510 2171 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
1da177e4
LT		 2172
2173 skb = bt_skb_alloc(len, GFP_ATOMIC);
2174 if (!skb) {
ef222013 2175 BT_ERR("%s no memory for command", hdev->name);
1da177e4
LT		 2176 return -ENOMEM;
2177 }
2178
2179 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
a9de9248 2180 hdr->opcode = cpu_to_le16(opcode);
1da177e4
LT		 2181 hdr->plen = plen;
2182
2183 if (plen)
2184 memcpy(skb_put(skb, plen), param, plen);
2185
2186 BT_DBG("skb len %d", skb->len);
2187
0d48d939 2188 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1da177e4 2189 skb->dev = (void *) hdev;
c78ae283 2190
a5040efa
JH		 2191 if (test_bit(HCI_INIT, &hdev->flags))
2192 hdev->init_last_cmd = opcode;
2193
1da177e4 2194 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 2195 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 2196
2197 return 0;
2198}
1da177e4
LT		 2199
2200/* Get data from the previously sent command */
a9de9248 2201void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1da177e4
LT		 2202{
2203 struct hci_command_hdr *hdr;
2204
2205 if (!hdev->sent_cmd)
2206 return NULL;
2207
2208 hdr = (void *) hdev->sent_cmd->data;
2209
a9de9248 2210 if (hdr->opcode != cpu_to_le16(opcode))
1da177e4
LT		 2211 return NULL;
2212
f0e09510 2213 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
1da177e4
LT		 2214
2215 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2216}
2217
2218/* Send ACL data */
2219static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2220{
2221 struct hci_acl_hdr *hdr;
2222 int len = skb->len;
2223
badff6d0
ACM		 2224 skb_push(skb, HCI_ACL_HDR_SIZE);
2225 skb_reset_transport_header(skb);
9c70220b 2226 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
aca3192c
YH		 2227 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2228 hdr->dlen = cpu_to_le16(len);
1da177e4
LT		 2229}
2230
ee22be7e 2231static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
a8c5fb1a 2232 struct sk_buff *skb, __u16 flags)
1da177e4 2233{
ee22be7e 2234 struct hci_conn *conn = chan->conn;
1da177e4
LT		 2235 struct hci_dev *hdev = conn->hdev;
2236 struct sk_buff *list;
2237
087bfd99
GP		 2238 skb->len = skb_headlen(skb);
2239 skb->data_len = 0;
2240
2241 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
204a6e54
AE		 2242
2243 switch (hdev->dev_type) {
2244 case HCI_BREDR:
2245 hci_add_acl_hdr(skb, conn->handle, flags);
2246 break;
2247 case HCI_AMP:
2248 hci_add_acl_hdr(skb, chan->handle, flags);
2249 break;
2250 default:
2251 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2252 return;
2253 }
087bfd99 2254
70f23020
AE		 2255 list = skb_shinfo(skb)->frag_list;
2256 if (!list) {
1da177e4
LT		 2257 /* Non fragmented */
2258 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2259
73d80deb 2260 skb_queue_tail(queue, skb);
1da177e4
LT		 2261 } else {
2262 /* Fragmented */
2263 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2264
2265 skb_shinfo(skb)->frag_list = NULL;
2266
2267 /* Queue all fragments atomically */
af3e6359 2268 spin_lock(&queue->lock);
1da177e4 2269
73d80deb 2270 __skb_queue_tail(queue, skb);
e702112f
AE		 2271
2272 flags &= ~ACL_START;
2273 flags |= ACL_CONT;
1da177e4
LT		 2274 do {
2275 skb = list; list = list->next;
8e87d142 2276
1da177e4 2277 skb->dev = (void *) hdev;
0d48d939 2278 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
e702112f 2279 hci_add_acl_hdr(skb, conn->handle, flags);
1da177e4
LT		 2280
2281 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2282
73d80deb 2283 __skb_queue_tail(queue, skb);
1da177e4
LT		 2284 } while (list);
2285
af3e6359 2286 spin_unlock(&queue->lock);
1da177e4 2287 }
73d80deb
LAD		 2288}
2289
2290void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2291{
ee22be7e 2292 struct hci_dev *hdev = chan->conn->hdev;
73d80deb 2293
f0e09510 2294 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
73d80deb
LAD		 2295
2296 skb->dev = (void *) hdev;
73d80deb 2297
ee22be7e 2298 hci_queue_acl(chan, &chan->data_q, skb, flags);
1da177e4 2299
3eff45ea 2300 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 2301}
1da177e4
LT		 2302
2303/* Send SCO data */
0d861d8b 2304void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1da177e4
LT		 2305{
2306 struct hci_dev *hdev = conn->hdev;
2307 struct hci_sco_hdr hdr;
2308
2309 BT_DBG("%s len %d", hdev->name, skb->len);
2310
aca3192c 2311 hdr.handle = cpu_to_le16(conn->handle);
1da177e4
LT		 2312 hdr.dlen = skb->len;
2313
badff6d0
ACM		 2314 skb_push(skb, HCI_SCO_HDR_SIZE);
2315 skb_reset_transport_header(skb);
9c70220b 2316 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
1da177e4
LT		 2317
2318 skb->dev = (void *) hdev;
0d48d939 2319 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
c78ae283 2320
1da177e4 2321 skb_queue_tail(&conn->data_q, skb);
3eff45ea 2322 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 2323}
1da177e4
LT		 2324
2325/* ---- HCI TX task (outgoing data) ---- */
2326
2327/* HCI Connection scheduler */
6039aa73
GP		 2328static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
2329 int *quote)
1da177e4
LT		 2330{
2331 struct hci_conn_hash *h = &hdev->conn_hash;
8035ded4 2332 struct hci_conn *conn = NULL, *c;
abc5de8f 2333 unsigned int num = 0, min = ~0;
1da177e4 2334
8e87d142 2335 /* We don't have to lock device here. Connections are always
1da177e4 2336 * added and removed with TX task disabled. */
bf4c6325
GP		 2337
2338 rcu_read_lock();
2339
2340 list_for_each_entry_rcu(c, &h->list, list) {
769be974 2341 if (c->type != type || skb_queue_empty(&c->data_q))
1da177e4 2342 continue;
769be974
MH		 2343
2344 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2345 continue;
2346
1da177e4
LT		 2347 num++;
2348
2349 if (c->sent < min) {
2350 min = c->sent;
2351 conn = c;
2352 }
52087a79
LAD		 2353
2354 if (hci_conn_num(hdev, type) == num)
2355 break;
1da177e4
LT		 2356 }
2357
bf4c6325
GP		 2358 rcu_read_unlock();
2359
1da177e4 2360 if (conn) {
6ed58ec5
VT		 2361 int cnt, q;
2362
2363 switch (conn->type) {
2364 case ACL_LINK:
2365 cnt = hdev->acl_cnt;
2366 break;
2367 case SCO_LINK:
2368 case ESCO_LINK:
2369 cnt = hdev->sco_cnt;
2370 break;
2371 case LE_LINK:
2372 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2373 break;
2374 default:
2375 cnt = 0;
2376 BT_ERR("Unknown link type");
2377 }
2378
2379 q = cnt / num;
1da177e4
LT		 2380 *quote = q ? q : 1;
2381 } else
2382 *quote = 0;
2383
2384 BT_DBG("conn %p quote %d", conn, *quote);
2385 return conn;
2386}
2387
6039aa73 2388static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
1da177e4
LT		 2389{
2390 struct hci_conn_hash *h = &hdev->conn_hash;
8035ded4 2391 struct hci_conn *c;
1da177e4 2392
bae1f5d9 2393 BT_ERR("%s link tx timeout", hdev->name);
1da177e4 2394
bf4c6325
GP		 2395 rcu_read_lock();
2396
1da177e4 2397 /* Kill stalled connections */
bf4c6325 2398 list_for_each_entry_rcu(c, &h->list, list) {
bae1f5d9 2399 if (c->type == type && c->sent) {
6ed93dc6
AE		 2400 BT_ERR("%s killing stalled connection %pMR",
2401 hdev->name, &c->dst);
bed71748 2402 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
1da177e4
LT		 2403 }
2404 }
bf4c6325
GP		 2405
2406 rcu_read_unlock();
1da177e4
LT		 2407}
2408
6039aa73
GP		 2409static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2410 int *quote)
1da177e4 2411{
73d80deb
LAD		 2412 struct hci_conn_hash *h = &hdev->conn_hash;
2413 struct hci_chan *chan = NULL;
abc5de8f 2414 unsigned int num = 0, min = ~0, cur_prio = 0;
1da177e4 2415 struct hci_conn *conn;
73d80deb
LAD		 2416 int cnt, q, conn_num = 0;
2417
2418 BT_DBG("%s", hdev->name);
2419
bf4c6325
GP		 2420 rcu_read_lock();
2421
2422 list_for_each_entry_rcu(conn, &h->list, list) {
73d80deb
LAD		 2423 struct hci_chan *tmp;
2424
2425 if (conn->type != type)
2426 continue;
2427
2428 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2429 continue;
2430
2431 conn_num++;
2432
8192edef 2433 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
73d80deb
LAD		 2434 struct sk_buff *skb;
2435
2436 if (skb_queue_empty(&tmp->data_q))
2437 continue;
2438
2439 skb = skb_peek(&tmp->data_q);
2440 if (skb->priority < cur_prio)
2441 continue;
2442
2443 if (skb->priority > cur_prio) {
2444 num = 0;
2445 min = ~0;
2446 cur_prio = skb->priority;
2447 }
2448
2449 num++;
2450
2451 if (conn->sent < min) {
2452 min = conn->sent;
2453 chan = tmp;
2454 }
2455 }
2456
2457 if (hci_conn_num(hdev, type) == conn_num)
2458 break;
2459 }
2460
bf4c6325
GP		 2461 rcu_read_unlock();
2462
73d80deb
LAD		 2463 if (!chan)
2464 return NULL;
2465
2466 switch (chan->conn->type) {
2467 case ACL_LINK:
2468 cnt = hdev->acl_cnt;
2469 break;
bd1eb66b
AE		 2470 case AMP_LINK:
2471 cnt = hdev->block_cnt;
2472 break;
73d80deb
LAD		 2473 case SCO_LINK:
2474 case ESCO_LINK:
2475 cnt = hdev->sco_cnt;
2476 break;
2477 case LE_LINK:
2478 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2479 break;
2480 default:
2481 cnt = 0;
2482 BT_ERR("Unknown link type");
2483 }
2484
2485 q = cnt / num;
2486 *quote = q ? q : 1;
2487 BT_DBG("chan %p quote %d", chan, *quote);
2488 return chan;
2489}
2490
02b20f0b
LAD		 2491static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2492{
2493 struct hci_conn_hash *h = &hdev->conn_hash;
2494 struct hci_conn *conn;
2495 int num = 0;
2496
2497 BT_DBG("%s", hdev->name);
2498
bf4c6325
GP		 2499 rcu_read_lock();
2500
2501 list_for_each_entry_rcu(conn, &h->list, list) {
02b20f0b
LAD		 2502 struct hci_chan *chan;
2503
2504 if (conn->type != type)
2505 continue;
2506
2507 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2508 continue;
2509
2510 num++;
2511
8192edef 2512 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
02b20f0b
LAD		 2513 struct sk_buff *skb;
2514
2515 if (chan->sent) {
2516 chan->sent = 0;
2517 continue;
2518 }
2519
2520 if (skb_queue_empty(&chan->data_q))
2521 continue;
2522
2523 skb = skb_peek(&chan->data_q);
2524 if (skb->priority >= HCI_PRIO_MAX - 1)
2525 continue;
2526
2527 skb->priority = HCI_PRIO_MAX - 1;
2528
2529 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
a8c5fb1a 2530 skb->priority);
02b20f0b
LAD		 2531 }
2532
2533 if (hci_conn_num(hdev, type) == num)
2534 break;
2535 }
bf4c6325
GP		 2536
2537 rcu_read_unlock();
2538
02b20f0b
LAD		 2539}
2540
b71d385a
AE		 2541static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2542{
2543 /* Calculate count of blocks used by this packet */
2544 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2545}
2546
6039aa73 2547static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
73d80deb 2548{
1da177e4
LT		 2549 if (!test_bit(HCI_RAW, &hdev->flags)) {
2550 /* ACL tx timeout must be longer than maximum
2551 * link supervision timeout (40.9 seconds) */
63d2bc1b 2552 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
5f246e89 2553 HCI_ACL_TX_TIMEOUT))
bae1f5d9 2554 hci_link_tx_to(hdev, ACL_LINK);
1da177e4 2555 }
63d2bc1b 2556}
1da177e4 2557
6039aa73 2558static void hci_sched_acl_pkt(struct hci_dev *hdev)
63d2bc1b
AE		 2559{
2560 unsigned int cnt = hdev->acl_cnt;
2561 struct hci_chan *chan;
2562 struct sk_buff *skb;
2563 int quote;
2564
2565 __check_timeout(hdev, cnt);
04837f64 2566
73d80deb 2567 while (hdev->acl_cnt &&
a8c5fb1a 2568 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
ec1cce24
LAD		 2569 u32 priority = (skb_peek(&chan->data_q))->priority;
2570 while (quote-- && (skb = skb_peek(&chan->data_q))) {
73d80deb 2571 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
a8c5fb1a 2572 skb->len, skb->priority);
73d80deb 2573
ec1cce24
LAD		 2574 /* Stop if priority has changed */
2575 if (skb->priority < priority)
2576 break;
2577
2578 skb = skb_dequeue(&chan->data_q);
2579
73d80deb 2580 hci_conn_enter_active_mode(chan->conn,
04124681 2581 bt_cb(skb)->force_active);
04837f64 2582
1da177e4
LT		 2583 hci_send_frame(skb);
2584 hdev->acl_last_tx = jiffies;
2585
2586 hdev->acl_cnt--;
73d80deb
LAD		 2587 chan->sent++;
2588 chan->conn->sent++;
1da177e4
LT		 2589 }
2590 }
02b20f0b
LAD		 2591
2592 if (cnt != hdev->acl_cnt)
2593 hci_prio_recalculate(hdev, ACL_LINK);
1da177e4
LT		 2594}
2595
6039aa73 2596static void hci_sched_acl_blk(struct hci_dev *hdev)
b71d385a 2597{
63d2bc1b 2598 unsigned int cnt = hdev->block_cnt;
b71d385a
AE		 2599 struct hci_chan *chan;
2600 struct sk_buff *skb;
2601 int quote;
bd1eb66b 2602 u8 type;
b71d385a 2603
63d2bc1b 2604 __check_timeout(hdev, cnt);
b71d385a 2605
bd1eb66b
AE		 2606 BT_DBG("%s", hdev->name);
2607
2608 if (hdev->dev_type == HCI_AMP)
2609 type = AMP_LINK;
2610 else
2611 type = ACL_LINK;
2612
b71d385a 2613 while (hdev->block_cnt > 0 &&
bd1eb66b 2614 (chan = hci_chan_sent(hdev, type, &quote))) {
b71d385a
AE		 2615 u32 priority = (skb_peek(&chan->data_q))->priority;
2616 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2617 int blocks;
2618
2619 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
a8c5fb1a 2620 skb->len, skb->priority);
b71d385a
AE		 2621
2622 /* Stop if priority has changed */
2623 if (skb->priority < priority)
2624 break;
2625
2626 skb = skb_dequeue(&chan->data_q);
2627
2628 blocks = __get_blocks(hdev, skb);
2629 if (blocks > hdev->block_cnt)
2630 return;
2631
2632 hci_conn_enter_active_mode(chan->conn,
a8c5fb1a 2633 bt_cb(skb)->force_active);
b71d385a
AE		 2634
2635 hci_send_frame(skb);
2636 hdev->acl_last_tx = jiffies;
2637
2638 hdev->block_cnt -= blocks;
2639 quote -= blocks;
2640
2641 chan->sent += blocks;
2642 chan->conn->sent += blocks;
2643 }
2644 }
2645
2646 if (cnt != hdev->block_cnt)
bd1eb66b 2647 hci_prio_recalculate(hdev, type);
b71d385a
AE		 2648}
2649
6039aa73 2650static void hci_sched_acl(struct hci_dev *hdev)
b71d385a
AE		 2651{
2652 BT_DBG("%s", hdev->name);
2653
bd1eb66b
AE		 2654 /* No ACL link over BR/EDR controller */
2655 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
2656 return;
2657
2658 /* No AMP link over AMP controller */
2659 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
b71d385a
AE		 2660 return;
2661
2662 switch (hdev->flow_ctl_mode) {
2663 case HCI_FLOW_CTL_MODE_PACKET_BASED:
2664 hci_sched_acl_pkt(hdev);
2665 break;
2666
2667 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
2668 hci_sched_acl_blk(hdev);
2669 break;
2670 }
2671}
2672
1da177e4 2673/* Schedule SCO */
6039aa73 2674static void hci_sched_sco(struct hci_dev *hdev)
1da177e4
LT		 2675{
2676 struct hci_conn *conn;
2677 struct sk_buff *skb;
2678 int quote;
2679
2680 BT_DBG("%s", hdev->name);
2681
52087a79
LAD		 2682 if (!hci_conn_num(hdev, SCO_LINK))
2683 return;
2684
1da177e4
LT		 2685 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
2686 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2687 BT_DBG("skb %p len %d", skb, skb->len);
2688 hci_send_frame(skb);
2689
2690 conn->sent++;
2691 if (conn->sent == ~0)
2692 conn->sent = 0;
2693 }
2694 }
2695}
2696
6039aa73 2697static void hci_sched_esco(struct hci_dev *hdev)
b6a0dc82
MH		 2698{
2699 struct hci_conn *conn;
2700 struct sk_buff *skb;
2701 int quote;
2702
2703 BT_DBG("%s", hdev->name);
2704
52087a79
LAD		 2705 if (!hci_conn_num(hdev, ESCO_LINK))
2706 return;
2707
8fc9ced3
GP		 2708 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
2709 &quote))) {
b6a0dc82
MH		 2710 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2711 BT_DBG("skb %p len %d", skb, skb->len);
2712 hci_send_frame(skb);
2713
2714 conn->sent++;
2715 if (conn->sent == ~0)
2716 conn->sent = 0;
2717 }
2718 }
2719}
2720
6039aa73 2721static void hci_sched_le(struct hci_dev *hdev)
6ed58ec5 2722{
73d80deb 2723 struct hci_chan *chan;
6ed58ec5 2724 struct sk_buff *skb;
02b20f0b 2725 int quote, cnt, tmp;
6ed58ec5
VT		 2726
2727 BT_DBG("%s", hdev->name);
2728
52087a79
LAD		 2729 if (!hci_conn_num(hdev, LE_LINK))
2730 return;
2731
6ed58ec5
VT		 2732 if (!test_bit(HCI_RAW, &hdev->flags)) {
2733 /* LE tx timeout must be longer than maximum
2734 * link supervision timeout (40.9 seconds) */
bae1f5d9 2735 if (!hdev->le_cnt && hdev->le_pkts &&
a8c5fb1a 2736 time_after(jiffies, hdev->le_last_tx + HZ * 45))
bae1f5d9 2737 hci_link_tx_to(hdev, LE_LINK);
6ed58ec5
VT		 2738 }
2739
2740 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
02b20f0b 2741 tmp = cnt;
73d80deb 2742 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
ec1cce24
LAD		 2743 u32 priority = (skb_peek(&chan->data_q))->priority;
2744 while (quote-- && (skb = skb_peek(&chan->data_q))) {
73d80deb 2745 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
a8c5fb1a 2746 skb->len, skb->priority);
6ed58ec5 2747
ec1cce24
LAD		 2748 /* Stop if priority has changed */
2749 if (skb->priority < priority)
2750 break;
2751
2752 skb = skb_dequeue(&chan->data_q);
2753
6ed58ec5
VT		 2754 hci_send_frame(skb);
2755 hdev->le_last_tx = jiffies;
2756
2757 cnt--;
73d80deb
LAD		 2758 chan->sent++;
2759 chan->conn->sent++;
6ed58ec5
VT		 2760 }
2761 }
73d80deb 2762
6ed58ec5
VT		 2763 if (hdev->le_pkts)
2764 hdev->le_cnt = cnt;
2765 else
2766 hdev->acl_cnt = cnt;
02b20f0b
LAD		 2767
2768 if (cnt != tmp)
2769 hci_prio_recalculate(hdev, LE_LINK);
6ed58ec5
VT		 2770}
2771
3eff45ea 2772static void hci_tx_work(struct work_struct *work)
1da177e4 2773{
3eff45ea 2774 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
1da177e4
LT		 2775 struct sk_buff *skb;
2776
6ed58ec5 2777 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
a8c5fb1a 2778 hdev->sco_cnt, hdev->le_cnt);
1da177e4
LT		 2779
2780 /* Schedule queues and send stuff to HCI driver */
2781
2782 hci_sched_acl(hdev);
2783
2784 hci_sched_sco(hdev);
2785
b6a0dc82
MH		 2786 hci_sched_esco(hdev);
2787
6ed58ec5
VT		 2788 hci_sched_le(hdev);
2789
1da177e4
LT		 2790 /* Send next queued raw (unknown type) packet */
2791 while ((skb = skb_dequeue(&hdev->raw_q)))
2792 hci_send_frame(skb);
1da177e4
LT		 2793}
2794
25985edc 2795/* ----- HCI RX task (incoming data processing) ----- */
1da177e4
LT		 2796
2797/* ACL data packet */
6039aa73 2798static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 2799{
2800 struct hci_acl_hdr *hdr = (void *) skb->data;
2801 struct hci_conn *conn;
2802 __u16 handle, flags;
2803
2804 skb_pull(skb, HCI_ACL_HDR_SIZE);
2805
2806 handle = __le16_to_cpu(hdr->handle);
2807 flags = hci_flags(handle);
2808 handle = hci_handle(handle);
2809
f0e09510 2810 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
a8c5fb1a 2811 handle, flags);
1da177e4
LT		 2812
2813 hdev->stat.acl_rx++;
2814
2815 hci_dev_lock(hdev);
2816 conn = hci_conn_hash_lookup_handle(hdev, handle);
2817 hci_dev_unlock(hdev);
8e87d142 2818
1da177e4 2819 if (conn) {
65983fc7 2820 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
04837f64 2821
1da177e4 2822 /* Send to upper protocol */
686ebf28
UF		 2823 l2cap_recv_acldata(conn, skb, flags);
2824 return;
1da177e4 2825 } else {
8e87d142 2826 BT_ERR("%s ACL packet for unknown connection handle %d",
a8c5fb1a 2827 hdev->name, handle);
1da177e4
LT		 2828 }
2829
2830 kfree_skb(skb);
2831}
2832
2833/* SCO data packet */
6039aa73 2834static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 2835{
2836 struct hci_sco_hdr *hdr = (void *) skb->data;
2837 struct hci_conn *conn;
2838 __u16 handle;
2839
2840 skb_pull(skb, HCI_SCO_HDR_SIZE);
2841
2842 handle = __le16_to_cpu(hdr->handle);
2843
f0e09510 2844 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
1da177e4
LT		 2845
2846 hdev->stat.sco_rx++;
2847
2848 hci_dev_lock(hdev);
2849 conn = hci_conn_hash_lookup_handle(hdev, handle);
2850 hci_dev_unlock(hdev);
2851
2852 if (conn) {
1da177e4 2853 /* Send to upper protocol */
686ebf28
UF		 2854 sco_recv_scodata(conn, skb);
2855 return;
1da177e4 2856 } else {
8e87d142 2857 BT_ERR("%s SCO packet for unknown connection handle %d",
a8c5fb1a 2858 hdev->name, handle);
1da177e4
LT		 2859 }
2860
2861 kfree_skb(skb);
2862}
2863
b78752cc 2864static void hci_rx_work(struct work_struct *work)
1da177e4 2865{
b78752cc 2866 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
1da177e4
LT		 2867 struct sk_buff *skb;
2868
2869 BT_DBG("%s", hdev->name);
2870
1da177e4 2871 while ((skb = skb_dequeue(&hdev->rx_q))) {
cd82e61c
MH		 2872 /* Send copy to monitor */
2873 hci_send_to_monitor(hdev, skb);
2874
1da177e4
LT		 2875 if (atomic_read(&hdev->promisc)) {
2876 /* Send copy to the sockets */
470fe1b5 2877 hci_send_to_sock(hdev, skb);
1da177e4
LT		 2878 }
2879
2880 if (test_bit(HCI_RAW, &hdev->flags)) {
2881 kfree_skb(skb);
2882 continue;
2883 }
2884
2885 if (test_bit(HCI_INIT, &hdev->flags)) {
2886 /* Don't process data packets in this states. */
0d48d939 2887 switch (bt_cb(skb)->pkt_type) {
1da177e4
LT		 2888 case HCI_ACLDATA_PKT:
2889 case HCI_SCODATA_PKT:
2890 kfree_skb(skb);
2891 continue;
3ff50b79 2892 }
1da177e4
LT		 2893 }
2894
2895 /* Process frame */
0d48d939 2896 switch (bt_cb(skb)->pkt_type) {
1da177e4 2897 case HCI_EVENT_PKT:
b78752cc 2898 BT_DBG("%s Event packet", hdev->name);
1da177e4
LT		 2899 hci_event_packet(hdev, skb);
2900 break;
2901
2902 case HCI_ACLDATA_PKT:
2903 BT_DBG("%s ACL data packet", hdev->name);
2904 hci_acldata_packet(hdev, skb);
2905 break;
2906
2907 case HCI_SCODATA_PKT:
2908 BT_DBG("%s SCO data packet", hdev->name);
2909 hci_scodata_packet(hdev, skb);
2910 break;
2911
2912 default:
2913 kfree_skb(skb);
2914 break;
2915 }
2916 }
1da177e4
LT		 2917}
2918
c347b765 2919static void hci_cmd_work(struct work_struct *work)
1da177e4 2920{
c347b765 2921 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
1da177e4
LT		 2922 struct sk_buff *skb;
2923
2104786b
AE		 2924 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
2925 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
1da177e4 2926
1da177e4 2927 /* Send queued commands */
5a08ecce
AE		 2928 if (atomic_read(&hdev->cmd_cnt)) {
2929 skb = skb_dequeue(&hdev->cmd_q);
2930 if (!skb)
2931 return;
2932
7585b97a 2933 kfree_skb(hdev->sent_cmd);
1da177e4 2934
70f23020
AE		 2935 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2936 if (hdev->sent_cmd) {
1da177e4
LT		 2937 atomic_dec(&hdev->cmd_cnt);
2938 hci_send_frame(skb);
7bdb8a5c
SJ		 2939 if (test_bit(HCI_RESET, &hdev->flags))
2940 del_timer(&hdev->cmd_timer);
2941 else
2942 mod_timer(&hdev->cmd_timer,
5f246e89 2943 jiffies + HCI_CMD_TIMEOUT);
1da177e4
LT		 2944 } else {
2945 skb_queue_head(&hdev->cmd_q, skb);
c347b765 2946 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 2947 }
2948 }
2949}
2519a1fc
AG		 2950
2951int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2952{
2953 /* General inquiry access code (GIAC) */
2954 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2955 struct hci_cp_inquiry cp;
2956
2957 BT_DBG("%s", hdev->name);
2958
2959 if (test_bit(HCI_INQUIRY, &hdev->flags))
2960 return -EINPROGRESS;
2961
4663262c
JH		 2962 inquiry_cache_flush(hdev);
2963
2519a1fc
AG		 2964 memset(&cp, 0, sizeof(cp));
2965 memcpy(&cp.lap, lap, sizeof(cp.lap));
2966 cp.length = length;
2967
2968 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2969}
023d5049
AG		 2970
2971int hci_cancel_inquiry(struct hci_dev *hdev)
2972{
2973 BT_DBG("%s", hdev->name);
2974
2975 if (!test_bit(HCI_INQUIRY, &hdev->flags))
7537e5c3 2976 return -EALREADY;
023d5049
AG		 2977
2978 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2979}
31f7956c
AG		 2980
2981u8 bdaddr_to_le(u8 bdaddr_type)
2982{
2983 switch (bdaddr_type) {
2984 case BDADDR_LE_PUBLIC:
2985 return ADDR_LE_DEV_PUBLIC;
2986
2987 default:
2988 /* Fallback to LE Random address type */
2989 return ADDR_LE_DEV_RANDOM;
2990 }
2991}
kernel source for telekom puls (alcatel/mediatek)