projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: dtl1: Fix memleak in probe()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
590051de 4 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI core. */
27
82453021 28#include <linux/jiffies.h>
1da177e4
LT		 29#include <linux/module.h>
30#include <linux/kmod.h>
31
32#include <linux/types.h>
33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/skbuff.h>
f48fd9c8 41#include <linux/workqueue.h>
1da177e4
LT		 42#include <linux/interrupt.h>
43#include <linux/notifier.h>
611b30f7 44#include <linux/rfkill.h>
6bd32326 45#include <linux/timer.h>
3a0259bb 46#include <linux/crypto.h>
1da177e4
LT		 47#include <net/sock.h>
48
49#include <asm/system.h>
70f23020 50#include <linux/uaccess.h>
1da177e4
LT		 51#include <asm/unaligned.h>
52
53#include <net/bluetooth/bluetooth.h>
54#include <net/bluetooth/hci_core.h>
55
ab81cbf9
JH		 56#define AUTO_OFF_TIMEOUT 2000
57
7784d78f
AE		 58int enable_hs;
59
b78752cc 60static void hci_rx_work(struct work_struct *work);
c347b765 61static void hci_cmd_work(struct work_struct *work);
3eff45ea 62static void hci_tx_work(struct work_struct *work);
1da177e4 63
1da177e4
LT		 64/* HCI device list */
65LIST_HEAD(hci_dev_list);
66DEFINE_RWLOCK(hci_dev_list_lock);
67
68/* HCI callback list */
69LIST_HEAD(hci_cb_list);
70DEFINE_RWLOCK(hci_cb_list_lock);
71
1da177e4 72/* HCI notifiers list */
e041c683 73static ATOMIC_NOTIFIER_HEAD(hci_notifier);
1da177e4
LT		 74
75/* ---- HCI notifications ---- */
76
77int hci_register_notifier(struct notifier_block *nb)
78{
e041c683 79 return atomic_notifier_chain_register(&hci_notifier, nb);
1da177e4
LT		 80}
81
82int hci_unregister_notifier(struct notifier_block *nb)
83{
e041c683 84 return atomic_notifier_chain_unregister(&hci_notifier, nb);
1da177e4
LT		 85}
86
6516455d 87static void hci_notify(struct hci_dev *hdev, int event)
1da177e4 88{
e041c683 89 atomic_notifier_call_chain(&hci_notifier, event, hdev);
1da177e4
LT		 90}
91
92/* ---- HCI requests ---- */
93
23bb5763 94void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
1da177e4 95{
23bb5763
JH		 96 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
97
a5040efa
JH		 98 /* If this is the init phase check if the completed command matches
99 * the last init command, and if not just return.
100 */
101 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
23bb5763 102 return;
1da177e4
LT		 103
104 if (hdev->req_status == HCI_REQ_PEND) {
105 hdev->req_result = result;
106 hdev->req_status = HCI_REQ_DONE;
107 wake_up_interruptible(&hdev->req_wait_q);
108 }
109}
110
111static void hci_req_cancel(struct hci_dev *hdev, int err)
112{
113 BT_DBG("%s err 0x%2.2x", hdev->name, err);
114
115 if (hdev->req_status == HCI_REQ_PEND) {
116 hdev->req_result = err;
117 hdev->req_status = HCI_REQ_CANCELED;
118 wake_up_interruptible(&hdev->req_wait_q);
119 }
120}
121
122/* Execute request and wait for completion. */
8e87d142 123static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
01df8c31 124 unsigned long opt, __u32 timeout)
1da177e4
LT		 125{
126 DECLARE_WAITQUEUE(wait, current);
127 int err = 0;
128
129 BT_DBG("%s start", hdev->name);
130
131 hdev->req_status = HCI_REQ_PEND;
132
133 add_wait_queue(&hdev->req_wait_q, &wait);
134 set_current_state(TASK_INTERRUPTIBLE);
135
136 req(hdev, opt);
137 schedule_timeout(timeout);
138
139 remove_wait_queue(&hdev->req_wait_q, &wait);
140
141 if (signal_pending(current))
142 return -EINTR;
143
144 switch (hdev->req_status) {
145 case HCI_REQ_DONE:
e175072f 146 err = -bt_to_errno(hdev->req_result);
1da177e4
LT		 147 break;
148
149 case HCI_REQ_CANCELED:
150 err = -hdev->req_result;
151 break;
152
153 default:
154 err = -ETIMEDOUT;
155 break;
3ff50b79 156 }
1da177e4 157
a5040efa 158 hdev->req_status = hdev->req_result = 0;
1da177e4
LT		 159
160 BT_DBG("%s end: err %d", hdev->name, err);
161
162 return err;
163}
164
165static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
01df8c31 166 unsigned long opt, __u32 timeout)
1da177e4
LT		 167{
168 int ret;
169
7c6a329e
MH		 170 if (!test_bit(HCI_UP, &hdev->flags))
171 return -ENETDOWN;
172
1da177e4
LT		 173 /* Serialize all requests */
174 hci_req_lock(hdev);
175 ret = __hci_request(hdev, req, opt, timeout);
176 hci_req_unlock(hdev);
177
178 return ret;
179}
180
181static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
182{
183 BT_DBG("%s %ld", hdev->name, opt);
184
185 /* Reset device */
f630cf0d 186 set_bit(HCI_RESET, &hdev->flags);
a9de9248 187 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
1da177e4
LT		 188}
189
e61ef499 190static void bredr_init(struct hci_dev *hdev)
1da177e4 191{
b0916ea0 192 struct hci_cp_delete_stored_link_key cp;
1ebb9252 193 __le16 param;
89f2783d 194 __u8 flt_type;
1da177e4 195
2455a3ea
AE		 196 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
197
1da177e4
LT		 198 /* Mandatory initialization */
199
200 /* Reset */
f630cf0d 201 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
e61ef499
AE		 202 set_bit(HCI_RESET, &hdev->flags);
203 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
f630cf0d 204 }
1da177e4
LT		 205
206 /* Read Local Supported Features */
a9de9248 207 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1da177e4 208
1143e5a6 209 /* Read Local Version */
a9de9248 210 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1143e5a6 211
1da177e4 212 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
a9de9248 213 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
1da177e4 214
1da177e4 215 /* Read BD Address */
a9de9248
MH		 216 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
217
218 /* Read Class of Device */
219 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
220
221 /* Read Local Name */
222 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
1da177e4
LT		 223
224 /* Read Voice Setting */
a9de9248 225 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
1da177e4
LT		 226
227 /* Optional initialization */
228
229 /* Clear Event Filters */
89f2783d 230 flt_type = HCI_FLT_CLEAR_ALL;
a9de9248 231 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
1da177e4 232
1da177e4 233 /* Connection accept timeout ~20 secs */
aca3192c 234 param = cpu_to_le16(0x7d00);
a9de9248 235 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
b0916ea0
JH		 236
237 bacpy(&cp.bdaddr, BDADDR_ANY);
238 cp.delete_all = 1;
239 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
1da177e4
LT		 240}
241
e61ef499
AE		 242static void amp_init(struct hci_dev *hdev)
243{
2455a3ea
AE		 244 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
245
e61ef499
AE		 246 /* Reset */
247 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
248
249 /* Read Local Version */
250 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
251}
252
253static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
254{
255 struct sk_buff *skb;
256
257 BT_DBG("%s %ld", hdev->name, opt);
258
259 /* Driver initialization */
260
261 /* Special commands */
262 while ((skb = skb_dequeue(&hdev->driver_init))) {
263 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
264 skb->dev = (void *) hdev;
265
266 skb_queue_tail(&hdev->cmd_q, skb);
267 queue_work(hdev->workqueue, &hdev->cmd_work);
268 }
269 skb_queue_purge(&hdev->driver_init);
270
271 switch (hdev->dev_type) {
272 case HCI_BREDR:
273 bredr_init(hdev);
274 break;
275
276 case HCI_AMP:
277 amp_init(hdev);
278 break;
279
280 default:
281 BT_ERR("Unknown device type %d", hdev->dev_type);
282 break;
283 }
284
285}
286
6ed58ec5
VT		 287static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
288{
289 BT_DBG("%s", hdev->name);
290
291 /* Read LE buffer size */
292 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
293}
294
1da177e4
LT		 295static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
296{
297 __u8 scan = opt;
298
299 BT_DBG("%s %x", hdev->name, scan);
300
301 /* Inquiry and Page scans */
a9de9248 302 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1da177e4
LT		 303}
304
305static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
306{
307 __u8 auth = opt;
308
309 BT_DBG("%s %x", hdev->name, auth);
310
311 /* Authentication */
a9de9248 312 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1da177e4
LT		 313}
314
315static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
316{
317 __u8 encrypt = opt;
318
319 BT_DBG("%s %x", hdev->name, encrypt);
320
e4e8e37c 321 /* Encryption */
a9de9248 322 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1da177e4
LT		 323}
324
e4e8e37c
MH		 325static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
326{
327 __le16 policy = cpu_to_le16(opt);
328
a418b893 329 BT_DBG("%s %x", hdev->name, policy);
e4e8e37c
MH		 330
331 /* Default link policy */
332 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
333}
334
8e87d142 335/* Get HCI device by index.
1da177e4
LT		 336 * Device is held on return. */
337struct hci_dev *hci_dev_get(int index)
338{
8035ded4 339 struct hci_dev *hdev = NULL, *d;
1da177e4
LT		 340
341 BT_DBG("%d", index);
342
343 if (index < 0)
344 return NULL;
345
346 read_lock(&hci_dev_list_lock);
8035ded4 347 list_for_each_entry(d, &hci_dev_list, list) {
1da177e4
LT		 348 if (d->id == index) {
349 hdev = hci_dev_hold(d);
350 break;
351 }
352 }
353 read_unlock(&hci_dev_list_lock);
354 return hdev;
355}
1da177e4
LT		 356
357/* ---- Inquiry support ---- */
ff9ef578 358
30dc78e1
JH		 359bool hci_discovery_active(struct hci_dev *hdev)
360{
361 struct discovery_state *discov = &hdev->discovery;
362
363 if (discov->state == DISCOVERY_INQUIRY ||
364 discov->state == DISCOVERY_RESOLVING)
365 return true;
366
367 return false;
368}
369
ff9ef578
JH		 370void hci_discovery_set_state(struct hci_dev *hdev, int state)
371{
372 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
373
374 if (hdev->discovery.state == state)
375 return;
376
377 switch (state) {
378 case DISCOVERY_STOPPED:
379 mgmt_discovering(hdev, 0);
380 break;
381 case DISCOVERY_STARTING:
382 break;
30dc78e1 383 case DISCOVERY_INQUIRY:
ff9ef578
JH		 384 mgmt_discovering(hdev, 1);
385 break;
30dc78e1
JH		 386 case DISCOVERY_RESOLVING:
387 break;
ff9ef578
JH		 388 case DISCOVERY_STOPPING:
389 break;
390 }
391
392 hdev->discovery.state = state;
393}
394
1da177e4
LT		 395static void inquiry_cache_flush(struct hci_dev *hdev)
396{
30883512 397 struct discovery_state *cache = &hdev->discovery;
b57c1a56 398 struct inquiry_entry *p, *n;
1da177e4 399
561aafbc
JH		 400 list_for_each_entry_safe(p, n, &cache->all, all) {
401 list_del(&p->all);
b57c1a56 402 kfree(p);
1da177e4 403 }
561aafbc
JH		 404
405 INIT_LIST_HEAD(&cache->unknown);
406 INIT_LIST_HEAD(&cache->resolve);
ff9ef578 407 cache->state = DISCOVERY_STOPPED;
1da177e4
LT		 408}
409
410struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
411{
30883512 412 struct discovery_state *cache = &hdev->discovery;
1da177e4
LT		 413 struct inquiry_entry *e;
414
415 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
416
561aafbc
JH		 417 list_for_each_entry(e, &cache->all, all) {
418 if (!bacmp(&e->data.bdaddr, bdaddr))
419 return e;
420 }
421
422 return NULL;
423}
424
425struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
426 bdaddr_t *bdaddr)
427{
30883512 428 struct discovery_state *cache = &hdev->discovery;
561aafbc
JH		 429 struct inquiry_entry *e;
430
431 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
432
433 list_for_each_entry(e, &cache->unknown, list) {
1da177e4 434 if (!bacmp(&e->data.bdaddr, bdaddr))
b57c1a56
JH		 435 return e;
436 }
437
438 return NULL;
1da177e4
LT		 439}
440
30dc78e1
JH		 441struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
442 bdaddr_t *bdaddr,
443 int state)
444{
445 struct discovery_state *cache = &hdev->discovery;
446 struct inquiry_entry *e;
447
448 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
449
450 list_for_each_entry(e, &cache->resolve, list) {
451 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
452 return e;
453 if (!bacmp(&e->data.bdaddr, bdaddr))
454 return e;
455 }
456
457 return NULL;
458}
459
3175405b 460bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
561aafbc 461 bool name_known)
1da177e4 462{
30883512 463 struct discovery_state *cache = &hdev->discovery;
70f23020 464 struct inquiry_entry *ie;
1da177e4
LT		 465
466 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
467
70f23020 468 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
561aafbc
JH		 469 if (ie)
470 goto update;
471
472 /* Entry not in the cache. Add new one. */
473 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
474 if (!ie)
3175405b 475 return false;
561aafbc
JH		 476
477 list_add(&ie->all, &cache->all);
478
479 if (name_known) {
480 ie->name_state = NAME_KNOWN;
481 } else {
482 ie->name_state = NAME_NOT_KNOWN;
483 list_add(&ie->list, &cache->unknown);
484 }
70f23020 485
561aafbc
JH		 486update:
487 if (name_known && ie->name_state != NAME_KNOWN &&
488 ie->name_state != NAME_PENDING) {
489 ie->name_state = NAME_KNOWN;
490 list_del(&ie->list);
1da177e4
LT		 491 }
492
70f23020
AE		 493 memcpy(&ie->data, data, sizeof(*data));
494 ie->timestamp = jiffies;
1da177e4 495 cache->timestamp = jiffies;
3175405b
JH		 496
497 if (ie->name_state == NAME_NOT_KNOWN)
498 return false;
499
500 return true;
1da177e4
LT		 501}
502
503static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
504{
30883512 505 struct discovery_state *cache = &hdev->discovery;
1da177e4
LT		 506 struct inquiry_info *info = (struct inquiry_info *) buf;
507 struct inquiry_entry *e;
508 int copied = 0;
509
561aafbc 510 list_for_each_entry(e, &cache->all, all) {
1da177e4 511 struct inquiry_data *data = &e->data;
b57c1a56
JH		 512
513 if (copied >= num)
514 break;
515
1da177e4
LT		 516 bacpy(&info->bdaddr, &data->bdaddr);
517 info->pscan_rep_mode = data->pscan_rep_mode;
518 info->pscan_period_mode = data->pscan_period_mode;
519 info->pscan_mode = data->pscan_mode;
520 memcpy(info->dev_class, data->dev_class, 3);
521 info->clock_offset = data->clock_offset;
b57c1a56 522
1da177e4 523 info++;
b57c1a56 524 copied++;
1da177e4
LT		 525 }
526
527 BT_DBG("cache %p, copied %d", cache, copied);
528 return copied;
529}
530
531static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
532{
533 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
534 struct hci_cp_inquiry cp;
535
536 BT_DBG("%s", hdev->name);
537
538 if (test_bit(HCI_INQUIRY, &hdev->flags))
539 return;
540
541 /* Start Inquiry */
542 memcpy(&cp.lap, &ir->lap, 3);
543 cp.length = ir->length;
544 cp.num_rsp = ir->num_rsp;
a9de9248 545 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1da177e4
LT		 546}
547
548int hci_inquiry(void __user *arg)
549{
550 __u8 __user *ptr = arg;
551 struct hci_inquiry_req ir;
552 struct hci_dev *hdev;
553 int err = 0, do_inquiry = 0, max_rsp;
554 long timeo;
555 __u8 *buf;
556
557 if (copy_from_user(&ir, ptr, sizeof(ir)))
558 return -EFAULT;
559
5a08ecce
AE		 560 hdev = hci_dev_get(ir.dev_id);
561 if (!hdev)
1da177e4
LT		 562 return -ENODEV;
563
09fd0de5 564 hci_dev_lock(hdev);
8e87d142 565 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
70f23020
AE		 566 inquiry_cache_empty(hdev) ||
567 ir.flags & IREQ_CACHE_FLUSH) {
1da177e4
LT		 568 inquiry_cache_flush(hdev);
569 do_inquiry = 1;
570 }
09fd0de5 571 hci_dev_unlock(hdev);
1da177e4 572
04837f64 573 timeo = ir.length * msecs_to_jiffies(2000);
70f23020
AE		 574
575 if (do_inquiry) {
576 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
577 if (err < 0)
578 goto done;
579 }
1da177e4
LT		 580
581 /* for unlimited number of responses we will use buffer with 255 entries */
582 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
583
584 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
585 * copy it to the user space.
586 */
01df8c31 587 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
70f23020 588 if (!buf) {
1da177e4
LT		 589 err = -ENOMEM;
590 goto done;
591 }
592
09fd0de5 593 hci_dev_lock(hdev);
1da177e4 594 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
09fd0de5 595 hci_dev_unlock(hdev);
1da177e4
LT		 596
597 BT_DBG("num_rsp %d", ir.num_rsp);
598
599 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
600 ptr += sizeof(ir);
601 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
602 ir.num_rsp))
603 err = -EFAULT;
8e87d142 604 } else
1da177e4
LT		 605 err = -EFAULT;
606
607 kfree(buf);
608
609done:
610 hci_dev_put(hdev);
611 return err;
612}
613
614/* ---- HCI ioctl helpers ---- */
615
616int hci_dev_open(__u16 dev)
617{
618 struct hci_dev *hdev;
619 int ret = 0;
620
5a08ecce
AE		 621 hdev = hci_dev_get(dev);
622 if (!hdev)
1da177e4
LT		 623 return -ENODEV;
624
625 BT_DBG("%s %p", hdev->name, hdev);
626
627 hci_req_lock(hdev);
628
611b30f7
MH		 629 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
630 ret = -ERFKILL;
631 goto done;
632 }
633
1da177e4
LT		 634 if (test_bit(HCI_UP, &hdev->flags)) {
635 ret = -EALREADY;
636 goto done;
637 }
638
639 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
640 set_bit(HCI_RAW, &hdev->flags);
641
07e3b94a
AE		 642 /* Treat all non BR/EDR controllers as raw devices if
643 enable_hs is not set */
644 if (hdev->dev_type != HCI_BREDR && !enable_hs)
943da25d
MH		 645 set_bit(HCI_RAW, &hdev->flags);
646
1da177e4
LT		 647 if (hdev->open(hdev)) {
648 ret = -EIO;
649 goto done;
650 }
651
652 if (!test_bit(HCI_RAW, &hdev->flags)) {
653 atomic_set(&hdev->cmd_cnt, 1);
654 set_bit(HCI_INIT, &hdev->flags);
a5040efa 655 hdev->init_last_cmd = 0;
1da177e4 656
04837f64
MH		 657 ret = __hci_request(hdev, hci_init_req, 0,
658 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4 659
eead27da 660 if (lmp_host_le_capable(hdev))
6ed58ec5
VT		 661 ret = __hci_request(hdev, hci_le_init_req, 0,
662 msecs_to_jiffies(HCI_INIT_TIMEOUT));
663
1da177e4
LT		 664 clear_bit(HCI_INIT, &hdev->flags);
665 }
666
667 if (!ret) {
668 hci_dev_hold(hdev);
669 set_bit(HCI_UP, &hdev->flags);
670 hci_notify(hdev, HCI_DEV_UP);
56e5cb86 671 if (!test_bit(HCI_SETUP, &hdev->flags)) {
09fd0de5 672 hci_dev_lock(hdev);
744cf19e 673 mgmt_powered(hdev, 1);
09fd0de5 674 hci_dev_unlock(hdev);
56e5cb86 675 }
8e87d142 676 } else {
1da177e4 677 /* Init failed, cleanup */
3eff45ea 678 flush_work(&hdev->tx_work);
c347b765 679 flush_work(&hdev->cmd_work);
b78752cc 680 flush_work(&hdev->rx_work);
1da177e4
LT		 681
682 skb_queue_purge(&hdev->cmd_q);
683 skb_queue_purge(&hdev->rx_q);
684
685 if (hdev->flush)
686 hdev->flush(hdev);
687
688 if (hdev->sent_cmd) {
689 kfree_skb(hdev->sent_cmd);
690 hdev->sent_cmd = NULL;
691 }
692
693 hdev->close(hdev);
694 hdev->flags = 0;
695 }
696
697done:
698 hci_req_unlock(hdev);
699 hci_dev_put(hdev);
700 return ret;
701}
702
703static int hci_dev_do_close(struct hci_dev *hdev)
704{
705 BT_DBG("%s %p", hdev->name, hdev);
706
707 hci_req_cancel(hdev, ENODEV);
708 hci_req_lock(hdev);
709
710 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
b79f44c1 711 del_timer_sync(&hdev->cmd_timer);
1da177e4
LT		 712 hci_req_unlock(hdev);
713 return 0;
714 }
715
3eff45ea
GP		 716 /* Flush RX and TX works */
717 flush_work(&hdev->tx_work);
b78752cc 718 flush_work(&hdev->rx_work);
1da177e4 719
16ab91ab 720 if (hdev->discov_timeout > 0) {
e0f9309f 721 cancel_delayed_work(&hdev->discov_off);
16ab91ab
JH		 722 hdev->discov_timeout = 0;
723 }
724
3243553f 725 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
e0f9309f 726 cancel_delayed_work(&hdev->power_off);
3243553f 727
7d78525d
JH		 728 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags))
729 cancel_delayed_work(&hdev->service_cache);
730
09fd0de5 731 hci_dev_lock(hdev);
1da177e4
LT		 732 inquiry_cache_flush(hdev);
733 hci_conn_hash_flush(hdev);
09fd0de5 734 hci_dev_unlock(hdev);
1da177e4
LT		 735
736 hci_notify(hdev, HCI_DEV_DOWN);
737
738 if (hdev->flush)
739 hdev->flush(hdev);
740
741 /* Reset device */
742 skb_queue_purge(&hdev->cmd_q);
743 atomic_set(&hdev->cmd_cnt, 1);
744 if (!test_bit(HCI_RAW, &hdev->flags)) {
745 set_bit(HCI_INIT, &hdev->flags);
04837f64 746 __hci_request(hdev, hci_reset_req, 0,
cad44c2b 747 msecs_to_jiffies(250));
1da177e4
LT		 748 clear_bit(HCI_INIT, &hdev->flags);
749 }
750
c347b765
GP		 751 /* flush cmd work */
752 flush_work(&hdev->cmd_work);
1da177e4
LT		 753
754 /* Drop queues */
755 skb_queue_purge(&hdev->rx_q);
756 skb_queue_purge(&hdev->cmd_q);
757 skb_queue_purge(&hdev->raw_q);
758
759 /* Drop last sent command */
760 if (hdev->sent_cmd) {
b79f44c1 761 del_timer_sync(&hdev->cmd_timer);
1da177e4
LT		 762 kfree_skb(hdev->sent_cmd);
763 hdev->sent_cmd = NULL;
764 }
765
766 /* After this point our queues are empty
767 * and no tasks are scheduled. */
768 hdev->close(hdev);
769
09fd0de5 770 hci_dev_lock(hdev);
744cf19e 771 mgmt_powered(hdev, 0);
09fd0de5 772 hci_dev_unlock(hdev);
5add6af8 773
1da177e4
LT		 774 /* Clear flags */
775 hdev->flags = 0;
776
777 hci_req_unlock(hdev);
778
779 hci_dev_put(hdev);
780 return 0;
781}
782
783int hci_dev_close(__u16 dev)
784{
785 struct hci_dev *hdev;
786 int err;
787
70f23020
AE		 788 hdev = hci_dev_get(dev);
789 if (!hdev)
1da177e4
LT		 790 return -ENODEV;
791 err = hci_dev_do_close(hdev);
792 hci_dev_put(hdev);
793 return err;
794}
795
796int hci_dev_reset(__u16 dev)
797{
798 struct hci_dev *hdev;
799 int ret = 0;
800
70f23020
AE		 801 hdev = hci_dev_get(dev);
802 if (!hdev)
1da177e4
LT		 803 return -ENODEV;
804
805 hci_req_lock(hdev);
1da177e4
LT		 806
807 if (!test_bit(HCI_UP, &hdev->flags))
808 goto done;
809
810 /* Drop queues */
811 skb_queue_purge(&hdev->rx_q);
812 skb_queue_purge(&hdev->cmd_q);
813
09fd0de5 814 hci_dev_lock(hdev);
1da177e4
LT		 815 inquiry_cache_flush(hdev);
816 hci_conn_hash_flush(hdev);
09fd0de5 817 hci_dev_unlock(hdev);
1da177e4
LT		 818
819 if (hdev->flush)
820 hdev->flush(hdev);
821
8e87d142 822 atomic_set(&hdev->cmd_cnt, 1);
6ed58ec5 823 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1da177e4
LT		 824
825 if (!test_bit(HCI_RAW, &hdev->flags))
04837f64
MH		 826 ret = __hci_request(hdev, hci_reset_req, 0,
827 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 828
829done:
1da177e4
LT		 830 hci_req_unlock(hdev);
831 hci_dev_put(hdev);
832 return ret;
833}
834
835int hci_dev_reset_stat(__u16 dev)
836{
837 struct hci_dev *hdev;
838 int ret = 0;
839
70f23020
AE		 840 hdev = hci_dev_get(dev);
841 if (!hdev)
1da177e4
LT		 842 return -ENODEV;
843
844 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
845
846 hci_dev_put(hdev);
847
848 return ret;
849}
850
851int hci_dev_cmd(unsigned int cmd, void __user *arg)
852{
853 struct hci_dev *hdev;
854 struct hci_dev_req dr;
855 int err = 0;
856
857 if (copy_from_user(&dr, arg, sizeof(dr)))
858 return -EFAULT;
859
70f23020
AE		 860 hdev = hci_dev_get(dr.dev_id);
861 if (!hdev)
1da177e4
LT		 862 return -ENODEV;
863
864 switch (cmd) {
865 case HCISETAUTH:
04837f64
MH		 866 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
867 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 868 break;
869
870 case HCISETENCRYPT:
871 if (!lmp_encrypt_capable(hdev)) {
872 err = -EOPNOTSUPP;
873 break;
874 }
875
876 if (!test_bit(HCI_AUTH, &hdev->flags)) {
877 /* Auth must be enabled first */
04837f64
MH		 878 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
879 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 880 if (err)
881 break;
882 }
883
04837f64
MH		 884 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
885 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 886 break;
887
888 case HCISETSCAN:
04837f64
MH		 889 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
890 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 891 break;
892
1da177e4 893 case HCISETLINKPOL:
e4e8e37c
MH		 894 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
895 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 896 break;
897
898 case HCISETLINKMODE:
e4e8e37c
MH		 899 hdev->link_mode = ((__u16) dr.dev_opt) &
900 (HCI_LM_MASTER | HCI_LM_ACCEPT);
901 break;
902
903 case HCISETPTYPE:
904 hdev->pkt_type = (__u16) dr.dev_opt;
1da177e4
LT		 905 break;
906
907 case HCISETACLMTU:
e4e8e37c
MH		 908 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
909 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1da177e4
LT		 910 break;
911
912 case HCISETSCOMTU:
e4e8e37c
MH		 913 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
914 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1da177e4
LT		 915 break;
916
917 default:
918 err = -EINVAL;
919 break;
920 }
e4e8e37c 921
1da177e4
LT		 922 hci_dev_put(hdev);
923 return err;
924}
925
926int hci_get_dev_list(void __user *arg)
927{
8035ded4 928 struct hci_dev *hdev;
1da177e4
LT		 929 struct hci_dev_list_req *dl;
930 struct hci_dev_req *dr;
1da177e4
LT		 931 int n = 0, size, err;
932 __u16 dev_num;
933
934 if (get_user(dev_num, (__u16 __user *) arg))
935 return -EFAULT;
936
937 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
938 return -EINVAL;
939
940 size = sizeof(*dl) + dev_num * sizeof(*dr);
941
70f23020
AE		 942 dl = kzalloc(size, GFP_KERNEL);
943 if (!dl)
1da177e4
LT		 944 return -ENOMEM;
945
946 dr = dl->dev_req;
947
f20d09d5 948 read_lock(&hci_dev_list_lock);
8035ded4 949 list_for_each_entry(hdev, &hci_dev_list, list) {
3243553f 950 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
e0f9309f 951 cancel_delayed_work(&hdev->power_off);
c542a06c
JH		 952
953 if (!test_bit(HCI_MGMT, &hdev->flags))
954 set_bit(HCI_PAIRABLE, &hdev->flags);
955
1da177e4
LT		 956 (dr + n)->dev_id = hdev->id;
957 (dr + n)->dev_opt = hdev->flags;
c542a06c 958
1da177e4
LT		 959 if (++n >= dev_num)
960 break;
961 }
f20d09d5 962 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 963
964 dl->dev_num = n;
965 size = sizeof(*dl) + n * sizeof(*dr);
966
967 err = copy_to_user(arg, dl, size);
968 kfree(dl);
969
970 return err ? -EFAULT : 0;
971}
972
973int hci_get_dev_info(void __user *arg)
974{
975 struct hci_dev *hdev;
976 struct hci_dev_info di;
977 int err = 0;
978
979 if (copy_from_user(&di, arg, sizeof(di)))
980 return -EFAULT;
981
70f23020
AE		 982 hdev = hci_dev_get(di.dev_id);
983 if (!hdev)
1da177e4
LT		 984 return -ENODEV;
985
3243553f
JH		 986 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
987 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 988
c542a06c
JH		 989 if (!test_bit(HCI_MGMT, &hdev->flags))
990 set_bit(HCI_PAIRABLE, &hdev->flags);
991
1da177e4
LT		 992 strcpy(di.name, hdev->name);
993 di.bdaddr = hdev->bdaddr;
943da25d 994 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1da177e4
LT		 995 di.flags = hdev->flags;
996 di.pkt_type = hdev->pkt_type;
997 di.acl_mtu = hdev->acl_mtu;
998 di.acl_pkts = hdev->acl_pkts;
999 di.sco_mtu = hdev->sco_mtu;
1000 di.sco_pkts = hdev->sco_pkts;
1001 di.link_policy = hdev->link_policy;
1002 di.link_mode = hdev->link_mode;
1003
1004 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1005 memcpy(&di.features, &hdev->features, sizeof(di.features));
1006
1007 if (copy_to_user(arg, &di, sizeof(di)))
1008 err = -EFAULT;
1009
1010 hci_dev_put(hdev);
1011
1012 return err;
1013}
1014
1015/* ---- Interface to HCI drivers ---- */
1016
611b30f7
MH		 1017static int hci_rfkill_set_block(void *data, bool blocked)
1018{
1019 struct hci_dev *hdev = data;
1020
1021 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1022
1023 if (!blocked)
1024 return 0;
1025
1026 hci_dev_do_close(hdev);
1027
1028 return 0;
1029}
1030
1031static const struct rfkill_ops hci_rfkill_ops = {
1032 .set_block = hci_rfkill_set_block,
1033};
1034
1da177e4
LT		 1035/* Alloc HCI device */
1036struct hci_dev *hci_alloc_dev(void)
1037{
1038 struct hci_dev *hdev;
1039
25ea6db0 1040 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1da177e4
LT		 1041 if (!hdev)
1042 return NULL;
1043
0ac7e700 1044 hci_init_sysfs(hdev);
1da177e4
LT		 1045 skb_queue_head_init(&hdev->driver_init);
1046
1047 return hdev;
1048}
1049EXPORT_SYMBOL(hci_alloc_dev);
1050
1051/* Free HCI device */
1052void hci_free_dev(struct hci_dev *hdev)
1053{
1054 skb_queue_purge(&hdev->driver_init);
1055
a91f2e39
MH		 1056 /* will free via device release */
1057 put_device(&hdev->dev);
1da177e4
LT		 1058}
1059EXPORT_SYMBOL(hci_free_dev);
1060
ab81cbf9
JH		 1061static void hci_power_on(struct work_struct *work)
1062{
1063 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1064
1065 BT_DBG("%s", hdev->name);
1066
1067 if (hci_dev_open(hdev->id) < 0)
1068 return;
1069
1070 if (test_bit(HCI_AUTO_OFF, &hdev->flags))
80b7ab33 1071 schedule_delayed_work(&hdev->power_off,
3243553f 1072 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
ab81cbf9
JH		 1073
1074 if (test_and_clear_bit(HCI_SETUP, &hdev->flags))
744cf19e 1075 mgmt_index_added(hdev);
ab81cbf9
JH		 1076}
1077
1078static void hci_power_off(struct work_struct *work)
1079{
3243553f
JH		 1080 struct hci_dev *hdev = container_of(work, struct hci_dev,
1081 power_off.work);
ab81cbf9
JH		 1082
1083 BT_DBG("%s", hdev->name);
1084
1085 clear_bit(HCI_AUTO_OFF, &hdev->flags);
1086
3243553f 1087 hci_dev_close(hdev->id);
ab81cbf9
JH		 1088}
1089
16ab91ab
JH		 1090static void hci_discov_off(struct work_struct *work)
1091{
1092 struct hci_dev *hdev;
1093 u8 scan = SCAN_PAGE;
1094
1095 hdev = container_of(work, struct hci_dev, discov_off.work);
1096
1097 BT_DBG("%s", hdev->name);
1098
09fd0de5 1099 hci_dev_lock(hdev);
16ab91ab
JH		 1100
1101 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1102
1103 hdev->discov_timeout = 0;
1104
09fd0de5 1105 hci_dev_unlock(hdev);
16ab91ab
JH		 1106}
1107
2aeb9a1a
JH		 1108int hci_uuids_clear(struct hci_dev *hdev)
1109{
1110 struct list_head *p, *n;
1111
1112 list_for_each_safe(p, n, &hdev->uuids) {
1113 struct bt_uuid *uuid;
1114
1115 uuid = list_entry(p, struct bt_uuid, list);
1116
1117 list_del(p);
1118 kfree(uuid);
1119 }
1120
1121 return 0;
1122}
1123
55ed8ca1
JH		 1124int hci_link_keys_clear(struct hci_dev *hdev)
1125{
1126 struct list_head *p, *n;
1127
1128 list_for_each_safe(p, n, &hdev->link_keys) {
1129 struct link_key *key;
1130
1131 key = list_entry(p, struct link_key, list);
1132
1133 list_del(p);
1134 kfree(key);
1135 }
1136
1137 return 0;
1138}
1139
1140struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1141{
8035ded4 1142 struct link_key *k;
55ed8ca1 1143
8035ded4 1144 list_for_each_entry(k, &hdev->link_keys, list)
55ed8ca1
JH		 1145 if (bacmp(bdaddr, &k->bdaddr) == 0)
1146 return k;
55ed8ca1
JH		 1147
1148 return NULL;
1149}
1150
d25e28ab
JH		 1151static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1152 u8 key_type, u8 old_key_type)
1153{
1154 /* Legacy key */
1155 if (key_type < 0x03)
1156 return 1;
1157
1158 /* Debug keys are insecure so don't store them persistently */
1159 if (key_type == HCI_LK_DEBUG_COMBINATION)
1160 return 0;
1161
1162 /* Changed combination key and there's no previous one */
1163 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1164 return 0;
1165
1166 /* Security mode 3 case */
1167 if (!conn)
1168 return 1;
1169
1170 /* Neither local nor remote side had no-bonding as requirement */
1171 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1172 return 1;
1173
1174 /* Local side had dedicated bonding as requirement */
1175 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1176 return 1;
1177
1178 /* Remote side had dedicated bonding as requirement */
1179 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1180 return 1;
1181
1182 /* If none of the above criteria match, then don't store the key
1183 * persistently */
1184 return 0;
1185}
1186
75d262c2
VCG		 1187struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1188{
1189 struct link_key *k;
1190
1191 list_for_each_entry(k, &hdev->link_keys, list) {
1192 struct key_master_id *id;
1193
1194 if (k->type != HCI_LK_SMP_LTK)
1195 continue;
1196
1197 if (k->dlen != sizeof(*id))
1198 continue;
1199
1200 id = (void *) &k->data;
1201 if (id->ediv == ediv &&
1202 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1203 return k;
1204 }
1205
1206 return NULL;
1207}
1208EXPORT_SYMBOL(hci_find_ltk);
1209
1210struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
1211 bdaddr_t *bdaddr, u8 type)
1212{
1213 struct link_key *k;
1214
1215 list_for_each_entry(k, &hdev->link_keys, list)
1216 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0)
1217 return k;
1218
1219 return NULL;
1220}
1221EXPORT_SYMBOL(hci_find_link_key_type);
1222
d25e28ab
JH		 1223int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1224 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
55ed8ca1
JH		 1225{
1226 struct link_key *key, *old_key;
4df378a1 1227 u8 old_key_type, persistent;
55ed8ca1
JH		 1228
1229 old_key = hci_find_link_key(hdev, bdaddr);
1230 if (old_key) {
1231 old_key_type = old_key->type;
1232 key = old_key;
1233 } else {
12adcf3a 1234 old_key_type = conn ? conn->key_type : 0xff;
55ed8ca1
JH		 1235 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1236 if (!key)
1237 return -ENOMEM;
1238 list_add(&key->list, &hdev->link_keys);
1239 }
1240
1241 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1242
d25e28ab
JH		 1243 /* Some buggy controller combinations generate a changed
1244 * combination key for legacy pairing even when there's no
1245 * previous key */
1246 if (type == HCI_LK_CHANGED_COMBINATION &&
1247 (!conn || conn->remote_auth == 0xff) &&
655fe6ec 1248 old_key_type == 0xff) {
d25e28ab 1249 type = HCI_LK_COMBINATION;
655fe6ec
JH		 1250 if (conn)
1251 conn->key_type = type;
1252 }
d25e28ab 1253
55ed8ca1
JH		 1254 bacpy(&key->bdaddr, bdaddr);
1255 memcpy(key->val, val, 16);
55ed8ca1
JH		 1256 key->pin_len = pin_len;
1257
b6020ba0 1258 if (type == HCI_LK_CHANGED_COMBINATION)
55ed8ca1 1259 key->type = old_key_type;
4748fed2
JH		 1260 else
1261 key->type = type;
1262
4df378a1
JH		 1263 if (!new_key)
1264 return 0;
1265
1266 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1267
744cf19e 1268 mgmt_new_link_key(hdev, key, persistent);
4df378a1
JH		 1269
1270 if (!persistent) {
1271 list_del(&key->list);
1272 kfree(key);
1273 }
55ed8ca1
JH		 1274
1275 return 0;
1276}
1277
75d262c2 1278int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
726b4ffc 1279 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
75d262c2
VCG		 1280{
1281 struct link_key *key, *old_key;
1282 struct key_master_id *id;
1283 u8 old_key_type;
1284
1285 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
1286
1287 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK);
1288 if (old_key) {
1289 key = old_key;
1290 old_key_type = old_key->type;
1291 } else {
1292 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1293 if (!key)
1294 return -ENOMEM;
1295 list_add(&key->list, &hdev->link_keys);
1296 old_key_type = 0xff;
1297 }
1298
1299 key->dlen = sizeof(*id);
1300
1301 bacpy(&key->bdaddr, bdaddr);
1302 memcpy(key->val, ltk, sizeof(key->val));
1303 key->type = HCI_LK_SMP_LTK;
726b4ffc 1304 key->pin_len = key_size;
75d262c2
VCG		 1305
1306 id = (void *) &key->data;
1307 id->ediv = ediv;
1308 memcpy(id->rand, rand, sizeof(id->rand));
1309
1310 if (new_key)
744cf19e 1311 mgmt_new_link_key(hdev, key, old_key_type);
75d262c2
VCG		 1312
1313 return 0;
1314}
1315
55ed8ca1
JH		 1316int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1317{
1318 struct link_key *key;
1319
1320 key = hci_find_link_key(hdev, bdaddr);
1321 if (!key)
1322 return -ENOENT;
1323
1324 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1325
1326 list_del(&key->list);
1327 kfree(key);
1328
1329 return 0;
1330}
1331
6bd32326
VT		 1332/* HCI command timer function */
1333static void hci_cmd_timer(unsigned long arg)
1334{
1335 struct hci_dev *hdev = (void *) arg;
1336
1337 BT_ERR("%s command tx timeout", hdev->name);
1338 atomic_set(&hdev->cmd_cnt, 1);
c347b765 1339 queue_work(hdev->workqueue, &hdev->cmd_work);
6bd32326
VT		 1340}
1341
2763eda6
SJ		 1342struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1343 bdaddr_t *bdaddr)
1344{
1345 struct oob_data *data;
1346
1347 list_for_each_entry(data, &hdev->remote_oob_data, list)
1348 if (bacmp(bdaddr, &data->bdaddr) == 0)
1349 return data;
1350
1351 return NULL;
1352}
1353
1354int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1355{
1356 struct oob_data *data;
1357
1358 data = hci_find_remote_oob_data(hdev, bdaddr);
1359 if (!data)
1360 return -ENOENT;
1361
1362 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1363
1364 list_del(&data->list);
1365 kfree(data);
1366
1367 return 0;
1368}
1369
1370int hci_remote_oob_data_clear(struct hci_dev *hdev)
1371{
1372 struct oob_data *data, *n;
1373
1374 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1375 list_del(&data->list);
1376 kfree(data);
1377 }
1378
1379 return 0;
1380}
1381
1382int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1383 u8 *randomizer)
1384{
1385 struct oob_data *data;
1386
1387 data = hci_find_remote_oob_data(hdev, bdaddr);
1388
1389 if (!data) {
1390 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1391 if (!data)
1392 return -ENOMEM;
1393
1394 bacpy(&data->bdaddr, bdaddr);
1395 list_add(&data->list, &hdev->remote_oob_data);
1396 }
1397
1398 memcpy(data->hash, hash, sizeof(data->hash));
1399 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1400
1401 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1402
1403 return 0;
1404}
1405
b2a66aad
AJ		 1406struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
1407 bdaddr_t *bdaddr)
1408{
8035ded4 1409 struct bdaddr_list *b;
b2a66aad 1410
8035ded4 1411 list_for_each_entry(b, &hdev->blacklist, list)
b2a66aad
AJ		 1412 if (bacmp(bdaddr, &b->bdaddr) == 0)
1413 return b;
b2a66aad
AJ		 1414
1415 return NULL;
1416}
1417
1418int hci_blacklist_clear(struct hci_dev *hdev)
1419{
1420 struct list_head *p, *n;
1421
1422 list_for_each_safe(p, n, &hdev->blacklist) {
1423 struct bdaddr_list *b;
1424
1425 b = list_entry(p, struct bdaddr_list, list);
1426
1427 list_del(p);
1428 kfree(b);
1429 }
1430
1431 return 0;
1432}
1433
1434int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1435{
1436 struct bdaddr_list *entry;
b2a66aad
AJ		 1437
1438 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1439 return -EBADF;
1440
5e762444
AJ		 1441 if (hci_blacklist_lookup(hdev, bdaddr))
1442 return -EEXIST;
b2a66aad
AJ		 1443
1444 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
5e762444
AJ		 1445 if (!entry)
1446 return -ENOMEM;
b2a66aad
AJ		 1447
1448 bacpy(&entry->bdaddr, bdaddr);
1449
1450 list_add(&entry->list, &hdev->blacklist);
1451
744cf19e 1452 return mgmt_device_blocked(hdev, bdaddr);
b2a66aad
AJ		 1453}
1454
1455int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1456{
1457 struct bdaddr_list *entry;
b2a66aad 1458
1ec918ce 1459 if (bacmp(bdaddr, BDADDR_ANY) == 0)
5e762444 1460 return hci_blacklist_clear(hdev);
b2a66aad
AJ		 1461
1462 entry = hci_blacklist_lookup(hdev, bdaddr);
1ec918ce 1463 if (!entry)
5e762444 1464 return -ENOENT;
b2a66aad
AJ		 1465
1466 list_del(&entry->list);
1467 kfree(entry);
1468
744cf19e 1469 return mgmt_device_unblocked(hdev, bdaddr);
b2a66aad
AJ		 1470}
1471
db323f2f 1472static void hci_clear_adv_cache(struct work_struct *work)
35815085 1473{
db323f2f
GP		 1474 struct hci_dev *hdev = container_of(work, struct hci_dev,
1475 adv_work.work);
35815085
AG		 1476
1477 hci_dev_lock(hdev);
1478
1479 hci_adv_entries_clear(hdev);
1480
1481 hci_dev_unlock(hdev);
1482}
1483
76c8686f
AG		 1484int hci_adv_entries_clear(struct hci_dev *hdev)
1485{
1486 struct adv_entry *entry, *tmp;
1487
1488 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1489 list_del(&entry->list);
1490 kfree(entry);
1491 }
1492
1493 BT_DBG("%s adv cache cleared", hdev->name);
1494
1495 return 0;
1496}
1497
1498struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1499{
1500 struct adv_entry *entry;
1501
1502 list_for_each_entry(entry, &hdev->adv_entries, list)
1503 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1504 return entry;
1505
1506 return NULL;
1507}
1508
1509static inline int is_connectable_adv(u8 evt_type)
1510{
1511 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1512 return 1;
1513
1514 return 0;
1515}
1516
1517int hci_add_adv_entry(struct hci_dev *hdev,
1518 struct hci_ev_le_advertising_info *ev)
1519{
1520 struct adv_entry *entry;
1521
1522 if (!is_connectable_adv(ev->evt_type))
1523 return -EINVAL;
1524
1525 /* Only new entries should be added to adv_entries. So, if
1526 * bdaddr was found, don't add it. */
1527 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1528 return 0;
1529
1530 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
1531 if (!entry)
1532 return -ENOMEM;
1533
1534 bacpy(&entry->bdaddr, &ev->bdaddr);
1535 entry->bdaddr_type = ev->bdaddr_type;
1536
1537 list_add(&entry->list, &hdev->adv_entries);
1538
1539 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1540 batostr(&entry->bdaddr), entry->bdaddr_type);
1541
1542 return 0;
1543}
1544
1da177e4
LT		 1545/* Register HCI device */
1546int hci_register_dev(struct hci_dev *hdev)
1547{
1548 struct list_head *head = &hci_dev_list, *p;
08add513 1549 int i, id, error;
1da177e4 1550
c13854ce
MH		 1551 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
1552 hdev->bus, hdev->owner);
1da177e4
LT		 1553
1554 if (!hdev->open || !hdev->close || !hdev->destruct)
1555 return -EINVAL;
1556
08add513
MM		 1557 /* Do not allow HCI_AMP devices to register at index 0,
1558 * so the index can be used as the AMP controller ID.
1559 */
1560 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1561
f20d09d5 1562 write_lock(&hci_dev_list_lock);
1da177e4
LT		 1563
1564 /* Find first available device id */
1565 list_for_each(p, &hci_dev_list) {
1566 if (list_entry(p, struct hci_dev, list)->id != id)
1567 break;
1568 head = p; id++;
1569 }
8e87d142 1570
1da177e4
LT		 1571 sprintf(hdev->name, "hci%d", id);
1572 hdev->id = id;
c6feeb28 1573 list_add_tail(&hdev->list, head);
1da177e4
LT		 1574
1575 atomic_set(&hdev->refcnt, 1);
09fd0de5 1576 mutex_init(&hdev->lock);
1da177e4
LT		 1577
1578 hdev->flags = 0;
d23264a8 1579 hdev->dev_flags = 0;
1da177e4 1580 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
5b7f9909 1581 hdev->esco_type = (ESCO_HV1);
1da177e4 1582 hdev->link_mode = (HCI_LM_ACCEPT);
17fa4b9d 1583 hdev->io_capability = 0x03; /* No Input No Output */
1da177e4 1584
04837f64
MH		 1585 hdev->idle_timeout = 0;
1586 hdev->sniff_max_interval = 800;
1587 hdev->sniff_min_interval = 80;
1588
b78752cc 1589 INIT_WORK(&hdev->rx_work, hci_rx_work);
c347b765 1590 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3eff45ea 1591 INIT_WORK(&hdev->tx_work, hci_tx_work);
b78752cc 1592
1da177e4
LT		 1593
1594 skb_queue_head_init(&hdev->rx_q);
1595 skb_queue_head_init(&hdev->cmd_q);
1596 skb_queue_head_init(&hdev->raw_q);
1597
6bd32326
VT		 1598 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1599
cd4c5391 1600 for (i = 0; i < NUM_REASSEMBLY; i++)
ef222013
MH		 1601 hdev->reassembly[i] = NULL;
1602
1da177e4 1603 init_waitqueue_head(&hdev->req_wait_q);
a6a67efd 1604 mutex_init(&hdev->req_lock);
1da177e4 1605
30883512 1606 discovery_init(hdev);
1da177e4
LT		 1607
1608 hci_conn_hash_init(hdev);
1609
2e58ef3e
JH		 1610 INIT_LIST_HEAD(&hdev->mgmt_pending);
1611
ea4bd8ba 1612 INIT_LIST_HEAD(&hdev->blacklist);
f0358568 1613
2aeb9a1a
JH		 1614 INIT_LIST_HEAD(&hdev->uuids);
1615
55ed8ca1
JH		 1616 INIT_LIST_HEAD(&hdev->link_keys);
1617
2763eda6
SJ		 1618 INIT_LIST_HEAD(&hdev->remote_oob_data);
1619
76c8686f
AG		 1620 INIT_LIST_HEAD(&hdev->adv_entries);
1621
db323f2f 1622 INIT_DELAYED_WORK(&hdev->adv_work, hci_clear_adv_cache);
ab81cbf9 1623 INIT_WORK(&hdev->power_on, hci_power_on);
3243553f 1624 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
ab81cbf9 1625
16ab91ab
JH		 1626 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1627
1da177e4
LT		 1628 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1629
1630 atomic_set(&hdev->promisc, 0);
1631
f20d09d5 1632 write_unlock(&hci_dev_list_lock);
1da177e4 1633
32845eb1
GP		 1634 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1635 WQ_MEM_RECLAIM, 1);
33ca954d
DH		 1636 if (!hdev->workqueue) {
1637 error = -ENOMEM;
1638 goto err;
1639 }
f48fd9c8 1640
33ca954d
DH		 1641 error = hci_add_sysfs(hdev);
1642 if (error < 0)
1643 goto err_wqueue;
1da177e4 1644
611b30f7
MH		 1645 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1646 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1647 if (hdev->rfkill) {
1648 if (rfkill_register(hdev->rfkill) < 0) {
1649 rfkill_destroy(hdev->rfkill);
1650 hdev->rfkill = NULL;
1651 }
1652 }
1653
ab81cbf9
JH		 1654 set_bit(HCI_AUTO_OFF, &hdev->flags);
1655 set_bit(HCI_SETUP, &hdev->flags);
7f971041 1656 schedule_work(&hdev->power_on);
ab81cbf9 1657
1da177e4
LT		 1658 hci_notify(hdev, HCI_DEV_REG);
1659
1660 return id;
f48fd9c8 1661
33ca954d
DH		 1662err_wqueue:
1663 destroy_workqueue(hdev->workqueue);
1664err:
f20d09d5 1665 write_lock(&hci_dev_list_lock);
f48fd9c8 1666 list_del(&hdev->list);
f20d09d5 1667 write_unlock(&hci_dev_list_lock);
f48fd9c8 1668
33ca954d 1669 return error;
1da177e4
LT		 1670}
1671EXPORT_SYMBOL(hci_register_dev);
1672
1673/* Unregister HCI device */
59735631 1674void hci_unregister_dev(struct hci_dev *hdev)
1da177e4 1675{
ef222013
MH		 1676 int i;
1677
c13854ce 1678 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1da177e4 1679
f20d09d5 1680 write_lock(&hci_dev_list_lock);
1da177e4 1681 list_del(&hdev->list);
f20d09d5 1682 write_unlock(&hci_dev_list_lock);
1da177e4
LT		 1683
1684 hci_dev_do_close(hdev);
1685
cd4c5391 1686 for (i = 0; i < NUM_REASSEMBLY; i++)
ef222013
MH		 1687 kfree_skb(hdev->reassembly[i]);
1688
ab81cbf9 1689 if (!test_bit(HCI_INIT, &hdev->flags) &&
56e5cb86 1690 !test_bit(HCI_SETUP, &hdev->flags)) {
09fd0de5 1691 hci_dev_lock(hdev);
744cf19e 1692 mgmt_index_removed(hdev);
09fd0de5 1693 hci_dev_unlock(hdev);
56e5cb86 1694 }
ab81cbf9 1695
2e58ef3e
JH		 1696 /* mgmt_index_removed should take care of emptying the
1697 * pending list */
1698 BUG_ON(!list_empty(&hdev->mgmt_pending));
1699
1da177e4
LT		 1700 hci_notify(hdev, HCI_DEV_UNREG);
1701
611b30f7
MH		 1702 if (hdev->rfkill) {
1703 rfkill_unregister(hdev->rfkill);
1704 rfkill_destroy(hdev->rfkill);
1705 }
1706
ce242970 1707 hci_del_sysfs(hdev);
147e2d59 1708
db323f2f 1709 cancel_delayed_work_sync(&hdev->adv_work);
c6f3c5f7 1710
f48fd9c8
MH		 1711 destroy_workqueue(hdev->workqueue);
1712
09fd0de5 1713 hci_dev_lock(hdev);
e2e0cacb 1714 hci_blacklist_clear(hdev);
2aeb9a1a 1715 hci_uuids_clear(hdev);
55ed8ca1 1716 hci_link_keys_clear(hdev);
2763eda6 1717 hci_remote_oob_data_clear(hdev);
76c8686f 1718 hci_adv_entries_clear(hdev);
09fd0de5 1719 hci_dev_unlock(hdev);
e2e0cacb 1720
1da177e4 1721 __hci_dev_put(hdev);
1da177e4
LT		 1722}
1723EXPORT_SYMBOL(hci_unregister_dev);
1724
1725/* Suspend HCI device */
1726int hci_suspend_dev(struct hci_dev *hdev)
1727{
1728 hci_notify(hdev, HCI_DEV_SUSPEND);
1729 return 0;
1730}
1731EXPORT_SYMBOL(hci_suspend_dev);
1732
1733/* Resume HCI device */
1734int hci_resume_dev(struct hci_dev *hdev)
1735{
1736 hci_notify(hdev, HCI_DEV_RESUME);
1737 return 0;
1738}
1739EXPORT_SYMBOL(hci_resume_dev);
1740
76bca880
MH		 1741/* Receive frame from HCI drivers */
1742int hci_recv_frame(struct sk_buff *skb)
1743{
1744 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1745 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1746 && !test_bit(HCI_INIT, &hdev->flags))) {
1747 kfree_skb(skb);
1748 return -ENXIO;
1749 }
1750
1751 /* Incomming skb */
1752 bt_cb(skb)->incoming = 1;
1753
1754 /* Time stamp */
1755 __net_timestamp(skb);
1756
76bca880 1757 skb_queue_tail(&hdev->rx_q, skb);
b78752cc 1758 queue_work(hdev->workqueue, &hdev->rx_work);
c78ae283 1759
76bca880
MH		 1760 return 0;
1761}
1762EXPORT_SYMBOL(hci_recv_frame);
1763
33e882a5 1764static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1e429f38 1765 int count, __u8 index)
33e882a5
SS		 1766{
1767 int len = 0;
1768 int hlen = 0;
1769 int remain = count;
1770 struct sk_buff *skb;
1771 struct bt_skb_cb *scb;
1772
1773 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1774 index >= NUM_REASSEMBLY)
1775 return -EILSEQ;
1776
1777 skb = hdev->reassembly[index];
1778
1779 if (!skb) {
1780 switch (type) {
1781 case HCI_ACLDATA_PKT:
1782 len = HCI_MAX_FRAME_SIZE;
1783 hlen = HCI_ACL_HDR_SIZE;
1784 break;
1785 case HCI_EVENT_PKT:
1786 len = HCI_MAX_EVENT_SIZE;
1787 hlen = HCI_EVENT_HDR_SIZE;
1788 break;
1789 case HCI_SCODATA_PKT:
1790 len = HCI_MAX_SCO_SIZE;
1791 hlen = HCI_SCO_HDR_SIZE;
1792 break;
1793 }
1794
1e429f38 1795 skb = bt_skb_alloc(len, GFP_ATOMIC);
33e882a5
SS		 1796 if (!skb)
1797 return -ENOMEM;
1798
1799 scb = (void *) skb->cb;
1800 scb->expect = hlen;
1801 scb->pkt_type = type;
1802
1803 skb->dev = (void *) hdev;
1804 hdev->reassembly[index] = skb;
1805 }
1806
1807 while (count) {
1808 scb = (void *) skb->cb;
1809 len = min(scb->expect, (__u16)count);
1810
1811 memcpy(skb_put(skb, len), data, len);
1812
1813 count -= len;
1814 data += len;
1815 scb->expect -= len;
1816 remain = count;
1817
1818 switch (type) {
1819 case HCI_EVENT_PKT:
1820 if (skb->len == HCI_EVENT_HDR_SIZE) {
1821 struct hci_event_hdr *h = hci_event_hdr(skb);
1822 scb->expect = h->plen;
1823
1824 if (skb_tailroom(skb) < scb->expect) {
1825 kfree_skb(skb);
1826 hdev->reassembly[index] = NULL;
1827 return -ENOMEM;
1828 }
1829 }
1830 break;
1831
1832 case HCI_ACLDATA_PKT:
1833 if (skb->len == HCI_ACL_HDR_SIZE) {
1834 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1835 scb->expect = __le16_to_cpu(h->dlen);
1836
1837 if (skb_tailroom(skb) < scb->expect) {
1838 kfree_skb(skb);
1839 hdev->reassembly[index] = NULL;
1840 return -ENOMEM;
1841 }
1842 }
1843 break;
1844
1845 case HCI_SCODATA_PKT:
1846 if (skb->len == HCI_SCO_HDR_SIZE) {
1847 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1848 scb->expect = h->dlen;
1849
1850 if (skb_tailroom(skb) < scb->expect) {
1851 kfree_skb(skb);
1852 hdev->reassembly[index] = NULL;
1853 return -ENOMEM;
1854 }
1855 }
1856 break;
1857 }
1858
1859 if (scb->expect == 0) {
1860 /* Complete frame */
1861
1862 bt_cb(skb)->pkt_type = type;
1863 hci_recv_frame(skb);
1864
1865 hdev->reassembly[index] = NULL;
1866 return remain;
1867 }
1868 }
1869
1870 return remain;
1871}
1872
ef222013
MH		 1873int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1874{
f39a3c06
SS		 1875 int rem = 0;
1876
ef222013
MH		 1877 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1878 return -EILSEQ;
1879
da5f6c37 1880 while (count) {
1e429f38 1881 rem = hci_reassembly(hdev, type, data, count, type - 1);
f39a3c06
SS		 1882 if (rem < 0)
1883 return rem;
ef222013 1884
f39a3c06
SS		 1885 data += (count - rem);
1886 count = rem;
f81c6224 1887 }
ef222013 1888
f39a3c06 1889 return rem;
ef222013
MH		 1890}
1891EXPORT_SYMBOL(hci_recv_fragment);
1892
99811510
SS		 1893#define STREAM_REASSEMBLY 0
1894
1895int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1896{
1897 int type;
1898 int rem = 0;
1899
da5f6c37 1900 while (count) {
99811510
SS		 1901 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1902
1903 if (!skb) {
1904 struct { char type; } *pkt;
1905
1906 /* Start of the frame */
1907 pkt = data;
1908 type = pkt->type;
1909
1910 data++;
1911 count--;
1912 } else
1913 type = bt_cb(skb)->pkt_type;
1914
1e429f38
GP		 1915 rem = hci_reassembly(hdev, type, data, count,
1916 STREAM_REASSEMBLY);
99811510
SS		 1917 if (rem < 0)
1918 return rem;
1919
1920 data += (count - rem);
1921 count = rem;
f81c6224 1922 }
99811510
SS		 1923
1924 return rem;
1925}
1926EXPORT_SYMBOL(hci_recv_stream_fragment);
1927
1da177e4
LT		 1928/* ---- Interface to upper protocols ---- */
1929
1da177e4
LT		 1930int hci_register_cb(struct hci_cb *cb)
1931{
1932 BT_DBG("%p name %s", cb, cb->name);
1933
f20d09d5 1934 write_lock(&hci_cb_list_lock);
1da177e4 1935 list_add(&cb->list, &hci_cb_list);
f20d09d5 1936 write_unlock(&hci_cb_list_lock);
1da177e4
LT		 1937
1938 return 0;
1939}
1940EXPORT_SYMBOL(hci_register_cb);
1941
1942int hci_unregister_cb(struct hci_cb *cb)
1943{
1944 BT_DBG("%p name %s", cb, cb->name);
1945
f20d09d5 1946 write_lock(&hci_cb_list_lock);
1da177e4 1947 list_del(&cb->list);
f20d09d5 1948 write_unlock(&hci_cb_list_lock);
1da177e4
LT		 1949
1950 return 0;
1951}
1952EXPORT_SYMBOL(hci_unregister_cb);
1953
1954static int hci_send_frame(struct sk_buff *skb)
1955{
1956 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1957
1958 if (!hdev) {
1959 kfree_skb(skb);
1960 return -ENODEV;
1961 }
1962
0d48d939 1963 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1da177e4
LT		 1964
1965 if (atomic_read(&hdev->promisc)) {
1966 /* Time stamp */
a61bbcf2 1967 __net_timestamp(skb);
1da177e4 1968
eec8d2bc 1969 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 1970 }
1971
1972 /* Get rid of skb owner, prior to sending to the driver. */
1973 skb_orphan(skb);
1974
1975 return hdev->send(skb);
1976}
1977
1978/* Send HCI command */
a9de9248 1979int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1da177e4
LT		 1980{
1981 int len = HCI_COMMAND_HDR_SIZE + plen;
1982 struct hci_command_hdr *hdr;
1983 struct sk_buff *skb;
1984
a9de9248 1985 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1da177e4
LT		 1986
1987 skb = bt_skb_alloc(len, GFP_ATOMIC);
1988 if (!skb) {
ef222013 1989 BT_ERR("%s no memory for command", hdev->name);
1da177e4
LT		 1990 return -ENOMEM;
1991 }
1992
1993 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
a9de9248 1994 hdr->opcode = cpu_to_le16(opcode);
1da177e4
LT		 1995 hdr->plen = plen;
1996
1997 if (plen)
1998 memcpy(skb_put(skb, plen), param, plen);
1999
2000 BT_DBG("skb len %d", skb->len);
2001
0d48d939 2002 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1da177e4 2003 skb->dev = (void *) hdev;
c78ae283 2004
a5040efa
JH		 2005 if (test_bit(HCI_INIT, &hdev->flags))
2006 hdev->init_last_cmd = opcode;
2007
1da177e4 2008 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 2009 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 2010
2011 return 0;
2012}
1da177e4
LT		 2013
2014/* Get data from the previously sent command */
a9de9248 2015void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1da177e4
LT		 2016{
2017 struct hci_command_hdr *hdr;
2018
2019 if (!hdev->sent_cmd)
2020 return NULL;
2021
2022 hdr = (void *) hdev->sent_cmd->data;
2023
a9de9248 2024 if (hdr->opcode != cpu_to_le16(opcode))
1da177e4
LT		 2025 return NULL;
2026
a9de9248 2027 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1da177e4
LT		 2028
2029 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2030}
2031
2032/* Send ACL data */
2033static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2034{
2035 struct hci_acl_hdr *hdr;
2036 int len = skb->len;
2037
badff6d0
ACM		 2038 skb_push(skb, HCI_ACL_HDR_SIZE);
2039 skb_reset_transport_header(skb);
9c70220b 2040 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
aca3192c
YH		 2041 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2042 hdr->dlen = cpu_to_le16(len);
1da177e4
LT		 2043}
2044
73d80deb
LAD		 2045static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2046 struct sk_buff *skb, __u16 flags)
1da177e4
LT		 2047{
2048 struct hci_dev *hdev = conn->hdev;
2049 struct sk_buff *list;
2050
70f23020
AE		 2051 list = skb_shinfo(skb)->frag_list;
2052 if (!list) {
1da177e4
LT		 2053 /* Non fragmented */
2054 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2055
73d80deb 2056 skb_queue_tail(queue, skb);
1da177e4
LT		 2057 } else {
2058 /* Fragmented */
2059 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2060
2061 skb_shinfo(skb)->frag_list = NULL;
2062
2063 /* Queue all fragments atomically */
af3e6359 2064 spin_lock(&queue->lock);
1da177e4 2065
73d80deb 2066 __skb_queue_tail(queue, skb);
e702112f
AE		 2067
2068 flags &= ~ACL_START;
2069 flags |= ACL_CONT;
1da177e4
LT		 2070 do {
2071 skb = list; list = list->next;
8e87d142 2072
1da177e4 2073 skb->dev = (void *) hdev;
0d48d939 2074 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
e702112f 2075 hci_add_acl_hdr(skb, conn->handle, flags);
1da177e4
LT		 2076
2077 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2078
73d80deb 2079 __skb_queue_tail(queue, skb);
1da177e4
LT		 2080 } while (list);
2081
af3e6359 2082 spin_unlock(&queue->lock);
1da177e4 2083 }
73d80deb
LAD		 2084}
2085
2086void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2087{
2088 struct hci_conn *conn = chan->conn;
2089 struct hci_dev *hdev = conn->hdev;
2090
2091 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
2092
2093 skb->dev = (void *) hdev;
2094 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2095 hci_add_acl_hdr(skb, conn->handle, flags);
2096
2097 hci_queue_acl(conn, &chan->data_q, skb, flags);
1da177e4 2098
3eff45ea 2099 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 2100}
2101EXPORT_SYMBOL(hci_send_acl);
2102
2103/* Send SCO data */
0d861d8b 2104void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1da177e4
LT		 2105{
2106 struct hci_dev *hdev = conn->hdev;
2107 struct hci_sco_hdr hdr;
2108
2109 BT_DBG("%s len %d", hdev->name, skb->len);
2110
aca3192c 2111 hdr.handle = cpu_to_le16(conn->handle);
1da177e4
LT		 2112 hdr.dlen = skb->len;
2113
badff6d0
ACM		 2114 skb_push(skb, HCI_SCO_HDR_SIZE);
2115 skb_reset_transport_header(skb);
9c70220b 2116 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
1da177e4
LT		 2117
2118 skb->dev = (void *) hdev;
0d48d939 2119 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
c78ae283 2120
1da177e4 2121 skb_queue_tail(&conn->data_q, skb);
3eff45ea 2122 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 2123}
2124EXPORT_SYMBOL(hci_send_sco);
2125
2126/* ---- HCI TX task (outgoing data) ---- */
2127
2128/* HCI Connection scheduler */
2129static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2130{
2131 struct hci_conn_hash *h = &hdev->conn_hash;
8035ded4 2132 struct hci_conn *conn = NULL, *c;
1da177e4 2133 int num = 0, min = ~0;
1da177e4 2134
8e87d142 2135 /* We don't have to lock device here. Connections are always
1da177e4 2136 * added and removed with TX task disabled. */
bf4c6325
GP		 2137
2138 rcu_read_lock();
2139
2140 list_for_each_entry_rcu(c, &h->list, list) {
769be974 2141 if (c->type != type || skb_queue_empty(&c->data_q))
1da177e4 2142 continue;
769be974
MH		 2143
2144 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2145 continue;
2146
1da177e4
LT		 2147 num++;
2148
2149 if (c->sent < min) {
2150 min = c->sent;
2151 conn = c;
2152 }
52087a79
LAD		 2153
2154 if (hci_conn_num(hdev, type) == num)
2155 break;
1da177e4
LT		 2156 }
2157
bf4c6325
GP		 2158 rcu_read_unlock();
2159
1da177e4 2160 if (conn) {
6ed58ec5
VT		 2161 int cnt, q;
2162
2163 switch (conn->type) {
2164 case ACL_LINK:
2165 cnt = hdev->acl_cnt;
2166 break;
2167 case SCO_LINK:
2168 case ESCO_LINK:
2169 cnt = hdev->sco_cnt;
2170 break;
2171 case LE_LINK:
2172 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2173 break;
2174 default:
2175 cnt = 0;
2176 BT_ERR("Unknown link type");
2177 }
2178
2179 q = cnt / num;
1da177e4
LT		 2180 *quote = q ? q : 1;
2181 } else
2182 *quote = 0;
2183
2184 BT_DBG("conn %p quote %d", conn, *quote);
2185 return conn;
2186}
2187
bae1f5d9 2188static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
1da177e4
LT		 2189{
2190 struct hci_conn_hash *h = &hdev->conn_hash;
8035ded4 2191 struct hci_conn *c;
1da177e4 2192
bae1f5d9 2193 BT_ERR("%s link tx timeout", hdev->name);
1da177e4 2194
bf4c6325
GP		 2195 rcu_read_lock();
2196
1da177e4 2197 /* Kill stalled connections */
bf4c6325 2198 list_for_each_entry_rcu(c, &h->list, list) {
bae1f5d9
VT		 2199 if (c->type == type && c->sent) {
2200 BT_ERR("%s killing stalled connection %s",
1da177e4
LT		 2201 hdev->name, batostr(&c->dst));
2202 hci_acl_disconn(c, 0x13);
2203 }
2204 }
bf4c6325
GP		 2205
2206 rcu_read_unlock();
1da177e4
LT		 2207}
2208
73d80deb
LAD		 2209static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2210 int *quote)
1da177e4 2211{
73d80deb
LAD		 2212 struct hci_conn_hash *h = &hdev->conn_hash;
2213 struct hci_chan *chan = NULL;
2214 int num = 0, min = ~0, cur_prio = 0;
1da177e4 2215 struct hci_conn *conn;
73d80deb
LAD		 2216 int cnt, q, conn_num = 0;
2217
2218 BT_DBG("%s", hdev->name);
2219
bf4c6325
GP		 2220 rcu_read_lock();
2221
2222 list_for_each_entry_rcu(conn, &h->list, list) {
73d80deb
LAD		 2223 struct hci_chan *tmp;
2224
2225 if (conn->type != type)
2226 continue;
2227
2228 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2229 continue;
2230
2231 conn_num++;
2232
8192edef 2233 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
73d80deb
LAD		 2234 struct sk_buff *skb;
2235
2236 if (skb_queue_empty(&tmp->data_q))
2237 continue;
2238
2239 skb = skb_peek(&tmp->data_q);
2240 if (skb->priority < cur_prio)
2241 continue;
2242
2243 if (skb->priority > cur_prio) {
2244 num = 0;
2245 min = ~0;
2246 cur_prio = skb->priority;
2247 }
2248
2249 num++;
2250
2251 if (conn->sent < min) {
2252 min = conn->sent;
2253 chan = tmp;
2254 }
2255 }
2256
2257 if (hci_conn_num(hdev, type) == conn_num)
2258 break;
2259 }
2260
bf4c6325
GP		 2261 rcu_read_unlock();
2262
73d80deb
LAD		 2263 if (!chan)
2264 return NULL;
2265
2266 switch (chan->conn->type) {
2267 case ACL_LINK:
2268 cnt = hdev->acl_cnt;
2269 break;
2270 case SCO_LINK:
2271 case ESCO_LINK:
2272 cnt = hdev->sco_cnt;
2273 break;
2274 case LE_LINK:
2275 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2276 break;
2277 default:
2278 cnt = 0;
2279 BT_ERR("Unknown link type");
2280 }
2281
2282 q = cnt / num;
2283 *quote = q ? q : 1;
2284 BT_DBG("chan %p quote %d", chan, *quote);
2285 return chan;
2286}
2287
02b20f0b
LAD		 2288static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2289{
2290 struct hci_conn_hash *h = &hdev->conn_hash;
2291 struct hci_conn *conn;
2292 int num = 0;
2293
2294 BT_DBG("%s", hdev->name);
2295
bf4c6325
GP		 2296 rcu_read_lock();
2297
2298 list_for_each_entry_rcu(conn, &h->list, list) {
02b20f0b
LAD		 2299 struct hci_chan *chan;
2300
2301 if (conn->type != type)
2302 continue;
2303
2304 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2305 continue;
2306
2307 num++;
2308
8192edef 2309 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
02b20f0b
LAD		 2310 struct sk_buff *skb;
2311
2312 if (chan->sent) {
2313 chan->sent = 0;
2314 continue;
2315 }
2316
2317 if (skb_queue_empty(&chan->data_q))
2318 continue;
2319
2320 skb = skb_peek(&chan->data_q);
2321 if (skb->priority >= HCI_PRIO_MAX - 1)
2322 continue;
2323
2324 skb->priority = HCI_PRIO_MAX - 1;
2325
2326 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2327 skb->priority);
2328 }
2329
2330 if (hci_conn_num(hdev, type) == num)
2331 break;
2332 }
bf4c6325
GP		 2333
2334 rcu_read_unlock();
2335
02b20f0b
LAD		 2336}
2337
73d80deb
LAD		 2338static inline void hci_sched_acl(struct hci_dev *hdev)
2339{
2340 struct hci_chan *chan;
1da177e4
LT		 2341 struct sk_buff *skb;
2342 int quote;
73d80deb 2343 unsigned int cnt;
1da177e4
LT		 2344
2345 BT_DBG("%s", hdev->name);
2346
52087a79
LAD		 2347 if (!hci_conn_num(hdev, ACL_LINK))
2348 return;
2349
1da177e4
LT		 2350 if (!test_bit(HCI_RAW, &hdev->flags)) {
2351 /* ACL tx timeout must be longer than maximum
2352 * link supervision timeout (40.9 seconds) */
cc48dc0a
AE		 2353 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx +
2354 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT)))
bae1f5d9 2355 hci_link_tx_to(hdev, ACL_LINK);
1da177e4
LT		 2356 }
2357
73d80deb 2358 cnt = hdev->acl_cnt;
04837f64 2359
73d80deb
LAD		 2360 while (hdev->acl_cnt &&
2361 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
ec1cce24
LAD		 2362 u32 priority = (skb_peek(&chan->data_q))->priority;
2363 while (quote-- && (skb = skb_peek(&chan->data_q))) {
73d80deb
LAD		 2364 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2365 skb->len, skb->priority);
2366
ec1cce24
LAD		 2367 /* Stop if priority has changed */
2368 if (skb->priority < priority)
2369 break;
2370
2371 skb = skb_dequeue(&chan->data_q);
2372
73d80deb
LAD		 2373 hci_conn_enter_active_mode(chan->conn,
2374 bt_cb(skb)->force_active);
04837f64 2375
1da177e4
LT		 2376 hci_send_frame(skb);
2377 hdev->acl_last_tx = jiffies;
2378
2379 hdev->acl_cnt--;
73d80deb
LAD		 2380 chan->sent++;
2381 chan->conn->sent++;
1da177e4
LT		 2382 }
2383 }
02b20f0b
LAD		 2384
2385 if (cnt != hdev->acl_cnt)
2386 hci_prio_recalculate(hdev, ACL_LINK);
1da177e4
LT		 2387}
2388
2389/* Schedule SCO */
2390static inline void hci_sched_sco(struct hci_dev *hdev)
2391{
2392 struct hci_conn *conn;
2393 struct sk_buff *skb;
2394 int quote;
2395
2396 BT_DBG("%s", hdev->name);
2397
52087a79
LAD		 2398 if (!hci_conn_num(hdev, SCO_LINK))
2399 return;
2400
1da177e4
LT		 2401 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
2402 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2403 BT_DBG("skb %p len %d", skb, skb->len);
2404 hci_send_frame(skb);
2405
2406 conn->sent++;
2407 if (conn->sent == ~0)
2408 conn->sent = 0;
2409 }
2410 }
2411}
2412
b6a0dc82
MH		 2413static inline void hci_sched_esco(struct hci_dev *hdev)
2414{
2415 struct hci_conn *conn;
2416 struct sk_buff *skb;
2417 int quote;
2418
2419 BT_DBG("%s", hdev->name);
2420
52087a79
LAD		 2421 if (!hci_conn_num(hdev, ESCO_LINK))
2422 return;
2423
b6a0dc82
MH		 2424 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, &quote))) {
2425 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2426 BT_DBG("skb %p len %d", skb, skb->len);
2427 hci_send_frame(skb);
2428
2429 conn->sent++;
2430 if (conn->sent == ~0)
2431 conn->sent = 0;
2432 }
2433 }
2434}
2435
6ed58ec5
VT		 2436static inline void hci_sched_le(struct hci_dev *hdev)
2437{
73d80deb 2438 struct hci_chan *chan;
6ed58ec5 2439 struct sk_buff *skb;
02b20f0b 2440 int quote, cnt, tmp;
6ed58ec5
VT		 2441
2442 BT_DBG("%s", hdev->name);
2443
52087a79
LAD		 2444 if (!hci_conn_num(hdev, LE_LINK))
2445 return;
2446
6ed58ec5
VT		 2447 if (!test_bit(HCI_RAW, &hdev->flags)) {
2448 /* LE tx timeout must be longer than maximum
2449 * link supervision timeout (40.9 seconds) */
bae1f5d9 2450 if (!hdev->le_cnt && hdev->le_pkts &&
6ed58ec5 2451 time_after(jiffies, hdev->le_last_tx + HZ * 45))
bae1f5d9 2452 hci_link_tx_to(hdev, LE_LINK);
6ed58ec5
VT		 2453 }
2454
2455 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
02b20f0b 2456 tmp = cnt;
73d80deb 2457 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
ec1cce24
LAD		 2458 u32 priority = (skb_peek(&chan->data_q))->priority;
2459 while (quote-- && (skb = skb_peek(&chan->data_q))) {
73d80deb
LAD		 2460 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2461 skb->len, skb->priority);
6ed58ec5 2462
ec1cce24
LAD		 2463 /* Stop if priority has changed */
2464 if (skb->priority < priority)
2465 break;
2466
2467 skb = skb_dequeue(&chan->data_q);
2468
6ed58ec5
VT		 2469 hci_send_frame(skb);
2470 hdev->le_last_tx = jiffies;
2471
2472 cnt--;
73d80deb
LAD		 2473 chan->sent++;
2474 chan->conn->sent++;
6ed58ec5
VT		 2475 }
2476 }
73d80deb 2477
6ed58ec5
VT		 2478 if (hdev->le_pkts)
2479 hdev->le_cnt = cnt;
2480 else
2481 hdev->acl_cnt = cnt;
02b20f0b
LAD		 2482
2483 if (cnt != tmp)
2484 hci_prio_recalculate(hdev, LE_LINK);
6ed58ec5
VT		 2485}
2486
3eff45ea 2487static void hci_tx_work(struct work_struct *work)
1da177e4 2488{
3eff45ea 2489 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
1da177e4
LT		 2490 struct sk_buff *skb;
2491
6ed58ec5
VT		 2492 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2493 hdev->sco_cnt, hdev->le_cnt);
1da177e4
LT		 2494
2495 /* Schedule queues and send stuff to HCI driver */
2496
2497 hci_sched_acl(hdev);
2498
2499 hci_sched_sco(hdev);
2500
b6a0dc82
MH		 2501 hci_sched_esco(hdev);
2502
6ed58ec5
VT		 2503 hci_sched_le(hdev);
2504
1da177e4
LT		 2505 /* Send next queued raw (unknown type) packet */
2506 while ((skb = skb_dequeue(&hdev->raw_q)))
2507 hci_send_frame(skb);
1da177e4
LT		 2508}
2509
25985edc 2510/* ----- HCI RX task (incoming data processing) ----- */
1da177e4
LT		 2511
2512/* ACL data packet */
2513static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2514{
2515 struct hci_acl_hdr *hdr = (void *) skb->data;
2516 struct hci_conn *conn;
2517 __u16 handle, flags;
2518
2519 skb_pull(skb, HCI_ACL_HDR_SIZE);
2520
2521 handle = __le16_to_cpu(hdr->handle);
2522 flags = hci_flags(handle);
2523 handle = hci_handle(handle);
2524
2525 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2526
2527 hdev->stat.acl_rx++;
2528
2529 hci_dev_lock(hdev);
2530 conn = hci_conn_hash_lookup_handle(hdev, handle);
2531 hci_dev_unlock(hdev);
8e87d142 2532
1da177e4 2533 if (conn) {
65983fc7 2534 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
04837f64 2535
1da177e4 2536 /* Send to upper protocol */
686ebf28
UF		 2537 l2cap_recv_acldata(conn, skb, flags);
2538 return;
1da177e4 2539 } else {
8e87d142 2540 BT_ERR("%s ACL packet for unknown connection handle %d",
1da177e4
LT		 2541 hdev->name, handle);
2542 }
2543
2544 kfree_skb(skb);
2545}
2546
2547/* SCO data packet */
2548static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2549{
2550 struct hci_sco_hdr *hdr = (void *) skb->data;
2551 struct hci_conn *conn;
2552 __u16 handle;
2553
2554 skb_pull(skb, HCI_SCO_HDR_SIZE);
2555
2556 handle = __le16_to_cpu(hdr->handle);
2557
2558 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2559
2560 hdev->stat.sco_rx++;
2561
2562 hci_dev_lock(hdev);
2563 conn = hci_conn_hash_lookup_handle(hdev, handle);
2564 hci_dev_unlock(hdev);
2565
2566 if (conn) {
1da177e4 2567 /* Send to upper protocol */
686ebf28
UF		 2568 sco_recv_scodata(conn, skb);
2569 return;
1da177e4 2570 } else {
8e87d142 2571 BT_ERR("%s SCO packet for unknown connection handle %d",
1da177e4
LT		 2572 hdev->name, handle);
2573 }
2574
2575 kfree_skb(skb);
2576}
2577
b78752cc 2578static void hci_rx_work(struct work_struct *work)
1da177e4 2579{
b78752cc 2580 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
1da177e4
LT		 2581 struct sk_buff *skb;
2582
2583 BT_DBG("%s", hdev->name);
2584
1da177e4
LT		 2585 while ((skb = skb_dequeue(&hdev->rx_q))) {
2586 if (atomic_read(&hdev->promisc)) {
2587 /* Send copy to the sockets */
eec8d2bc 2588 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 2589 }
2590
2591 if (test_bit(HCI_RAW, &hdev->flags)) {
2592 kfree_skb(skb);
2593 continue;
2594 }
2595
2596 if (test_bit(HCI_INIT, &hdev->flags)) {
2597 /* Don't process data packets in this states. */
0d48d939 2598 switch (bt_cb(skb)->pkt_type) {
1da177e4
LT		 2599 case HCI_ACLDATA_PKT:
2600 case HCI_SCODATA_PKT:
2601 kfree_skb(skb);
2602 continue;
3ff50b79 2603 }
1da177e4
LT		 2604 }
2605
2606 /* Process frame */
0d48d939 2607 switch (bt_cb(skb)->pkt_type) {
1da177e4 2608 case HCI_EVENT_PKT:
b78752cc 2609 BT_DBG("%s Event packet", hdev->name);
1da177e4
LT		 2610 hci_event_packet(hdev, skb);
2611 break;
2612
2613 case HCI_ACLDATA_PKT:
2614 BT_DBG("%s ACL data packet", hdev->name);
2615 hci_acldata_packet(hdev, skb);
2616 break;
2617
2618 case HCI_SCODATA_PKT:
2619 BT_DBG("%s SCO data packet", hdev->name);
2620 hci_scodata_packet(hdev, skb);
2621 break;
2622
2623 default:
2624 kfree_skb(skb);
2625 break;
2626 }
2627 }
1da177e4
LT		 2628}
2629
c347b765 2630static void hci_cmd_work(struct work_struct *work)
1da177e4 2631{
c347b765 2632 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
1da177e4
LT		 2633 struct sk_buff *skb;
2634
2635 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2636
1da177e4 2637 /* Send queued commands */
5a08ecce
AE		 2638 if (atomic_read(&hdev->cmd_cnt)) {
2639 skb = skb_dequeue(&hdev->cmd_q);
2640 if (!skb)
2641 return;
2642
7585b97a 2643 kfree_skb(hdev->sent_cmd);
1da177e4 2644
70f23020
AE		 2645 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2646 if (hdev->sent_cmd) {
1da177e4
LT		 2647 atomic_dec(&hdev->cmd_cnt);
2648 hci_send_frame(skb);
7bdb8a5c
SJ		 2649 if (test_bit(HCI_RESET, &hdev->flags))
2650 del_timer(&hdev->cmd_timer);
2651 else
2652 mod_timer(&hdev->cmd_timer,
6bd32326 2653 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
1da177e4
LT		 2654 } else {
2655 skb_queue_head(&hdev->cmd_q, skb);
c347b765 2656 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 2657 }
2658 }
2659}
2519a1fc
AG		 2660
2661int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2662{
2663 /* General inquiry access code (GIAC) */
2664 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2665 struct hci_cp_inquiry cp;
2666
2667 BT_DBG("%s", hdev->name);
2668
2669 if (test_bit(HCI_INQUIRY, &hdev->flags))
2670 return -EINPROGRESS;
2671
4663262c
JH		 2672 inquiry_cache_flush(hdev);
2673
2519a1fc
AG		 2674 memset(&cp, 0, sizeof(cp));
2675 memcpy(&cp.lap, lap, sizeof(cp.lap));
2676 cp.length = length;
2677
2678 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2679}
023d5049
AG		 2680
2681int hci_cancel_inquiry(struct hci_dev *hdev)
2682{
2683 BT_DBG("%s", hdev->name);
2684
2685 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2686 return -EPERM;
2687
2688 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2689}
7784d78f
AE		 2690
2691module_param(enable_hs, bool, 0644);
2692MODULE_PARM_DESC(enable_hs, "Enable High Speed");
kernel source for telekom puls (alcatel/mediatek)