projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add new structures for handling SMP Long Term Keys
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
590051de 4 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI core. */
27
82453021 28#include <linux/jiffies.h>
1da177e4
LT		 29#include <linux/module.h>
30#include <linux/kmod.h>
31
32#include <linux/types.h>
33#include <linux/errno.h>
34#include <linux/kernel.h>
1da177e4
LT		 35#include <linux/sched.h>
36#include <linux/slab.h>
37#include <linux/poll.h>
38#include <linux/fcntl.h>
39#include <linux/init.h>
40#include <linux/skbuff.h>
f48fd9c8 41#include <linux/workqueue.h>
1da177e4
LT		 42#include <linux/interrupt.h>
43#include <linux/notifier.h>
611b30f7 44#include <linux/rfkill.h>
6bd32326 45#include <linux/timer.h>
3a0259bb 46#include <linux/crypto.h>
1da177e4
LT		 47#include <net/sock.h>
48
49#include <asm/system.h>
70f23020 50#include <linux/uaccess.h>
1da177e4
LT		 51#include <asm/unaligned.h>
52
53#include <net/bluetooth/bluetooth.h>
54#include <net/bluetooth/hci_core.h>
55
ab81cbf9
JH		 56#define AUTO_OFF_TIMEOUT 2000
57
8b281b9c 58bool enable_hs;
7784d78f 59
b78752cc 60static void hci_rx_work(struct work_struct *work);
c347b765 61static void hci_cmd_work(struct work_struct *work);
3eff45ea 62static void hci_tx_work(struct work_struct *work);
1da177e4 63
1da177e4
LT		 64/* HCI device list */
65LIST_HEAD(hci_dev_list);
66DEFINE_RWLOCK(hci_dev_list_lock);
67
68/* HCI callback list */
69LIST_HEAD(hci_cb_list);
70DEFINE_RWLOCK(hci_cb_list_lock);
71
1da177e4 72/* HCI notifiers list */
e041c683 73static ATOMIC_NOTIFIER_HEAD(hci_notifier);
1da177e4
LT		 74
75/* ---- HCI notifications ---- */
76
77int hci_register_notifier(struct notifier_block *nb)
78{
e041c683 79 return atomic_notifier_chain_register(&hci_notifier, nb);
1da177e4
LT		 80}
81
82int hci_unregister_notifier(struct notifier_block *nb)
83{
e041c683 84 return atomic_notifier_chain_unregister(&hci_notifier, nb);
1da177e4
LT		 85}
86
6516455d 87static void hci_notify(struct hci_dev *hdev, int event)
1da177e4 88{
e041c683 89 atomic_notifier_call_chain(&hci_notifier, event, hdev);
1da177e4
LT		 90}
91
92/* ---- HCI requests ---- */
93
23bb5763 94void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
1da177e4 95{
23bb5763
JH		 96 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
97
a5040efa
JH		 98 /* If this is the init phase check if the completed command matches
99 * the last init command, and if not just return.
100 */
101 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
23bb5763 102 return;
1da177e4
LT		 103
104 if (hdev->req_status == HCI_REQ_PEND) {
105 hdev->req_result = result;
106 hdev->req_status = HCI_REQ_DONE;
107 wake_up_interruptible(&hdev->req_wait_q);
108 }
109}
110
111static void hci_req_cancel(struct hci_dev *hdev, int err)
112{
113 BT_DBG("%s err 0x%2.2x", hdev->name, err);
114
115 if (hdev->req_status == HCI_REQ_PEND) {
116 hdev->req_result = err;
117 hdev->req_status = HCI_REQ_CANCELED;
118 wake_up_interruptible(&hdev->req_wait_q);
119 }
120}
121
122/* Execute request and wait for completion. */
8e87d142 123static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
01df8c31 124 unsigned long opt, __u32 timeout)
1da177e4
LT		 125{
126 DECLARE_WAITQUEUE(wait, current);
127 int err = 0;
128
129 BT_DBG("%s start", hdev->name);
130
131 hdev->req_status = HCI_REQ_PEND;
132
133 add_wait_queue(&hdev->req_wait_q, &wait);
134 set_current_state(TASK_INTERRUPTIBLE);
135
136 req(hdev, opt);
137 schedule_timeout(timeout);
138
139 remove_wait_queue(&hdev->req_wait_q, &wait);
140
141 if (signal_pending(current))
142 return -EINTR;
143
144 switch (hdev->req_status) {
145 case HCI_REQ_DONE:
e175072f 146 err = -bt_to_errno(hdev->req_result);
1da177e4
LT		 147 break;
148
149 case HCI_REQ_CANCELED:
150 err = -hdev->req_result;
151 break;
152
153 default:
154 err = -ETIMEDOUT;
155 break;
3ff50b79 156 }
1da177e4 157
a5040efa 158 hdev->req_status = hdev->req_result = 0;
1da177e4
LT		 159
160 BT_DBG("%s end: err %d", hdev->name, err);
161
162 return err;
163}
164
165static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
01df8c31 166 unsigned long opt, __u32 timeout)
1da177e4
LT		 167{
168 int ret;
169
7c6a329e
MH		 170 if (!test_bit(HCI_UP, &hdev->flags))
171 return -ENETDOWN;
172
1da177e4
LT		 173 /* Serialize all requests */
174 hci_req_lock(hdev);
175 ret = __hci_request(hdev, req, opt, timeout);
176 hci_req_unlock(hdev);
177
178 return ret;
179}
180
181static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
182{
183 BT_DBG("%s %ld", hdev->name, opt);
184
185 /* Reset device */
f630cf0d 186 set_bit(HCI_RESET, &hdev->flags);
a9de9248 187 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
1da177e4
LT		 188}
189
e61ef499 190static void bredr_init(struct hci_dev *hdev)
1da177e4 191{
b0916ea0 192 struct hci_cp_delete_stored_link_key cp;
1ebb9252 193 __le16 param;
89f2783d 194 __u8 flt_type;
1da177e4 195
2455a3ea
AE		 196 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
197
1da177e4
LT		 198 /* Mandatory initialization */
199
200 /* Reset */
f630cf0d 201 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
e61ef499
AE		 202 set_bit(HCI_RESET, &hdev->flags);
203 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
f630cf0d 204 }
1da177e4
LT		 205
206 /* Read Local Supported Features */
a9de9248 207 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1da177e4 208
1143e5a6 209 /* Read Local Version */
a9de9248 210 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1143e5a6 211
1da177e4 212 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
a9de9248 213 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
1da177e4 214
1da177e4 215 /* Read BD Address */
a9de9248
MH		 216 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
217
218 /* Read Class of Device */
219 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
220
221 /* Read Local Name */
222 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
1da177e4
LT		 223
224 /* Read Voice Setting */
a9de9248 225 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
1da177e4
LT		 226
227 /* Optional initialization */
228
229 /* Clear Event Filters */
89f2783d 230 flt_type = HCI_FLT_CLEAR_ALL;
a9de9248 231 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
1da177e4 232
1da177e4 233 /* Connection accept timeout ~20 secs */
aca3192c 234 param = cpu_to_le16(0x7d00);
a9de9248 235 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
b0916ea0
JH		 236
237 bacpy(&cp.bdaddr, BDADDR_ANY);
238 cp.delete_all = 1;
239 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
1da177e4
LT		 240}
241
e61ef499
AE		 242static void amp_init(struct hci_dev *hdev)
243{
2455a3ea
AE		 244 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
245
e61ef499
AE		 246 /* Reset */
247 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
248
249 /* Read Local Version */
250 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
251}
252
253static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
254{
255 struct sk_buff *skb;
256
257 BT_DBG("%s %ld", hdev->name, opt);
258
259 /* Driver initialization */
260
261 /* Special commands */
262 while ((skb = skb_dequeue(&hdev->driver_init))) {
263 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
264 skb->dev = (void *) hdev;
265
266 skb_queue_tail(&hdev->cmd_q, skb);
267 queue_work(hdev->workqueue, &hdev->cmd_work);
268 }
269 skb_queue_purge(&hdev->driver_init);
270
271 switch (hdev->dev_type) {
272 case HCI_BREDR:
273 bredr_init(hdev);
274 break;
275
276 case HCI_AMP:
277 amp_init(hdev);
278 break;
279
280 default:
281 BT_ERR("Unknown device type %d", hdev->dev_type);
282 break;
283 }
284
285}
286
6ed58ec5
VT		 287static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
288{
289 BT_DBG("%s", hdev->name);
290
291 /* Read LE buffer size */
292 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
293}
294
1da177e4
LT		 295static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
296{
297 __u8 scan = opt;
298
299 BT_DBG("%s %x", hdev->name, scan);
300
301 /* Inquiry and Page scans */
a9de9248 302 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1da177e4
LT		 303}
304
305static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
306{
307 __u8 auth = opt;
308
309 BT_DBG("%s %x", hdev->name, auth);
310
311 /* Authentication */
a9de9248 312 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1da177e4
LT		 313}
314
315static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
316{
317 __u8 encrypt = opt;
318
319 BT_DBG("%s %x", hdev->name, encrypt);
320
e4e8e37c 321 /* Encryption */
a9de9248 322 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1da177e4
LT		 323}
324
e4e8e37c
MH		 325static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
326{
327 __le16 policy = cpu_to_le16(opt);
328
a418b893 329 BT_DBG("%s %x", hdev->name, policy);
e4e8e37c
MH		 330
331 /* Default link policy */
332 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
333}
334
8e87d142 335/* Get HCI device by index.
1da177e4
LT		 336 * Device is held on return. */
337struct hci_dev *hci_dev_get(int index)
338{
8035ded4 339 struct hci_dev *hdev = NULL, *d;
1da177e4
LT		 340
341 BT_DBG("%d", index);
342
343 if (index < 0)
344 return NULL;
345
346 read_lock(&hci_dev_list_lock);
8035ded4 347 list_for_each_entry(d, &hci_dev_list, list) {
1da177e4
LT		 348 if (d->id == index) {
349 hdev = hci_dev_hold(d);
350 break;
351 }
352 }
353 read_unlock(&hci_dev_list_lock);
354 return hdev;
355}
1da177e4
LT		 356
357/* ---- Inquiry support ---- */
ff9ef578 358
30dc78e1
JH		 359bool hci_discovery_active(struct hci_dev *hdev)
360{
361 struct discovery_state *discov = &hdev->discovery;
362
363 if (discov->state == DISCOVERY_INQUIRY ||
364 discov->state == DISCOVERY_RESOLVING)
365 return true;
366
367 return false;
368}
369
ff9ef578
JH		 370void hci_discovery_set_state(struct hci_dev *hdev, int state)
371{
372 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
373
374 if (hdev->discovery.state == state)
375 return;
376
377 switch (state) {
378 case DISCOVERY_STOPPED:
379 mgmt_discovering(hdev, 0);
380 break;
381 case DISCOVERY_STARTING:
382 break;
30dc78e1 383 case DISCOVERY_INQUIRY:
ff9ef578
JH		 384 mgmt_discovering(hdev, 1);
385 break;
30dc78e1
JH		 386 case DISCOVERY_RESOLVING:
387 break;
ff9ef578
JH		 388 case DISCOVERY_STOPPING:
389 break;
390 }
391
392 hdev->discovery.state = state;
393}
394
1da177e4
LT		 395static void inquiry_cache_flush(struct hci_dev *hdev)
396{
30883512 397 struct discovery_state *cache = &hdev->discovery;
b57c1a56 398 struct inquiry_entry *p, *n;
1da177e4 399
561aafbc
JH		 400 list_for_each_entry_safe(p, n, &cache->all, all) {
401 list_del(&p->all);
b57c1a56 402 kfree(p);
1da177e4 403 }
561aafbc
JH		 404
405 INIT_LIST_HEAD(&cache->unknown);
406 INIT_LIST_HEAD(&cache->resolve);
ff9ef578 407 cache->state = DISCOVERY_STOPPED;
1da177e4
LT		 408}
409
410struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
411{
30883512 412 struct discovery_state *cache = &hdev->discovery;
1da177e4
LT		 413 struct inquiry_entry *e;
414
415 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
416
561aafbc
JH		 417 list_for_each_entry(e, &cache->all, all) {
418 if (!bacmp(&e->data.bdaddr, bdaddr))
419 return e;
420 }
421
422 return NULL;
423}
424
425struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
426 bdaddr_t *bdaddr)
427{
30883512 428 struct discovery_state *cache = &hdev->discovery;
561aafbc
JH		 429 struct inquiry_entry *e;
430
431 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
432
433 list_for_each_entry(e, &cache->unknown, list) {
1da177e4 434 if (!bacmp(&e->data.bdaddr, bdaddr))
b57c1a56
JH		 435 return e;
436 }
437
438 return NULL;
1da177e4
LT		 439}
440
30dc78e1
JH		 441struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
442 bdaddr_t *bdaddr,
443 int state)
444{
445 struct discovery_state *cache = &hdev->discovery;
446 struct inquiry_entry *e;
447
448 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
449
450 list_for_each_entry(e, &cache->resolve, list) {
451 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
452 return e;
453 if (!bacmp(&e->data.bdaddr, bdaddr))
454 return e;
455 }
456
457 return NULL;
458}
459
a3d4e20a
JH		 460void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
461 struct inquiry_entry *ie)
462{
463 struct discovery_state *cache = &hdev->discovery;
464 struct list_head *pos = &cache->resolve;
465 struct inquiry_entry *p;
466
467 list_del(&ie->list);
468
469 list_for_each_entry(p, &cache->resolve, list) {
470 if (p->name_state != NAME_PENDING &&
471 abs(p->data.rssi) >= abs(ie->data.rssi))
472 break;
473 pos = &p->list;
474 }
475
476 list_add(&ie->list, pos);
477}
478
3175405b 479bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
561aafbc 480 bool name_known)
1da177e4 481{
30883512 482 struct discovery_state *cache = &hdev->discovery;
70f23020 483 struct inquiry_entry *ie;
1da177e4
LT		 484
485 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
486
70f23020 487 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
a3d4e20a
JH		 488 if (ie) {
489 if (ie->name_state == NAME_NEEDED &&
490 data->rssi != ie->data.rssi) {
491 ie->data.rssi = data->rssi;
492 hci_inquiry_cache_update_resolve(hdev, ie);
493 }
494
561aafbc 495 goto update;
a3d4e20a 496 }
561aafbc
JH		 497
498 /* Entry not in the cache. Add new one. */
499 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
500 if (!ie)
3175405b 501 return false;
561aafbc
JH		 502
503 list_add(&ie->all, &cache->all);
504
505 if (name_known) {
506 ie->name_state = NAME_KNOWN;
507 } else {
508 ie->name_state = NAME_NOT_KNOWN;
509 list_add(&ie->list, &cache->unknown);
510 }
70f23020 511
561aafbc
JH		 512update:
513 if (name_known && ie->name_state != NAME_KNOWN &&
514 ie->name_state != NAME_PENDING) {
515 ie->name_state = NAME_KNOWN;
516 list_del(&ie->list);
1da177e4
LT		 517 }
518
70f23020
AE		 519 memcpy(&ie->data, data, sizeof(*data));
520 ie->timestamp = jiffies;
1da177e4 521 cache->timestamp = jiffies;
3175405b
JH		 522
523 if (ie->name_state == NAME_NOT_KNOWN)
524 return false;
525
526 return true;
1da177e4
LT		 527}
528
529static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
530{
30883512 531 struct discovery_state *cache = &hdev->discovery;
1da177e4
LT		 532 struct inquiry_info *info = (struct inquiry_info *) buf;
533 struct inquiry_entry *e;
534 int copied = 0;
535
561aafbc 536 list_for_each_entry(e, &cache->all, all) {
1da177e4 537 struct inquiry_data *data = &e->data;
b57c1a56
JH		 538
539 if (copied >= num)
540 break;
541
1da177e4
LT		 542 bacpy(&info->bdaddr, &data->bdaddr);
543 info->pscan_rep_mode = data->pscan_rep_mode;
544 info->pscan_period_mode = data->pscan_period_mode;
545 info->pscan_mode = data->pscan_mode;
546 memcpy(info->dev_class, data->dev_class, 3);
547 info->clock_offset = data->clock_offset;
b57c1a56 548
1da177e4 549 info++;
b57c1a56 550 copied++;
1da177e4
LT		 551 }
552
553 BT_DBG("cache %p, copied %d", cache, copied);
554 return copied;
555}
556
557static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
558{
559 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
560 struct hci_cp_inquiry cp;
561
562 BT_DBG("%s", hdev->name);
563
564 if (test_bit(HCI_INQUIRY, &hdev->flags))
565 return;
566
567 /* Start Inquiry */
568 memcpy(&cp.lap, &ir->lap, 3);
569 cp.length = ir->length;
570 cp.num_rsp = ir->num_rsp;
a9de9248 571 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1da177e4
LT		 572}
573
574int hci_inquiry(void __user *arg)
575{
576 __u8 __user *ptr = arg;
577 struct hci_inquiry_req ir;
578 struct hci_dev *hdev;
579 int err = 0, do_inquiry = 0, max_rsp;
580 long timeo;
581 __u8 *buf;
582
583 if (copy_from_user(&ir, ptr, sizeof(ir)))
584 return -EFAULT;
585
5a08ecce
AE		 586 hdev = hci_dev_get(ir.dev_id);
587 if (!hdev)
1da177e4
LT		 588 return -ENODEV;
589
09fd0de5 590 hci_dev_lock(hdev);
8e87d142 591 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
70f23020
AE		 592 inquiry_cache_empty(hdev) ||
593 ir.flags & IREQ_CACHE_FLUSH) {
1da177e4
LT		 594 inquiry_cache_flush(hdev);
595 do_inquiry = 1;
596 }
09fd0de5 597 hci_dev_unlock(hdev);
1da177e4 598
04837f64 599 timeo = ir.length * msecs_to_jiffies(2000);
70f23020
AE		 600
601 if (do_inquiry) {
602 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
603 if (err < 0)
604 goto done;
605 }
1da177e4
LT		 606
607 /* for unlimited number of responses we will use buffer with 255 entries */
608 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
609
610 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
611 * copy it to the user space.
612 */
01df8c31 613 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
70f23020 614 if (!buf) {
1da177e4
LT		 615 err = -ENOMEM;
616 goto done;
617 }
618
09fd0de5 619 hci_dev_lock(hdev);
1da177e4 620 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
09fd0de5 621 hci_dev_unlock(hdev);
1da177e4
LT		 622
623 BT_DBG("num_rsp %d", ir.num_rsp);
624
625 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
626 ptr += sizeof(ir);
627 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
628 ir.num_rsp))
629 err = -EFAULT;
8e87d142 630 } else
1da177e4
LT		 631 err = -EFAULT;
632
633 kfree(buf);
634
635done:
636 hci_dev_put(hdev);
637 return err;
638}
639
640/* ---- HCI ioctl helpers ---- */
641
642int hci_dev_open(__u16 dev)
643{
644 struct hci_dev *hdev;
645 int ret = 0;
646
5a08ecce
AE		 647 hdev = hci_dev_get(dev);
648 if (!hdev)
1da177e4
LT		 649 return -ENODEV;
650
651 BT_DBG("%s %p", hdev->name, hdev);
652
653 hci_req_lock(hdev);
654
611b30f7
MH		 655 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
656 ret = -ERFKILL;
657 goto done;
658 }
659
1da177e4
LT		 660 if (test_bit(HCI_UP, &hdev->flags)) {
661 ret = -EALREADY;
662 goto done;
663 }
664
665 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
666 set_bit(HCI_RAW, &hdev->flags);
667
07e3b94a
AE		 668 /* Treat all non BR/EDR controllers as raw devices if
669 enable_hs is not set */
670 if (hdev->dev_type != HCI_BREDR && !enable_hs)
943da25d
MH		 671 set_bit(HCI_RAW, &hdev->flags);
672
1da177e4
LT		 673 if (hdev->open(hdev)) {
674 ret = -EIO;
675 goto done;
676 }
677
678 if (!test_bit(HCI_RAW, &hdev->flags)) {
679 atomic_set(&hdev->cmd_cnt, 1);
680 set_bit(HCI_INIT, &hdev->flags);
a5040efa 681 hdev->init_last_cmd = 0;
1da177e4 682
04837f64
MH		 683 ret = __hci_request(hdev, hci_init_req, 0,
684 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4 685
eead27da 686 if (lmp_host_le_capable(hdev))
6ed58ec5
VT		 687 ret = __hci_request(hdev, hci_le_init_req, 0,
688 msecs_to_jiffies(HCI_INIT_TIMEOUT));
689
1da177e4
LT		 690 clear_bit(HCI_INIT, &hdev->flags);
691 }
692
693 if (!ret) {
694 hci_dev_hold(hdev);
695 set_bit(HCI_UP, &hdev->flags);
696 hci_notify(hdev, HCI_DEV_UP);
a8b2d5c2 697 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
09fd0de5 698 hci_dev_lock(hdev);
744cf19e 699 mgmt_powered(hdev, 1);
09fd0de5 700 hci_dev_unlock(hdev);
56e5cb86 701 }
8e87d142 702 } else {
1da177e4 703 /* Init failed, cleanup */
3eff45ea 704 flush_work(&hdev->tx_work);
c347b765 705 flush_work(&hdev->cmd_work);
b78752cc 706 flush_work(&hdev->rx_work);
1da177e4
LT		 707
708 skb_queue_purge(&hdev->cmd_q);
709 skb_queue_purge(&hdev->rx_q);
710
711 if (hdev->flush)
712 hdev->flush(hdev);
713
714 if (hdev->sent_cmd) {
715 kfree_skb(hdev->sent_cmd);
716 hdev->sent_cmd = NULL;
717 }
718
719 hdev->close(hdev);
720 hdev->flags = 0;
721 }
722
723done:
724 hci_req_unlock(hdev);
725 hci_dev_put(hdev);
726 return ret;
727}
728
729static int hci_dev_do_close(struct hci_dev *hdev)
730{
731 BT_DBG("%s %p", hdev->name, hdev);
732
733 hci_req_cancel(hdev, ENODEV);
734 hci_req_lock(hdev);
735
736 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
b79f44c1 737 del_timer_sync(&hdev->cmd_timer);
1da177e4
LT		 738 hci_req_unlock(hdev);
739 return 0;
740 }
741
3eff45ea
GP		 742 /* Flush RX and TX works */
743 flush_work(&hdev->tx_work);
b78752cc 744 flush_work(&hdev->rx_work);
1da177e4 745
16ab91ab 746 if (hdev->discov_timeout > 0) {
e0f9309f 747 cancel_delayed_work(&hdev->discov_off);
16ab91ab
JH		 748 hdev->discov_timeout = 0;
749 }
750
a8b2d5c2 751 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
e0f9309f 752 cancel_delayed_work(&hdev->power_off);
3243553f 753
a8b2d5c2 754 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 755 cancel_delayed_work(&hdev->service_cache);
756
09fd0de5 757 hci_dev_lock(hdev);
1da177e4
LT		 758 inquiry_cache_flush(hdev);
759 hci_conn_hash_flush(hdev);
09fd0de5 760 hci_dev_unlock(hdev);
1da177e4
LT		 761
762 hci_notify(hdev, HCI_DEV_DOWN);
763
764 if (hdev->flush)
765 hdev->flush(hdev);
766
767 /* Reset device */
768 skb_queue_purge(&hdev->cmd_q);
769 atomic_set(&hdev->cmd_cnt, 1);
770 if (!test_bit(HCI_RAW, &hdev->flags)) {
771 set_bit(HCI_INIT, &hdev->flags);
04837f64 772 __hci_request(hdev, hci_reset_req, 0,
cad44c2b 773 msecs_to_jiffies(250));
1da177e4
LT		 774 clear_bit(HCI_INIT, &hdev->flags);
775 }
776
c347b765
GP		 777 /* flush cmd work */
778 flush_work(&hdev->cmd_work);
1da177e4
LT		 779
780 /* Drop queues */
781 skb_queue_purge(&hdev->rx_q);
782 skb_queue_purge(&hdev->cmd_q);
783 skb_queue_purge(&hdev->raw_q);
784
785 /* Drop last sent command */
786 if (hdev->sent_cmd) {
b79f44c1 787 del_timer_sync(&hdev->cmd_timer);
1da177e4
LT		 788 kfree_skb(hdev->sent_cmd);
789 hdev->sent_cmd = NULL;
790 }
791
792 /* After this point our queues are empty
793 * and no tasks are scheduled. */
794 hdev->close(hdev);
795
09fd0de5 796 hci_dev_lock(hdev);
744cf19e 797 mgmt_powered(hdev, 0);
09fd0de5 798 hci_dev_unlock(hdev);
5add6af8 799
1da177e4
LT		 800 /* Clear flags */
801 hdev->flags = 0;
802
803 hci_req_unlock(hdev);
804
805 hci_dev_put(hdev);
806 return 0;
807}
808
809int hci_dev_close(__u16 dev)
810{
811 struct hci_dev *hdev;
812 int err;
813
70f23020
AE		 814 hdev = hci_dev_get(dev);
815 if (!hdev)
1da177e4
LT		 816 return -ENODEV;
817 err = hci_dev_do_close(hdev);
818 hci_dev_put(hdev);
819 return err;
820}
821
822int hci_dev_reset(__u16 dev)
823{
824 struct hci_dev *hdev;
825 int ret = 0;
826
70f23020
AE		 827 hdev = hci_dev_get(dev);
828 if (!hdev)
1da177e4
LT		 829 return -ENODEV;
830
831 hci_req_lock(hdev);
1da177e4
LT		 832
833 if (!test_bit(HCI_UP, &hdev->flags))
834 goto done;
835
836 /* Drop queues */
837 skb_queue_purge(&hdev->rx_q);
838 skb_queue_purge(&hdev->cmd_q);
839
09fd0de5 840 hci_dev_lock(hdev);
1da177e4
LT		 841 inquiry_cache_flush(hdev);
842 hci_conn_hash_flush(hdev);
09fd0de5 843 hci_dev_unlock(hdev);
1da177e4
LT		 844
845 if (hdev->flush)
846 hdev->flush(hdev);
847
8e87d142 848 atomic_set(&hdev->cmd_cnt, 1);
6ed58ec5 849 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1da177e4
LT		 850
851 if (!test_bit(HCI_RAW, &hdev->flags))
04837f64
MH		 852 ret = __hci_request(hdev, hci_reset_req, 0,
853 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 854
855done:
1da177e4
LT		 856 hci_req_unlock(hdev);
857 hci_dev_put(hdev);
858 return ret;
859}
860
861int hci_dev_reset_stat(__u16 dev)
862{
863 struct hci_dev *hdev;
864 int ret = 0;
865
70f23020
AE		 866 hdev = hci_dev_get(dev);
867 if (!hdev)
1da177e4
LT		 868 return -ENODEV;
869
870 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
871
872 hci_dev_put(hdev);
873
874 return ret;
875}
876
877int hci_dev_cmd(unsigned int cmd, void __user *arg)
878{
879 struct hci_dev *hdev;
880 struct hci_dev_req dr;
881 int err = 0;
882
883 if (copy_from_user(&dr, arg, sizeof(dr)))
884 return -EFAULT;
885
70f23020
AE		 886 hdev = hci_dev_get(dr.dev_id);
887 if (!hdev)
1da177e4
LT		 888 return -ENODEV;
889
890 switch (cmd) {
891 case HCISETAUTH:
04837f64
MH		 892 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
893 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 894 break;
895
896 case HCISETENCRYPT:
897 if (!lmp_encrypt_capable(hdev)) {
898 err = -EOPNOTSUPP;
899 break;
900 }
901
902 if (!test_bit(HCI_AUTH, &hdev->flags)) {
903 /* Auth must be enabled first */
04837f64
MH		 904 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
905 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 906 if (err)
907 break;
908 }
909
04837f64
MH		 910 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
911 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 912 break;
913
914 case HCISETSCAN:
04837f64
MH		 915 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
916 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 917 break;
918
1da177e4 919 case HCISETLINKPOL:
e4e8e37c
MH		 920 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
921 msecs_to_jiffies(HCI_INIT_TIMEOUT));
1da177e4
LT		 922 break;
923
924 case HCISETLINKMODE:
e4e8e37c
MH		 925 hdev->link_mode = ((__u16) dr.dev_opt) &
926 (HCI_LM_MASTER | HCI_LM_ACCEPT);
927 break;
928
929 case HCISETPTYPE:
930 hdev->pkt_type = (__u16) dr.dev_opt;
1da177e4
LT		 931 break;
932
933 case HCISETACLMTU:
e4e8e37c
MH		 934 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
935 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1da177e4
LT		 936 break;
937
938 case HCISETSCOMTU:
e4e8e37c
MH		 939 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
940 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1da177e4
LT		 941 break;
942
943 default:
944 err = -EINVAL;
945 break;
946 }
e4e8e37c 947
1da177e4
LT		 948 hci_dev_put(hdev);
949 return err;
950}
951
952int hci_get_dev_list(void __user *arg)
953{
8035ded4 954 struct hci_dev *hdev;
1da177e4
LT		 955 struct hci_dev_list_req *dl;
956 struct hci_dev_req *dr;
1da177e4
LT		 957 int n = 0, size, err;
958 __u16 dev_num;
959
960 if (get_user(dev_num, (__u16 __user *) arg))
961 return -EFAULT;
962
963 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
964 return -EINVAL;
965
966 size = sizeof(*dl) + dev_num * sizeof(*dr);
967
70f23020
AE		 968 dl = kzalloc(size, GFP_KERNEL);
969 if (!dl)
1da177e4
LT		 970 return -ENOMEM;
971
972 dr = dl->dev_req;
973
f20d09d5 974 read_lock(&hci_dev_list_lock);
8035ded4 975 list_for_each_entry(hdev, &hci_dev_list, list) {
a8b2d5c2 976 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
e0f9309f 977 cancel_delayed_work(&hdev->power_off);
c542a06c 978
a8b2d5c2
JH		 979 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
980 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 981
1da177e4
LT		 982 (dr + n)->dev_id = hdev->id;
983 (dr + n)->dev_opt = hdev->flags;
c542a06c 984
1da177e4
LT		 985 if (++n >= dev_num)
986 break;
987 }
f20d09d5 988 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 989
990 dl->dev_num = n;
991 size = sizeof(*dl) + n * sizeof(*dr);
992
993 err = copy_to_user(arg, dl, size);
994 kfree(dl);
995
996 return err ? -EFAULT : 0;
997}
998
999int hci_get_dev_info(void __user *arg)
1000{
1001 struct hci_dev *hdev;
1002 struct hci_dev_info di;
1003 int err = 0;
1004
1005 if (copy_from_user(&di, arg, sizeof(di)))
1006 return -EFAULT;
1007
70f23020
AE		 1008 hdev = hci_dev_get(di.dev_id);
1009 if (!hdev)
1da177e4
LT		 1010 return -ENODEV;
1011
a8b2d5c2 1012 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
3243553f 1013 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 1014
a8b2d5c2
JH		 1015 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1016 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1017
1da177e4
LT		 1018 strcpy(di.name, hdev->name);
1019 di.bdaddr = hdev->bdaddr;
943da25d 1020 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1da177e4
LT		 1021 di.flags = hdev->flags;
1022 di.pkt_type = hdev->pkt_type;
1023 di.acl_mtu = hdev->acl_mtu;
1024 di.acl_pkts = hdev->acl_pkts;
1025 di.sco_mtu = hdev->sco_mtu;
1026 di.sco_pkts = hdev->sco_pkts;
1027 di.link_policy = hdev->link_policy;
1028 di.link_mode = hdev->link_mode;
1029
1030 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1031 memcpy(&di.features, &hdev->features, sizeof(di.features));
1032
1033 if (copy_to_user(arg, &di, sizeof(di)))
1034 err = -EFAULT;
1035
1036 hci_dev_put(hdev);
1037
1038 return err;
1039}
1040
1041/* ---- Interface to HCI drivers ---- */
1042
611b30f7
MH		 1043static int hci_rfkill_set_block(void *data, bool blocked)
1044{
1045 struct hci_dev *hdev = data;
1046
1047 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1048
1049 if (!blocked)
1050 return 0;
1051
1052 hci_dev_do_close(hdev);
1053
1054 return 0;
1055}
1056
1057static const struct rfkill_ops hci_rfkill_ops = {
1058 .set_block = hci_rfkill_set_block,
1059};
1060
1da177e4
LT		 1061/* Alloc HCI device */
1062struct hci_dev *hci_alloc_dev(void)
1063{
1064 struct hci_dev *hdev;
1065
25ea6db0 1066 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1da177e4
LT		 1067 if (!hdev)
1068 return NULL;
1069
0ac7e700 1070 hci_init_sysfs(hdev);
1da177e4
LT		 1071 skb_queue_head_init(&hdev->driver_init);
1072
1073 return hdev;
1074}
1075EXPORT_SYMBOL(hci_alloc_dev);
1076
1077/* Free HCI device */
1078void hci_free_dev(struct hci_dev *hdev)
1079{
1080 skb_queue_purge(&hdev->driver_init);
1081
a91f2e39
MH		 1082 /* will free via device release */
1083 put_device(&hdev->dev);
1da177e4
LT		 1084}
1085EXPORT_SYMBOL(hci_free_dev);
1086
ab81cbf9
JH		 1087static void hci_power_on(struct work_struct *work)
1088{
1089 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1090
1091 BT_DBG("%s", hdev->name);
1092
1093 if (hci_dev_open(hdev->id) < 0)
1094 return;
1095
a8b2d5c2 1096 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
80b7ab33 1097 schedule_delayed_work(&hdev->power_off,
3243553f 1098 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
ab81cbf9 1099
a8b2d5c2 1100 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
744cf19e 1101 mgmt_index_added(hdev);
ab81cbf9
JH		 1102}
1103
1104static void hci_power_off(struct work_struct *work)
1105{
3243553f
JH		 1106 struct hci_dev *hdev = container_of(work, struct hci_dev,
1107 power_off.work);
ab81cbf9
JH		 1108
1109 BT_DBG("%s", hdev->name);
1110
a8b2d5c2 1111 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
ab81cbf9 1112
3243553f 1113 hci_dev_close(hdev->id);
ab81cbf9
JH		 1114}
1115
16ab91ab
JH		 1116static void hci_discov_off(struct work_struct *work)
1117{
1118 struct hci_dev *hdev;
1119 u8 scan = SCAN_PAGE;
1120
1121 hdev = container_of(work, struct hci_dev, discov_off.work);
1122
1123 BT_DBG("%s", hdev->name);
1124
09fd0de5 1125 hci_dev_lock(hdev);
16ab91ab
JH		 1126
1127 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1128
1129 hdev->discov_timeout = 0;
1130
09fd0de5 1131 hci_dev_unlock(hdev);
16ab91ab
JH		 1132}
1133
2aeb9a1a
JH		 1134int hci_uuids_clear(struct hci_dev *hdev)
1135{
1136 struct list_head *p, *n;
1137
1138 list_for_each_safe(p, n, &hdev->uuids) {
1139 struct bt_uuid *uuid;
1140
1141 uuid = list_entry(p, struct bt_uuid, list);
1142
1143 list_del(p);
1144 kfree(uuid);
1145 }
1146
1147 return 0;
1148}
1149
55ed8ca1
JH		 1150int hci_link_keys_clear(struct hci_dev *hdev)
1151{
1152 struct list_head *p, *n;
1153
1154 list_for_each_safe(p, n, &hdev->link_keys) {
1155 struct link_key *key;
1156
1157 key = list_entry(p, struct link_key, list);
1158
1159 list_del(p);
1160 kfree(key);
1161 }
1162
1163 return 0;
1164}
1165
b899efaf
VCG		 1166int hci_smp_ltks_clear(struct hci_dev *hdev)
1167{
1168 struct smp_ltk *k, *tmp;
1169
1170 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1171 list_del(&k->list);
1172 kfree(k);
1173 }
1174
1175 return 0;
1176}
1177
55ed8ca1
JH		 1178struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1179{
8035ded4 1180 struct link_key *k;
55ed8ca1 1181
8035ded4 1182 list_for_each_entry(k, &hdev->link_keys, list)
55ed8ca1
JH		 1183 if (bacmp(bdaddr, &k->bdaddr) == 0)
1184 return k;
55ed8ca1
JH		 1185
1186 return NULL;
1187}
1188
d25e28ab
JH		 1189static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1190 u8 key_type, u8 old_key_type)
1191{
1192 /* Legacy key */
1193 if (key_type < 0x03)
1194 return 1;
1195
1196 /* Debug keys are insecure so don't store them persistently */
1197 if (key_type == HCI_LK_DEBUG_COMBINATION)
1198 return 0;
1199
1200 /* Changed combination key and there's no previous one */
1201 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1202 return 0;
1203
1204 /* Security mode 3 case */
1205 if (!conn)
1206 return 1;
1207
1208 /* Neither local nor remote side had no-bonding as requirement */
1209 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1210 return 1;
1211
1212 /* Local side had dedicated bonding as requirement */
1213 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1214 return 1;
1215
1216 /* Remote side had dedicated bonding as requirement */
1217 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1218 return 1;
1219
1220 /* If none of the above criteria match, then don't store the key
1221 * persistently */
1222 return 0;
1223}
1224
75d262c2
VCG		 1225struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1226{
1227 struct link_key *k;
1228
1229 list_for_each_entry(k, &hdev->link_keys, list) {
1230 struct key_master_id *id;
1231
1232 if (k->type != HCI_LK_SMP_LTK)
1233 continue;
1234
1235 if (k->dlen != sizeof(*id))
1236 continue;
1237
1238 id = (void *) &k->data;
1239 if (id->ediv == ediv &&
1240 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1241 return k;
1242 }
1243
1244 return NULL;
1245}
1246EXPORT_SYMBOL(hci_find_ltk);
1247
1248struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
1249 bdaddr_t *bdaddr, u8 type)
1250{
1251 struct link_key *k;
1252
1253 list_for_each_entry(k, &hdev->link_keys, list)
1254 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0)
1255 return k;
1256
1257 return NULL;
1258}
1259EXPORT_SYMBOL(hci_find_link_key_type);
1260
d25e28ab
JH		 1261int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1262 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
55ed8ca1
JH		 1263{
1264 struct link_key *key, *old_key;
4df378a1 1265 u8 old_key_type, persistent;
55ed8ca1
JH		 1266
1267 old_key = hci_find_link_key(hdev, bdaddr);
1268 if (old_key) {
1269 old_key_type = old_key->type;
1270 key = old_key;
1271 } else {
12adcf3a 1272 old_key_type = conn ? conn->key_type : 0xff;
55ed8ca1
JH		 1273 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1274 if (!key)
1275 return -ENOMEM;
1276 list_add(&key->list, &hdev->link_keys);
1277 }
1278
1279 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1280
d25e28ab
JH		 1281 /* Some buggy controller combinations generate a changed
1282 * combination key for legacy pairing even when there's no
1283 * previous key */
1284 if (type == HCI_LK_CHANGED_COMBINATION &&
1285 (!conn || conn->remote_auth == 0xff) &&
655fe6ec 1286 old_key_type == 0xff) {
d25e28ab 1287 type = HCI_LK_COMBINATION;
655fe6ec
JH		 1288 if (conn)
1289 conn->key_type = type;
1290 }
d25e28ab 1291
55ed8ca1
JH		 1292 bacpy(&key->bdaddr, bdaddr);
1293 memcpy(key->val, val, 16);
55ed8ca1
JH		 1294 key->pin_len = pin_len;
1295
b6020ba0 1296 if (type == HCI_LK_CHANGED_COMBINATION)
55ed8ca1 1297 key->type = old_key_type;
4748fed2
JH		 1298 else
1299 key->type = type;
1300
4df378a1
JH		 1301 if (!new_key)
1302 return 0;
1303
1304 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1305
744cf19e 1306 mgmt_new_link_key(hdev, key, persistent);
4df378a1
JH		 1307
1308 if (!persistent) {
1309 list_del(&key->list);
1310 kfree(key);
1311 }
55ed8ca1
JH		 1312
1313 return 0;
1314}
1315
75d262c2 1316int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
726b4ffc 1317 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
75d262c2
VCG		 1318{
1319 struct link_key *key, *old_key;
1320 struct key_master_id *id;
1321 u8 old_key_type;
1322
1323 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
1324
1325 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK);
1326 if (old_key) {
1327 key = old_key;
1328 old_key_type = old_key->type;
1329 } else {
1330 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1331 if (!key)
1332 return -ENOMEM;
1333 list_add(&key->list, &hdev->link_keys);
1334 old_key_type = 0xff;
1335 }
1336
1337 key->dlen = sizeof(*id);
1338
1339 bacpy(&key->bdaddr, bdaddr);
1340 memcpy(key->val, ltk, sizeof(key->val));
1341 key->type = HCI_LK_SMP_LTK;
726b4ffc 1342 key->pin_len = key_size;
75d262c2
VCG		 1343
1344 id = (void *) &key->data;
1345 id->ediv = ediv;
1346 memcpy(id->rand, rand, sizeof(id->rand));
1347
1348 if (new_key)
744cf19e 1349 mgmt_new_link_key(hdev, key, old_key_type);
75d262c2
VCG		 1350
1351 return 0;
1352}
1353
55ed8ca1
JH		 1354int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1355{
1356 struct link_key *key;
1357
1358 key = hci_find_link_key(hdev, bdaddr);
1359 if (!key)
1360 return -ENOENT;
1361
1362 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1363
1364 list_del(&key->list);
1365 kfree(key);
1366
1367 return 0;
1368}
1369
b899efaf
VCG		 1370int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1371{
1372 struct smp_ltk *k, *tmp;
1373
1374 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1375 if (bacmp(bdaddr, &k->bdaddr))
1376 continue;
1377
1378 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1379
1380 list_del(&k->list);
1381 kfree(k);
1382 }
1383
1384 return 0;
1385}
1386
6bd32326
VT		 1387/* HCI command timer function */
1388static void hci_cmd_timer(unsigned long arg)
1389{
1390 struct hci_dev *hdev = (void *) arg;
1391
1392 BT_ERR("%s command tx timeout", hdev->name);
1393 atomic_set(&hdev->cmd_cnt, 1);
c347b765 1394 queue_work(hdev->workqueue, &hdev->cmd_work);
6bd32326
VT		 1395}
1396
2763eda6
SJ		 1397struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1398 bdaddr_t *bdaddr)
1399{
1400 struct oob_data *data;
1401
1402 list_for_each_entry(data, &hdev->remote_oob_data, list)
1403 if (bacmp(bdaddr, &data->bdaddr) == 0)
1404 return data;
1405
1406 return NULL;
1407}
1408
1409int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1410{
1411 struct oob_data *data;
1412
1413 data = hci_find_remote_oob_data(hdev, bdaddr);
1414 if (!data)
1415 return -ENOENT;
1416
1417 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1418
1419 list_del(&data->list);
1420 kfree(data);
1421
1422 return 0;
1423}
1424
1425int hci_remote_oob_data_clear(struct hci_dev *hdev)
1426{
1427 struct oob_data *data, *n;
1428
1429 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1430 list_del(&data->list);
1431 kfree(data);
1432 }
1433
1434 return 0;
1435}
1436
1437int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1438 u8 *randomizer)
1439{
1440 struct oob_data *data;
1441
1442 data = hci_find_remote_oob_data(hdev, bdaddr);
1443
1444 if (!data) {
1445 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1446 if (!data)
1447 return -ENOMEM;
1448
1449 bacpy(&data->bdaddr, bdaddr);
1450 list_add(&data->list, &hdev->remote_oob_data);
1451 }
1452
1453 memcpy(data->hash, hash, sizeof(data->hash));
1454 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1455
1456 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1457
1458 return 0;
1459}
1460
b2a66aad
AJ		 1461struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
1462 bdaddr_t *bdaddr)
1463{
8035ded4 1464 struct bdaddr_list *b;
b2a66aad 1465
8035ded4 1466 list_for_each_entry(b, &hdev->blacklist, list)
b2a66aad
AJ		 1467 if (bacmp(bdaddr, &b->bdaddr) == 0)
1468 return b;
b2a66aad
AJ		 1469
1470 return NULL;
1471}
1472
1473int hci_blacklist_clear(struct hci_dev *hdev)
1474{
1475 struct list_head *p, *n;
1476
1477 list_for_each_safe(p, n, &hdev->blacklist) {
1478 struct bdaddr_list *b;
1479
1480 b = list_entry(p, struct bdaddr_list, list);
1481
1482 list_del(p);
1483 kfree(b);
1484 }
1485
1486 return 0;
1487}
1488
1489int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1490{
1491 struct bdaddr_list *entry;
b2a66aad
AJ		 1492
1493 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1494 return -EBADF;
1495
5e762444
AJ		 1496 if (hci_blacklist_lookup(hdev, bdaddr))
1497 return -EEXIST;
b2a66aad
AJ		 1498
1499 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
5e762444
AJ		 1500 if (!entry)
1501 return -ENOMEM;
b2a66aad
AJ		 1502
1503 bacpy(&entry->bdaddr, bdaddr);
1504
1505 list_add(&entry->list, &hdev->blacklist);
1506
744cf19e 1507 return mgmt_device_blocked(hdev, bdaddr);
b2a66aad
AJ		 1508}
1509
1510int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1511{
1512 struct bdaddr_list *entry;
b2a66aad 1513
1ec918ce 1514 if (bacmp(bdaddr, BDADDR_ANY) == 0)
5e762444 1515 return hci_blacklist_clear(hdev);
b2a66aad
AJ		 1516
1517 entry = hci_blacklist_lookup(hdev, bdaddr);
1ec918ce 1518 if (!entry)
5e762444 1519 return -ENOENT;
b2a66aad
AJ		 1520
1521 list_del(&entry->list);
1522 kfree(entry);
1523
744cf19e 1524 return mgmt_device_unblocked(hdev, bdaddr);
b2a66aad
AJ		 1525}
1526
db323f2f 1527static void hci_clear_adv_cache(struct work_struct *work)
35815085 1528{
db323f2f
GP		 1529 struct hci_dev *hdev = container_of(work, struct hci_dev,
1530 adv_work.work);
35815085
AG		 1531
1532 hci_dev_lock(hdev);
1533
1534 hci_adv_entries_clear(hdev);
1535
1536 hci_dev_unlock(hdev);
1537}
1538
76c8686f
AG		 1539int hci_adv_entries_clear(struct hci_dev *hdev)
1540{
1541 struct adv_entry *entry, *tmp;
1542
1543 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1544 list_del(&entry->list);
1545 kfree(entry);
1546 }
1547
1548 BT_DBG("%s adv cache cleared", hdev->name);
1549
1550 return 0;
1551}
1552
1553struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1554{
1555 struct adv_entry *entry;
1556
1557 list_for_each_entry(entry, &hdev->adv_entries, list)
1558 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1559 return entry;
1560
1561 return NULL;
1562}
1563
1564static inline int is_connectable_adv(u8 evt_type)
1565{
1566 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1567 return 1;
1568
1569 return 0;
1570}
1571
1572int hci_add_adv_entry(struct hci_dev *hdev,
1573 struct hci_ev_le_advertising_info *ev)
1574{
1575 struct adv_entry *entry;
1576
1577 if (!is_connectable_adv(ev->evt_type))
1578 return -EINVAL;
1579
1580 /* Only new entries should be added to adv_entries. So, if
1581 * bdaddr was found, don't add it. */
1582 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1583 return 0;
1584
4777bfde 1585 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
76c8686f
AG		 1586 if (!entry)
1587 return -ENOMEM;
1588
1589 bacpy(&entry->bdaddr, &ev->bdaddr);
1590 entry->bdaddr_type = ev->bdaddr_type;
1591
1592 list_add(&entry->list, &hdev->adv_entries);
1593
1594 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1595 batostr(&entry->bdaddr), entry->bdaddr_type);
1596
1597 return 0;
1598}
1599
1da177e4
LT		 1600/* Register HCI device */
1601int hci_register_dev(struct hci_dev *hdev)
1602{
1603 struct list_head *head = &hci_dev_list, *p;
08add513 1604 int i, id, error;
1da177e4 1605
e9b9cfa1 1606 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1da177e4 1607
010666a1 1608 if (!hdev->open || !hdev->close)
1da177e4
LT		 1609 return -EINVAL;
1610
08add513
MM		 1611 /* Do not allow HCI_AMP devices to register at index 0,
1612 * so the index can be used as the AMP controller ID.
1613 */
1614 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1615
f20d09d5 1616 write_lock(&hci_dev_list_lock);
1da177e4
LT		 1617
1618 /* Find first available device id */
1619 list_for_each(p, &hci_dev_list) {
1620 if (list_entry(p, struct hci_dev, list)->id != id)
1621 break;
1622 head = p; id++;
1623 }
8e87d142 1624
1da177e4
LT		 1625 sprintf(hdev->name, "hci%d", id);
1626 hdev->id = id;
c6feeb28 1627 list_add_tail(&hdev->list, head);
1da177e4 1628
09fd0de5 1629 mutex_init(&hdev->lock);
1da177e4
LT		 1630
1631 hdev->flags = 0;
d23264a8 1632 hdev->dev_flags = 0;
1da177e4 1633 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
5b7f9909 1634 hdev->esco_type = (ESCO_HV1);
1da177e4 1635 hdev->link_mode = (HCI_LM_ACCEPT);
17fa4b9d 1636 hdev->io_capability = 0x03; /* No Input No Output */
1da177e4 1637
04837f64
MH		 1638 hdev->idle_timeout = 0;
1639 hdev->sniff_max_interval = 800;
1640 hdev->sniff_min_interval = 80;
1641
b78752cc 1642 INIT_WORK(&hdev->rx_work, hci_rx_work);
c347b765 1643 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3eff45ea 1644 INIT_WORK(&hdev->tx_work, hci_tx_work);
b78752cc 1645
1da177e4
LT		 1646
1647 skb_queue_head_init(&hdev->rx_q);
1648 skb_queue_head_init(&hdev->cmd_q);
1649 skb_queue_head_init(&hdev->raw_q);
1650
6bd32326
VT		 1651 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1652
cd4c5391 1653 for (i = 0; i < NUM_REASSEMBLY; i++)
ef222013
MH		 1654 hdev->reassembly[i] = NULL;
1655
1da177e4 1656 init_waitqueue_head(&hdev->req_wait_q);
a6a67efd 1657 mutex_init(&hdev->req_lock);
1da177e4 1658
30883512 1659 discovery_init(hdev);
1da177e4
LT		 1660
1661 hci_conn_hash_init(hdev);
1662
2e58ef3e
JH		 1663 INIT_LIST_HEAD(&hdev->mgmt_pending);
1664
ea4bd8ba 1665 INIT_LIST_HEAD(&hdev->blacklist);
f0358568 1666
2aeb9a1a
JH		 1667 INIT_LIST_HEAD(&hdev->uuids);
1668
55ed8ca1 1669 INIT_LIST_HEAD(&hdev->link_keys);
b899efaf 1670 INIT_LIST_HEAD(&hdev->long_term_keys);
55ed8ca1 1671
2763eda6
SJ		 1672 INIT_LIST_HEAD(&hdev->remote_oob_data);
1673
76c8686f
AG		 1674 INIT_LIST_HEAD(&hdev->adv_entries);
1675
db323f2f 1676 INIT_DELAYED_WORK(&hdev->adv_work, hci_clear_adv_cache);
ab81cbf9 1677 INIT_WORK(&hdev->power_on, hci_power_on);
3243553f 1678 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
ab81cbf9 1679
16ab91ab
JH		 1680 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1681
1da177e4
LT		 1682 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1683
1684 atomic_set(&hdev->promisc, 0);
1685
f20d09d5 1686 write_unlock(&hci_dev_list_lock);
1da177e4 1687
32845eb1
GP		 1688 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1689 WQ_MEM_RECLAIM, 1);
33ca954d
DH		 1690 if (!hdev->workqueue) {
1691 error = -ENOMEM;
1692 goto err;
1693 }
f48fd9c8 1694
33ca954d
DH		 1695 error = hci_add_sysfs(hdev);
1696 if (error < 0)
1697 goto err_wqueue;
1da177e4 1698
611b30f7
MH		 1699 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1700 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1701 if (hdev->rfkill) {
1702 if (rfkill_register(hdev->rfkill) < 0) {
1703 rfkill_destroy(hdev->rfkill);
1704 hdev->rfkill = NULL;
1705 }
1706 }
1707
a8b2d5c2
JH		 1708 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1709 set_bit(HCI_SETUP, &hdev->dev_flags);
7f971041 1710 schedule_work(&hdev->power_on);
ab81cbf9 1711
1da177e4 1712 hci_notify(hdev, HCI_DEV_REG);
dc946bd8 1713 hci_dev_hold(hdev);
1da177e4
LT		 1714
1715 return id;
f48fd9c8 1716
33ca954d
DH		 1717err_wqueue:
1718 destroy_workqueue(hdev->workqueue);
1719err:
f20d09d5 1720 write_lock(&hci_dev_list_lock);
f48fd9c8 1721 list_del(&hdev->list);
f20d09d5 1722 write_unlock(&hci_dev_list_lock);
f48fd9c8 1723
33ca954d 1724 return error;
1da177e4
LT		 1725}
1726EXPORT_SYMBOL(hci_register_dev);
1727
1728/* Unregister HCI device */
59735631 1729void hci_unregister_dev(struct hci_dev *hdev)
1da177e4 1730{
ef222013
MH		 1731 int i;
1732
c13854ce 1733 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1da177e4 1734
f20d09d5 1735 write_lock(&hci_dev_list_lock);
1da177e4 1736 list_del(&hdev->list);
f20d09d5 1737 write_unlock(&hci_dev_list_lock);
1da177e4
LT		 1738
1739 hci_dev_do_close(hdev);
1740
cd4c5391 1741 for (i = 0; i < NUM_REASSEMBLY; i++)
ef222013
MH		 1742 kfree_skb(hdev->reassembly[i]);
1743
ab81cbf9 1744 if (!test_bit(HCI_INIT, &hdev->flags) &&
a8b2d5c2 1745 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
09fd0de5 1746 hci_dev_lock(hdev);
744cf19e 1747 mgmt_index_removed(hdev);
09fd0de5 1748 hci_dev_unlock(hdev);
56e5cb86 1749 }
ab81cbf9 1750
2e58ef3e
JH		 1751 /* mgmt_index_removed should take care of emptying the
1752 * pending list */
1753 BUG_ON(!list_empty(&hdev->mgmt_pending));
1754
1da177e4
LT		 1755 hci_notify(hdev, HCI_DEV_UNREG);
1756
611b30f7
MH		 1757 if (hdev->rfkill) {
1758 rfkill_unregister(hdev->rfkill);
1759 rfkill_destroy(hdev->rfkill);
1760 }
1761
ce242970 1762 hci_del_sysfs(hdev);
147e2d59 1763
db323f2f 1764 cancel_delayed_work_sync(&hdev->adv_work);
c6f3c5f7 1765
f48fd9c8
MH		 1766 destroy_workqueue(hdev->workqueue);
1767
09fd0de5 1768 hci_dev_lock(hdev);
e2e0cacb 1769 hci_blacklist_clear(hdev);
2aeb9a1a 1770 hci_uuids_clear(hdev);
55ed8ca1 1771 hci_link_keys_clear(hdev);
b899efaf 1772 hci_smp_ltks_clear(hdev);
2763eda6 1773 hci_remote_oob_data_clear(hdev);
76c8686f 1774 hci_adv_entries_clear(hdev);
09fd0de5 1775 hci_dev_unlock(hdev);
e2e0cacb 1776
dc946bd8 1777 hci_dev_put(hdev);
1da177e4
LT		 1778}
1779EXPORT_SYMBOL(hci_unregister_dev);
1780
1781/* Suspend HCI device */
1782int hci_suspend_dev(struct hci_dev *hdev)
1783{
1784 hci_notify(hdev, HCI_DEV_SUSPEND);
1785 return 0;
1786}
1787EXPORT_SYMBOL(hci_suspend_dev);
1788
1789/* Resume HCI device */
1790int hci_resume_dev(struct hci_dev *hdev)
1791{
1792 hci_notify(hdev, HCI_DEV_RESUME);
1793 return 0;
1794}
1795EXPORT_SYMBOL(hci_resume_dev);
1796
76bca880
MH		 1797/* Receive frame from HCI drivers */
1798int hci_recv_frame(struct sk_buff *skb)
1799{
1800 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1801 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1802 && !test_bit(HCI_INIT, &hdev->flags))) {
1803 kfree_skb(skb);
1804 return -ENXIO;
1805 }
1806
1807 /* Incomming skb */
1808 bt_cb(skb)->incoming = 1;
1809
1810 /* Time stamp */
1811 __net_timestamp(skb);
1812
76bca880 1813 skb_queue_tail(&hdev->rx_q, skb);
b78752cc 1814 queue_work(hdev->workqueue, &hdev->rx_work);
c78ae283 1815
76bca880
MH		 1816 return 0;
1817}
1818EXPORT_SYMBOL(hci_recv_frame);
1819
33e882a5 1820static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1e429f38 1821 int count, __u8 index)
33e882a5
SS		 1822{
1823 int len = 0;
1824 int hlen = 0;
1825 int remain = count;
1826 struct sk_buff *skb;
1827 struct bt_skb_cb *scb;
1828
1829 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1830 index >= NUM_REASSEMBLY)
1831 return -EILSEQ;
1832
1833 skb = hdev->reassembly[index];
1834
1835 if (!skb) {
1836 switch (type) {
1837 case HCI_ACLDATA_PKT:
1838 len = HCI_MAX_FRAME_SIZE;
1839 hlen = HCI_ACL_HDR_SIZE;
1840 break;
1841 case HCI_EVENT_PKT:
1842 len = HCI_MAX_EVENT_SIZE;
1843 hlen = HCI_EVENT_HDR_SIZE;
1844 break;
1845 case HCI_SCODATA_PKT:
1846 len = HCI_MAX_SCO_SIZE;
1847 hlen = HCI_SCO_HDR_SIZE;
1848 break;
1849 }
1850
1e429f38 1851 skb = bt_skb_alloc(len, GFP_ATOMIC);
33e882a5
SS		 1852 if (!skb)
1853 return -ENOMEM;
1854
1855 scb = (void *) skb->cb;
1856 scb->expect = hlen;
1857 scb->pkt_type = type;
1858
1859 skb->dev = (void *) hdev;
1860 hdev->reassembly[index] = skb;
1861 }
1862
1863 while (count) {
1864 scb = (void *) skb->cb;
1865 len = min(scb->expect, (__u16)count);
1866
1867 memcpy(skb_put(skb, len), data, len);
1868
1869 count -= len;
1870 data += len;
1871 scb->expect -= len;
1872 remain = count;
1873
1874 switch (type) {
1875 case HCI_EVENT_PKT:
1876 if (skb->len == HCI_EVENT_HDR_SIZE) {
1877 struct hci_event_hdr *h = hci_event_hdr(skb);
1878 scb->expect = h->plen;
1879
1880 if (skb_tailroom(skb) < scb->expect) {
1881 kfree_skb(skb);
1882 hdev->reassembly[index] = NULL;
1883 return -ENOMEM;
1884 }
1885 }
1886 break;
1887
1888 case HCI_ACLDATA_PKT:
1889 if (skb->len == HCI_ACL_HDR_SIZE) {
1890 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1891 scb->expect = __le16_to_cpu(h->dlen);
1892
1893 if (skb_tailroom(skb) < scb->expect) {
1894 kfree_skb(skb);
1895 hdev->reassembly[index] = NULL;
1896 return -ENOMEM;
1897 }
1898 }
1899 break;
1900
1901 case HCI_SCODATA_PKT:
1902 if (skb->len == HCI_SCO_HDR_SIZE) {
1903 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1904 scb->expect = h->dlen;
1905
1906 if (skb_tailroom(skb) < scb->expect) {
1907 kfree_skb(skb);
1908 hdev->reassembly[index] = NULL;
1909 return -ENOMEM;
1910 }
1911 }
1912 break;
1913 }
1914
1915 if (scb->expect == 0) {
1916 /* Complete frame */
1917
1918 bt_cb(skb)->pkt_type = type;
1919 hci_recv_frame(skb);
1920
1921 hdev->reassembly[index] = NULL;
1922 return remain;
1923 }
1924 }
1925
1926 return remain;
1927}
1928
ef222013
MH		 1929int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1930{
f39a3c06
SS		 1931 int rem = 0;
1932
ef222013
MH		 1933 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1934 return -EILSEQ;
1935
da5f6c37 1936 while (count) {
1e429f38 1937 rem = hci_reassembly(hdev, type, data, count, type - 1);
f39a3c06
SS		 1938 if (rem < 0)
1939 return rem;
ef222013 1940
f39a3c06
SS		 1941 data += (count - rem);
1942 count = rem;
f81c6224 1943 }
ef222013 1944
f39a3c06 1945 return rem;
ef222013
MH		 1946}
1947EXPORT_SYMBOL(hci_recv_fragment);
1948
99811510
SS		 1949#define STREAM_REASSEMBLY 0
1950
1951int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1952{
1953 int type;
1954 int rem = 0;
1955
da5f6c37 1956 while (count) {
99811510
SS		 1957 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1958
1959 if (!skb) {
1960 struct { char type; } *pkt;
1961
1962 /* Start of the frame */
1963 pkt = data;
1964 type = pkt->type;
1965
1966 data++;
1967 count--;
1968 } else
1969 type = bt_cb(skb)->pkt_type;
1970
1e429f38
GP		 1971 rem = hci_reassembly(hdev, type, data, count,
1972 STREAM_REASSEMBLY);
99811510
SS		 1973 if (rem < 0)
1974 return rem;
1975
1976 data += (count - rem);
1977 count = rem;
f81c6224 1978 }
99811510
SS		 1979
1980 return rem;
1981}
1982EXPORT_SYMBOL(hci_recv_stream_fragment);
1983
1da177e4
LT		 1984/* ---- Interface to upper protocols ---- */
1985
1da177e4
LT		 1986int hci_register_cb(struct hci_cb *cb)
1987{
1988 BT_DBG("%p name %s", cb, cb->name);
1989
f20d09d5 1990 write_lock(&hci_cb_list_lock);
1da177e4 1991 list_add(&cb->list, &hci_cb_list);
f20d09d5 1992 write_unlock(&hci_cb_list_lock);
1da177e4
LT		 1993
1994 return 0;
1995}
1996EXPORT_SYMBOL(hci_register_cb);
1997
1998int hci_unregister_cb(struct hci_cb *cb)
1999{
2000 BT_DBG("%p name %s", cb, cb->name);
2001
f20d09d5 2002 write_lock(&hci_cb_list_lock);
1da177e4 2003 list_del(&cb->list);
f20d09d5 2004 write_unlock(&hci_cb_list_lock);
1da177e4
LT		 2005
2006 return 0;
2007}
2008EXPORT_SYMBOL(hci_unregister_cb);
2009
2010static int hci_send_frame(struct sk_buff *skb)
2011{
2012 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2013
2014 if (!hdev) {
2015 kfree_skb(skb);
2016 return -ENODEV;
2017 }
2018
0d48d939 2019 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1da177e4
LT		 2020
2021 if (atomic_read(&hdev->promisc)) {
2022 /* Time stamp */
a61bbcf2 2023 __net_timestamp(skb);
1da177e4 2024
eec8d2bc 2025 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 2026 }
2027
2028 /* Get rid of skb owner, prior to sending to the driver. */
2029 skb_orphan(skb);
2030
2031 return hdev->send(skb);
2032}
2033
2034/* Send HCI command */
a9de9248 2035int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1da177e4
LT		 2036{
2037 int len = HCI_COMMAND_HDR_SIZE + plen;
2038 struct hci_command_hdr *hdr;
2039 struct sk_buff *skb;
2040
a9de9248 2041 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1da177e4
LT		 2042
2043 skb = bt_skb_alloc(len, GFP_ATOMIC);
2044 if (!skb) {
ef222013 2045 BT_ERR("%s no memory for command", hdev->name);
1da177e4
LT		 2046 return -ENOMEM;
2047 }
2048
2049 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
a9de9248 2050 hdr->opcode = cpu_to_le16(opcode);
1da177e4
LT		 2051 hdr->plen = plen;
2052
2053 if (plen)
2054 memcpy(skb_put(skb, plen), param, plen);
2055
2056 BT_DBG("skb len %d", skb->len);
2057
0d48d939 2058 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1da177e4 2059 skb->dev = (void *) hdev;
c78ae283 2060
a5040efa
JH		 2061 if (test_bit(HCI_INIT, &hdev->flags))
2062 hdev->init_last_cmd = opcode;
2063
1da177e4 2064 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 2065 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 2066
2067 return 0;
2068}
1da177e4
LT		 2069
2070/* Get data from the previously sent command */
a9de9248 2071void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1da177e4
LT		 2072{
2073 struct hci_command_hdr *hdr;
2074
2075 if (!hdev->sent_cmd)
2076 return NULL;
2077
2078 hdr = (void *) hdev->sent_cmd->data;
2079
a9de9248 2080 if (hdr->opcode != cpu_to_le16(opcode))
1da177e4
LT		 2081 return NULL;
2082
a9de9248 2083 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1da177e4
LT		 2084
2085 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2086}
2087
2088/* Send ACL data */
2089static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2090{
2091 struct hci_acl_hdr *hdr;
2092 int len = skb->len;
2093
badff6d0
ACM		 2094 skb_push(skb, HCI_ACL_HDR_SIZE);
2095 skb_reset_transport_header(skb);
9c70220b 2096 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
aca3192c
YH		 2097 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2098 hdr->dlen = cpu_to_le16(len);
1da177e4
LT		 2099}
2100
73d80deb
LAD		 2101static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2102 struct sk_buff *skb, __u16 flags)
1da177e4
LT		 2103{
2104 struct hci_dev *hdev = conn->hdev;
2105 struct sk_buff *list;
2106
70f23020
AE		 2107 list = skb_shinfo(skb)->frag_list;
2108 if (!list) {
1da177e4
LT		 2109 /* Non fragmented */
2110 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2111
73d80deb 2112 skb_queue_tail(queue, skb);
1da177e4
LT		 2113 } else {
2114 /* Fragmented */
2115 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2116
2117 skb_shinfo(skb)->frag_list = NULL;
2118
2119 /* Queue all fragments atomically */
af3e6359 2120 spin_lock(&queue->lock);
1da177e4 2121
73d80deb 2122 __skb_queue_tail(queue, skb);
e702112f
AE		 2123
2124 flags &= ~ACL_START;
2125 flags |= ACL_CONT;
1da177e4
LT		 2126 do {
2127 skb = list; list = list->next;
8e87d142 2128
1da177e4 2129 skb->dev = (void *) hdev;
0d48d939 2130 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
e702112f 2131 hci_add_acl_hdr(skb, conn->handle, flags);
1da177e4
LT		 2132
2133 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2134
73d80deb 2135 __skb_queue_tail(queue, skb);
1da177e4
LT		 2136 } while (list);
2137
af3e6359 2138 spin_unlock(&queue->lock);
1da177e4 2139 }
73d80deb
LAD		 2140}
2141
2142void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2143{
2144 struct hci_conn *conn = chan->conn;
2145 struct hci_dev *hdev = conn->hdev;
2146
2147 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
2148
2149 skb->dev = (void *) hdev;
2150 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2151 hci_add_acl_hdr(skb, conn->handle, flags);
2152
2153 hci_queue_acl(conn, &chan->data_q, skb, flags);
1da177e4 2154
3eff45ea 2155 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 2156}
2157EXPORT_SYMBOL(hci_send_acl);
2158
2159/* Send SCO data */
0d861d8b 2160void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1da177e4
LT		 2161{
2162 struct hci_dev *hdev = conn->hdev;
2163 struct hci_sco_hdr hdr;
2164
2165 BT_DBG("%s len %d", hdev->name, skb->len);
2166
aca3192c 2167 hdr.handle = cpu_to_le16(conn->handle);
1da177e4
LT		 2168 hdr.dlen = skb->len;
2169
badff6d0
ACM		 2170 skb_push(skb, HCI_SCO_HDR_SIZE);
2171 skb_reset_transport_header(skb);
9c70220b 2172 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
1da177e4
LT		 2173
2174 skb->dev = (void *) hdev;
0d48d939 2175 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
c78ae283 2176
1da177e4 2177 skb_queue_tail(&conn->data_q, skb);
3eff45ea 2178 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4
LT		 2179}
2180EXPORT_SYMBOL(hci_send_sco);
2181
2182/* ---- HCI TX task (outgoing data) ---- */
2183
2184/* HCI Connection scheduler */
2185static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2186{
2187 struct hci_conn_hash *h = &hdev->conn_hash;
8035ded4 2188 struct hci_conn *conn = NULL, *c;
1da177e4 2189 int num = 0, min = ~0;
1da177e4 2190
8e87d142 2191 /* We don't have to lock device here. Connections are always
1da177e4 2192 * added and removed with TX task disabled. */
bf4c6325
GP		 2193
2194 rcu_read_lock();
2195
2196 list_for_each_entry_rcu(c, &h->list, list) {
769be974 2197 if (c->type != type || skb_queue_empty(&c->data_q))
1da177e4 2198 continue;
769be974
MH		 2199
2200 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2201 continue;
2202
1da177e4
LT		 2203 num++;
2204
2205 if (c->sent < min) {
2206 min = c->sent;
2207 conn = c;
2208 }
52087a79
LAD		 2209
2210 if (hci_conn_num(hdev, type) == num)
2211 break;
1da177e4
LT		 2212 }
2213
bf4c6325
GP		 2214 rcu_read_unlock();
2215
1da177e4 2216 if (conn) {
6ed58ec5
VT		 2217 int cnt, q;
2218
2219 switch (conn->type) {
2220 case ACL_LINK:
2221 cnt = hdev->acl_cnt;
2222 break;
2223 case SCO_LINK:
2224 case ESCO_LINK:
2225 cnt = hdev->sco_cnt;
2226 break;
2227 case LE_LINK:
2228 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2229 break;
2230 default:
2231 cnt = 0;
2232 BT_ERR("Unknown link type");
2233 }
2234
2235 q = cnt / num;
1da177e4
LT		 2236 *quote = q ? q : 1;
2237 } else
2238 *quote = 0;
2239
2240 BT_DBG("conn %p quote %d", conn, *quote);
2241 return conn;
2242}
2243
bae1f5d9 2244static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
1da177e4
LT		 2245{
2246 struct hci_conn_hash *h = &hdev->conn_hash;
8035ded4 2247 struct hci_conn *c;
1da177e4 2248
bae1f5d9 2249 BT_ERR("%s link tx timeout", hdev->name);
1da177e4 2250
bf4c6325
GP		 2251 rcu_read_lock();
2252
1da177e4 2253 /* Kill stalled connections */
bf4c6325 2254 list_for_each_entry_rcu(c, &h->list, list) {
bae1f5d9
VT		 2255 if (c->type == type && c->sent) {
2256 BT_ERR("%s killing stalled connection %s",
1da177e4
LT		 2257 hdev->name, batostr(&c->dst));
2258 hci_acl_disconn(c, 0x13);
2259 }
2260 }
bf4c6325
GP		 2261
2262 rcu_read_unlock();
1da177e4
LT		 2263}
2264
73d80deb
LAD		 2265static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2266 int *quote)
1da177e4 2267{
73d80deb
LAD		 2268 struct hci_conn_hash *h = &hdev->conn_hash;
2269 struct hci_chan *chan = NULL;
2270 int num = 0, min = ~0, cur_prio = 0;
1da177e4 2271 struct hci_conn *conn;
73d80deb
LAD		 2272 int cnt, q, conn_num = 0;
2273
2274 BT_DBG("%s", hdev->name);
2275
bf4c6325
GP		 2276 rcu_read_lock();
2277
2278 list_for_each_entry_rcu(conn, &h->list, list) {
73d80deb
LAD		 2279 struct hci_chan *tmp;
2280
2281 if (conn->type != type)
2282 continue;
2283
2284 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2285 continue;
2286
2287 conn_num++;
2288
8192edef 2289 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
73d80deb
LAD		 2290 struct sk_buff *skb;
2291
2292 if (skb_queue_empty(&tmp->data_q))
2293 continue;
2294
2295 skb = skb_peek(&tmp->data_q);
2296 if (skb->priority < cur_prio)
2297 continue;
2298
2299 if (skb->priority > cur_prio) {
2300 num = 0;
2301 min = ~0;
2302 cur_prio = skb->priority;
2303 }
2304
2305 num++;
2306
2307 if (conn->sent < min) {
2308 min = conn->sent;
2309 chan = tmp;
2310 }
2311 }
2312
2313 if (hci_conn_num(hdev, type) == conn_num)
2314 break;
2315 }
2316
bf4c6325
GP		 2317 rcu_read_unlock();
2318
73d80deb
LAD		 2319 if (!chan)
2320 return NULL;
2321
2322 switch (chan->conn->type) {
2323 case ACL_LINK:
2324 cnt = hdev->acl_cnt;
2325 break;
2326 case SCO_LINK:
2327 case ESCO_LINK:
2328 cnt = hdev->sco_cnt;
2329 break;
2330 case LE_LINK:
2331 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2332 break;
2333 default:
2334 cnt = 0;
2335 BT_ERR("Unknown link type");
2336 }
2337
2338 q = cnt / num;
2339 *quote = q ? q : 1;
2340 BT_DBG("chan %p quote %d", chan, *quote);
2341 return chan;
2342}
2343
02b20f0b
LAD		 2344static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2345{
2346 struct hci_conn_hash *h = &hdev->conn_hash;
2347 struct hci_conn *conn;
2348 int num = 0;
2349
2350 BT_DBG("%s", hdev->name);
2351
bf4c6325
GP		 2352 rcu_read_lock();
2353
2354 list_for_each_entry_rcu(conn, &h->list, list) {
02b20f0b
LAD		 2355 struct hci_chan *chan;
2356
2357 if (conn->type != type)
2358 continue;
2359
2360 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2361 continue;
2362
2363 num++;
2364
8192edef 2365 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
02b20f0b
LAD		 2366 struct sk_buff *skb;
2367
2368 if (chan->sent) {
2369 chan->sent = 0;
2370 continue;
2371 }
2372
2373 if (skb_queue_empty(&chan->data_q))
2374 continue;
2375
2376 skb = skb_peek(&chan->data_q);
2377 if (skb->priority >= HCI_PRIO_MAX - 1)
2378 continue;
2379
2380 skb->priority = HCI_PRIO_MAX - 1;
2381
2382 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2383 skb->priority);
2384 }
2385
2386 if (hci_conn_num(hdev, type) == num)
2387 break;
2388 }
bf4c6325
GP		 2389
2390 rcu_read_unlock();
2391
02b20f0b
LAD		 2392}
2393
73d80deb
LAD		 2394static inline void hci_sched_acl(struct hci_dev *hdev)
2395{
2396 struct hci_chan *chan;
1da177e4
LT		 2397 struct sk_buff *skb;
2398 int quote;
73d80deb 2399 unsigned int cnt;
1da177e4
LT		 2400
2401 BT_DBG("%s", hdev->name);
2402
52087a79
LAD		 2403 if (!hci_conn_num(hdev, ACL_LINK))
2404 return;
2405
1da177e4
LT		 2406 if (!test_bit(HCI_RAW, &hdev->flags)) {
2407 /* ACL tx timeout must be longer than maximum
2408 * link supervision timeout (40.9 seconds) */
cc48dc0a
AE		 2409 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx +
2410 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT)))
bae1f5d9 2411 hci_link_tx_to(hdev, ACL_LINK);
1da177e4
LT		 2412 }
2413
73d80deb 2414 cnt = hdev->acl_cnt;
04837f64 2415
73d80deb
LAD		 2416 while (hdev->acl_cnt &&
2417 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
ec1cce24
LAD		 2418 u32 priority = (skb_peek(&chan->data_q))->priority;
2419 while (quote-- && (skb = skb_peek(&chan->data_q))) {
73d80deb
LAD		 2420 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2421 skb->len, skb->priority);
2422
ec1cce24
LAD		 2423 /* Stop if priority has changed */
2424 if (skb->priority < priority)
2425 break;
2426
2427 skb = skb_dequeue(&chan->data_q);
2428
73d80deb
LAD		 2429 hci_conn_enter_active_mode(chan->conn,
2430 bt_cb(skb)->force_active);
04837f64 2431
1da177e4
LT		 2432 hci_send_frame(skb);
2433 hdev->acl_last_tx = jiffies;
2434
2435 hdev->acl_cnt--;
73d80deb
LAD		 2436 chan->sent++;
2437 chan->conn->sent++;
1da177e4
LT		 2438 }
2439 }
02b20f0b
LAD		 2440
2441 if (cnt != hdev->acl_cnt)
2442 hci_prio_recalculate(hdev, ACL_LINK);
1da177e4
LT		 2443}
2444
2445/* Schedule SCO */
2446static inline void hci_sched_sco(struct hci_dev *hdev)
2447{
2448 struct hci_conn *conn;
2449 struct sk_buff *skb;
2450 int quote;
2451
2452 BT_DBG("%s", hdev->name);
2453
52087a79
LAD		 2454 if (!hci_conn_num(hdev, SCO_LINK))
2455 return;
2456
1da177e4
LT		 2457 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
2458 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2459 BT_DBG("skb %p len %d", skb, skb->len);
2460 hci_send_frame(skb);
2461
2462 conn->sent++;
2463 if (conn->sent == ~0)
2464 conn->sent = 0;
2465 }
2466 }
2467}
2468
b6a0dc82
MH		 2469static inline void hci_sched_esco(struct hci_dev *hdev)
2470{
2471 struct hci_conn *conn;
2472 struct sk_buff *skb;
2473 int quote;
2474
2475 BT_DBG("%s", hdev->name);
2476
52087a79
LAD		 2477 if (!hci_conn_num(hdev, ESCO_LINK))
2478 return;
2479
b6a0dc82
MH		 2480 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, &quote))) {
2481 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2482 BT_DBG("skb %p len %d", skb, skb->len);
2483 hci_send_frame(skb);
2484
2485 conn->sent++;
2486 if (conn->sent == ~0)
2487 conn->sent = 0;
2488 }
2489 }
2490}
2491
6ed58ec5
VT		 2492static inline void hci_sched_le(struct hci_dev *hdev)
2493{
73d80deb 2494 struct hci_chan *chan;
6ed58ec5 2495 struct sk_buff *skb;
02b20f0b 2496 int quote, cnt, tmp;
6ed58ec5
VT		 2497
2498 BT_DBG("%s", hdev->name);
2499
52087a79
LAD		 2500 if (!hci_conn_num(hdev, LE_LINK))
2501 return;
2502
6ed58ec5
VT		 2503 if (!test_bit(HCI_RAW, &hdev->flags)) {
2504 /* LE tx timeout must be longer than maximum
2505 * link supervision timeout (40.9 seconds) */
bae1f5d9 2506 if (!hdev->le_cnt && hdev->le_pkts &&
6ed58ec5 2507 time_after(jiffies, hdev->le_last_tx + HZ * 45))
bae1f5d9 2508 hci_link_tx_to(hdev, LE_LINK);
6ed58ec5
VT		 2509 }
2510
2511 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
02b20f0b 2512 tmp = cnt;
73d80deb 2513 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
ec1cce24
LAD		 2514 u32 priority = (skb_peek(&chan->data_q))->priority;
2515 while (quote-- && (skb = skb_peek(&chan->data_q))) {
73d80deb
LAD		 2516 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2517 skb->len, skb->priority);
6ed58ec5 2518
ec1cce24
LAD		 2519 /* Stop if priority has changed */
2520 if (skb->priority < priority)
2521 break;
2522
2523 skb = skb_dequeue(&chan->data_q);
2524
6ed58ec5
VT		 2525 hci_send_frame(skb);
2526 hdev->le_last_tx = jiffies;
2527
2528 cnt--;
73d80deb
LAD		 2529 chan->sent++;
2530 chan->conn->sent++;
6ed58ec5
VT		 2531 }
2532 }
73d80deb 2533
6ed58ec5
VT		 2534 if (hdev->le_pkts)
2535 hdev->le_cnt = cnt;
2536 else
2537 hdev->acl_cnt = cnt;
02b20f0b
LAD		 2538
2539 if (cnt != tmp)
2540 hci_prio_recalculate(hdev, LE_LINK);
6ed58ec5
VT		 2541}
2542
3eff45ea 2543static void hci_tx_work(struct work_struct *work)
1da177e4 2544{
3eff45ea 2545 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
1da177e4
LT		 2546 struct sk_buff *skb;
2547
6ed58ec5
VT		 2548 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2549 hdev->sco_cnt, hdev->le_cnt);
1da177e4
LT		 2550
2551 /* Schedule queues and send stuff to HCI driver */
2552
2553 hci_sched_acl(hdev);
2554
2555 hci_sched_sco(hdev);
2556
b6a0dc82
MH		 2557 hci_sched_esco(hdev);
2558
6ed58ec5
VT		 2559 hci_sched_le(hdev);
2560
1da177e4
LT		 2561 /* Send next queued raw (unknown type) packet */
2562 while ((skb = skb_dequeue(&hdev->raw_q)))
2563 hci_send_frame(skb);
1da177e4
LT		 2564}
2565
25985edc 2566/* ----- HCI RX task (incoming data processing) ----- */
1da177e4
LT		 2567
2568/* ACL data packet */
2569static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2570{
2571 struct hci_acl_hdr *hdr = (void *) skb->data;
2572 struct hci_conn *conn;
2573 __u16 handle, flags;
2574
2575 skb_pull(skb, HCI_ACL_HDR_SIZE);
2576
2577 handle = __le16_to_cpu(hdr->handle);
2578 flags = hci_flags(handle);
2579 handle = hci_handle(handle);
2580
2581 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2582
2583 hdev->stat.acl_rx++;
2584
2585 hci_dev_lock(hdev);
2586 conn = hci_conn_hash_lookup_handle(hdev, handle);
2587 hci_dev_unlock(hdev);
8e87d142 2588
1da177e4 2589 if (conn) {
65983fc7 2590 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
04837f64 2591
1da177e4 2592 /* Send to upper protocol */
686ebf28
UF		 2593 l2cap_recv_acldata(conn, skb, flags);
2594 return;
1da177e4 2595 } else {
8e87d142 2596 BT_ERR("%s ACL packet for unknown connection handle %d",
1da177e4
LT		 2597 hdev->name, handle);
2598 }
2599
2600 kfree_skb(skb);
2601}
2602
2603/* SCO data packet */
2604static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2605{
2606 struct hci_sco_hdr *hdr = (void *) skb->data;
2607 struct hci_conn *conn;
2608 __u16 handle;
2609
2610 skb_pull(skb, HCI_SCO_HDR_SIZE);
2611
2612 handle = __le16_to_cpu(hdr->handle);
2613
2614 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2615
2616 hdev->stat.sco_rx++;
2617
2618 hci_dev_lock(hdev);
2619 conn = hci_conn_hash_lookup_handle(hdev, handle);
2620 hci_dev_unlock(hdev);
2621
2622 if (conn) {
1da177e4 2623 /* Send to upper protocol */
686ebf28
UF		 2624 sco_recv_scodata(conn, skb);
2625 return;
1da177e4 2626 } else {
8e87d142 2627 BT_ERR("%s SCO packet for unknown connection handle %d",
1da177e4
LT		 2628 hdev->name, handle);
2629 }
2630
2631 kfree_skb(skb);
2632}
2633
b78752cc 2634static void hci_rx_work(struct work_struct *work)
1da177e4 2635{
b78752cc 2636 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
1da177e4
LT		 2637 struct sk_buff *skb;
2638
2639 BT_DBG("%s", hdev->name);
2640
1da177e4
LT		 2641 while ((skb = skb_dequeue(&hdev->rx_q))) {
2642 if (atomic_read(&hdev->promisc)) {
2643 /* Send copy to the sockets */
eec8d2bc 2644 hci_send_to_sock(hdev, skb, NULL);
1da177e4
LT		 2645 }
2646
2647 if (test_bit(HCI_RAW, &hdev->flags)) {
2648 kfree_skb(skb);
2649 continue;
2650 }
2651
2652 if (test_bit(HCI_INIT, &hdev->flags)) {
2653 /* Don't process data packets in this states. */
0d48d939 2654 switch (bt_cb(skb)->pkt_type) {
1da177e4
LT		 2655 case HCI_ACLDATA_PKT:
2656 case HCI_SCODATA_PKT:
2657 kfree_skb(skb);
2658 continue;
3ff50b79 2659 }
1da177e4
LT		 2660 }
2661
2662 /* Process frame */
0d48d939 2663 switch (bt_cb(skb)->pkt_type) {
1da177e4 2664 case HCI_EVENT_PKT:
b78752cc 2665 BT_DBG("%s Event packet", hdev->name);
1da177e4
LT		 2666 hci_event_packet(hdev, skb);
2667 break;
2668
2669 case HCI_ACLDATA_PKT:
2670 BT_DBG("%s ACL data packet", hdev->name);
2671 hci_acldata_packet(hdev, skb);
2672 break;
2673
2674 case HCI_SCODATA_PKT:
2675 BT_DBG("%s SCO data packet", hdev->name);
2676 hci_scodata_packet(hdev, skb);
2677 break;
2678
2679 default:
2680 kfree_skb(skb);
2681 break;
2682 }
2683 }
1da177e4
LT		 2684}
2685
c347b765 2686static void hci_cmd_work(struct work_struct *work)
1da177e4 2687{
c347b765 2688 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
1da177e4
LT		 2689 struct sk_buff *skb;
2690
2691 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2692
1da177e4 2693 /* Send queued commands */
5a08ecce
AE		 2694 if (atomic_read(&hdev->cmd_cnt)) {
2695 skb = skb_dequeue(&hdev->cmd_q);
2696 if (!skb)
2697 return;
2698
7585b97a 2699 kfree_skb(hdev->sent_cmd);
1da177e4 2700
70f23020
AE		 2701 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2702 if (hdev->sent_cmd) {
1da177e4
LT		 2703 atomic_dec(&hdev->cmd_cnt);
2704 hci_send_frame(skb);
7bdb8a5c
SJ		 2705 if (test_bit(HCI_RESET, &hdev->flags))
2706 del_timer(&hdev->cmd_timer);
2707 else
2708 mod_timer(&hdev->cmd_timer,
6bd32326 2709 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
1da177e4
LT		 2710 } else {
2711 skb_queue_head(&hdev->cmd_q, skb);
c347b765 2712 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 2713 }
2714 }
2715}
2519a1fc
AG		 2716
2717int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2718{
2719 /* General inquiry access code (GIAC) */
2720 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2721 struct hci_cp_inquiry cp;
2722
2723 BT_DBG("%s", hdev->name);
2724
2725 if (test_bit(HCI_INQUIRY, &hdev->flags))
2726 return -EINPROGRESS;
2727
4663262c
JH		 2728 inquiry_cache_flush(hdev);
2729
2519a1fc
AG		 2730 memset(&cp, 0, sizeof(cp));
2731 memcpy(&cp.lap, lap, sizeof(cp.lap));
2732 cp.length = length;
2733
2734 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2735}
023d5049
AG		 2736
2737int hci_cancel_inquiry(struct hci_dev *hdev)
2738{
2739 BT_DBG("%s", hdev->name);
2740
2741 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2742 return -EPERM;
2743
2744 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2745}
7784d78f
AE		 2746
2747module_param(enable_hs, bool, 0644);
2748MODULE_PARM_DESC(enable_hs, "Enable High Speed");
kernel source for telekom puls (alcatel/mediatek)