projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix stand-alone HCI command handling
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_core.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
24 */
25
26 /* Bluetooth HCI core. */
27
28 #include <linux/export.h>
29 #include <linux/idr.h>
30
31 #include <linux/rfkill.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35
36 static void hci_rx_work(struct work_struct *work);
37 static void hci_cmd_work(struct work_struct *work);
38 static void hci_tx_work(struct work_struct *work);
39
40 /* HCI device list */
41 LIST_HEAD(hci_dev_list);
42 DEFINE_RWLOCK(hci_dev_list_lock);
43
44 /* HCI callback list */
45 LIST_HEAD(hci_cb_list);
46 DEFINE_RWLOCK(hci_cb_list_lock);
47
48 /* HCI ID Numbering */
49 static DEFINE_IDA(hci_index_ida);
50
51 /* ---- HCI notifications ---- */
52
53 static void hci_notify(struct hci_dev *hdev, int event)
54 {
55 hci_sock_dev_event(hdev, event);
56 }
57
58 /* ---- HCI requests ---- */
59
60 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
61 {
62 BT_DBG("%s command 0x%4.4x result 0x%2.2x", hdev->name, cmd, result);
63
64 /* If this is the init phase check if the completed command matches
65 * the last init command, and if not just return.
66 */
67 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
68 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
69 u16 opcode = __le16_to_cpu(sent->opcode);
70 struct sk_buff *skb;
71
72 /* Some CSR based controllers generate a spontaneous
73 * reset complete event during init and any pending
74 * command will never be completed. In such a case we
75 * need to resend whatever was the last sent
76 * command.
77 */
78
79 if (cmd != HCI_OP_RESET || opcode == HCI_OP_RESET)
80 return;
81
82 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
83 if (skb) {
84 skb_queue_head(&hdev->cmd_q, skb);
85 queue_work(hdev->workqueue, &hdev->cmd_work);
86 }
87
88 return;
89 }
90
91 if (hdev->req_status == HCI_REQ_PEND) {
92 hdev->req_result = result;
93 hdev->req_status = HCI_REQ_DONE;
94 wake_up_interruptible(&hdev->req_wait_q);
95 }
96 }
97
98 static void hci_req_cancel(struct hci_dev *hdev, int err)
99 {
100 BT_DBG("%s err 0x%2.2x", hdev->name, err);
101
102 if (hdev->req_status == HCI_REQ_PEND) {
103 hdev->req_result = err;
104 hdev->req_status = HCI_REQ_CANCELED;
105 wake_up_interruptible(&hdev->req_wait_q);
106 }
107 }
108
109 /* Execute request and wait for completion. */
110 static int __hci_req_sync(struct hci_dev *hdev,
111 void (*req)(struct hci_dev *hdev, unsigned long opt),
112 unsigned long opt, __u32 timeout)
113 {
114 DECLARE_WAITQUEUE(wait, current);
115 int err = 0;
116
117 BT_DBG("%s start", hdev->name);
118
119 hdev->req_status = HCI_REQ_PEND;
120
121 add_wait_queue(&hdev->req_wait_q, &wait);
122 set_current_state(TASK_INTERRUPTIBLE);
123
124 req(hdev, opt);
125
126 /* If the request didn't send any commands return immediately */
127 if (skb_queue_empty(&hdev->cmd_q) && atomic_read(&hdev->cmd_cnt)) {
128 hdev->req_status = 0;
129 remove_wait_queue(&hdev->req_wait_q, &wait);
130 return err;
131 }
132
133 schedule_timeout(timeout);
134
135 remove_wait_queue(&hdev->req_wait_q, &wait);
136
137 if (signal_pending(current))
138 return -EINTR;
139
140 switch (hdev->req_status) {
141 case HCI_REQ_DONE:
142 err = -bt_to_errno(hdev->req_result);
143 break;
144
145 case HCI_REQ_CANCELED:
146 err = -hdev->req_result;
147 break;
148
149 default:
150 err = -ETIMEDOUT;
151 break;
152 }
153
154 hdev->req_status = hdev->req_result = 0;
155
156 BT_DBG("%s end: err %d", hdev->name, err);
157
158 return err;
159 }
160
161 static int hci_req_sync(struct hci_dev *hdev,
162 void (*req)(struct hci_dev *hdev, unsigned long opt),
163 unsigned long opt, __u32 timeout)
164 {
165 int ret;
166
167 if (!test_bit(HCI_UP, &hdev->flags))
168 return -ENETDOWN;
169
170 /* Serialize all requests */
171 hci_req_lock(hdev);
172 ret = __hci_req_sync(hdev, req, opt, timeout);
173 hci_req_unlock(hdev);
174
175 return ret;
176 }
177
178 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
179 {
180 BT_DBG("%s %ld", hdev->name, opt);
181
182 /* Reset device */
183 set_bit(HCI_RESET, &hdev->flags);
184 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
185 }
186
187 static void bredr_init(struct hci_dev *hdev)
188 {
189 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
190
191 /* Read Local Supported Features */
192 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
193
194 /* Read Local Version */
195 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
196
197 /* Read BD Address */
198 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
199 }
200
201 static void amp_init(struct hci_dev *hdev)
202 {
203 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
204
205 /* Read Local Version */
206 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
207
208 /* Read Local AMP Info */
209 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
210
211 /* Read Data Blk size */
212 hci_send_cmd(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
213 }
214
215 static void hci_init1_req(struct hci_dev *hdev, unsigned long opt)
216 {
217 struct sk_buff *skb;
218
219 BT_DBG("%s %ld", hdev->name, opt);
220
221 /* Driver initialization */
222
223 /* Special commands */
224 while ((skb = skb_dequeue(&hdev->driver_init))) {
225 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
226 skb->dev = (void *) hdev;
227
228 skb_queue_tail(&hdev->cmd_q, skb);
229 queue_work(hdev->workqueue, &hdev->cmd_work);
230 }
231 skb_queue_purge(&hdev->driver_init);
232
233 /* Reset */
234 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
235 hci_reset_req(hdev, 0);
236
237 switch (hdev->dev_type) {
238 case HCI_BREDR:
239 bredr_init(hdev);
240 break;
241
242 case HCI_AMP:
243 amp_init(hdev);
244 break;
245
246 default:
247 BT_ERR("Unknown device type %d", hdev->dev_type);
248 break;
249 }
250 }
251
252 static void bredr_setup(struct hci_dev *hdev)
253 {
254 struct hci_cp_delete_stored_link_key cp;
255 __le16 param;
256 __u8 flt_type;
257
258 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
259 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
260
261 /* Read Class of Device */
262 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
263
264 /* Read Local Name */
265 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
266
267 /* Read Voice Setting */
268 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
269
270 /* Clear Event Filters */
271 flt_type = HCI_FLT_CLEAR_ALL;
272 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
273
274 /* Connection accept timeout ~20 secs */
275 param = __constant_cpu_to_le16(0x7d00);
276 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
277
278 bacpy(&cp.bdaddr, BDADDR_ANY);
279 cp.delete_all = 0x01;
280 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
281 }
282
283 static void le_setup(struct hci_dev *hdev)
284 {
285 /* Read LE Buffer Size */
286 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
287
288 /* Read LE Local Supported Features */
289 hci_send_cmd(hdev, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
290
291 /* Read LE Advertising Channel TX Power */
292 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
293
294 /* Read LE White List Size */
295 hci_send_cmd(hdev, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
296
297 /* Read LE Supported States */
298 hci_send_cmd(hdev, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
299 }
300
301 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
302 {
303 if (lmp_ext_inq_capable(hdev))
304 return 0x02;
305
306 if (lmp_inq_rssi_capable(hdev))
307 return 0x01;
308
309 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
310 hdev->lmp_subver == 0x0757)
311 return 0x01;
312
313 if (hdev->manufacturer == 15) {
314 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
315 return 0x01;
316 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
317 return 0x01;
318 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
319 return 0x01;
320 }
321
322 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
323 hdev->lmp_subver == 0x1805)
324 return 0x01;
325
326 return 0x00;
327 }
328
329 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
330 {
331 u8 mode;
332
333 mode = hci_get_inquiry_mode(hdev);
334
335 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
336 }
337
338 static void hci_setup_event_mask(struct hci_dev *hdev)
339 {
340 /* The second byte is 0xff instead of 0x9f (two reserved bits
341 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
342 * command otherwise.
343 */
344 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
345
346 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
347 * any event mask for pre 1.2 devices.
348 */
349 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
350 return;
351
352 if (lmp_bredr_capable(hdev)) {
353 events[4] |= 0x01; /* Flow Specification Complete */
354 events[4] |= 0x02; /* Inquiry Result with RSSI */
355 events[4] |= 0x04; /* Read Remote Extended Features Complete */
356 events[5] |= 0x08; /* Synchronous Connection Complete */
357 events[5] |= 0x10; /* Synchronous Connection Changed */
358 }
359
360 if (lmp_inq_rssi_capable(hdev))
361 events[4] |= 0x02; /* Inquiry Result with RSSI */
362
363 if (lmp_sniffsubr_capable(hdev))
364 events[5] |= 0x20; /* Sniff Subrating */
365
366 if (lmp_pause_enc_capable(hdev))
367 events[5] |= 0x80; /* Encryption Key Refresh Complete */
368
369 if (lmp_ext_inq_capable(hdev))
370 events[5] |= 0x40; /* Extended Inquiry Result */
371
372 if (lmp_no_flush_capable(hdev))
373 events[7] |= 0x01; /* Enhanced Flush Complete */
374
375 if (lmp_lsto_capable(hdev))
376 events[6] |= 0x80; /* Link Supervision Timeout Changed */
377
378 if (lmp_ssp_capable(hdev)) {
379 events[6] |= 0x01; /* IO Capability Request */
380 events[6] |= 0x02; /* IO Capability Response */
381 events[6] |= 0x04; /* User Confirmation Request */
382 events[6] |= 0x08; /* User Passkey Request */
383 events[6] |= 0x10; /* Remote OOB Data Request */
384 events[6] |= 0x20; /* Simple Pairing Complete */
385 events[7] |= 0x04; /* User Passkey Notification */
386 events[7] |= 0x08; /* Keypress Notification */
387 events[7] |= 0x10; /* Remote Host Supported
388 * Features Notification
389 */
390 }
391
392 if (lmp_le_capable(hdev))
393 events[7] |= 0x20; /* LE Meta-Event */
394
395 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
396
397 if (lmp_le_capable(hdev)) {
398 memset(events, 0, sizeof(events));
399 events[0] = 0x1f;
400 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
401 sizeof(events), events);
402 }
403 }
404
405 static void hci_init2_req(struct hci_dev *hdev, unsigned long opt)
406 {
407 if (lmp_bredr_capable(hdev))
408 bredr_setup(hdev);
409
410 if (lmp_le_capable(hdev))
411 le_setup(hdev);
412
413 hci_setup_event_mask(hdev);
414
415 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
416 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
417
418 if (lmp_ssp_capable(hdev)) {
419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
420 u8 mode = 0x01;
421 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
422 sizeof(mode), &mode);
423 } else {
424 struct hci_cp_write_eir cp;
425
426 memset(hdev->eir, 0, sizeof(hdev->eir));
427 memset(&cp, 0, sizeof(cp));
428
429 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
430 }
431 }
432
433 if (lmp_inq_rssi_capable(hdev))
434 hci_setup_inquiry_mode(hdev);
435
436 if (lmp_inq_tx_pwr_capable(hdev))
437 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
438
439 if (lmp_ext_feat_capable(hdev)) {
440 struct hci_cp_read_local_ext_features cp;
441
442 cp.page = 0x01;
443 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
444 &cp);
445 }
446
447 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
448 u8 enable = 1;
449 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
450 &enable);
451 }
452 }
453
454 static void hci_setup_link_policy(struct hci_dev *hdev)
455 {
456 struct hci_cp_write_def_link_policy cp;
457 u16 link_policy = 0;
458
459 if (lmp_rswitch_capable(hdev))
460 link_policy |= HCI_LP_RSWITCH;
461 if (lmp_hold_capable(hdev))
462 link_policy |= HCI_LP_HOLD;
463 if (lmp_sniff_capable(hdev))
464 link_policy |= HCI_LP_SNIFF;
465 if (lmp_park_capable(hdev))
466 link_policy |= HCI_LP_PARK;
467
468 cp.policy = cpu_to_le16(link_policy);
469 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
470 }
471
472 static void hci_set_le_support(struct hci_dev *hdev)
473 {
474 struct hci_cp_write_le_host_supported cp;
475
476 memset(&cp, 0, sizeof(cp));
477
478 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
479 cp.le = 0x01;
480 cp.simul = lmp_le_br_capable(hdev);
481 }
482
483 if (cp.le != lmp_host_le_capable(hdev))
484 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
485 &cp);
486 }
487
488 static void hci_init3_req(struct hci_dev *hdev, unsigned long opt)
489 {
490 if (hdev->commands[5] & 0x10)
491 hci_setup_link_policy(hdev);
492
493 if (lmp_le_capable(hdev))
494 hci_set_le_support(hdev);
495 }
496
497 static int __hci_init(struct hci_dev *hdev)
498 {
499 int err;
500
501 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
502 if (err < 0)
503 return err;
504
505 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
506 * BR/EDR/LE type controllers. AMP controllers only need the
507 * first stage init.
508 */
509 if (hdev->dev_type != HCI_BREDR)
510 return 0;
511
512 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
513 if (err < 0)
514 return err;
515
516 return __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
517 }
518
519 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
520 {
521 __u8 scan = opt;
522
523 BT_DBG("%s %x", hdev->name, scan);
524
525 /* Inquiry and Page scans */
526 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
527 }
528
529 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
530 {
531 __u8 auth = opt;
532
533 BT_DBG("%s %x", hdev->name, auth);
534
535 /* Authentication */
536 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
537 }
538
539 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
540 {
541 __u8 encrypt = opt;
542
543 BT_DBG("%s %x", hdev->name, encrypt);
544
545 /* Encryption */
546 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
547 }
548
549 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
550 {
551 __le16 policy = cpu_to_le16(opt);
552
553 BT_DBG("%s %x", hdev->name, policy);
554
555 /* Default link policy */
556 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
557 }
558
559 /* Get HCI device by index.
560 * Device is held on return. */
561 struct hci_dev *hci_dev_get(int index)
562 {
563 struct hci_dev *hdev = NULL, *d;
564
565 BT_DBG("%d", index);
566
567 if (index < 0)
568 return NULL;
569
570 read_lock(&hci_dev_list_lock);
571 list_for_each_entry(d, &hci_dev_list, list) {
572 if (d->id == index) {
573 hdev = hci_dev_hold(d);
574 break;
575 }
576 }
577 read_unlock(&hci_dev_list_lock);
578 return hdev;
579 }
580
581 /* ---- Inquiry support ---- */
582
583 bool hci_discovery_active(struct hci_dev *hdev)
584 {
585 struct discovery_state *discov = &hdev->discovery;
586
587 switch (discov->state) {
588 case DISCOVERY_FINDING:
589 case DISCOVERY_RESOLVING:
590 return true;
591
592 default:
593 return false;
594 }
595 }
596
597 void hci_discovery_set_state(struct hci_dev *hdev, int state)
598 {
599 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
600
601 if (hdev->discovery.state == state)
602 return;
603
604 switch (state) {
605 case DISCOVERY_STOPPED:
606 if (hdev->discovery.state != DISCOVERY_STARTING)
607 mgmt_discovering(hdev, 0);
608 break;
609 case DISCOVERY_STARTING:
610 break;
611 case DISCOVERY_FINDING:
612 mgmt_discovering(hdev, 1);
613 break;
614 case DISCOVERY_RESOLVING:
615 break;
616 case DISCOVERY_STOPPING:
617 break;
618 }
619
620 hdev->discovery.state = state;
621 }
622
623 static void inquiry_cache_flush(struct hci_dev *hdev)
624 {
625 struct discovery_state *cache = &hdev->discovery;
626 struct inquiry_entry *p, *n;
627
628 list_for_each_entry_safe(p, n, &cache->all, all) {
629 list_del(&p->all);
630 kfree(p);
631 }
632
633 INIT_LIST_HEAD(&cache->unknown);
634 INIT_LIST_HEAD(&cache->resolve);
635 }
636
637 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
638 bdaddr_t *bdaddr)
639 {
640 struct discovery_state *cache = &hdev->discovery;
641 struct inquiry_entry *e;
642
643 BT_DBG("cache %p, %pMR", cache, bdaddr);
644
645 list_for_each_entry(e, &cache->all, all) {
646 if (!bacmp(&e->data.bdaddr, bdaddr))
647 return e;
648 }
649
650 return NULL;
651 }
652
653 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
654 bdaddr_t *bdaddr)
655 {
656 struct discovery_state *cache = &hdev->discovery;
657 struct inquiry_entry *e;
658
659 BT_DBG("cache %p, %pMR", cache, bdaddr);
660
661 list_for_each_entry(e, &cache->unknown, list) {
662 if (!bacmp(&e->data.bdaddr, bdaddr))
663 return e;
664 }
665
666 return NULL;
667 }
668
669 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
670 bdaddr_t *bdaddr,
671 int state)
672 {
673 struct discovery_state *cache = &hdev->discovery;
674 struct inquiry_entry *e;
675
676 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
677
678 list_for_each_entry(e, &cache->resolve, list) {
679 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
680 return e;
681 if (!bacmp(&e->data.bdaddr, bdaddr))
682 return e;
683 }
684
685 return NULL;
686 }
687
688 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
689 struct inquiry_entry *ie)
690 {
691 struct discovery_state *cache = &hdev->discovery;
692 struct list_head *pos = &cache->resolve;
693 struct inquiry_entry *p;
694
695 list_del(&ie->list);
696
697 list_for_each_entry(p, &cache->resolve, list) {
698 if (p->name_state != NAME_PENDING &&
699 abs(p->data.rssi) >= abs(ie->data.rssi))
700 break;
701 pos = &p->list;
702 }
703
704 list_add(&ie->list, pos);
705 }
706
707 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
708 bool name_known, bool *ssp)
709 {
710 struct discovery_state *cache = &hdev->discovery;
711 struct inquiry_entry *ie;
712
713 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
714
715 hci_remove_remote_oob_data(hdev, &data->bdaddr);
716
717 if (ssp)
718 *ssp = data->ssp_mode;
719
720 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
721 if (ie) {
722 if (ie->data.ssp_mode && ssp)
723 *ssp = true;
724
725 if (ie->name_state == NAME_NEEDED &&
726 data->rssi != ie->data.rssi) {
727 ie->data.rssi = data->rssi;
728 hci_inquiry_cache_update_resolve(hdev, ie);
729 }
730
731 goto update;
732 }
733
734 /* Entry not in the cache. Add new one. */
735 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
736 if (!ie)
737 return false;
738
739 list_add(&ie->all, &cache->all);
740
741 if (name_known) {
742 ie->name_state = NAME_KNOWN;
743 } else {
744 ie->name_state = NAME_NOT_KNOWN;
745 list_add(&ie->list, &cache->unknown);
746 }
747
748 update:
749 if (name_known && ie->name_state != NAME_KNOWN &&
750 ie->name_state != NAME_PENDING) {
751 ie->name_state = NAME_KNOWN;
752 list_del(&ie->list);
753 }
754
755 memcpy(&ie->data, data, sizeof(*data));
756 ie->timestamp = jiffies;
757 cache->timestamp = jiffies;
758
759 if (ie->name_state == NAME_NOT_KNOWN)
760 return false;
761
762 return true;
763 }
764
765 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
766 {
767 struct discovery_state *cache = &hdev->discovery;
768 struct inquiry_info *info = (struct inquiry_info *) buf;
769 struct inquiry_entry *e;
770 int copied = 0;
771
772 list_for_each_entry(e, &cache->all, all) {
773 struct inquiry_data *data = &e->data;
774
775 if (copied >= num)
776 break;
777
778 bacpy(&info->bdaddr, &data->bdaddr);
779 info->pscan_rep_mode = data->pscan_rep_mode;
780 info->pscan_period_mode = data->pscan_period_mode;
781 info->pscan_mode = data->pscan_mode;
782 memcpy(info->dev_class, data->dev_class, 3);
783 info->clock_offset = data->clock_offset;
784
785 info++;
786 copied++;
787 }
788
789 BT_DBG("cache %p, copied %d", cache, copied);
790 return copied;
791 }
792
793 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
794 {
795 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
796 struct hci_cp_inquiry cp;
797
798 BT_DBG("%s", hdev->name);
799
800 if (test_bit(HCI_INQUIRY, &hdev->flags))
801 return;
802
803 /* Start Inquiry */
804 memcpy(&cp.lap, &ir->lap, 3);
805 cp.length = ir->length;
806 cp.num_rsp = ir->num_rsp;
807 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
808 }
809
810 int hci_inquiry(void __user *arg)
811 {
812 __u8 __user *ptr = arg;
813 struct hci_inquiry_req ir;
814 struct hci_dev *hdev;
815 int err = 0, do_inquiry = 0, max_rsp;
816 long timeo;
817 __u8 *buf;
818
819 if (copy_from_user(&ir, ptr, sizeof(ir)))
820 return -EFAULT;
821
822 hdev = hci_dev_get(ir.dev_id);
823 if (!hdev)
824 return -ENODEV;
825
826 hci_dev_lock(hdev);
827 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
828 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
829 inquiry_cache_flush(hdev);
830 do_inquiry = 1;
831 }
832 hci_dev_unlock(hdev);
833
834 timeo = ir.length * msecs_to_jiffies(2000);
835
836 if (do_inquiry) {
837 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
838 timeo);
839 if (err < 0)
840 goto done;
841 }
842
843 /* for unlimited number of responses we will use buffer with
844 * 255 entries
845 */
846 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
847
848 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
849 * copy it to the user space.
850 */
851 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
852 if (!buf) {
853 err = -ENOMEM;
854 goto done;
855 }
856
857 hci_dev_lock(hdev);
858 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
859 hci_dev_unlock(hdev);
860
861 BT_DBG("num_rsp %d", ir.num_rsp);
862
863 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
864 ptr += sizeof(ir);
865 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
866 ir.num_rsp))
867 err = -EFAULT;
868 } else
869 err = -EFAULT;
870
871 kfree(buf);
872
873 done:
874 hci_dev_put(hdev);
875 return err;
876 }
877
878 static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
879 {
880 u8 ad_len = 0, flags = 0;
881 size_t name_len;
882
883 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
884 flags |= LE_AD_GENERAL;
885
886 if (!lmp_bredr_capable(hdev))
887 flags |= LE_AD_NO_BREDR;
888
889 if (lmp_le_br_capable(hdev))
890 flags |= LE_AD_SIM_LE_BREDR_CTRL;
891
892 if (lmp_host_le_br_capable(hdev))
893 flags |= LE_AD_SIM_LE_BREDR_HOST;
894
895 if (flags) {
896 BT_DBG("adv flags 0x%02x", flags);
897
898 ptr[0] = 2;
899 ptr[1] = EIR_FLAGS;
900 ptr[2] = flags;
901
902 ad_len += 3;
903 ptr += 3;
904 }
905
906 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
907 ptr[0] = 2;
908 ptr[1] = EIR_TX_POWER;
909 ptr[2] = (u8) hdev->adv_tx_power;
910
911 ad_len += 3;
912 ptr += 3;
913 }
914
915 name_len = strlen(hdev->dev_name);
916 if (name_len > 0) {
917 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
918
919 if (name_len > max_len) {
920 name_len = max_len;
921 ptr[1] = EIR_NAME_SHORT;
922 } else
923 ptr[1] = EIR_NAME_COMPLETE;
924
925 ptr[0] = name_len + 1;
926
927 memcpy(ptr + 2, hdev->dev_name, name_len);
928
929 ad_len += (name_len + 2);
930 ptr += (name_len + 2);
931 }
932
933 return ad_len;
934 }
935
936 int hci_update_ad(struct hci_dev *hdev)
937 {
938 struct hci_cp_le_set_adv_data cp;
939 u8 len;
940 int err;
941
942 hci_dev_lock(hdev);
943
944 if (!lmp_le_capable(hdev)) {
945 err = -EINVAL;
946 goto unlock;
947 }
948
949 memset(&cp, 0, sizeof(cp));
950
951 len = create_ad(hdev, cp.data);
952
953 if (hdev->adv_data_len == len &&
954 memcmp(cp.data, hdev->adv_data, len) == 0) {
955 err = 0;
956 goto unlock;
957 }
958
959 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
960 hdev->adv_data_len = len;
961
962 cp.length = len;
963 err = hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
964
965 unlock:
966 hci_dev_unlock(hdev);
967
968 return err;
969 }
970
971 /* ---- HCI ioctl helpers ---- */
972
973 int hci_dev_open(__u16 dev)
974 {
975 struct hci_dev *hdev;
976 int ret = 0;
977
978 hdev = hci_dev_get(dev);
979 if (!hdev)
980 return -ENODEV;
981
982 BT_DBG("%s %p", hdev->name, hdev);
983
984 hci_req_lock(hdev);
985
986 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
987 ret = -ENODEV;
988 goto done;
989 }
990
991 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
992 ret = -ERFKILL;
993 goto done;
994 }
995
996 if (test_bit(HCI_UP, &hdev->flags)) {
997 ret = -EALREADY;
998 goto done;
999 }
1000
1001 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1002 set_bit(HCI_RAW, &hdev->flags);
1003
1004 /* Treat all non BR/EDR controllers as raw devices if
1005 enable_hs is not set */
1006 if (hdev->dev_type != HCI_BREDR && !enable_hs)
1007 set_bit(HCI_RAW, &hdev->flags);
1008
1009 if (hdev->open(hdev)) {
1010 ret = -EIO;
1011 goto done;
1012 }
1013
1014 if (!test_bit(HCI_RAW, &hdev->flags)) {
1015 atomic_set(&hdev->cmd_cnt, 1);
1016 set_bit(HCI_INIT, &hdev->flags);
1017 hdev->init_last_cmd = 0;
1018
1019 ret = __hci_init(hdev);
1020
1021 clear_bit(HCI_INIT, &hdev->flags);
1022 }
1023
1024 if (!ret) {
1025 hci_dev_hold(hdev);
1026 set_bit(HCI_UP, &hdev->flags);
1027 hci_notify(hdev, HCI_DEV_UP);
1028 hci_update_ad(hdev);
1029 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
1030 mgmt_valid_hdev(hdev)) {
1031 hci_dev_lock(hdev);
1032 mgmt_powered(hdev, 1);
1033 hci_dev_unlock(hdev);
1034 }
1035 } else {
1036 /* Init failed, cleanup */
1037 flush_work(&hdev->tx_work);
1038 flush_work(&hdev->cmd_work);
1039 flush_work(&hdev->rx_work);
1040
1041 skb_queue_purge(&hdev->cmd_q);
1042 skb_queue_purge(&hdev->rx_q);
1043
1044 if (hdev->flush)
1045 hdev->flush(hdev);
1046
1047 if (hdev->sent_cmd) {
1048 kfree_skb(hdev->sent_cmd);
1049 hdev->sent_cmd = NULL;
1050 }
1051
1052 hdev->close(hdev);
1053 hdev->flags = 0;
1054 }
1055
1056 done:
1057 hci_req_unlock(hdev);
1058 hci_dev_put(hdev);
1059 return ret;
1060 }
1061
1062 static int hci_dev_do_close(struct hci_dev *hdev)
1063 {
1064 BT_DBG("%s %p", hdev->name, hdev);
1065
1066 cancel_work_sync(&hdev->le_scan);
1067
1068 cancel_delayed_work(&hdev->power_off);
1069
1070 hci_req_cancel(hdev, ENODEV);
1071 hci_req_lock(hdev);
1072
1073 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1074 del_timer_sync(&hdev->cmd_timer);
1075 hci_req_unlock(hdev);
1076 return 0;
1077 }
1078
1079 /* Flush RX and TX works */
1080 flush_work(&hdev->tx_work);
1081 flush_work(&hdev->rx_work);
1082
1083 if (hdev->discov_timeout > 0) {
1084 cancel_delayed_work(&hdev->discov_off);
1085 hdev->discov_timeout = 0;
1086 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1087 }
1088
1089 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1090 cancel_delayed_work(&hdev->service_cache);
1091
1092 cancel_delayed_work_sync(&hdev->le_scan_disable);
1093
1094 hci_dev_lock(hdev);
1095 inquiry_cache_flush(hdev);
1096 hci_conn_hash_flush(hdev);
1097 hci_dev_unlock(hdev);
1098
1099 hci_notify(hdev, HCI_DEV_DOWN);
1100
1101 if (hdev->flush)
1102 hdev->flush(hdev);
1103
1104 /* Reset device */
1105 skb_queue_purge(&hdev->cmd_q);
1106 atomic_set(&hdev->cmd_cnt, 1);
1107 if (!test_bit(HCI_RAW, &hdev->flags) &&
1108 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
1109 set_bit(HCI_INIT, &hdev->flags);
1110 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
1111 clear_bit(HCI_INIT, &hdev->flags);
1112 }
1113
1114 /* flush cmd work */
1115 flush_work(&hdev->cmd_work);
1116
1117 /* Drop queues */
1118 skb_queue_purge(&hdev->rx_q);
1119 skb_queue_purge(&hdev->cmd_q);
1120 skb_queue_purge(&hdev->raw_q);
1121
1122 /* Drop last sent command */
1123 if (hdev->sent_cmd) {
1124 del_timer_sync(&hdev->cmd_timer);
1125 kfree_skb(hdev->sent_cmd);
1126 hdev->sent_cmd = NULL;
1127 }
1128
1129 /* After this point our queues are empty
1130 * and no tasks are scheduled. */
1131 hdev->close(hdev);
1132
1133 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
1134 mgmt_valid_hdev(hdev)) {
1135 hci_dev_lock(hdev);
1136 mgmt_powered(hdev, 0);
1137 hci_dev_unlock(hdev);
1138 }
1139
1140 /* Clear flags */
1141 hdev->flags = 0;
1142
1143 /* Controller radio is available but is currently powered down */
1144 hdev->amp_status = 0;
1145
1146 memset(hdev->eir, 0, sizeof(hdev->eir));
1147 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1148
1149 hci_req_unlock(hdev);
1150
1151 hci_dev_put(hdev);
1152 return 0;
1153 }
1154
1155 int hci_dev_close(__u16 dev)
1156 {
1157 struct hci_dev *hdev;
1158 int err;
1159
1160 hdev = hci_dev_get(dev);
1161 if (!hdev)
1162 return -ENODEV;
1163
1164 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1165 cancel_delayed_work(&hdev->power_off);
1166
1167 err = hci_dev_do_close(hdev);
1168
1169 hci_dev_put(hdev);
1170 return err;
1171 }
1172
1173 int hci_dev_reset(__u16 dev)
1174 {
1175 struct hci_dev *hdev;
1176 int ret = 0;
1177
1178 hdev = hci_dev_get(dev);
1179 if (!hdev)
1180 return -ENODEV;
1181
1182 hci_req_lock(hdev);
1183
1184 if (!test_bit(HCI_UP, &hdev->flags))
1185 goto done;
1186
1187 /* Drop queues */
1188 skb_queue_purge(&hdev->rx_q);
1189 skb_queue_purge(&hdev->cmd_q);
1190
1191 hci_dev_lock(hdev);
1192 inquiry_cache_flush(hdev);
1193 hci_conn_hash_flush(hdev);
1194 hci_dev_unlock(hdev);
1195
1196 if (hdev->flush)
1197 hdev->flush(hdev);
1198
1199 atomic_set(&hdev->cmd_cnt, 1);
1200 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1201
1202 if (!test_bit(HCI_RAW, &hdev->flags))
1203 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
1204
1205 done:
1206 hci_req_unlock(hdev);
1207 hci_dev_put(hdev);
1208 return ret;
1209 }
1210
1211 int hci_dev_reset_stat(__u16 dev)
1212 {
1213 struct hci_dev *hdev;
1214 int ret = 0;
1215
1216 hdev = hci_dev_get(dev);
1217 if (!hdev)
1218 return -ENODEV;
1219
1220 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1221
1222 hci_dev_put(hdev);
1223
1224 return ret;
1225 }
1226
1227 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1228 {
1229 struct hci_dev *hdev;
1230 struct hci_dev_req dr;
1231 int err = 0;
1232
1233 if (copy_from_user(&dr, arg, sizeof(dr)))
1234 return -EFAULT;
1235
1236 hdev = hci_dev_get(dr.dev_id);
1237 if (!hdev)
1238 return -ENODEV;
1239
1240 switch (cmd) {
1241 case HCISETAUTH:
1242 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1243 HCI_INIT_TIMEOUT);
1244 break;
1245
1246 case HCISETENCRYPT:
1247 if (!lmp_encrypt_capable(hdev)) {
1248 err = -EOPNOTSUPP;
1249 break;
1250 }
1251
1252 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1253 /* Auth must be enabled first */
1254 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1255 HCI_INIT_TIMEOUT);
1256 if (err)
1257 break;
1258 }
1259
1260 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1261 HCI_INIT_TIMEOUT);
1262 break;
1263
1264 case HCISETSCAN:
1265 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1266 HCI_INIT_TIMEOUT);
1267 break;
1268
1269 case HCISETLINKPOL:
1270 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1271 HCI_INIT_TIMEOUT);
1272 break;
1273
1274 case HCISETLINKMODE:
1275 hdev->link_mode = ((__u16) dr.dev_opt) &
1276 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1277 break;
1278
1279 case HCISETPTYPE:
1280 hdev->pkt_type = (__u16) dr.dev_opt;
1281 break;
1282
1283 case HCISETACLMTU:
1284 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1285 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1286 break;
1287
1288 case HCISETSCOMTU:
1289 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1290 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1291 break;
1292
1293 default:
1294 err = -EINVAL;
1295 break;
1296 }
1297
1298 hci_dev_put(hdev);
1299 return err;
1300 }
1301
1302 int hci_get_dev_list(void __user *arg)
1303 {
1304 struct hci_dev *hdev;
1305 struct hci_dev_list_req *dl;
1306 struct hci_dev_req *dr;
1307 int n = 0, size, err;
1308 __u16 dev_num;
1309
1310 if (get_user(dev_num, (__u16 __user *) arg))
1311 return -EFAULT;
1312
1313 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1314 return -EINVAL;
1315
1316 size = sizeof(*dl) + dev_num * sizeof(*dr);
1317
1318 dl = kzalloc(size, GFP_KERNEL);
1319 if (!dl)
1320 return -ENOMEM;
1321
1322 dr = dl->dev_req;
1323
1324 read_lock(&hci_dev_list_lock);
1325 list_for_each_entry(hdev, &hci_dev_list, list) {
1326 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1327 cancel_delayed_work(&hdev->power_off);
1328
1329 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1330 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1331
1332 (dr + n)->dev_id = hdev->id;
1333 (dr + n)->dev_opt = hdev->flags;
1334
1335 if (++n >= dev_num)
1336 break;
1337 }
1338 read_unlock(&hci_dev_list_lock);
1339
1340 dl->dev_num = n;
1341 size = sizeof(*dl) + n * sizeof(*dr);
1342
1343 err = copy_to_user(arg, dl, size);
1344 kfree(dl);
1345
1346 return err ? -EFAULT : 0;
1347 }
1348
1349 int hci_get_dev_info(void __user *arg)
1350 {
1351 struct hci_dev *hdev;
1352 struct hci_dev_info di;
1353 int err = 0;
1354
1355 if (copy_from_user(&di, arg, sizeof(di)))
1356 return -EFAULT;
1357
1358 hdev = hci_dev_get(di.dev_id);
1359 if (!hdev)
1360 return -ENODEV;
1361
1362 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1363 cancel_delayed_work_sync(&hdev->power_off);
1364
1365 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1366 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1367
1368 strcpy(di.name, hdev->name);
1369 di.bdaddr = hdev->bdaddr;
1370 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1371 di.flags = hdev->flags;
1372 di.pkt_type = hdev->pkt_type;
1373 if (lmp_bredr_capable(hdev)) {
1374 di.acl_mtu = hdev->acl_mtu;
1375 di.acl_pkts = hdev->acl_pkts;
1376 di.sco_mtu = hdev->sco_mtu;
1377 di.sco_pkts = hdev->sco_pkts;
1378 } else {
1379 di.acl_mtu = hdev->le_mtu;
1380 di.acl_pkts = hdev->le_pkts;
1381 di.sco_mtu = 0;
1382 di.sco_pkts = 0;
1383 }
1384 di.link_policy = hdev->link_policy;
1385 di.link_mode = hdev->link_mode;
1386
1387 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1388 memcpy(&di.features, &hdev->features, sizeof(di.features));
1389
1390 if (copy_to_user(arg, &di, sizeof(di)))
1391 err = -EFAULT;
1392
1393 hci_dev_put(hdev);
1394
1395 return err;
1396 }
1397
1398 /* ---- Interface to HCI drivers ---- */
1399
1400 static int hci_rfkill_set_block(void *data, bool blocked)
1401 {
1402 struct hci_dev *hdev = data;
1403
1404 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1405
1406 if (!blocked)
1407 return 0;
1408
1409 hci_dev_do_close(hdev);
1410
1411 return 0;
1412 }
1413
1414 static const struct rfkill_ops hci_rfkill_ops = {
1415 .set_block = hci_rfkill_set_block,
1416 };
1417
1418 static void hci_power_on(struct work_struct *work)
1419 {
1420 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1421
1422 BT_DBG("%s", hdev->name);
1423
1424 if (hci_dev_open(hdev->id) < 0)
1425 return;
1426
1427 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1428 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1429 HCI_AUTO_OFF_TIMEOUT);
1430
1431 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1432 mgmt_index_added(hdev);
1433 }
1434
1435 static void hci_power_off(struct work_struct *work)
1436 {
1437 struct hci_dev *hdev = container_of(work, struct hci_dev,
1438 power_off.work);
1439
1440 BT_DBG("%s", hdev->name);
1441
1442 hci_dev_do_close(hdev);
1443 }
1444
1445 static void hci_discov_off(struct work_struct *work)
1446 {
1447 struct hci_dev *hdev;
1448 u8 scan = SCAN_PAGE;
1449
1450 hdev = container_of(work, struct hci_dev, discov_off.work);
1451
1452 BT_DBG("%s", hdev->name);
1453
1454 hci_dev_lock(hdev);
1455
1456 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1457
1458 hdev->discov_timeout = 0;
1459
1460 hci_dev_unlock(hdev);
1461 }
1462
1463 int hci_uuids_clear(struct hci_dev *hdev)
1464 {
1465 struct bt_uuid *uuid, *tmp;
1466
1467 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
1468 list_del(&uuid->list);
1469 kfree(uuid);
1470 }
1471
1472 return 0;
1473 }
1474
1475 int hci_link_keys_clear(struct hci_dev *hdev)
1476 {
1477 struct list_head *p, *n;
1478
1479 list_for_each_safe(p, n, &hdev->link_keys) {
1480 struct link_key *key;
1481
1482 key = list_entry(p, struct link_key, list);
1483
1484 list_del(p);
1485 kfree(key);
1486 }
1487
1488 return 0;
1489 }
1490
1491 int hci_smp_ltks_clear(struct hci_dev *hdev)
1492 {
1493 struct smp_ltk *k, *tmp;
1494
1495 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1496 list_del(&k->list);
1497 kfree(k);
1498 }
1499
1500 return 0;
1501 }
1502
1503 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1504 {
1505 struct link_key *k;
1506
1507 list_for_each_entry(k, &hdev->link_keys, list)
1508 if (bacmp(bdaddr, &k->bdaddr) == 0)
1509 return k;
1510
1511 return NULL;
1512 }
1513
1514 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1515 u8 key_type, u8 old_key_type)
1516 {
1517 /* Legacy key */
1518 if (key_type < 0x03)
1519 return true;
1520
1521 /* Debug keys are insecure so don't store them persistently */
1522 if (key_type == HCI_LK_DEBUG_COMBINATION)
1523 return false;
1524
1525 /* Changed combination key and there's no previous one */
1526 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1527 return false;
1528
1529 /* Security mode 3 case */
1530 if (!conn)
1531 return true;
1532
1533 /* Neither local nor remote side had no-bonding as requirement */
1534 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1535 return true;
1536
1537 /* Local side had dedicated bonding as requirement */
1538 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1539 return true;
1540
1541 /* Remote side had dedicated bonding as requirement */
1542 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1543 return true;
1544
1545 /* If none of the above criteria match, then don't store the key
1546 * persistently */
1547 return false;
1548 }
1549
1550 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1551 {
1552 struct smp_ltk *k;
1553
1554 list_for_each_entry(k, &hdev->long_term_keys, list) {
1555 if (k->ediv != ediv ||
1556 memcmp(rand, k->rand, sizeof(k->rand)))
1557 continue;
1558
1559 return k;
1560 }
1561
1562 return NULL;
1563 }
1564
1565 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1566 u8 addr_type)
1567 {
1568 struct smp_ltk *k;
1569
1570 list_for_each_entry(k, &hdev->long_term_keys, list)
1571 if (addr_type == k->bdaddr_type &&
1572 bacmp(bdaddr, &k->bdaddr) == 0)
1573 return k;
1574
1575 return NULL;
1576 }
1577
1578 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1579 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1580 {
1581 struct link_key *key, *old_key;
1582 u8 old_key_type;
1583 bool persistent;
1584
1585 old_key = hci_find_link_key(hdev, bdaddr);
1586 if (old_key) {
1587 old_key_type = old_key->type;
1588 key = old_key;
1589 } else {
1590 old_key_type = conn ? conn->key_type : 0xff;
1591 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1592 if (!key)
1593 return -ENOMEM;
1594 list_add(&key->list, &hdev->link_keys);
1595 }
1596
1597 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
1598
1599 /* Some buggy controller combinations generate a changed
1600 * combination key for legacy pairing even when there's no
1601 * previous key */
1602 if (type == HCI_LK_CHANGED_COMBINATION &&
1603 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
1604 type = HCI_LK_COMBINATION;
1605 if (conn)
1606 conn->key_type = type;
1607 }
1608
1609 bacpy(&key->bdaddr, bdaddr);
1610 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
1611 key->pin_len = pin_len;
1612
1613 if (type == HCI_LK_CHANGED_COMBINATION)
1614 key->type = old_key_type;
1615 else
1616 key->type = type;
1617
1618 if (!new_key)
1619 return 0;
1620
1621 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1622
1623 mgmt_new_link_key(hdev, key, persistent);
1624
1625 if (conn)
1626 conn->flush_key = !persistent;
1627
1628 return 0;
1629 }
1630
1631 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1632 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
1633 ediv, u8 rand[8])
1634 {
1635 struct smp_ltk *key, *old_key;
1636
1637 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1638 return 0;
1639
1640 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1641 if (old_key)
1642 key = old_key;
1643 else {
1644 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1645 if (!key)
1646 return -ENOMEM;
1647 list_add(&key->list, &hdev->long_term_keys);
1648 }
1649
1650 bacpy(&key->bdaddr, bdaddr);
1651 key->bdaddr_type = addr_type;
1652 memcpy(key->val, tk, sizeof(key->val));
1653 key->authenticated = authenticated;
1654 key->ediv = ediv;
1655 key->enc_size = enc_size;
1656 key->type = type;
1657 memcpy(key->rand, rand, sizeof(key->rand));
1658
1659 if (!new_key)
1660 return 0;
1661
1662 if (type & HCI_SMP_LTK)
1663 mgmt_new_ltk(hdev, key, 1);
1664
1665 return 0;
1666 }
1667
1668 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1669 {
1670 struct link_key *key;
1671
1672 key = hci_find_link_key(hdev, bdaddr);
1673 if (!key)
1674 return -ENOENT;
1675
1676 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1677
1678 list_del(&key->list);
1679 kfree(key);
1680
1681 return 0;
1682 }
1683
1684 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1685 {
1686 struct smp_ltk *k, *tmp;
1687
1688 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1689 if (bacmp(bdaddr, &k->bdaddr))
1690 continue;
1691
1692 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1693
1694 list_del(&k->list);
1695 kfree(k);
1696 }
1697
1698 return 0;
1699 }
1700
1701 /* HCI command timer function */
1702 static void hci_cmd_timeout(unsigned long arg)
1703 {
1704 struct hci_dev *hdev = (void *) arg;
1705
1706 if (hdev->sent_cmd) {
1707 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1708 u16 opcode = __le16_to_cpu(sent->opcode);
1709
1710 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1711 } else {
1712 BT_ERR("%s command tx timeout", hdev->name);
1713 }
1714
1715 atomic_set(&hdev->cmd_cnt, 1);
1716 queue_work(hdev->workqueue, &hdev->cmd_work);
1717 }
1718
1719 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1720 bdaddr_t *bdaddr)
1721 {
1722 struct oob_data *data;
1723
1724 list_for_each_entry(data, &hdev->remote_oob_data, list)
1725 if (bacmp(bdaddr, &data->bdaddr) == 0)
1726 return data;
1727
1728 return NULL;
1729 }
1730
1731 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1732 {
1733 struct oob_data *data;
1734
1735 data = hci_find_remote_oob_data(hdev, bdaddr);
1736 if (!data)
1737 return -ENOENT;
1738
1739 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1740
1741 list_del(&data->list);
1742 kfree(data);
1743
1744 return 0;
1745 }
1746
1747 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1748 {
1749 struct oob_data *data, *n;
1750
1751 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1752 list_del(&data->list);
1753 kfree(data);
1754 }
1755
1756 return 0;
1757 }
1758
1759 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1760 u8 *randomizer)
1761 {
1762 struct oob_data *data;
1763
1764 data = hci_find_remote_oob_data(hdev, bdaddr);
1765
1766 if (!data) {
1767 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1768 if (!data)
1769 return -ENOMEM;
1770
1771 bacpy(&data->bdaddr, bdaddr);
1772 list_add(&data->list, &hdev->remote_oob_data);
1773 }
1774
1775 memcpy(data->hash, hash, sizeof(data->hash));
1776 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1777
1778 BT_DBG("%s for %pMR", hdev->name, bdaddr);
1779
1780 return 0;
1781 }
1782
1783 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1784 {
1785 struct bdaddr_list *b;
1786
1787 list_for_each_entry(b, &hdev->blacklist, list)
1788 if (bacmp(bdaddr, &b->bdaddr) == 0)
1789 return b;
1790
1791 return NULL;
1792 }
1793
1794 int hci_blacklist_clear(struct hci_dev *hdev)
1795 {
1796 struct list_head *p, *n;
1797
1798 list_for_each_safe(p, n, &hdev->blacklist) {
1799 struct bdaddr_list *b;
1800
1801 b = list_entry(p, struct bdaddr_list, list);
1802
1803 list_del(p);
1804 kfree(b);
1805 }
1806
1807 return 0;
1808 }
1809
1810 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1811 {
1812 struct bdaddr_list *entry;
1813
1814 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1815 return -EBADF;
1816
1817 if (hci_blacklist_lookup(hdev, bdaddr))
1818 return -EEXIST;
1819
1820 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1821 if (!entry)
1822 return -ENOMEM;
1823
1824 bacpy(&entry->bdaddr, bdaddr);
1825
1826 list_add(&entry->list, &hdev->blacklist);
1827
1828 return mgmt_device_blocked(hdev, bdaddr, type);
1829 }
1830
1831 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1832 {
1833 struct bdaddr_list *entry;
1834
1835 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1836 return hci_blacklist_clear(hdev);
1837
1838 entry = hci_blacklist_lookup(hdev, bdaddr);
1839 if (!entry)
1840 return -ENOENT;
1841
1842 list_del(&entry->list);
1843 kfree(entry);
1844
1845 return mgmt_device_unblocked(hdev, bdaddr, type);
1846 }
1847
1848 static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1849 {
1850 struct le_scan_params *param = (struct le_scan_params *) opt;
1851 struct hci_cp_le_set_scan_param cp;
1852
1853 memset(&cp, 0, sizeof(cp));
1854 cp.type = param->type;
1855 cp.interval = cpu_to_le16(param->interval);
1856 cp.window = cpu_to_le16(param->window);
1857
1858 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1859 }
1860
1861 static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1862 {
1863 struct hci_cp_le_set_scan_enable cp;
1864
1865 memset(&cp, 0, sizeof(cp));
1866 cp.enable = 1;
1867 cp.filter_dup = 1;
1868
1869 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1870 }
1871
1872 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1873 u16 window, int timeout)
1874 {
1875 long timeo = msecs_to_jiffies(3000);
1876 struct le_scan_params param;
1877 int err;
1878
1879 BT_DBG("%s", hdev->name);
1880
1881 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1882 return -EINPROGRESS;
1883
1884 param.type = type;
1885 param.interval = interval;
1886 param.window = window;
1887
1888 hci_req_lock(hdev);
1889
1890 err = __hci_req_sync(hdev, le_scan_param_req, (unsigned long) &param,
1891 timeo);
1892 if (!err)
1893 err = __hci_req_sync(hdev, le_scan_enable_req, 0, timeo);
1894
1895 hci_req_unlock(hdev);
1896
1897 if (err < 0)
1898 return err;
1899
1900 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
1901 msecs_to_jiffies(timeout));
1902
1903 return 0;
1904 }
1905
1906 int hci_cancel_le_scan(struct hci_dev *hdev)
1907 {
1908 BT_DBG("%s", hdev->name);
1909
1910 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1911 return -EALREADY;
1912
1913 if (cancel_delayed_work(&hdev->le_scan_disable)) {
1914 struct hci_cp_le_set_scan_enable cp;
1915
1916 /* Send HCI command to disable LE Scan */
1917 memset(&cp, 0, sizeof(cp));
1918 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1919 }
1920
1921 return 0;
1922 }
1923
1924 static void le_scan_disable_work(struct work_struct *work)
1925 {
1926 struct hci_dev *hdev = container_of(work, struct hci_dev,
1927 le_scan_disable.work);
1928 struct hci_cp_le_set_scan_enable cp;
1929
1930 BT_DBG("%s", hdev->name);
1931
1932 memset(&cp, 0, sizeof(cp));
1933
1934 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1935 }
1936
1937 static void le_scan_work(struct work_struct *work)
1938 {
1939 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1940 struct le_scan_params *param = &hdev->le_scan_params;
1941
1942 BT_DBG("%s", hdev->name);
1943
1944 hci_do_le_scan(hdev, param->type, param->interval, param->window,
1945 param->timeout);
1946 }
1947
1948 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1949 int timeout)
1950 {
1951 struct le_scan_params *param = &hdev->le_scan_params;
1952
1953 BT_DBG("%s", hdev->name);
1954
1955 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
1956 return -ENOTSUPP;
1957
1958 if (work_busy(&hdev->le_scan))
1959 return -EINPROGRESS;
1960
1961 param->type = type;
1962 param->interval = interval;
1963 param->window = window;
1964 param->timeout = timeout;
1965
1966 queue_work(system_long_wq, &hdev->le_scan);
1967
1968 return 0;
1969 }
1970
1971 /* Alloc HCI device */
1972 struct hci_dev *hci_alloc_dev(void)
1973 {
1974 struct hci_dev *hdev;
1975
1976 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1977 if (!hdev)
1978 return NULL;
1979
1980 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1981 hdev->esco_type = (ESCO_HV1);
1982 hdev->link_mode = (HCI_LM_ACCEPT);
1983 hdev->io_capability = 0x03; /* No Input No Output */
1984 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
1985 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
1986
1987 hdev->sniff_max_interval = 800;
1988 hdev->sniff_min_interval = 80;
1989
1990 mutex_init(&hdev->lock);
1991 mutex_init(&hdev->req_lock);
1992
1993 INIT_LIST_HEAD(&hdev->mgmt_pending);
1994 INIT_LIST_HEAD(&hdev->blacklist);
1995 INIT_LIST_HEAD(&hdev->uuids);
1996 INIT_LIST_HEAD(&hdev->link_keys);
1997 INIT_LIST_HEAD(&hdev->long_term_keys);
1998 INIT_LIST_HEAD(&hdev->remote_oob_data);
1999 INIT_LIST_HEAD(&hdev->conn_hash.list);
2000
2001 INIT_WORK(&hdev->rx_work, hci_rx_work);
2002 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
2003 INIT_WORK(&hdev->tx_work, hci_tx_work);
2004 INIT_WORK(&hdev->power_on, hci_power_on);
2005 INIT_WORK(&hdev->le_scan, le_scan_work);
2006
2007 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
2008 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
2009 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2010
2011 skb_queue_head_init(&hdev->driver_init);
2012 skb_queue_head_init(&hdev->rx_q);
2013 skb_queue_head_init(&hdev->cmd_q);
2014 skb_queue_head_init(&hdev->raw_q);
2015
2016 init_waitqueue_head(&hdev->req_wait_q);
2017
2018 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
2019
2020 hci_init_sysfs(hdev);
2021 discovery_init(hdev);
2022
2023 return hdev;
2024 }
2025 EXPORT_SYMBOL(hci_alloc_dev);
2026
2027 /* Free HCI device */
2028 void hci_free_dev(struct hci_dev *hdev)
2029 {
2030 skb_queue_purge(&hdev->driver_init);
2031
2032 /* will free via device release */
2033 put_device(&hdev->dev);
2034 }
2035 EXPORT_SYMBOL(hci_free_dev);
2036
2037 /* Register HCI device */
2038 int hci_register_dev(struct hci_dev *hdev)
2039 {
2040 int id, error;
2041
2042 if (!hdev->open || !hdev->close)
2043 return -EINVAL;
2044
2045 /* Do not allow HCI_AMP devices to register at index 0,
2046 * so the index can be used as the AMP controller ID.
2047 */
2048 switch (hdev->dev_type) {
2049 case HCI_BREDR:
2050 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
2051 break;
2052 case HCI_AMP:
2053 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
2054 break;
2055 default:
2056 return -EINVAL;
2057 }
2058
2059 if (id < 0)
2060 return id;
2061
2062 sprintf(hdev->name, "hci%d", id);
2063 hdev->id = id;
2064
2065 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2066
2067 write_lock(&hci_dev_list_lock);
2068 list_add(&hdev->list, &hci_dev_list);
2069 write_unlock(&hci_dev_list_lock);
2070
2071 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
2072 WQ_MEM_RECLAIM, 1);
2073 if (!hdev->workqueue) {
2074 error = -ENOMEM;
2075 goto err;
2076 }
2077
2078 hdev->req_workqueue = alloc_workqueue(hdev->name,
2079 WQ_HIGHPRI | WQ_UNBOUND |
2080 WQ_MEM_RECLAIM, 1);
2081 if (!hdev->req_workqueue) {
2082 destroy_workqueue(hdev->workqueue);
2083 error = -ENOMEM;
2084 goto err;
2085 }
2086
2087 error = hci_add_sysfs(hdev);
2088 if (error < 0)
2089 goto err_wqueue;
2090
2091 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
2092 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
2093 hdev);
2094 if (hdev->rfkill) {
2095 if (rfkill_register(hdev->rfkill) < 0) {
2096 rfkill_destroy(hdev->rfkill);
2097 hdev->rfkill = NULL;
2098 }
2099 }
2100
2101 set_bit(HCI_SETUP, &hdev->dev_flags);
2102
2103 if (hdev->dev_type != HCI_AMP)
2104 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2105
2106 hci_notify(hdev, HCI_DEV_REG);
2107 hci_dev_hold(hdev);
2108
2109 queue_work(hdev->req_workqueue, &hdev->power_on);
2110
2111 return id;
2112
2113 err_wqueue:
2114 destroy_workqueue(hdev->workqueue);
2115 destroy_workqueue(hdev->req_workqueue);
2116 err:
2117 ida_simple_remove(&hci_index_ida, hdev->id);
2118 write_lock(&hci_dev_list_lock);
2119 list_del(&hdev->list);
2120 write_unlock(&hci_dev_list_lock);
2121
2122 return error;
2123 }
2124 EXPORT_SYMBOL(hci_register_dev);
2125
2126 /* Unregister HCI device */
2127 void hci_unregister_dev(struct hci_dev *hdev)
2128 {
2129 int i, id;
2130
2131 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2132
2133 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
2134
2135 id = hdev->id;
2136
2137 write_lock(&hci_dev_list_lock);
2138 list_del(&hdev->list);
2139 write_unlock(&hci_dev_list_lock);
2140
2141 hci_dev_do_close(hdev);
2142
2143 for (i = 0; i < NUM_REASSEMBLY; i++)
2144 kfree_skb(hdev->reassembly[i]);
2145
2146 cancel_work_sync(&hdev->power_on);
2147
2148 if (!test_bit(HCI_INIT, &hdev->flags) &&
2149 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
2150 hci_dev_lock(hdev);
2151 mgmt_index_removed(hdev);
2152 hci_dev_unlock(hdev);
2153 }
2154
2155 /* mgmt_index_removed should take care of emptying the
2156 * pending list */
2157 BUG_ON(!list_empty(&hdev->mgmt_pending));
2158
2159 hci_notify(hdev, HCI_DEV_UNREG);
2160
2161 if (hdev->rfkill) {
2162 rfkill_unregister(hdev->rfkill);
2163 rfkill_destroy(hdev->rfkill);
2164 }
2165
2166 hci_del_sysfs(hdev);
2167
2168 destroy_workqueue(hdev->workqueue);
2169 destroy_workqueue(hdev->req_workqueue);
2170
2171 hci_dev_lock(hdev);
2172 hci_blacklist_clear(hdev);
2173 hci_uuids_clear(hdev);
2174 hci_link_keys_clear(hdev);
2175 hci_smp_ltks_clear(hdev);
2176 hci_remote_oob_data_clear(hdev);
2177 hci_dev_unlock(hdev);
2178
2179 hci_dev_put(hdev);
2180
2181 ida_simple_remove(&hci_index_ida, id);
2182 }
2183 EXPORT_SYMBOL(hci_unregister_dev);
2184
2185 /* Suspend HCI device */
2186 int hci_suspend_dev(struct hci_dev *hdev)
2187 {
2188 hci_notify(hdev, HCI_DEV_SUSPEND);
2189 return 0;
2190 }
2191 EXPORT_SYMBOL(hci_suspend_dev);
2192
2193 /* Resume HCI device */
2194 int hci_resume_dev(struct hci_dev *hdev)
2195 {
2196 hci_notify(hdev, HCI_DEV_RESUME);
2197 return 0;
2198 }
2199 EXPORT_SYMBOL(hci_resume_dev);
2200
2201 /* Receive frame from HCI drivers */
2202 int hci_recv_frame(struct sk_buff *skb)
2203 {
2204 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2205 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
2206 && !test_bit(HCI_INIT, &hdev->flags))) {
2207 kfree_skb(skb);
2208 return -ENXIO;
2209 }
2210
2211 /* Incoming skb */
2212 bt_cb(skb)->incoming = 1;
2213
2214 /* Time stamp */
2215 __net_timestamp(skb);
2216
2217 skb_queue_tail(&hdev->rx_q, skb);
2218 queue_work(hdev->workqueue, &hdev->rx_work);
2219
2220 return 0;
2221 }
2222 EXPORT_SYMBOL(hci_recv_frame);
2223
2224 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
2225 int count, __u8 index)
2226 {
2227 int len = 0;
2228 int hlen = 0;
2229 int remain = count;
2230 struct sk_buff *skb;
2231 struct bt_skb_cb *scb;
2232
2233 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
2234 index >= NUM_REASSEMBLY)
2235 return -EILSEQ;
2236
2237 skb = hdev->reassembly[index];
2238
2239 if (!skb) {
2240 switch (type) {
2241 case HCI_ACLDATA_PKT:
2242 len = HCI_MAX_FRAME_SIZE;
2243 hlen = HCI_ACL_HDR_SIZE;
2244 break;
2245 case HCI_EVENT_PKT:
2246 len = HCI_MAX_EVENT_SIZE;
2247 hlen = HCI_EVENT_HDR_SIZE;
2248 break;
2249 case HCI_SCODATA_PKT:
2250 len = HCI_MAX_SCO_SIZE;
2251 hlen = HCI_SCO_HDR_SIZE;
2252 break;
2253 }
2254
2255 skb = bt_skb_alloc(len, GFP_ATOMIC);
2256 if (!skb)
2257 return -ENOMEM;
2258
2259 scb = (void *) skb->cb;
2260 scb->expect = hlen;
2261 scb->pkt_type = type;
2262
2263 skb->dev = (void *) hdev;
2264 hdev->reassembly[index] = skb;
2265 }
2266
2267 while (count) {
2268 scb = (void *) skb->cb;
2269 len = min_t(uint, scb->expect, count);
2270
2271 memcpy(skb_put(skb, len), data, len);
2272
2273 count -= len;
2274 data += len;
2275 scb->expect -= len;
2276 remain = count;
2277
2278 switch (type) {
2279 case HCI_EVENT_PKT:
2280 if (skb->len == HCI_EVENT_HDR_SIZE) {
2281 struct hci_event_hdr *h = hci_event_hdr(skb);
2282 scb->expect = h->plen;
2283
2284 if (skb_tailroom(skb) < scb->expect) {
2285 kfree_skb(skb);
2286 hdev->reassembly[index] = NULL;
2287 return -ENOMEM;
2288 }
2289 }
2290 break;
2291
2292 case HCI_ACLDATA_PKT:
2293 if (skb->len == HCI_ACL_HDR_SIZE) {
2294 struct hci_acl_hdr *h = hci_acl_hdr(skb);
2295 scb->expect = __le16_to_cpu(h->dlen);
2296
2297 if (skb_tailroom(skb) < scb->expect) {
2298 kfree_skb(skb);
2299 hdev->reassembly[index] = NULL;
2300 return -ENOMEM;
2301 }
2302 }
2303 break;
2304
2305 case HCI_SCODATA_PKT:
2306 if (skb->len == HCI_SCO_HDR_SIZE) {
2307 struct hci_sco_hdr *h = hci_sco_hdr(skb);
2308 scb->expect = h->dlen;
2309
2310 if (skb_tailroom(skb) < scb->expect) {
2311 kfree_skb(skb);
2312 hdev->reassembly[index] = NULL;
2313 return -ENOMEM;
2314 }
2315 }
2316 break;
2317 }
2318
2319 if (scb->expect == 0) {
2320 /* Complete frame */
2321
2322 bt_cb(skb)->pkt_type = type;
2323 hci_recv_frame(skb);
2324
2325 hdev->reassembly[index] = NULL;
2326 return remain;
2327 }
2328 }
2329
2330 return remain;
2331 }
2332
2333 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
2334 {
2335 int rem = 0;
2336
2337 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
2338 return -EILSEQ;
2339
2340 while (count) {
2341 rem = hci_reassembly(hdev, type, data, count, type - 1);
2342 if (rem < 0)
2343 return rem;
2344
2345 data += (count - rem);
2346 count = rem;
2347 }
2348
2349 return rem;
2350 }
2351 EXPORT_SYMBOL(hci_recv_fragment);
2352
2353 #define STREAM_REASSEMBLY 0
2354
2355 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
2356 {
2357 int type;
2358 int rem = 0;
2359
2360 while (count) {
2361 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2362
2363 if (!skb) {
2364 struct { char type; } *pkt;
2365
2366 /* Start of the frame */
2367 pkt = data;
2368 type = pkt->type;
2369
2370 data++;
2371 count--;
2372 } else
2373 type = bt_cb(skb)->pkt_type;
2374
2375 rem = hci_reassembly(hdev, type, data, count,
2376 STREAM_REASSEMBLY);
2377 if (rem < 0)
2378 return rem;
2379
2380 data += (count - rem);
2381 count = rem;
2382 }
2383
2384 return rem;
2385 }
2386 EXPORT_SYMBOL(hci_recv_stream_fragment);
2387
2388 /* ---- Interface to upper protocols ---- */
2389
2390 int hci_register_cb(struct hci_cb *cb)
2391 {
2392 BT_DBG("%p name %s", cb, cb->name);
2393
2394 write_lock(&hci_cb_list_lock);
2395 list_add(&cb->list, &hci_cb_list);
2396 write_unlock(&hci_cb_list_lock);
2397
2398 return 0;
2399 }
2400 EXPORT_SYMBOL(hci_register_cb);
2401
2402 int hci_unregister_cb(struct hci_cb *cb)
2403 {
2404 BT_DBG("%p name %s", cb, cb->name);
2405
2406 write_lock(&hci_cb_list_lock);
2407 list_del(&cb->list);
2408 write_unlock(&hci_cb_list_lock);
2409
2410 return 0;
2411 }
2412 EXPORT_SYMBOL(hci_unregister_cb);
2413
2414 static int hci_send_frame(struct sk_buff *skb)
2415 {
2416 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2417
2418 if (!hdev) {
2419 kfree_skb(skb);
2420 return -ENODEV;
2421 }
2422
2423 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2424
2425 /* Time stamp */
2426 __net_timestamp(skb);
2427
2428 /* Send copy to monitor */
2429 hci_send_to_monitor(hdev, skb);
2430
2431 if (atomic_read(&hdev->promisc)) {
2432 /* Send copy to the sockets */
2433 hci_send_to_sock(hdev, skb);
2434 }
2435
2436 /* Get rid of skb owner, prior to sending to the driver. */
2437 skb_orphan(skb);
2438
2439 return hdev->send(skb);
2440 }
2441
2442 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
2443 {
2444 skb_queue_head_init(&req->cmd_q);
2445 req->hdev = hdev;
2446 }
2447
2448 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
2449 {
2450 struct hci_dev *hdev = req->hdev;
2451 struct sk_buff *skb;
2452 unsigned long flags;
2453
2454 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
2455
2456 /* Do not allow empty requests */
2457 if (skb_queue_empty(&req->cmd_q))
2458 return -EINVAL;
2459
2460 skb = skb_peek_tail(&req->cmd_q);
2461 bt_cb(skb)->req.complete = complete;
2462
2463 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
2464 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
2465 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
2466
2467 queue_work(hdev->workqueue, &hdev->cmd_work);
2468
2469 return 0;
2470 }
2471
2472 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
2473 u32 plen, void *param)
2474 {
2475 int len = HCI_COMMAND_HDR_SIZE + plen;
2476 struct hci_command_hdr *hdr;
2477 struct sk_buff *skb;
2478
2479 skb = bt_skb_alloc(len, GFP_ATOMIC);
2480 if (!skb)
2481 return NULL;
2482
2483 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2484 hdr->opcode = cpu_to_le16(opcode);
2485 hdr->plen = plen;
2486
2487 if (plen)
2488 memcpy(skb_put(skb, plen), param, plen);
2489
2490 BT_DBG("skb len %d", skb->len);
2491
2492 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2493 skb->dev = (void *) hdev;
2494
2495 return skb;
2496 }
2497
2498 /* Send HCI command */
2499 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2500 {
2501 struct sk_buff *skb;
2502
2503 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2504
2505 skb = hci_prepare_cmd(hdev, opcode, plen, param);
2506 if (!skb) {
2507 BT_ERR("%s no memory for command", hdev->name);
2508 return -ENOMEM;
2509 }
2510
2511 if (test_bit(HCI_INIT, &hdev->flags))
2512 hdev->init_last_cmd = opcode;
2513
2514 /* Stand-alone HCI commands must be flaged as
2515 * single-command requests.
2516 */
2517 bt_cb(skb)->req.start = true;
2518
2519 skb_queue_tail(&hdev->cmd_q, skb);
2520 queue_work(hdev->workqueue, &hdev->cmd_work);
2521
2522 return 0;
2523 }
2524
2525 /* Queue a command to an asynchronous HCI request */
2526 int hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param)
2527 {
2528 struct hci_dev *hdev = req->hdev;
2529 struct sk_buff *skb;
2530
2531 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2532
2533 skb = hci_prepare_cmd(hdev, opcode, plen, param);
2534 if (!skb) {
2535 BT_ERR("%s no memory for command", hdev->name);
2536 return -ENOMEM;
2537 }
2538
2539 if (skb_queue_empty(&req->cmd_q))
2540 bt_cb(skb)->req.start = true;
2541
2542 skb_queue_tail(&req->cmd_q, skb);
2543
2544 return 0;
2545 }
2546
2547 /* Get data from the previously sent command */
2548 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2549 {
2550 struct hci_command_hdr *hdr;
2551
2552 if (!hdev->sent_cmd)
2553 return NULL;
2554
2555 hdr = (void *) hdev->sent_cmd->data;
2556
2557 if (hdr->opcode != cpu_to_le16(opcode))
2558 return NULL;
2559
2560 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2561
2562 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2563 }
2564
2565 /* Send ACL data */
2566 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2567 {
2568 struct hci_acl_hdr *hdr;
2569 int len = skb->len;
2570
2571 skb_push(skb, HCI_ACL_HDR_SIZE);
2572 skb_reset_transport_header(skb);
2573 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2574 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2575 hdr->dlen = cpu_to_le16(len);
2576 }
2577
2578 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
2579 struct sk_buff *skb, __u16 flags)
2580 {
2581 struct hci_conn *conn = chan->conn;
2582 struct hci_dev *hdev = conn->hdev;
2583 struct sk_buff *list;
2584
2585 skb->len = skb_headlen(skb);
2586 skb->data_len = 0;
2587
2588 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2589
2590 switch (hdev->dev_type) {
2591 case HCI_BREDR:
2592 hci_add_acl_hdr(skb, conn->handle, flags);
2593 break;
2594 case HCI_AMP:
2595 hci_add_acl_hdr(skb, chan->handle, flags);
2596 break;
2597 default:
2598 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2599 return;
2600 }
2601
2602 list = skb_shinfo(skb)->frag_list;
2603 if (!list) {
2604 /* Non fragmented */
2605 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2606
2607 skb_queue_tail(queue, skb);
2608 } else {
2609 /* Fragmented */
2610 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2611
2612 skb_shinfo(skb)->frag_list = NULL;
2613
2614 /* Queue all fragments atomically */
2615 spin_lock(&queue->lock);
2616
2617 __skb_queue_tail(queue, skb);
2618
2619 flags &= ~ACL_START;
2620 flags |= ACL_CONT;
2621 do {
2622 skb = list; list = list->next;
2623
2624 skb->dev = (void *) hdev;
2625 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2626 hci_add_acl_hdr(skb, conn->handle, flags);
2627
2628 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2629
2630 __skb_queue_tail(queue, skb);
2631 } while (list);
2632
2633 spin_unlock(&queue->lock);
2634 }
2635 }
2636
2637 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2638 {
2639 struct hci_dev *hdev = chan->conn->hdev;
2640
2641 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2642
2643 skb->dev = (void *) hdev;
2644
2645 hci_queue_acl(chan, &chan->data_q, skb, flags);
2646
2647 queue_work(hdev->workqueue, &hdev->tx_work);
2648 }
2649
2650 /* Send SCO data */
2651 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2652 {
2653 struct hci_dev *hdev = conn->hdev;
2654 struct hci_sco_hdr hdr;
2655
2656 BT_DBG("%s len %d", hdev->name, skb->len);
2657
2658 hdr.handle = cpu_to_le16(conn->handle);
2659 hdr.dlen = skb->len;
2660
2661 skb_push(skb, HCI_SCO_HDR_SIZE);
2662 skb_reset_transport_header(skb);
2663 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2664
2665 skb->dev = (void *) hdev;
2666 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2667
2668 skb_queue_tail(&conn->data_q, skb);
2669 queue_work(hdev->workqueue, &hdev->tx_work);
2670 }
2671
2672 /* ---- HCI TX task (outgoing data) ---- */
2673
2674 /* HCI Connection scheduler */
2675 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
2676 int *quote)
2677 {
2678 struct hci_conn_hash *h = &hdev->conn_hash;
2679 struct hci_conn *conn = NULL, *c;
2680 unsigned int num = 0, min = ~0;
2681
2682 /* We don't have to lock device here. Connections are always
2683 * added and removed with TX task disabled. */
2684
2685 rcu_read_lock();
2686
2687 list_for_each_entry_rcu(c, &h->list, list) {
2688 if (c->type != type || skb_queue_empty(&c->data_q))
2689 continue;
2690
2691 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2692 continue;
2693
2694 num++;
2695
2696 if (c->sent < min) {
2697 min = c->sent;
2698 conn = c;
2699 }
2700
2701 if (hci_conn_num(hdev, type) == num)
2702 break;
2703 }
2704
2705 rcu_read_unlock();
2706
2707 if (conn) {
2708 int cnt, q;
2709
2710 switch (conn->type) {
2711 case ACL_LINK:
2712 cnt = hdev->acl_cnt;
2713 break;
2714 case SCO_LINK:
2715 case ESCO_LINK:
2716 cnt = hdev->sco_cnt;
2717 break;
2718 case LE_LINK:
2719 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2720 break;
2721 default:
2722 cnt = 0;
2723 BT_ERR("Unknown link type");
2724 }
2725
2726 q = cnt / num;
2727 *quote = q ? q : 1;
2728 } else
2729 *quote = 0;
2730
2731 BT_DBG("conn %p quote %d", conn, *quote);
2732 return conn;
2733 }
2734
2735 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2736 {
2737 struct hci_conn_hash *h = &hdev->conn_hash;
2738 struct hci_conn *c;
2739
2740 BT_ERR("%s link tx timeout", hdev->name);
2741
2742 rcu_read_lock();
2743
2744 /* Kill stalled connections */
2745 list_for_each_entry_rcu(c, &h->list, list) {
2746 if (c->type == type && c->sent) {
2747 BT_ERR("%s killing stalled connection %pMR",
2748 hdev->name, &c->dst);
2749 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
2750 }
2751 }
2752
2753 rcu_read_unlock();
2754 }
2755
2756 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2757 int *quote)
2758 {
2759 struct hci_conn_hash *h = &hdev->conn_hash;
2760 struct hci_chan *chan = NULL;
2761 unsigned int num = 0, min = ~0, cur_prio = 0;
2762 struct hci_conn *conn;
2763 int cnt, q, conn_num = 0;
2764
2765 BT_DBG("%s", hdev->name);
2766
2767 rcu_read_lock();
2768
2769 list_for_each_entry_rcu(conn, &h->list, list) {
2770 struct hci_chan *tmp;
2771
2772 if (conn->type != type)
2773 continue;
2774
2775 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2776 continue;
2777
2778 conn_num++;
2779
2780 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2781 struct sk_buff *skb;
2782
2783 if (skb_queue_empty(&tmp->data_q))
2784 continue;
2785
2786 skb = skb_peek(&tmp->data_q);
2787 if (skb->priority < cur_prio)
2788 continue;
2789
2790 if (skb->priority > cur_prio) {
2791 num = 0;
2792 min = ~0;
2793 cur_prio = skb->priority;
2794 }
2795
2796 num++;
2797
2798 if (conn->sent < min) {
2799 min = conn->sent;
2800 chan = tmp;
2801 }
2802 }
2803
2804 if (hci_conn_num(hdev, type) == conn_num)
2805 break;
2806 }
2807
2808 rcu_read_unlock();
2809
2810 if (!chan)
2811 return NULL;
2812
2813 switch (chan->conn->type) {
2814 case ACL_LINK:
2815 cnt = hdev->acl_cnt;
2816 break;
2817 case AMP_LINK:
2818 cnt = hdev->block_cnt;
2819 break;
2820 case SCO_LINK:
2821 case ESCO_LINK:
2822 cnt = hdev->sco_cnt;
2823 break;
2824 case LE_LINK:
2825 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2826 break;
2827 default:
2828 cnt = 0;
2829 BT_ERR("Unknown link type");
2830 }
2831
2832 q = cnt / num;
2833 *quote = q ? q : 1;
2834 BT_DBG("chan %p quote %d", chan, *quote);
2835 return chan;
2836 }
2837
2838 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2839 {
2840 struct hci_conn_hash *h = &hdev->conn_hash;
2841 struct hci_conn *conn;
2842 int num = 0;
2843
2844 BT_DBG("%s", hdev->name);
2845
2846 rcu_read_lock();
2847
2848 list_for_each_entry_rcu(conn, &h->list, list) {
2849 struct hci_chan *chan;
2850
2851 if (conn->type != type)
2852 continue;
2853
2854 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2855 continue;
2856
2857 num++;
2858
2859 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2860 struct sk_buff *skb;
2861
2862 if (chan->sent) {
2863 chan->sent = 0;
2864 continue;
2865 }
2866
2867 if (skb_queue_empty(&chan->data_q))
2868 continue;
2869
2870 skb = skb_peek(&chan->data_q);
2871 if (skb->priority >= HCI_PRIO_MAX - 1)
2872 continue;
2873
2874 skb->priority = HCI_PRIO_MAX - 1;
2875
2876 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2877 skb->priority);
2878 }
2879
2880 if (hci_conn_num(hdev, type) == num)
2881 break;
2882 }
2883
2884 rcu_read_unlock();
2885
2886 }
2887
2888 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2889 {
2890 /* Calculate count of blocks used by this packet */
2891 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2892 }
2893
2894 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2895 {
2896 if (!test_bit(HCI_RAW, &hdev->flags)) {
2897 /* ACL tx timeout must be longer than maximum
2898 * link supervision timeout (40.9 seconds) */
2899 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2900 HCI_ACL_TX_TIMEOUT))
2901 hci_link_tx_to(hdev, ACL_LINK);
2902 }
2903 }
2904
2905 static void hci_sched_acl_pkt(struct hci_dev *hdev)
2906 {
2907 unsigned int cnt = hdev->acl_cnt;
2908 struct hci_chan *chan;
2909 struct sk_buff *skb;
2910 int quote;
2911
2912 __check_timeout(hdev, cnt);
2913
2914 while (hdev->acl_cnt &&
2915 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2916 u32 priority = (skb_peek(&chan->data_q))->priority;
2917 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2918 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2919 skb->len, skb->priority);
2920
2921 /* Stop if priority has changed */
2922 if (skb->priority < priority)
2923 break;
2924
2925 skb = skb_dequeue(&chan->data_q);
2926
2927 hci_conn_enter_active_mode(chan->conn,
2928 bt_cb(skb)->force_active);
2929
2930 hci_send_frame(skb);
2931 hdev->acl_last_tx = jiffies;
2932
2933 hdev->acl_cnt--;
2934 chan->sent++;
2935 chan->conn->sent++;
2936 }
2937 }
2938
2939 if (cnt != hdev->acl_cnt)
2940 hci_prio_recalculate(hdev, ACL_LINK);
2941 }
2942
2943 static void hci_sched_acl_blk(struct hci_dev *hdev)
2944 {
2945 unsigned int cnt = hdev->block_cnt;
2946 struct hci_chan *chan;
2947 struct sk_buff *skb;
2948 int quote;
2949 u8 type;
2950
2951 __check_timeout(hdev, cnt);
2952
2953 BT_DBG("%s", hdev->name);
2954
2955 if (hdev->dev_type == HCI_AMP)
2956 type = AMP_LINK;
2957 else
2958 type = ACL_LINK;
2959
2960 while (hdev->block_cnt > 0 &&
2961 (chan = hci_chan_sent(hdev, type, &quote))) {
2962 u32 priority = (skb_peek(&chan->data_q))->priority;
2963 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2964 int blocks;
2965
2966 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2967 skb->len, skb->priority);
2968
2969 /* Stop if priority has changed */
2970 if (skb->priority < priority)
2971 break;
2972
2973 skb = skb_dequeue(&chan->data_q);
2974
2975 blocks = __get_blocks(hdev, skb);
2976 if (blocks > hdev->block_cnt)
2977 return;
2978
2979 hci_conn_enter_active_mode(chan->conn,
2980 bt_cb(skb)->force_active);
2981
2982 hci_send_frame(skb);
2983 hdev->acl_last_tx = jiffies;
2984
2985 hdev->block_cnt -= blocks;
2986 quote -= blocks;
2987
2988 chan->sent += blocks;
2989 chan->conn->sent += blocks;
2990 }
2991 }
2992
2993 if (cnt != hdev->block_cnt)
2994 hci_prio_recalculate(hdev, type);
2995 }
2996
2997 static void hci_sched_acl(struct hci_dev *hdev)
2998 {
2999 BT_DBG("%s", hdev->name);
3000
3001 /* No ACL link over BR/EDR controller */
3002 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
3003 return;
3004
3005 /* No AMP link over AMP controller */
3006 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
3007 return;
3008
3009 switch (hdev->flow_ctl_mode) {
3010 case HCI_FLOW_CTL_MODE_PACKET_BASED:
3011 hci_sched_acl_pkt(hdev);
3012 break;
3013
3014 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
3015 hci_sched_acl_blk(hdev);
3016 break;
3017 }
3018 }
3019
3020 /* Schedule SCO */
3021 static void hci_sched_sco(struct hci_dev *hdev)
3022 {
3023 struct hci_conn *conn;
3024 struct sk_buff *skb;
3025 int quote;
3026
3027 BT_DBG("%s", hdev->name);
3028
3029 if (!hci_conn_num(hdev, SCO_LINK))
3030 return;
3031
3032 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
3033 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3034 BT_DBG("skb %p len %d", skb, skb->len);
3035 hci_send_frame(skb);
3036
3037 conn->sent++;
3038 if (conn->sent == ~0)
3039 conn->sent = 0;
3040 }
3041 }
3042 }
3043
3044 static void hci_sched_esco(struct hci_dev *hdev)
3045 {
3046 struct hci_conn *conn;
3047 struct sk_buff *skb;
3048 int quote;
3049
3050 BT_DBG("%s", hdev->name);
3051
3052 if (!hci_conn_num(hdev, ESCO_LINK))
3053 return;
3054
3055 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
3056 &quote))) {
3057 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3058 BT_DBG("skb %p len %d", skb, skb->len);
3059 hci_send_frame(skb);
3060
3061 conn->sent++;
3062 if (conn->sent == ~0)
3063 conn->sent = 0;
3064 }
3065 }
3066 }
3067
3068 static void hci_sched_le(struct hci_dev *hdev)
3069 {
3070 struct hci_chan *chan;
3071 struct sk_buff *skb;
3072 int quote, cnt, tmp;
3073
3074 BT_DBG("%s", hdev->name);
3075
3076 if (!hci_conn_num(hdev, LE_LINK))
3077 return;
3078
3079 if (!test_bit(HCI_RAW, &hdev->flags)) {
3080 /* LE tx timeout must be longer than maximum
3081 * link supervision timeout (40.9 seconds) */
3082 if (!hdev->le_cnt && hdev->le_pkts &&
3083 time_after(jiffies, hdev->le_last_tx + HZ * 45))
3084 hci_link_tx_to(hdev, LE_LINK);
3085 }
3086
3087 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
3088 tmp = cnt;
3089 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
3090 u32 priority = (skb_peek(&chan->data_q))->priority;
3091 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3092 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3093 skb->len, skb->priority);
3094
3095 /* Stop if priority has changed */
3096 if (skb->priority < priority)
3097 break;
3098
3099 skb = skb_dequeue(&chan->data_q);
3100
3101 hci_send_frame(skb);
3102 hdev->le_last_tx = jiffies;
3103
3104 cnt--;
3105 chan->sent++;
3106 chan->conn->sent++;
3107 }
3108 }
3109
3110 if (hdev->le_pkts)
3111 hdev->le_cnt = cnt;
3112 else
3113 hdev->acl_cnt = cnt;
3114
3115 if (cnt != tmp)
3116 hci_prio_recalculate(hdev, LE_LINK);
3117 }
3118
3119 static void hci_tx_work(struct work_struct *work)
3120 {
3121 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
3122 struct sk_buff *skb;
3123
3124 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
3125 hdev->sco_cnt, hdev->le_cnt);
3126
3127 /* Schedule queues and send stuff to HCI driver */
3128
3129 hci_sched_acl(hdev);
3130
3131 hci_sched_sco(hdev);
3132
3133 hci_sched_esco(hdev);
3134
3135 hci_sched_le(hdev);
3136
3137 /* Send next queued raw (unknown type) packet */
3138 while ((skb = skb_dequeue(&hdev->raw_q)))
3139 hci_send_frame(skb);
3140 }
3141
3142 /* ----- HCI RX task (incoming data processing) ----- */
3143
3144 /* ACL data packet */
3145 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3146 {
3147 struct hci_acl_hdr *hdr = (void *) skb->data;
3148 struct hci_conn *conn;
3149 __u16 handle, flags;
3150
3151 skb_pull(skb, HCI_ACL_HDR_SIZE);
3152
3153 handle = __le16_to_cpu(hdr->handle);
3154 flags = hci_flags(handle);
3155 handle = hci_handle(handle);
3156
3157 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
3158 handle, flags);
3159
3160 hdev->stat.acl_rx++;
3161
3162 hci_dev_lock(hdev);
3163 conn = hci_conn_hash_lookup_handle(hdev, handle);
3164 hci_dev_unlock(hdev);
3165
3166 if (conn) {
3167 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
3168
3169 /* Send to upper protocol */
3170 l2cap_recv_acldata(conn, skb, flags);
3171 return;
3172 } else {
3173 BT_ERR("%s ACL packet for unknown connection handle %d",
3174 hdev->name, handle);
3175 }
3176
3177 kfree_skb(skb);
3178 }
3179
3180 /* SCO data packet */
3181 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3182 {
3183 struct hci_sco_hdr *hdr = (void *) skb->data;
3184 struct hci_conn *conn;
3185 __u16 handle;
3186
3187 skb_pull(skb, HCI_SCO_HDR_SIZE);
3188
3189 handle = __le16_to_cpu(hdr->handle);
3190
3191 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
3192
3193 hdev->stat.sco_rx++;
3194
3195 hci_dev_lock(hdev);
3196 conn = hci_conn_hash_lookup_handle(hdev, handle);
3197 hci_dev_unlock(hdev);
3198
3199 if (conn) {
3200 /* Send to upper protocol */
3201 sco_recv_scodata(conn, skb);
3202 return;
3203 } else {
3204 BT_ERR("%s SCO packet for unknown connection handle %d",
3205 hdev->name, handle);
3206 }
3207
3208 kfree_skb(skb);
3209 }
3210
3211 static void hci_rx_work(struct work_struct *work)
3212 {
3213 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
3214 struct sk_buff *skb;
3215
3216 BT_DBG("%s", hdev->name);
3217
3218 while ((skb = skb_dequeue(&hdev->rx_q))) {
3219 /* Send copy to monitor */
3220 hci_send_to_monitor(hdev, skb);
3221
3222 if (atomic_read(&hdev->promisc)) {
3223 /* Send copy to the sockets */
3224 hci_send_to_sock(hdev, skb);
3225 }
3226
3227 if (test_bit(HCI_RAW, &hdev->flags)) {
3228 kfree_skb(skb);
3229 continue;
3230 }
3231
3232 if (test_bit(HCI_INIT, &hdev->flags)) {
3233 /* Don't process data packets in this states. */
3234 switch (bt_cb(skb)->pkt_type) {
3235 case HCI_ACLDATA_PKT:
3236 case HCI_SCODATA_PKT:
3237 kfree_skb(skb);
3238 continue;
3239 }
3240 }
3241
3242 /* Process frame */
3243 switch (bt_cb(skb)->pkt_type) {
3244 case HCI_EVENT_PKT:
3245 BT_DBG("%s Event packet", hdev->name);
3246 hci_event_packet(hdev, skb);
3247 break;
3248
3249 case HCI_ACLDATA_PKT:
3250 BT_DBG("%s ACL data packet", hdev->name);
3251 hci_acldata_packet(hdev, skb);
3252 break;
3253
3254 case HCI_SCODATA_PKT:
3255 BT_DBG("%s SCO data packet", hdev->name);
3256 hci_scodata_packet(hdev, skb);
3257 break;
3258
3259 default:
3260 kfree_skb(skb);
3261 break;
3262 }
3263 }
3264 }
3265
3266 static void hci_cmd_work(struct work_struct *work)
3267 {
3268 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
3269 struct sk_buff *skb;
3270
3271 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
3272 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
3273
3274 /* Send queued commands */
3275 if (atomic_read(&hdev->cmd_cnt)) {
3276 skb = skb_dequeue(&hdev->cmd_q);
3277 if (!skb)
3278 return;
3279
3280 kfree_skb(hdev->sent_cmd);
3281
3282 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
3283 if (hdev->sent_cmd) {
3284 atomic_dec(&hdev->cmd_cnt);
3285 hci_send_frame(skb);
3286 if (test_bit(HCI_RESET, &hdev->flags))
3287 del_timer(&hdev->cmd_timer);
3288 else
3289 mod_timer(&hdev->cmd_timer,
3290 jiffies + HCI_CMD_TIMEOUT);
3291 } else {
3292 skb_queue_head(&hdev->cmd_q, skb);
3293 queue_work(hdev->workqueue, &hdev->cmd_work);
3294 }
3295 }
3296 }
3297
3298 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
3299 {
3300 /* General inquiry access code (GIAC) */
3301 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3302 struct hci_cp_inquiry cp;
3303
3304 BT_DBG("%s", hdev->name);
3305
3306 if (test_bit(HCI_INQUIRY, &hdev->flags))
3307 return -EINPROGRESS;
3308
3309 inquiry_cache_flush(hdev);
3310
3311 memset(&cp, 0, sizeof(cp));
3312 memcpy(&cp.lap, lap, sizeof(cp.lap));
3313 cp.length = length;
3314
3315 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
3316 }
3317
3318 int hci_cancel_inquiry(struct hci_dev *hdev)
3319 {
3320 BT_DBG("%s", hdev->name);
3321
3322 if (!test_bit(HCI_INQUIRY, &hdev->flags))
3323 return -EALREADY;
3324
3325 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3326 }
3327
3328 u8 bdaddr_to_le(u8 bdaddr_type)
3329 {
3330 switch (bdaddr_type) {
3331 case BDADDR_LE_PUBLIC:
3332 return ADDR_LE_DEV_PUBLIC;
3333
3334 default:
3335 /* Fallback to LE Random address type */
3336 return ADDR_LE_DEV_RANDOM;
3337 }
3338 }
kernel source for telekom puls (alcatel/mediatek)