2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/jiffies.h>
29 #include <linux/module.h>
30 #include <linux/kmod.h>
32 #include <linux/types.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/skbuff.h>
41 #include <linux/workqueue.h>
42 #include <linux/interrupt.h>
43 #include <linux/notifier.h>
44 #include <linux/rfkill.h>
45 #include <linux/timer.h>
46 #include <linux/crypto.h>
49 #include <asm/system.h>
50 #include <linux/uaccess.h>
51 #include <asm/unaligned.h>
53 #include <net/bluetooth/bluetooth.h>
54 #include <net/bluetooth/hci_core.h>
56 #define AUTO_OFF_TIMEOUT 2000
60 static void hci_rx_work(struct work_struct
*work
);
61 static void hci_cmd_work(struct work_struct
*work
);
62 static void hci_tx_work(struct work_struct
*work
);
65 LIST_HEAD(hci_dev_list
);
66 DEFINE_RWLOCK(hci_dev_list_lock
);
68 /* HCI callback list */
69 LIST_HEAD(hci_cb_list
);
70 DEFINE_RWLOCK(hci_cb_list_lock
);
72 /* HCI notifiers list */
73 static ATOMIC_NOTIFIER_HEAD(hci_notifier
);
75 /* ---- HCI notifications ---- */
77 int hci_register_notifier(struct notifier_block
*nb
)
79 return atomic_notifier_chain_register(&hci_notifier
, nb
);
82 int hci_unregister_notifier(struct notifier_block
*nb
)
84 return atomic_notifier_chain_unregister(&hci_notifier
, nb
);
87 static void hci_notify(struct hci_dev
*hdev
, int event
)
89 atomic_notifier_call_chain(&hci_notifier
, event
, hdev
);
92 /* ---- HCI requests ---- */
94 void hci_req_complete(struct hci_dev
*hdev
, __u16 cmd
, int result
)
96 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev
->name
, cmd
, result
);
98 /* If this is the init phase check if the completed command matches
99 * the last init command, and if not just return.
101 if (test_bit(HCI_INIT
, &hdev
->flags
) && hdev
->init_last_cmd
!= cmd
)
104 if (hdev
->req_status
== HCI_REQ_PEND
) {
105 hdev
->req_result
= result
;
106 hdev
->req_status
= HCI_REQ_DONE
;
107 wake_up_interruptible(&hdev
->req_wait_q
);
111 static void hci_req_cancel(struct hci_dev
*hdev
, int err
)
113 BT_DBG("%s err 0x%2.2x", hdev
->name
, err
);
115 if (hdev
->req_status
== HCI_REQ_PEND
) {
116 hdev
->req_result
= err
;
117 hdev
->req_status
= HCI_REQ_CANCELED
;
118 wake_up_interruptible(&hdev
->req_wait_q
);
122 /* Execute request and wait for completion. */
123 static int __hci_request(struct hci_dev
*hdev
, void (*req
)(struct hci_dev
*hdev
, unsigned long opt
),
124 unsigned long opt
, __u32 timeout
)
126 DECLARE_WAITQUEUE(wait
, current
);
129 BT_DBG("%s start", hdev
->name
);
131 hdev
->req_status
= HCI_REQ_PEND
;
133 add_wait_queue(&hdev
->req_wait_q
, &wait
);
134 set_current_state(TASK_INTERRUPTIBLE
);
137 schedule_timeout(timeout
);
139 remove_wait_queue(&hdev
->req_wait_q
, &wait
);
141 if (signal_pending(current
))
144 switch (hdev
->req_status
) {
146 err
= -bt_to_errno(hdev
->req_result
);
149 case HCI_REQ_CANCELED
:
150 err
= -hdev
->req_result
;
158 hdev
->req_status
= hdev
->req_result
= 0;
160 BT_DBG("%s end: err %d", hdev
->name
, err
);
165 static inline int hci_request(struct hci_dev
*hdev
, void (*req
)(struct hci_dev
*hdev
, unsigned long opt
),
166 unsigned long opt
, __u32 timeout
)
170 if (!test_bit(HCI_UP
, &hdev
->flags
))
173 /* Serialize all requests */
175 ret
= __hci_request(hdev
, req
, opt
, timeout
);
176 hci_req_unlock(hdev
);
181 static void hci_reset_req(struct hci_dev
*hdev
, unsigned long opt
)
183 BT_DBG("%s %ld", hdev
->name
, opt
);
186 set_bit(HCI_RESET
, &hdev
->flags
);
187 hci_send_cmd(hdev
, HCI_OP_RESET
, 0, NULL
);
190 static void bredr_init(struct hci_dev
*hdev
)
192 struct hci_cp_delete_stored_link_key cp
;
196 hdev
->flow_ctl_mode
= HCI_FLOW_CTL_MODE_PACKET_BASED
;
198 /* Mandatory initialization */
201 if (!test_bit(HCI_QUIRK_NO_RESET
, &hdev
->quirks
)) {
202 set_bit(HCI_RESET
, &hdev
->flags
);
203 hci_send_cmd(hdev
, HCI_OP_RESET
, 0, NULL
);
206 /* Read Local Supported Features */
207 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_FEATURES
, 0, NULL
);
209 /* Read Local Version */
210 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_VERSION
, 0, NULL
);
212 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
213 hci_send_cmd(hdev
, HCI_OP_READ_BUFFER_SIZE
, 0, NULL
);
215 /* Read BD Address */
216 hci_send_cmd(hdev
, HCI_OP_READ_BD_ADDR
, 0, NULL
);
218 /* Read Class of Device */
219 hci_send_cmd(hdev
, HCI_OP_READ_CLASS_OF_DEV
, 0, NULL
);
221 /* Read Local Name */
222 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_NAME
, 0, NULL
);
224 /* Read Voice Setting */
225 hci_send_cmd(hdev
, HCI_OP_READ_VOICE_SETTING
, 0, NULL
);
227 /* Optional initialization */
229 /* Clear Event Filters */
230 flt_type
= HCI_FLT_CLEAR_ALL
;
231 hci_send_cmd(hdev
, HCI_OP_SET_EVENT_FLT
, 1, &flt_type
);
233 /* Connection accept timeout ~20 secs */
234 param
= cpu_to_le16(0x7d00);
235 hci_send_cmd(hdev
, HCI_OP_WRITE_CA_TIMEOUT
, 2, ¶m
);
237 bacpy(&cp
.bdaddr
, BDADDR_ANY
);
239 hci_send_cmd(hdev
, HCI_OP_DELETE_STORED_LINK_KEY
, sizeof(cp
), &cp
);
242 static void amp_init(struct hci_dev
*hdev
)
244 hdev
->flow_ctl_mode
= HCI_FLOW_CTL_MODE_BLOCK_BASED
;
247 hci_send_cmd(hdev
, HCI_OP_RESET
, 0, NULL
);
249 /* Read Local Version */
250 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_VERSION
, 0, NULL
);
253 static void hci_init_req(struct hci_dev
*hdev
, unsigned long opt
)
257 BT_DBG("%s %ld", hdev
->name
, opt
);
259 /* Driver initialization */
261 /* Special commands */
262 while ((skb
= skb_dequeue(&hdev
->driver_init
))) {
263 bt_cb(skb
)->pkt_type
= HCI_COMMAND_PKT
;
264 skb
->dev
= (void *) hdev
;
266 skb_queue_tail(&hdev
->cmd_q
, skb
);
267 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
269 skb_queue_purge(&hdev
->driver_init
);
271 switch (hdev
->dev_type
) {
281 BT_ERR("Unknown device type %d", hdev
->dev_type
);
287 static void hci_le_init_req(struct hci_dev
*hdev
, unsigned long opt
)
289 BT_DBG("%s", hdev
->name
);
291 /* Read LE buffer size */
292 hci_send_cmd(hdev
, HCI_OP_LE_READ_BUFFER_SIZE
, 0, NULL
);
295 static void hci_scan_req(struct hci_dev
*hdev
, unsigned long opt
)
299 BT_DBG("%s %x", hdev
->name
, scan
);
301 /* Inquiry and Page scans */
302 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
305 static void hci_auth_req(struct hci_dev
*hdev
, unsigned long opt
)
309 BT_DBG("%s %x", hdev
->name
, auth
);
312 hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, 1, &auth
);
315 static void hci_encrypt_req(struct hci_dev
*hdev
, unsigned long opt
)
319 BT_DBG("%s %x", hdev
->name
, encrypt
);
322 hci_send_cmd(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
, 1, &encrypt
);
325 static void hci_linkpol_req(struct hci_dev
*hdev
, unsigned long opt
)
327 __le16 policy
= cpu_to_le16(opt
);
329 BT_DBG("%s %x", hdev
->name
, policy
);
331 /* Default link policy */
332 hci_send_cmd(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
, 2, &policy
);
335 /* Get HCI device by index.
336 * Device is held on return. */
337 struct hci_dev
*hci_dev_get(int index
)
339 struct hci_dev
*hdev
= NULL
, *d
;
346 read_lock(&hci_dev_list_lock
);
347 list_for_each_entry(d
, &hci_dev_list
, list
) {
348 if (d
->id
== index
) {
349 hdev
= hci_dev_hold(d
);
353 read_unlock(&hci_dev_list_lock
);
357 /* ---- Inquiry support ---- */
359 bool hci_discovery_active(struct hci_dev
*hdev
)
361 struct discovery_state
*discov
= &hdev
->discovery
;
363 if (discov
->state
== DISCOVERY_INQUIRY
||
364 discov
->state
== DISCOVERY_RESOLVING
)
370 void hci_discovery_set_state(struct hci_dev
*hdev
, int state
)
372 BT_DBG("%s state %u -> %u", hdev
->name
, hdev
->discovery
.state
, state
);
374 if (hdev
->discovery
.state
== state
)
378 case DISCOVERY_STOPPED
:
379 mgmt_discovering(hdev
, 0);
381 case DISCOVERY_STARTING
:
383 case DISCOVERY_INQUIRY
:
384 mgmt_discovering(hdev
, 1);
386 case DISCOVERY_RESOLVING
:
388 case DISCOVERY_STOPPING
:
392 hdev
->discovery
.state
= state
;
395 static void inquiry_cache_flush(struct hci_dev
*hdev
)
397 struct discovery_state
*cache
= &hdev
->discovery
;
398 struct inquiry_entry
*p
, *n
;
400 list_for_each_entry_safe(p
, n
, &cache
->all
, all
) {
405 INIT_LIST_HEAD(&cache
->unknown
);
406 INIT_LIST_HEAD(&cache
->resolve
);
407 cache
->state
= DISCOVERY_STOPPED
;
410 struct inquiry_entry
*hci_inquiry_cache_lookup(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
412 struct discovery_state
*cache
= &hdev
->discovery
;
413 struct inquiry_entry
*e
;
415 BT_DBG("cache %p, %s", cache
, batostr(bdaddr
));
417 list_for_each_entry(e
, &cache
->all
, all
) {
418 if (!bacmp(&e
->data
.bdaddr
, bdaddr
))
425 struct inquiry_entry
*hci_inquiry_cache_lookup_unknown(struct hci_dev
*hdev
,
428 struct discovery_state
*cache
= &hdev
->discovery
;
429 struct inquiry_entry
*e
;
431 BT_DBG("cache %p, %s", cache
, batostr(bdaddr
));
433 list_for_each_entry(e
, &cache
->unknown
, list
) {
434 if (!bacmp(&e
->data
.bdaddr
, bdaddr
))
441 struct inquiry_entry
*hci_inquiry_cache_lookup_resolve(struct hci_dev
*hdev
,
445 struct discovery_state
*cache
= &hdev
->discovery
;
446 struct inquiry_entry
*e
;
448 BT_DBG("cache %p bdaddr %s state %d", cache
, batostr(bdaddr
), state
);
450 list_for_each_entry(e
, &cache
->resolve
, list
) {
451 if (!bacmp(bdaddr
, BDADDR_ANY
) && e
->name_state
== state
)
453 if (!bacmp(&e
->data
.bdaddr
, bdaddr
))
460 void hci_inquiry_cache_update_resolve(struct hci_dev
*hdev
,
461 struct inquiry_entry
*ie
)
463 struct discovery_state
*cache
= &hdev
->discovery
;
464 struct list_head
*pos
= &cache
->resolve
;
465 struct inquiry_entry
*p
;
469 list_for_each_entry(p
, &cache
->resolve
, list
) {
470 if (p
->name_state
!= NAME_PENDING
&&
471 abs(p
->data
.rssi
) >= abs(ie
->data
.rssi
))
476 list_add(&ie
->list
, pos
);
479 bool hci_inquiry_cache_update(struct hci_dev
*hdev
, struct inquiry_data
*data
,
482 struct discovery_state
*cache
= &hdev
->discovery
;
483 struct inquiry_entry
*ie
;
485 BT_DBG("cache %p, %s", cache
, batostr(&data
->bdaddr
));
487 ie
= hci_inquiry_cache_lookup(hdev
, &data
->bdaddr
);
489 if (ie
->name_state
== NAME_NEEDED
&&
490 data
->rssi
!= ie
->data
.rssi
) {
491 ie
->data
.rssi
= data
->rssi
;
492 hci_inquiry_cache_update_resolve(hdev
, ie
);
498 /* Entry not in the cache. Add new one. */
499 ie
= kzalloc(sizeof(struct inquiry_entry
), GFP_ATOMIC
);
503 list_add(&ie
->all
, &cache
->all
);
506 ie
->name_state
= NAME_KNOWN
;
508 ie
->name_state
= NAME_NOT_KNOWN
;
509 list_add(&ie
->list
, &cache
->unknown
);
513 if (name_known
&& ie
->name_state
!= NAME_KNOWN
&&
514 ie
->name_state
!= NAME_PENDING
) {
515 ie
->name_state
= NAME_KNOWN
;
519 memcpy(&ie
->data
, data
, sizeof(*data
));
520 ie
->timestamp
= jiffies
;
521 cache
->timestamp
= jiffies
;
523 if (ie
->name_state
== NAME_NOT_KNOWN
)
529 static int inquiry_cache_dump(struct hci_dev
*hdev
, int num
, __u8
*buf
)
531 struct discovery_state
*cache
= &hdev
->discovery
;
532 struct inquiry_info
*info
= (struct inquiry_info
*) buf
;
533 struct inquiry_entry
*e
;
536 list_for_each_entry(e
, &cache
->all
, all
) {
537 struct inquiry_data
*data
= &e
->data
;
542 bacpy(&info
->bdaddr
, &data
->bdaddr
);
543 info
->pscan_rep_mode
= data
->pscan_rep_mode
;
544 info
->pscan_period_mode
= data
->pscan_period_mode
;
545 info
->pscan_mode
= data
->pscan_mode
;
546 memcpy(info
->dev_class
, data
->dev_class
, 3);
547 info
->clock_offset
= data
->clock_offset
;
553 BT_DBG("cache %p, copied %d", cache
, copied
);
557 static void hci_inq_req(struct hci_dev
*hdev
, unsigned long opt
)
559 struct hci_inquiry_req
*ir
= (struct hci_inquiry_req
*) opt
;
560 struct hci_cp_inquiry cp
;
562 BT_DBG("%s", hdev
->name
);
564 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
568 memcpy(&cp
.lap
, &ir
->lap
, 3);
569 cp
.length
= ir
->length
;
570 cp
.num_rsp
= ir
->num_rsp
;
571 hci_send_cmd(hdev
, HCI_OP_INQUIRY
, sizeof(cp
), &cp
);
574 int hci_inquiry(void __user
*arg
)
576 __u8 __user
*ptr
= arg
;
577 struct hci_inquiry_req ir
;
578 struct hci_dev
*hdev
;
579 int err
= 0, do_inquiry
= 0, max_rsp
;
583 if (copy_from_user(&ir
, ptr
, sizeof(ir
)))
586 hdev
= hci_dev_get(ir
.dev_id
);
591 if (inquiry_cache_age(hdev
) > INQUIRY_CACHE_AGE_MAX
||
592 inquiry_cache_empty(hdev
) ||
593 ir
.flags
& IREQ_CACHE_FLUSH
) {
594 inquiry_cache_flush(hdev
);
597 hci_dev_unlock(hdev
);
599 timeo
= ir
.length
* msecs_to_jiffies(2000);
602 err
= hci_request(hdev
, hci_inq_req
, (unsigned long)&ir
, timeo
);
607 /* for unlimited number of responses we will use buffer with 255 entries */
608 max_rsp
= (ir
.num_rsp
== 0) ? 255 : ir
.num_rsp
;
610 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
611 * copy it to the user space.
613 buf
= kmalloc(sizeof(struct inquiry_info
) * max_rsp
, GFP_KERNEL
);
620 ir
.num_rsp
= inquiry_cache_dump(hdev
, max_rsp
, buf
);
621 hci_dev_unlock(hdev
);
623 BT_DBG("num_rsp %d", ir
.num_rsp
);
625 if (!copy_to_user(ptr
, &ir
, sizeof(ir
))) {
627 if (copy_to_user(ptr
, buf
, sizeof(struct inquiry_info
) *
640 /* ---- HCI ioctl helpers ---- */
642 int hci_dev_open(__u16 dev
)
644 struct hci_dev
*hdev
;
647 hdev
= hci_dev_get(dev
);
651 BT_DBG("%s %p", hdev
->name
, hdev
);
655 if (hdev
->rfkill
&& rfkill_blocked(hdev
->rfkill
)) {
660 if (test_bit(HCI_UP
, &hdev
->flags
)) {
665 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
))
666 set_bit(HCI_RAW
, &hdev
->flags
);
668 /* Treat all non BR/EDR controllers as raw devices if
669 enable_hs is not set */
670 if (hdev
->dev_type
!= HCI_BREDR
&& !enable_hs
)
671 set_bit(HCI_RAW
, &hdev
->flags
);
673 if (hdev
->open(hdev
)) {
678 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
679 atomic_set(&hdev
->cmd_cnt
, 1);
680 set_bit(HCI_INIT
, &hdev
->flags
);
681 hdev
->init_last_cmd
= 0;
683 ret
= __hci_request(hdev
, hci_init_req
, 0,
684 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
686 if (lmp_host_le_capable(hdev
))
687 ret
= __hci_request(hdev
, hci_le_init_req
, 0,
688 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
690 clear_bit(HCI_INIT
, &hdev
->flags
);
695 set_bit(HCI_UP
, &hdev
->flags
);
696 hci_notify(hdev
, HCI_DEV_UP
);
697 if (!test_bit(HCI_SETUP
, &hdev
->dev_flags
)) {
699 mgmt_powered(hdev
, 1);
700 hci_dev_unlock(hdev
);
703 /* Init failed, cleanup */
704 flush_work(&hdev
->tx_work
);
705 flush_work(&hdev
->cmd_work
);
706 flush_work(&hdev
->rx_work
);
708 skb_queue_purge(&hdev
->cmd_q
);
709 skb_queue_purge(&hdev
->rx_q
);
714 if (hdev
->sent_cmd
) {
715 kfree_skb(hdev
->sent_cmd
);
716 hdev
->sent_cmd
= NULL
;
724 hci_req_unlock(hdev
);
729 static int hci_dev_do_close(struct hci_dev
*hdev
)
731 BT_DBG("%s %p", hdev
->name
, hdev
);
733 hci_req_cancel(hdev
, ENODEV
);
736 if (!test_and_clear_bit(HCI_UP
, &hdev
->flags
)) {
737 del_timer_sync(&hdev
->cmd_timer
);
738 hci_req_unlock(hdev
);
742 /* Flush RX and TX works */
743 flush_work(&hdev
->tx_work
);
744 flush_work(&hdev
->rx_work
);
746 if (hdev
->discov_timeout
> 0) {
747 cancel_delayed_work(&hdev
->discov_off
);
748 hdev
->discov_timeout
= 0;
751 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
))
752 cancel_delayed_work(&hdev
->power_off
);
754 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
755 cancel_delayed_work(&hdev
->service_cache
);
758 inquiry_cache_flush(hdev
);
759 hci_conn_hash_flush(hdev
);
760 hci_dev_unlock(hdev
);
762 hci_notify(hdev
, HCI_DEV_DOWN
);
768 skb_queue_purge(&hdev
->cmd_q
);
769 atomic_set(&hdev
->cmd_cnt
, 1);
770 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
771 set_bit(HCI_INIT
, &hdev
->flags
);
772 __hci_request(hdev
, hci_reset_req
, 0,
773 msecs_to_jiffies(250));
774 clear_bit(HCI_INIT
, &hdev
->flags
);
778 flush_work(&hdev
->cmd_work
);
781 skb_queue_purge(&hdev
->rx_q
);
782 skb_queue_purge(&hdev
->cmd_q
);
783 skb_queue_purge(&hdev
->raw_q
);
785 /* Drop last sent command */
786 if (hdev
->sent_cmd
) {
787 del_timer_sync(&hdev
->cmd_timer
);
788 kfree_skb(hdev
->sent_cmd
);
789 hdev
->sent_cmd
= NULL
;
792 /* After this point our queues are empty
793 * and no tasks are scheduled. */
797 mgmt_powered(hdev
, 0);
798 hci_dev_unlock(hdev
);
803 hci_req_unlock(hdev
);
809 int hci_dev_close(__u16 dev
)
811 struct hci_dev
*hdev
;
814 hdev
= hci_dev_get(dev
);
817 err
= hci_dev_do_close(hdev
);
822 int hci_dev_reset(__u16 dev
)
824 struct hci_dev
*hdev
;
827 hdev
= hci_dev_get(dev
);
833 if (!test_bit(HCI_UP
, &hdev
->flags
))
837 skb_queue_purge(&hdev
->rx_q
);
838 skb_queue_purge(&hdev
->cmd_q
);
841 inquiry_cache_flush(hdev
);
842 hci_conn_hash_flush(hdev
);
843 hci_dev_unlock(hdev
);
848 atomic_set(&hdev
->cmd_cnt
, 1);
849 hdev
->acl_cnt
= 0; hdev
->sco_cnt
= 0; hdev
->le_cnt
= 0;
851 if (!test_bit(HCI_RAW
, &hdev
->flags
))
852 ret
= __hci_request(hdev
, hci_reset_req
, 0,
853 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
856 hci_req_unlock(hdev
);
861 int hci_dev_reset_stat(__u16 dev
)
863 struct hci_dev
*hdev
;
866 hdev
= hci_dev_get(dev
);
870 memset(&hdev
->stat
, 0, sizeof(struct hci_dev_stats
));
877 int hci_dev_cmd(unsigned int cmd
, void __user
*arg
)
879 struct hci_dev
*hdev
;
880 struct hci_dev_req dr
;
883 if (copy_from_user(&dr
, arg
, sizeof(dr
)))
886 hdev
= hci_dev_get(dr
.dev_id
);
892 err
= hci_request(hdev
, hci_auth_req
, dr
.dev_opt
,
893 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
897 if (!lmp_encrypt_capable(hdev
)) {
902 if (!test_bit(HCI_AUTH
, &hdev
->flags
)) {
903 /* Auth must be enabled first */
904 err
= hci_request(hdev
, hci_auth_req
, dr
.dev_opt
,
905 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
910 err
= hci_request(hdev
, hci_encrypt_req
, dr
.dev_opt
,
911 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
915 err
= hci_request(hdev
, hci_scan_req
, dr
.dev_opt
,
916 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
920 err
= hci_request(hdev
, hci_linkpol_req
, dr
.dev_opt
,
921 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
925 hdev
->link_mode
= ((__u16
) dr
.dev_opt
) &
926 (HCI_LM_MASTER
| HCI_LM_ACCEPT
);
930 hdev
->pkt_type
= (__u16
) dr
.dev_opt
;
934 hdev
->acl_mtu
= *((__u16
*) &dr
.dev_opt
+ 1);
935 hdev
->acl_pkts
= *((__u16
*) &dr
.dev_opt
+ 0);
939 hdev
->sco_mtu
= *((__u16
*) &dr
.dev_opt
+ 1);
940 hdev
->sco_pkts
= *((__u16
*) &dr
.dev_opt
+ 0);
952 int hci_get_dev_list(void __user
*arg
)
954 struct hci_dev
*hdev
;
955 struct hci_dev_list_req
*dl
;
956 struct hci_dev_req
*dr
;
957 int n
= 0, size
, err
;
960 if (get_user(dev_num
, (__u16 __user
*) arg
))
963 if (!dev_num
|| dev_num
> (PAGE_SIZE
* 2) / sizeof(*dr
))
966 size
= sizeof(*dl
) + dev_num
* sizeof(*dr
);
968 dl
= kzalloc(size
, GFP_KERNEL
);
974 read_lock(&hci_dev_list_lock
);
975 list_for_each_entry(hdev
, &hci_dev_list
, list
) {
976 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
))
977 cancel_delayed_work(&hdev
->power_off
);
979 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
980 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
982 (dr
+ n
)->dev_id
= hdev
->id
;
983 (dr
+ n
)->dev_opt
= hdev
->flags
;
988 read_unlock(&hci_dev_list_lock
);
991 size
= sizeof(*dl
) + n
* sizeof(*dr
);
993 err
= copy_to_user(arg
, dl
, size
);
996 return err
? -EFAULT
: 0;
999 int hci_get_dev_info(void __user
*arg
)
1001 struct hci_dev
*hdev
;
1002 struct hci_dev_info di
;
1005 if (copy_from_user(&di
, arg
, sizeof(di
)))
1008 hdev
= hci_dev_get(di
.dev_id
);
1012 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
))
1013 cancel_delayed_work_sync(&hdev
->power_off
);
1015 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1016 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1018 strcpy(di
.name
, hdev
->name
);
1019 di
.bdaddr
= hdev
->bdaddr
;
1020 di
.type
= (hdev
->bus
& 0x0f) | (hdev
->dev_type
<< 4);
1021 di
.flags
= hdev
->flags
;
1022 di
.pkt_type
= hdev
->pkt_type
;
1023 di
.acl_mtu
= hdev
->acl_mtu
;
1024 di
.acl_pkts
= hdev
->acl_pkts
;
1025 di
.sco_mtu
= hdev
->sco_mtu
;
1026 di
.sco_pkts
= hdev
->sco_pkts
;
1027 di
.link_policy
= hdev
->link_policy
;
1028 di
.link_mode
= hdev
->link_mode
;
1030 memcpy(&di
.stat
, &hdev
->stat
, sizeof(di
.stat
));
1031 memcpy(&di
.features
, &hdev
->features
, sizeof(di
.features
));
1033 if (copy_to_user(arg
, &di
, sizeof(di
)))
1041 /* ---- Interface to HCI drivers ---- */
1043 static int hci_rfkill_set_block(void *data
, bool blocked
)
1045 struct hci_dev
*hdev
= data
;
1047 BT_DBG("%p name %s blocked %d", hdev
, hdev
->name
, blocked
);
1052 hci_dev_do_close(hdev
);
1057 static const struct rfkill_ops hci_rfkill_ops
= {
1058 .set_block
= hci_rfkill_set_block
,
1061 /* Alloc HCI device */
1062 struct hci_dev
*hci_alloc_dev(void)
1064 struct hci_dev
*hdev
;
1066 hdev
= kzalloc(sizeof(struct hci_dev
), GFP_KERNEL
);
1070 hci_init_sysfs(hdev
);
1071 skb_queue_head_init(&hdev
->driver_init
);
1075 EXPORT_SYMBOL(hci_alloc_dev
);
1077 /* Free HCI device */
1078 void hci_free_dev(struct hci_dev
*hdev
)
1080 skb_queue_purge(&hdev
->driver_init
);
1082 /* will free via device release */
1083 put_device(&hdev
->dev
);
1085 EXPORT_SYMBOL(hci_free_dev
);
1087 static void hci_power_on(struct work_struct
*work
)
1089 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, power_on
);
1091 BT_DBG("%s", hdev
->name
);
1093 if (hci_dev_open(hdev
->id
) < 0)
1096 if (test_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
))
1097 schedule_delayed_work(&hdev
->power_off
,
1098 msecs_to_jiffies(AUTO_OFF_TIMEOUT
));
1100 if (test_and_clear_bit(HCI_SETUP
, &hdev
->dev_flags
))
1101 mgmt_index_added(hdev
);
1104 static void hci_power_off(struct work_struct
*work
)
1106 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
1109 BT_DBG("%s", hdev
->name
);
1111 clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
);
1113 hci_dev_close(hdev
->id
);
1116 static void hci_discov_off(struct work_struct
*work
)
1118 struct hci_dev
*hdev
;
1119 u8 scan
= SCAN_PAGE
;
1121 hdev
= container_of(work
, struct hci_dev
, discov_off
.work
);
1123 BT_DBG("%s", hdev
->name
);
1127 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, sizeof(scan
), &scan
);
1129 hdev
->discov_timeout
= 0;
1131 hci_dev_unlock(hdev
);
1134 int hci_uuids_clear(struct hci_dev
*hdev
)
1136 struct list_head
*p
, *n
;
1138 list_for_each_safe(p
, n
, &hdev
->uuids
) {
1139 struct bt_uuid
*uuid
;
1141 uuid
= list_entry(p
, struct bt_uuid
, list
);
1150 int hci_link_keys_clear(struct hci_dev
*hdev
)
1152 struct list_head
*p
, *n
;
1154 list_for_each_safe(p
, n
, &hdev
->link_keys
) {
1155 struct link_key
*key
;
1157 key
= list_entry(p
, struct link_key
, list
);
1166 int hci_smp_ltks_clear(struct hci_dev
*hdev
)
1168 struct smp_ltk
*k
, *tmp
;
1170 list_for_each_entry_safe(k
, tmp
, &hdev
->long_term_keys
, list
) {
1178 struct link_key
*hci_find_link_key(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1182 list_for_each_entry(k
, &hdev
->link_keys
, list
)
1183 if (bacmp(bdaddr
, &k
->bdaddr
) == 0)
1189 static int hci_persistent_key(struct hci_dev
*hdev
, struct hci_conn
*conn
,
1190 u8 key_type
, u8 old_key_type
)
1193 if (key_type
< 0x03)
1196 /* Debug keys are insecure so don't store them persistently */
1197 if (key_type
== HCI_LK_DEBUG_COMBINATION
)
1200 /* Changed combination key and there's no previous one */
1201 if (key_type
== HCI_LK_CHANGED_COMBINATION
&& old_key_type
== 0xff)
1204 /* Security mode 3 case */
1208 /* Neither local nor remote side had no-bonding as requirement */
1209 if (conn
->auth_type
> 0x01 && conn
->remote_auth
> 0x01)
1212 /* Local side had dedicated bonding as requirement */
1213 if (conn
->auth_type
== 0x02 || conn
->auth_type
== 0x03)
1216 /* Remote side had dedicated bonding as requirement */
1217 if (conn
->remote_auth
== 0x02 || conn
->remote_auth
== 0x03)
1220 /* If none of the above criteria match, then don't store the key
1225 struct link_key
*hci_find_ltk(struct hci_dev
*hdev
, __le16 ediv
, u8 rand
[8])
1229 list_for_each_entry(k
, &hdev
->link_keys
, list
) {
1230 struct key_master_id
*id
;
1232 if (k
->type
!= HCI_LK_SMP_LTK
)
1235 if (k
->dlen
!= sizeof(*id
))
1238 id
= (void *) &k
->data
;
1239 if (id
->ediv
== ediv
&&
1240 (memcmp(rand
, id
->rand
, sizeof(id
->rand
)) == 0))
1246 EXPORT_SYMBOL(hci_find_ltk
);
1248 struct link_key
*hci_find_link_key_type(struct hci_dev
*hdev
,
1249 bdaddr_t
*bdaddr
, u8 type
)
1253 list_for_each_entry(k
, &hdev
->link_keys
, list
)
1254 if (k
->type
== type
&& bacmp(bdaddr
, &k
->bdaddr
) == 0)
1259 EXPORT_SYMBOL(hci_find_link_key_type
);
1261 int hci_add_link_key(struct hci_dev
*hdev
, struct hci_conn
*conn
, int new_key
,
1262 bdaddr_t
*bdaddr
, u8
*val
, u8 type
, u8 pin_len
)
1264 struct link_key
*key
, *old_key
;
1265 u8 old_key_type
, persistent
;
1267 old_key
= hci_find_link_key(hdev
, bdaddr
);
1269 old_key_type
= old_key
->type
;
1272 old_key_type
= conn
? conn
->key_type
: 0xff;
1273 key
= kzalloc(sizeof(*key
), GFP_ATOMIC
);
1276 list_add(&key
->list
, &hdev
->link_keys
);
1279 BT_DBG("%s key for %s type %u", hdev
->name
, batostr(bdaddr
), type
);
1281 /* Some buggy controller combinations generate a changed
1282 * combination key for legacy pairing even when there's no
1284 if (type
== HCI_LK_CHANGED_COMBINATION
&&
1285 (!conn
|| conn
->remote_auth
== 0xff) &&
1286 old_key_type
== 0xff) {
1287 type
= HCI_LK_COMBINATION
;
1289 conn
->key_type
= type
;
1292 bacpy(&key
->bdaddr
, bdaddr
);
1293 memcpy(key
->val
, val
, 16);
1294 key
->pin_len
= pin_len
;
1296 if (type
== HCI_LK_CHANGED_COMBINATION
)
1297 key
->type
= old_key_type
;
1304 persistent
= hci_persistent_key(hdev
, conn
, type
, old_key_type
);
1306 mgmt_new_link_key(hdev
, key
, persistent
);
1309 list_del(&key
->list
);
1316 int hci_add_ltk(struct hci_dev
*hdev
, int new_key
, bdaddr_t
*bdaddr
,
1317 u8 key_size
, __le16 ediv
, u8 rand
[8], u8 ltk
[16])
1319 struct link_key
*key
, *old_key
;
1320 struct key_master_id
*id
;
1323 BT_DBG("%s addr %s", hdev
->name
, batostr(bdaddr
));
1325 old_key
= hci_find_link_key_type(hdev
, bdaddr
, HCI_LK_SMP_LTK
);
1328 old_key_type
= old_key
->type
;
1330 key
= kzalloc(sizeof(*key
) + sizeof(*id
), GFP_ATOMIC
);
1333 list_add(&key
->list
, &hdev
->link_keys
);
1334 old_key_type
= 0xff;
1337 key
->dlen
= sizeof(*id
);
1339 bacpy(&key
->bdaddr
, bdaddr
);
1340 memcpy(key
->val
, ltk
, sizeof(key
->val
));
1341 key
->type
= HCI_LK_SMP_LTK
;
1342 key
->pin_len
= key_size
;
1344 id
= (void *) &key
->data
;
1346 memcpy(id
->rand
, rand
, sizeof(id
->rand
));
1349 mgmt_new_link_key(hdev
, key
, old_key_type
);
1354 int hci_remove_link_key(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1356 struct link_key
*key
;
1358 key
= hci_find_link_key(hdev
, bdaddr
);
1362 BT_DBG("%s removing %s", hdev
->name
, batostr(bdaddr
));
1364 list_del(&key
->list
);
1370 int hci_remove_ltk(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1372 struct smp_ltk
*k
, *tmp
;
1374 list_for_each_entry_safe(k
, tmp
, &hdev
->long_term_keys
, list
) {
1375 if (bacmp(bdaddr
, &k
->bdaddr
))
1378 BT_DBG("%s removing %s", hdev
->name
, batostr(bdaddr
));
1387 /* HCI command timer function */
1388 static void hci_cmd_timer(unsigned long arg
)
1390 struct hci_dev
*hdev
= (void *) arg
;
1392 BT_ERR("%s command tx timeout", hdev
->name
);
1393 atomic_set(&hdev
->cmd_cnt
, 1);
1394 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
1397 struct oob_data
*hci_find_remote_oob_data(struct hci_dev
*hdev
,
1400 struct oob_data
*data
;
1402 list_for_each_entry(data
, &hdev
->remote_oob_data
, list
)
1403 if (bacmp(bdaddr
, &data
->bdaddr
) == 0)
1409 int hci_remove_remote_oob_data(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1411 struct oob_data
*data
;
1413 data
= hci_find_remote_oob_data(hdev
, bdaddr
);
1417 BT_DBG("%s removing %s", hdev
->name
, batostr(bdaddr
));
1419 list_del(&data
->list
);
1425 int hci_remote_oob_data_clear(struct hci_dev
*hdev
)
1427 struct oob_data
*data
, *n
;
1429 list_for_each_entry_safe(data
, n
, &hdev
->remote_oob_data
, list
) {
1430 list_del(&data
->list
);
1437 int hci_add_remote_oob_data(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8
*hash
,
1440 struct oob_data
*data
;
1442 data
= hci_find_remote_oob_data(hdev
, bdaddr
);
1445 data
= kmalloc(sizeof(*data
), GFP_ATOMIC
);
1449 bacpy(&data
->bdaddr
, bdaddr
);
1450 list_add(&data
->list
, &hdev
->remote_oob_data
);
1453 memcpy(data
->hash
, hash
, sizeof(data
->hash
));
1454 memcpy(data
->randomizer
, randomizer
, sizeof(data
->randomizer
));
1456 BT_DBG("%s for %s", hdev
->name
, batostr(bdaddr
));
1461 struct bdaddr_list
*hci_blacklist_lookup(struct hci_dev
*hdev
,
1464 struct bdaddr_list
*b
;
1466 list_for_each_entry(b
, &hdev
->blacklist
, list
)
1467 if (bacmp(bdaddr
, &b
->bdaddr
) == 0)
1473 int hci_blacklist_clear(struct hci_dev
*hdev
)
1475 struct list_head
*p
, *n
;
1477 list_for_each_safe(p
, n
, &hdev
->blacklist
) {
1478 struct bdaddr_list
*b
;
1480 b
= list_entry(p
, struct bdaddr_list
, list
);
1489 int hci_blacklist_add(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1491 struct bdaddr_list
*entry
;
1493 if (bacmp(bdaddr
, BDADDR_ANY
) == 0)
1496 if (hci_blacklist_lookup(hdev
, bdaddr
))
1499 entry
= kzalloc(sizeof(struct bdaddr_list
), GFP_KERNEL
);
1503 bacpy(&entry
->bdaddr
, bdaddr
);
1505 list_add(&entry
->list
, &hdev
->blacklist
);
1507 return mgmt_device_blocked(hdev
, bdaddr
);
1510 int hci_blacklist_del(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1512 struct bdaddr_list
*entry
;
1514 if (bacmp(bdaddr
, BDADDR_ANY
) == 0)
1515 return hci_blacklist_clear(hdev
);
1517 entry
= hci_blacklist_lookup(hdev
, bdaddr
);
1521 list_del(&entry
->list
);
1524 return mgmt_device_unblocked(hdev
, bdaddr
);
1527 static void hci_clear_adv_cache(struct work_struct
*work
)
1529 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
1534 hci_adv_entries_clear(hdev
);
1536 hci_dev_unlock(hdev
);
1539 int hci_adv_entries_clear(struct hci_dev
*hdev
)
1541 struct adv_entry
*entry
, *tmp
;
1543 list_for_each_entry_safe(entry
, tmp
, &hdev
->adv_entries
, list
) {
1544 list_del(&entry
->list
);
1548 BT_DBG("%s adv cache cleared", hdev
->name
);
1553 struct adv_entry
*hci_find_adv_entry(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1555 struct adv_entry
*entry
;
1557 list_for_each_entry(entry
, &hdev
->adv_entries
, list
)
1558 if (bacmp(bdaddr
, &entry
->bdaddr
) == 0)
1564 static inline int is_connectable_adv(u8 evt_type
)
1566 if (evt_type
== ADV_IND
|| evt_type
== ADV_DIRECT_IND
)
1572 int hci_add_adv_entry(struct hci_dev
*hdev
,
1573 struct hci_ev_le_advertising_info
*ev
)
1575 struct adv_entry
*entry
;
1577 if (!is_connectable_adv(ev
->evt_type
))
1580 /* Only new entries should be added to adv_entries. So, if
1581 * bdaddr was found, don't add it. */
1582 if (hci_find_adv_entry(hdev
, &ev
->bdaddr
))
1585 entry
= kzalloc(sizeof(*entry
), GFP_KERNEL
);
1589 bacpy(&entry
->bdaddr
, &ev
->bdaddr
);
1590 entry
->bdaddr_type
= ev
->bdaddr_type
;
1592 list_add(&entry
->list
, &hdev
->adv_entries
);
1594 BT_DBG("%s adv entry added: address %s type %u", hdev
->name
,
1595 batostr(&entry
->bdaddr
), entry
->bdaddr_type
);
1600 /* Register HCI device */
1601 int hci_register_dev(struct hci_dev
*hdev
)
1603 struct list_head
*head
= &hci_dev_list
, *p
;
1606 BT_DBG("%p name %s bus %d", hdev
, hdev
->name
, hdev
->bus
);
1608 if (!hdev
->open
|| !hdev
->close
)
1611 /* Do not allow HCI_AMP devices to register at index 0,
1612 * so the index can be used as the AMP controller ID.
1614 id
= (hdev
->dev_type
== HCI_BREDR
) ? 0 : 1;
1616 write_lock(&hci_dev_list_lock
);
1618 /* Find first available device id */
1619 list_for_each(p
, &hci_dev_list
) {
1620 if (list_entry(p
, struct hci_dev
, list
)->id
!= id
)
1625 sprintf(hdev
->name
, "hci%d", id
);
1627 list_add_tail(&hdev
->list
, head
);
1629 mutex_init(&hdev
->lock
);
1632 hdev
->dev_flags
= 0;
1633 hdev
->pkt_type
= (HCI_DM1
| HCI_DH1
| HCI_HV1
);
1634 hdev
->esco_type
= (ESCO_HV1
);
1635 hdev
->link_mode
= (HCI_LM_ACCEPT
);
1636 hdev
->io_capability
= 0x03; /* No Input No Output */
1638 hdev
->idle_timeout
= 0;
1639 hdev
->sniff_max_interval
= 800;
1640 hdev
->sniff_min_interval
= 80;
1642 INIT_WORK(&hdev
->rx_work
, hci_rx_work
);
1643 INIT_WORK(&hdev
->cmd_work
, hci_cmd_work
);
1644 INIT_WORK(&hdev
->tx_work
, hci_tx_work
);
1647 skb_queue_head_init(&hdev
->rx_q
);
1648 skb_queue_head_init(&hdev
->cmd_q
);
1649 skb_queue_head_init(&hdev
->raw_q
);
1651 setup_timer(&hdev
->cmd_timer
, hci_cmd_timer
, (unsigned long) hdev
);
1653 for (i
= 0; i
< NUM_REASSEMBLY
; i
++)
1654 hdev
->reassembly
[i
] = NULL
;
1656 init_waitqueue_head(&hdev
->req_wait_q
);
1657 mutex_init(&hdev
->req_lock
);
1659 discovery_init(hdev
);
1661 hci_conn_hash_init(hdev
);
1663 INIT_LIST_HEAD(&hdev
->mgmt_pending
);
1665 INIT_LIST_HEAD(&hdev
->blacklist
);
1667 INIT_LIST_HEAD(&hdev
->uuids
);
1669 INIT_LIST_HEAD(&hdev
->link_keys
);
1670 INIT_LIST_HEAD(&hdev
->long_term_keys
);
1672 INIT_LIST_HEAD(&hdev
->remote_oob_data
);
1674 INIT_LIST_HEAD(&hdev
->adv_entries
);
1676 INIT_DELAYED_WORK(&hdev
->adv_work
, hci_clear_adv_cache
);
1677 INIT_WORK(&hdev
->power_on
, hci_power_on
);
1678 INIT_DELAYED_WORK(&hdev
->power_off
, hci_power_off
);
1680 INIT_DELAYED_WORK(&hdev
->discov_off
, hci_discov_off
);
1682 memset(&hdev
->stat
, 0, sizeof(struct hci_dev_stats
));
1684 atomic_set(&hdev
->promisc
, 0);
1686 write_unlock(&hci_dev_list_lock
);
1688 hdev
->workqueue
= alloc_workqueue(hdev
->name
, WQ_HIGHPRI
| WQ_UNBOUND
|
1690 if (!hdev
->workqueue
) {
1695 error
= hci_add_sysfs(hdev
);
1699 hdev
->rfkill
= rfkill_alloc(hdev
->name
, &hdev
->dev
,
1700 RFKILL_TYPE_BLUETOOTH
, &hci_rfkill_ops
, hdev
);
1702 if (rfkill_register(hdev
->rfkill
) < 0) {
1703 rfkill_destroy(hdev
->rfkill
);
1704 hdev
->rfkill
= NULL
;
1708 set_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
);
1709 set_bit(HCI_SETUP
, &hdev
->dev_flags
);
1710 schedule_work(&hdev
->power_on
);
1712 hci_notify(hdev
, HCI_DEV_REG
);
1718 destroy_workqueue(hdev
->workqueue
);
1720 write_lock(&hci_dev_list_lock
);
1721 list_del(&hdev
->list
);
1722 write_unlock(&hci_dev_list_lock
);
1726 EXPORT_SYMBOL(hci_register_dev
);
1728 /* Unregister HCI device */
1729 void hci_unregister_dev(struct hci_dev
*hdev
)
1733 BT_DBG("%p name %s bus %d", hdev
, hdev
->name
, hdev
->bus
);
1735 write_lock(&hci_dev_list_lock
);
1736 list_del(&hdev
->list
);
1737 write_unlock(&hci_dev_list_lock
);
1739 hci_dev_do_close(hdev
);
1741 for (i
= 0; i
< NUM_REASSEMBLY
; i
++)
1742 kfree_skb(hdev
->reassembly
[i
]);
1744 if (!test_bit(HCI_INIT
, &hdev
->flags
) &&
1745 !test_bit(HCI_SETUP
, &hdev
->dev_flags
)) {
1747 mgmt_index_removed(hdev
);
1748 hci_dev_unlock(hdev
);
1751 /* mgmt_index_removed should take care of emptying the
1753 BUG_ON(!list_empty(&hdev
->mgmt_pending
));
1755 hci_notify(hdev
, HCI_DEV_UNREG
);
1758 rfkill_unregister(hdev
->rfkill
);
1759 rfkill_destroy(hdev
->rfkill
);
1762 hci_del_sysfs(hdev
);
1764 cancel_delayed_work_sync(&hdev
->adv_work
);
1766 destroy_workqueue(hdev
->workqueue
);
1769 hci_blacklist_clear(hdev
);
1770 hci_uuids_clear(hdev
);
1771 hci_link_keys_clear(hdev
);
1772 hci_smp_ltks_clear(hdev
);
1773 hci_remote_oob_data_clear(hdev
);
1774 hci_adv_entries_clear(hdev
);
1775 hci_dev_unlock(hdev
);
1779 EXPORT_SYMBOL(hci_unregister_dev
);
1781 /* Suspend HCI device */
1782 int hci_suspend_dev(struct hci_dev
*hdev
)
1784 hci_notify(hdev
, HCI_DEV_SUSPEND
);
1787 EXPORT_SYMBOL(hci_suspend_dev
);
1789 /* Resume HCI device */
1790 int hci_resume_dev(struct hci_dev
*hdev
)
1792 hci_notify(hdev
, HCI_DEV_RESUME
);
1795 EXPORT_SYMBOL(hci_resume_dev
);
1797 /* Receive frame from HCI drivers */
1798 int hci_recv_frame(struct sk_buff
*skb
)
1800 struct hci_dev
*hdev
= (struct hci_dev
*) skb
->dev
;
1801 if (!hdev
|| (!test_bit(HCI_UP
, &hdev
->flags
)
1802 && !test_bit(HCI_INIT
, &hdev
->flags
))) {
1808 bt_cb(skb
)->incoming
= 1;
1811 __net_timestamp(skb
);
1813 skb_queue_tail(&hdev
->rx_q
, skb
);
1814 queue_work(hdev
->workqueue
, &hdev
->rx_work
);
1818 EXPORT_SYMBOL(hci_recv_frame
);
1820 static int hci_reassembly(struct hci_dev
*hdev
, int type
, void *data
,
1821 int count
, __u8 index
)
1826 struct sk_buff
*skb
;
1827 struct bt_skb_cb
*scb
;
1829 if ((type
< HCI_ACLDATA_PKT
|| type
> HCI_EVENT_PKT
) ||
1830 index
>= NUM_REASSEMBLY
)
1833 skb
= hdev
->reassembly
[index
];
1837 case HCI_ACLDATA_PKT
:
1838 len
= HCI_MAX_FRAME_SIZE
;
1839 hlen
= HCI_ACL_HDR_SIZE
;
1842 len
= HCI_MAX_EVENT_SIZE
;
1843 hlen
= HCI_EVENT_HDR_SIZE
;
1845 case HCI_SCODATA_PKT
:
1846 len
= HCI_MAX_SCO_SIZE
;
1847 hlen
= HCI_SCO_HDR_SIZE
;
1851 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
1855 scb
= (void *) skb
->cb
;
1857 scb
->pkt_type
= type
;
1859 skb
->dev
= (void *) hdev
;
1860 hdev
->reassembly
[index
] = skb
;
1864 scb
= (void *) skb
->cb
;
1865 len
= min(scb
->expect
, (__u16
)count
);
1867 memcpy(skb_put(skb
, len
), data
, len
);
1876 if (skb
->len
== HCI_EVENT_HDR_SIZE
) {
1877 struct hci_event_hdr
*h
= hci_event_hdr(skb
);
1878 scb
->expect
= h
->plen
;
1880 if (skb_tailroom(skb
) < scb
->expect
) {
1882 hdev
->reassembly
[index
] = NULL
;
1888 case HCI_ACLDATA_PKT
:
1889 if (skb
->len
== HCI_ACL_HDR_SIZE
) {
1890 struct hci_acl_hdr
*h
= hci_acl_hdr(skb
);
1891 scb
->expect
= __le16_to_cpu(h
->dlen
);
1893 if (skb_tailroom(skb
) < scb
->expect
) {
1895 hdev
->reassembly
[index
] = NULL
;
1901 case HCI_SCODATA_PKT
:
1902 if (skb
->len
== HCI_SCO_HDR_SIZE
) {
1903 struct hci_sco_hdr
*h
= hci_sco_hdr(skb
);
1904 scb
->expect
= h
->dlen
;
1906 if (skb_tailroom(skb
) < scb
->expect
) {
1908 hdev
->reassembly
[index
] = NULL
;
1915 if (scb
->expect
== 0) {
1916 /* Complete frame */
1918 bt_cb(skb
)->pkt_type
= type
;
1919 hci_recv_frame(skb
);
1921 hdev
->reassembly
[index
] = NULL
;
1929 int hci_recv_fragment(struct hci_dev
*hdev
, int type
, void *data
, int count
)
1933 if (type
< HCI_ACLDATA_PKT
|| type
> HCI_EVENT_PKT
)
1937 rem
= hci_reassembly(hdev
, type
, data
, count
, type
- 1);
1941 data
+= (count
- rem
);
1947 EXPORT_SYMBOL(hci_recv_fragment
);
1949 #define STREAM_REASSEMBLY 0
1951 int hci_recv_stream_fragment(struct hci_dev
*hdev
, void *data
, int count
)
1957 struct sk_buff
*skb
= hdev
->reassembly
[STREAM_REASSEMBLY
];
1960 struct { char type
; } *pkt
;
1962 /* Start of the frame */
1969 type
= bt_cb(skb
)->pkt_type
;
1971 rem
= hci_reassembly(hdev
, type
, data
, count
,
1976 data
+= (count
- rem
);
1982 EXPORT_SYMBOL(hci_recv_stream_fragment
);
1984 /* ---- Interface to upper protocols ---- */
1986 int hci_register_cb(struct hci_cb
*cb
)
1988 BT_DBG("%p name %s", cb
, cb
->name
);
1990 write_lock(&hci_cb_list_lock
);
1991 list_add(&cb
->list
, &hci_cb_list
);
1992 write_unlock(&hci_cb_list_lock
);
1996 EXPORT_SYMBOL(hci_register_cb
);
1998 int hci_unregister_cb(struct hci_cb
*cb
)
2000 BT_DBG("%p name %s", cb
, cb
->name
);
2002 write_lock(&hci_cb_list_lock
);
2003 list_del(&cb
->list
);
2004 write_unlock(&hci_cb_list_lock
);
2008 EXPORT_SYMBOL(hci_unregister_cb
);
2010 static int hci_send_frame(struct sk_buff
*skb
)
2012 struct hci_dev
*hdev
= (struct hci_dev
*) skb
->dev
;
2019 BT_DBG("%s type %d len %d", hdev
->name
, bt_cb(skb
)->pkt_type
, skb
->len
);
2021 if (atomic_read(&hdev
->promisc
)) {
2023 __net_timestamp(skb
);
2025 hci_send_to_sock(hdev
, skb
, NULL
);
2028 /* Get rid of skb owner, prior to sending to the driver. */
2031 return hdev
->send(skb
);
2034 /* Send HCI command */
2035 int hci_send_cmd(struct hci_dev
*hdev
, __u16 opcode
, __u32 plen
, void *param
)
2037 int len
= HCI_COMMAND_HDR_SIZE
+ plen
;
2038 struct hci_command_hdr
*hdr
;
2039 struct sk_buff
*skb
;
2041 BT_DBG("%s opcode 0x%x plen %d", hdev
->name
, opcode
, plen
);
2043 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
2045 BT_ERR("%s no memory for command", hdev
->name
);
2049 hdr
= (struct hci_command_hdr
*) skb_put(skb
, HCI_COMMAND_HDR_SIZE
);
2050 hdr
->opcode
= cpu_to_le16(opcode
);
2054 memcpy(skb_put(skb
, plen
), param
, plen
);
2056 BT_DBG("skb len %d", skb
->len
);
2058 bt_cb(skb
)->pkt_type
= HCI_COMMAND_PKT
;
2059 skb
->dev
= (void *) hdev
;
2061 if (test_bit(HCI_INIT
, &hdev
->flags
))
2062 hdev
->init_last_cmd
= opcode
;
2064 skb_queue_tail(&hdev
->cmd_q
, skb
);
2065 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2070 /* Get data from the previously sent command */
2071 void *hci_sent_cmd_data(struct hci_dev
*hdev
, __u16 opcode
)
2073 struct hci_command_hdr
*hdr
;
2075 if (!hdev
->sent_cmd
)
2078 hdr
= (void *) hdev
->sent_cmd
->data
;
2080 if (hdr
->opcode
!= cpu_to_le16(opcode
))
2083 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
2085 return hdev
->sent_cmd
->data
+ HCI_COMMAND_HDR_SIZE
;
2089 static void hci_add_acl_hdr(struct sk_buff
*skb
, __u16 handle
, __u16 flags
)
2091 struct hci_acl_hdr
*hdr
;
2094 skb_push(skb
, HCI_ACL_HDR_SIZE
);
2095 skb_reset_transport_header(skb
);
2096 hdr
= (struct hci_acl_hdr
*)skb_transport_header(skb
);
2097 hdr
->handle
= cpu_to_le16(hci_handle_pack(handle
, flags
));
2098 hdr
->dlen
= cpu_to_le16(len
);
2101 static void hci_queue_acl(struct hci_conn
*conn
, struct sk_buff_head
*queue
,
2102 struct sk_buff
*skb
, __u16 flags
)
2104 struct hci_dev
*hdev
= conn
->hdev
;
2105 struct sk_buff
*list
;
2107 list
= skb_shinfo(skb
)->frag_list
;
2109 /* Non fragmented */
2110 BT_DBG("%s nonfrag skb %p len %d", hdev
->name
, skb
, skb
->len
);
2112 skb_queue_tail(queue
, skb
);
2115 BT_DBG("%s frag %p len %d", hdev
->name
, skb
, skb
->len
);
2117 skb_shinfo(skb
)->frag_list
= NULL
;
2119 /* Queue all fragments atomically */
2120 spin_lock(&queue
->lock
);
2122 __skb_queue_tail(queue
, skb
);
2124 flags
&= ~ACL_START
;
2127 skb
= list
; list
= list
->next
;
2129 skb
->dev
= (void *) hdev
;
2130 bt_cb(skb
)->pkt_type
= HCI_ACLDATA_PKT
;
2131 hci_add_acl_hdr(skb
, conn
->handle
, flags
);
2133 BT_DBG("%s frag %p len %d", hdev
->name
, skb
, skb
->len
);
2135 __skb_queue_tail(queue
, skb
);
2138 spin_unlock(&queue
->lock
);
2142 void hci_send_acl(struct hci_chan
*chan
, struct sk_buff
*skb
, __u16 flags
)
2144 struct hci_conn
*conn
= chan
->conn
;
2145 struct hci_dev
*hdev
= conn
->hdev
;
2147 BT_DBG("%s chan %p flags 0x%x", hdev
->name
, chan
, flags
);
2149 skb
->dev
= (void *) hdev
;
2150 bt_cb(skb
)->pkt_type
= HCI_ACLDATA_PKT
;
2151 hci_add_acl_hdr(skb
, conn
->handle
, flags
);
2153 hci_queue_acl(conn
, &chan
->data_q
, skb
, flags
);
2155 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2157 EXPORT_SYMBOL(hci_send_acl
);
2160 void hci_send_sco(struct hci_conn
*conn
, struct sk_buff
*skb
)
2162 struct hci_dev
*hdev
= conn
->hdev
;
2163 struct hci_sco_hdr hdr
;
2165 BT_DBG("%s len %d", hdev
->name
, skb
->len
);
2167 hdr
.handle
= cpu_to_le16(conn
->handle
);
2168 hdr
.dlen
= skb
->len
;
2170 skb_push(skb
, HCI_SCO_HDR_SIZE
);
2171 skb_reset_transport_header(skb
);
2172 memcpy(skb_transport_header(skb
), &hdr
, HCI_SCO_HDR_SIZE
);
2174 skb
->dev
= (void *) hdev
;
2175 bt_cb(skb
)->pkt_type
= HCI_SCODATA_PKT
;
2177 skb_queue_tail(&conn
->data_q
, skb
);
2178 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2180 EXPORT_SYMBOL(hci_send_sco
);
2182 /* ---- HCI TX task (outgoing data) ---- */
2184 /* HCI Connection scheduler */
2185 static inline struct hci_conn
*hci_low_sent(struct hci_dev
*hdev
, __u8 type
, int *quote
)
2187 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2188 struct hci_conn
*conn
= NULL
, *c
;
2189 int num
= 0, min
= ~0;
2191 /* We don't have to lock device here. Connections are always
2192 * added and removed with TX task disabled. */
2196 list_for_each_entry_rcu(c
, &h
->list
, list
) {
2197 if (c
->type
!= type
|| skb_queue_empty(&c
->data_q
))
2200 if (c
->state
!= BT_CONNECTED
&& c
->state
!= BT_CONFIG
)
2205 if (c
->sent
< min
) {
2210 if (hci_conn_num(hdev
, type
) == num
)
2219 switch (conn
->type
) {
2221 cnt
= hdev
->acl_cnt
;
2225 cnt
= hdev
->sco_cnt
;
2228 cnt
= hdev
->le_mtu
? hdev
->le_cnt
: hdev
->acl_cnt
;
2232 BT_ERR("Unknown link type");
2240 BT_DBG("conn %p quote %d", conn
, *quote
);
2244 static inline void hci_link_tx_to(struct hci_dev
*hdev
, __u8 type
)
2246 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2249 BT_ERR("%s link tx timeout", hdev
->name
);
2253 /* Kill stalled connections */
2254 list_for_each_entry_rcu(c
, &h
->list
, list
) {
2255 if (c
->type
== type
&& c
->sent
) {
2256 BT_ERR("%s killing stalled connection %s",
2257 hdev
->name
, batostr(&c
->dst
));
2258 hci_acl_disconn(c
, 0x13);
2265 static inline struct hci_chan
*hci_chan_sent(struct hci_dev
*hdev
, __u8 type
,
2268 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2269 struct hci_chan
*chan
= NULL
;
2270 int num
= 0, min
= ~0, cur_prio
= 0;
2271 struct hci_conn
*conn
;
2272 int cnt
, q
, conn_num
= 0;
2274 BT_DBG("%s", hdev
->name
);
2278 list_for_each_entry_rcu(conn
, &h
->list
, list
) {
2279 struct hci_chan
*tmp
;
2281 if (conn
->type
!= type
)
2284 if (conn
->state
!= BT_CONNECTED
&& conn
->state
!= BT_CONFIG
)
2289 list_for_each_entry_rcu(tmp
, &conn
->chan_list
, list
) {
2290 struct sk_buff
*skb
;
2292 if (skb_queue_empty(&tmp
->data_q
))
2295 skb
= skb_peek(&tmp
->data_q
);
2296 if (skb
->priority
< cur_prio
)
2299 if (skb
->priority
> cur_prio
) {
2302 cur_prio
= skb
->priority
;
2307 if (conn
->sent
< min
) {
2313 if (hci_conn_num(hdev
, type
) == conn_num
)
2322 switch (chan
->conn
->type
) {
2324 cnt
= hdev
->acl_cnt
;
2328 cnt
= hdev
->sco_cnt
;
2331 cnt
= hdev
->le_mtu
? hdev
->le_cnt
: hdev
->acl_cnt
;
2335 BT_ERR("Unknown link type");
2340 BT_DBG("chan %p quote %d", chan
, *quote
);
2344 static void hci_prio_recalculate(struct hci_dev
*hdev
, __u8 type
)
2346 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2347 struct hci_conn
*conn
;
2350 BT_DBG("%s", hdev
->name
);
2354 list_for_each_entry_rcu(conn
, &h
->list
, list
) {
2355 struct hci_chan
*chan
;
2357 if (conn
->type
!= type
)
2360 if (conn
->state
!= BT_CONNECTED
&& conn
->state
!= BT_CONFIG
)
2365 list_for_each_entry_rcu(chan
, &conn
->chan_list
, list
) {
2366 struct sk_buff
*skb
;
2373 if (skb_queue_empty(&chan
->data_q
))
2376 skb
= skb_peek(&chan
->data_q
);
2377 if (skb
->priority
>= HCI_PRIO_MAX
- 1)
2380 skb
->priority
= HCI_PRIO_MAX
- 1;
2382 BT_DBG("chan %p skb %p promoted to %d", chan
, skb
,
2386 if (hci_conn_num(hdev
, type
) == num
)
2394 static inline void hci_sched_acl(struct hci_dev
*hdev
)
2396 struct hci_chan
*chan
;
2397 struct sk_buff
*skb
;
2401 BT_DBG("%s", hdev
->name
);
2403 if (!hci_conn_num(hdev
, ACL_LINK
))
2406 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
2407 /* ACL tx timeout must be longer than maximum
2408 * link supervision timeout (40.9 seconds) */
2409 if (!hdev
->acl_cnt
&& time_after(jiffies
, hdev
->acl_last_tx
+
2410 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT
)))
2411 hci_link_tx_to(hdev
, ACL_LINK
);
2414 cnt
= hdev
->acl_cnt
;
2416 while (hdev
->acl_cnt
&&
2417 (chan
= hci_chan_sent(hdev
, ACL_LINK
, "e
))) {
2418 u32 priority
= (skb_peek(&chan
->data_q
))->priority
;
2419 while (quote
-- && (skb
= skb_peek(&chan
->data_q
))) {
2420 BT_DBG("chan %p skb %p len %d priority %u", chan
, skb
,
2421 skb
->len
, skb
->priority
);
2423 /* Stop if priority has changed */
2424 if (skb
->priority
< priority
)
2427 skb
= skb_dequeue(&chan
->data_q
);
2429 hci_conn_enter_active_mode(chan
->conn
,
2430 bt_cb(skb
)->force_active
);
2432 hci_send_frame(skb
);
2433 hdev
->acl_last_tx
= jiffies
;
2441 if (cnt
!= hdev
->acl_cnt
)
2442 hci_prio_recalculate(hdev
, ACL_LINK
);
2446 static inline void hci_sched_sco(struct hci_dev
*hdev
)
2448 struct hci_conn
*conn
;
2449 struct sk_buff
*skb
;
2452 BT_DBG("%s", hdev
->name
);
2454 if (!hci_conn_num(hdev
, SCO_LINK
))
2457 while (hdev
->sco_cnt
&& (conn
= hci_low_sent(hdev
, SCO_LINK
, "e
))) {
2458 while (quote
-- && (skb
= skb_dequeue(&conn
->data_q
))) {
2459 BT_DBG("skb %p len %d", skb
, skb
->len
);
2460 hci_send_frame(skb
);
2463 if (conn
->sent
== ~0)
2469 static inline void hci_sched_esco(struct hci_dev
*hdev
)
2471 struct hci_conn
*conn
;
2472 struct sk_buff
*skb
;
2475 BT_DBG("%s", hdev
->name
);
2477 if (!hci_conn_num(hdev
, ESCO_LINK
))
2480 while (hdev
->sco_cnt
&& (conn
= hci_low_sent(hdev
, ESCO_LINK
, "e
))) {
2481 while (quote
-- && (skb
= skb_dequeue(&conn
->data_q
))) {
2482 BT_DBG("skb %p len %d", skb
, skb
->len
);
2483 hci_send_frame(skb
);
2486 if (conn
->sent
== ~0)
2492 static inline void hci_sched_le(struct hci_dev
*hdev
)
2494 struct hci_chan
*chan
;
2495 struct sk_buff
*skb
;
2496 int quote
, cnt
, tmp
;
2498 BT_DBG("%s", hdev
->name
);
2500 if (!hci_conn_num(hdev
, LE_LINK
))
2503 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
2504 /* LE tx timeout must be longer than maximum
2505 * link supervision timeout (40.9 seconds) */
2506 if (!hdev
->le_cnt
&& hdev
->le_pkts
&&
2507 time_after(jiffies
, hdev
->le_last_tx
+ HZ
* 45))
2508 hci_link_tx_to(hdev
, LE_LINK
);
2511 cnt
= hdev
->le_pkts
? hdev
->le_cnt
: hdev
->acl_cnt
;
2513 while (cnt
&& (chan
= hci_chan_sent(hdev
, LE_LINK
, "e
))) {
2514 u32 priority
= (skb_peek(&chan
->data_q
))->priority
;
2515 while (quote
-- && (skb
= skb_peek(&chan
->data_q
))) {
2516 BT_DBG("chan %p skb %p len %d priority %u", chan
, skb
,
2517 skb
->len
, skb
->priority
);
2519 /* Stop if priority has changed */
2520 if (skb
->priority
< priority
)
2523 skb
= skb_dequeue(&chan
->data_q
);
2525 hci_send_frame(skb
);
2526 hdev
->le_last_tx
= jiffies
;
2537 hdev
->acl_cnt
= cnt
;
2540 hci_prio_recalculate(hdev
, LE_LINK
);
2543 static void hci_tx_work(struct work_struct
*work
)
2545 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, tx_work
);
2546 struct sk_buff
*skb
;
2548 BT_DBG("%s acl %d sco %d le %d", hdev
->name
, hdev
->acl_cnt
,
2549 hdev
->sco_cnt
, hdev
->le_cnt
);
2551 /* Schedule queues and send stuff to HCI driver */
2553 hci_sched_acl(hdev
);
2555 hci_sched_sco(hdev
);
2557 hci_sched_esco(hdev
);
2561 /* Send next queued raw (unknown type) packet */
2562 while ((skb
= skb_dequeue(&hdev
->raw_q
)))
2563 hci_send_frame(skb
);
2566 /* ----- HCI RX task (incoming data processing) ----- */
2568 /* ACL data packet */
2569 static inline void hci_acldata_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2571 struct hci_acl_hdr
*hdr
= (void *) skb
->data
;
2572 struct hci_conn
*conn
;
2573 __u16 handle
, flags
;
2575 skb_pull(skb
, HCI_ACL_HDR_SIZE
);
2577 handle
= __le16_to_cpu(hdr
->handle
);
2578 flags
= hci_flags(handle
);
2579 handle
= hci_handle(handle
);
2581 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev
->name
, skb
->len
, handle
, flags
);
2583 hdev
->stat
.acl_rx
++;
2586 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2587 hci_dev_unlock(hdev
);
2590 hci_conn_enter_active_mode(conn
, BT_POWER_FORCE_ACTIVE_OFF
);
2592 /* Send to upper protocol */
2593 l2cap_recv_acldata(conn
, skb
, flags
);
2596 BT_ERR("%s ACL packet for unknown connection handle %d",
2597 hdev
->name
, handle
);
2603 /* SCO data packet */
2604 static inline void hci_scodata_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2606 struct hci_sco_hdr
*hdr
= (void *) skb
->data
;
2607 struct hci_conn
*conn
;
2610 skb_pull(skb
, HCI_SCO_HDR_SIZE
);
2612 handle
= __le16_to_cpu(hdr
->handle
);
2614 BT_DBG("%s len %d handle 0x%x", hdev
->name
, skb
->len
, handle
);
2616 hdev
->stat
.sco_rx
++;
2619 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2620 hci_dev_unlock(hdev
);
2623 /* Send to upper protocol */
2624 sco_recv_scodata(conn
, skb
);
2627 BT_ERR("%s SCO packet for unknown connection handle %d",
2628 hdev
->name
, handle
);
2634 static void hci_rx_work(struct work_struct
*work
)
2636 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, rx_work
);
2637 struct sk_buff
*skb
;
2639 BT_DBG("%s", hdev
->name
);
2641 while ((skb
= skb_dequeue(&hdev
->rx_q
))) {
2642 if (atomic_read(&hdev
->promisc
)) {
2643 /* Send copy to the sockets */
2644 hci_send_to_sock(hdev
, skb
, NULL
);
2647 if (test_bit(HCI_RAW
, &hdev
->flags
)) {
2652 if (test_bit(HCI_INIT
, &hdev
->flags
)) {
2653 /* Don't process data packets in this states. */
2654 switch (bt_cb(skb
)->pkt_type
) {
2655 case HCI_ACLDATA_PKT
:
2656 case HCI_SCODATA_PKT
:
2663 switch (bt_cb(skb
)->pkt_type
) {
2665 BT_DBG("%s Event packet", hdev
->name
);
2666 hci_event_packet(hdev
, skb
);
2669 case HCI_ACLDATA_PKT
:
2670 BT_DBG("%s ACL data packet", hdev
->name
);
2671 hci_acldata_packet(hdev
, skb
);
2674 case HCI_SCODATA_PKT
:
2675 BT_DBG("%s SCO data packet", hdev
->name
);
2676 hci_scodata_packet(hdev
, skb
);
2686 static void hci_cmd_work(struct work_struct
*work
)
2688 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, cmd_work
);
2689 struct sk_buff
*skb
;
2691 BT_DBG("%s cmd %d", hdev
->name
, atomic_read(&hdev
->cmd_cnt
));
2693 /* Send queued commands */
2694 if (atomic_read(&hdev
->cmd_cnt
)) {
2695 skb
= skb_dequeue(&hdev
->cmd_q
);
2699 kfree_skb(hdev
->sent_cmd
);
2701 hdev
->sent_cmd
= skb_clone(skb
, GFP_ATOMIC
);
2702 if (hdev
->sent_cmd
) {
2703 atomic_dec(&hdev
->cmd_cnt
);
2704 hci_send_frame(skb
);
2705 if (test_bit(HCI_RESET
, &hdev
->flags
))
2706 del_timer(&hdev
->cmd_timer
);
2708 mod_timer(&hdev
->cmd_timer
,
2709 jiffies
+ msecs_to_jiffies(HCI_CMD_TIMEOUT
));
2711 skb_queue_head(&hdev
->cmd_q
, skb
);
2712 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2717 int hci_do_inquiry(struct hci_dev
*hdev
, u8 length
)
2719 /* General inquiry access code (GIAC) */
2720 u8 lap
[3] = { 0x33, 0x8b, 0x9e };
2721 struct hci_cp_inquiry cp
;
2723 BT_DBG("%s", hdev
->name
);
2725 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
2726 return -EINPROGRESS
;
2728 inquiry_cache_flush(hdev
);
2730 memset(&cp
, 0, sizeof(cp
));
2731 memcpy(&cp
.lap
, lap
, sizeof(cp
.lap
));
2734 return hci_send_cmd(hdev
, HCI_OP_INQUIRY
, sizeof(cp
), &cp
);
2737 int hci_cancel_inquiry(struct hci_dev
*hdev
)
2739 BT_DBG("%s", hdev
->name
);
2741 if (!test_bit(HCI_INQUIRY
, &hdev
->flags
))
2744 return hci_send_cmd(hdev
, HCI_OP_INQUIRY_CANCEL
, 0, NULL
);
2747 module_param(enable_hs
, bool, 0644);
2748 MODULE_PARM_DESC(enable_hs
, "Enable High Speed");
projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob