2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
31 #include <linux/rfkill.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
36 static void hci_rx_work(struct work_struct
*work
);
37 static void hci_cmd_work(struct work_struct
*work
);
38 static void hci_tx_work(struct work_struct
*work
);
41 LIST_HEAD(hci_dev_list
);
42 DEFINE_RWLOCK(hci_dev_list_lock
);
44 /* HCI callback list */
45 LIST_HEAD(hci_cb_list
);
46 DEFINE_RWLOCK(hci_cb_list_lock
);
48 /* HCI ID Numbering */
49 static DEFINE_IDA(hci_index_ida
);
51 /* ---- HCI notifications ---- */
53 static void hci_notify(struct hci_dev
*hdev
, int event
)
55 hci_sock_dev_event(hdev
, event
);
58 /* ---- HCI requests ---- */
60 static void hci_req_sync_complete(struct hci_dev
*hdev
, u8 result
)
62 BT_DBG("%s result 0x%2.2x", hdev
->name
, result
);
64 if (hdev
->req_status
== HCI_REQ_PEND
) {
65 hdev
->req_result
= result
;
66 hdev
->req_status
= HCI_REQ_DONE
;
67 wake_up_interruptible(&hdev
->req_wait_q
);
71 static void hci_req_cancel(struct hci_dev
*hdev
, int err
)
73 BT_DBG("%s err 0x%2.2x", hdev
->name
, err
);
75 if (hdev
->req_status
== HCI_REQ_PEND
) {
76 hdev
->req_result
= err
;
77 hdev
->req_status
= HCI_REQ_CANCELED
;
78 wake_up_interruptible(&hdev
->req_wait_q
);
82 struct sk_buff
*hci_get_cmd_complete(struct hci_dev
*hdev
, u16 opcode
, u8 event
)
84 struct hci_ev_cmd_complete
*ev
;
85 struct hci_event_hdr
*hdr
;
91 hdev
->recv_evt
= NULL
;
96 return ERR_PTR(-ENODATA
);
98 if (skb
->len
< sizeof(*hdr
)) {
99 BT_ERR("Too short HCI event");
103 hdr
= (void *) skb
->data
;
104 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
107 if (hdr
->evt
!= event
)
112 if (hdr
->evt
!= HCI_EV_CMD_COMPLETE
) {
113 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr
->evt
);
117 if (skb
->len
< sizeof(*ev
)) {
118 BT_ERR("Too short cmd_complete event");
122 ev
= (void *) skb
->data
;
123 skb_pull(skb
, sizeof(*ev
));
125 if (opcode
== __le16_to_cpu(ev
->opcode
))
128 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode
,
129 __le16_to_cpu(ev
->opcode
));
133 return ERR_PTR(-ENODATA
);
136 struct sk_buff
*__hci_cmd_sync_ev(struct hci_dev
*hdev
, u16 opcode
, u32 plen
,
137 const void *param
, u8 event
, u32 timeout
)
139 DECLARE_WAITQUEUE(wait
, current
);
140 struct hci_request req
;
143 BT_DBG("%s", hdev
->name
);
145 hci_req_init(&req
, hdev
);
147 hci_req_add_ev(&req
, opcode
, plen
, param
, event
);
149 hdev
->req_status
= HCI_REQ_PEND
;
151 err
= hci_req_run(&req
, hci_req_sync_complete
);
155 add_wait_queue(&hdev
->req_wait_q
, &wait
);
156 set_current_state(TASK_INTERRUPTIBLE
);
158 schedule_timeout(timeout
);
160 remove_wait_queue(&hdev
->req_wait_q
, &wait
);
162 if (signal_pending(current
))
163 return ERR_PTR(-EINTR
);
165 switch (hdev
->req_status
) {
167 err
= -bt_to_errno(hdev
->req_result
);
170 case HCI_REQ_CANCELED
:
171 err
= -hdev
->req_result
;
179 hdev
->req_status
= hdev
->req_result
= 0;
181 BT_DBG("%s end: err %d", hdev
->name
, err
);
186 return hci_get_cmd_complete(hdev
, opcode
, event
);
188 EXPORT_SYMBOL(__hci_cmd_sync_ev
);
190 struct sk_buff
*__hci_cmd_sync(struct hci_dev
*hdev
, u16 opcode
, u32 plen
,
191 const void *param
, u32 timeout
)
193 return __hci_cmd_sync_ev(hdev
, opcode
, plen
, param
, 0, timeout
);
195 EXPORT_SYMBOL(__hci_cmd_sync
);
197 /* Execute request and wait for completion. */
198 static int __hci_req_sync(struct hci_dev
*hdev
,
199 void (*func
)(struct hci_request
*req
,
201 unsigned long opt
, __u32 timeout
)
203 struct hci_request req
;
204 DECLARE_WAITQUEUE(wait
, current
);
207 BT_DBG("%s start", hdev
->name
);
209 hci_req_init(&req
, hdev
);
211 hdev
->req_status
= HCI_REQ_PEND
;
215 err
= hci_req_run(&req
, hci_req_sync_complete
);
217 hdev
->req_status
= 0;
219 /* ENODATA means the HCI request command queue is empty.
220 * This can happen when a request with conditionals doesn't
221 * trigger any commands to be sent. This is normal behavior
222 * and should not trigger an error return.
230 add_wait_queue(&hdev
->req_wait_q
, &wait
);
231 set_current_state(TASK_INTERRUPTIBLE
);
233 schedule_timeout(timeout
);
235 remove_wait_queue(&hdev
->req_wait_q
, &wait
);
237 if (signal_pending(current
))
240 switch (hdev
->req_status
) {
242 err
= -bt_to_errno(hdev
->req_result
);
245 case HCI_REQ_CANCELED
:
246 err
= -hdev
->req_result
;
254 hdev
->req_status
= hdev
->req_result
= 0;
256 BT_DBG("%s end: err %d", hdev
->name
, err
);
261 static int hci_req_sync(struct hci_dev
*hdev
,
262 void (*req
)(struct hci_request
*req
,
264 unsigned long opt
, __u32 timeout
)
268 if (!test_bit(HCI_UP
, &hdev
->flags
))
271 /* Serialize all requests */
273 ret
= __hci_req_sync(hdev
, req
, opt
, timeout
);
274 hci_req_unlock(hdev
);
279 static void hci_reset_req(struct hci_request
*req
, unsigned long opt
)
281 BT_DBG("%s %ld", req
->hdev
->name
, opt
);
284 set_bit(HCI_RESET
, &req
->hdev
->flags
);
285 hci_req_add(req
, HCI_OP_RESET
, 0, NULL
);
288 static void bredr_init(struct hci_request
*req
)
290 req
->hdev
->flow_ctl_mode
= HCI_FLOW_CTL_MODE_PACKET_BASED
;
292 /* Read Local Supported Features */
293 hci_req_add(req
, HCI_OP_READ_LOCAL_FEATURES
, 0, NULL
);
295 /* Read Local Version */
296 hci_req_add(req
, HCI_OP_READ_LOCAL_VERSION
, 0, NULL
);
298 /* Read BD Address */
299 hci_req_add(req
, HCI_OP_READ_BD_ADDR
, 0, NULL
);
302 static void amp_init(struct hci_request
*req
)
304 req
->hdev
->flow_ctl_mode
= HCI_FLOW_CTL_MODE_BLOCK_BASED
;
306 /* Read Local Version */
307 hci_req_add(req
, HCI_OP_READ_LOCAL_VERSION
, 0, NULL
);
309 /* Read Local AMP Info */
310 hci_req_add(req
, HCI_OP_READ_LOCAL_AMP_INFO
, 0, NULL
);
312 /* Read Data Blk size */
313 hci_req_add(req
, HCI_OP_READ_DATA_BLOCK_SIZE
, 0, NULL
);
316 static void hci_init1_req(struct hci_request
*req
, unsigned long opt
)
318 struct hci_dev
*hdev
= req
->hdev
;
320 BT_DBG("%s %ld", hdev
->name
, opt
);
323 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
))
324 hci_reset_req(req
, 0);
326 switch (hdev
->dev_type
) {
336 BT_ERR("Unknown device type %d", hdev
->dev_type
);
341 static void bredr_setup(struct hci_request
*req
)
343 struct hci_cp_delete_stored_link_key cp
;
347 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
348 hci_req_add(req
, HCI_OP_READ_BUFFER_SIZE
, 0, NULL
);
350 /* Read Class of Device */
351 hci_req_add(req
, HCI_OP_READ_CLASS_OF_DEV
, 0, NULL
);
353 /* Read Local Name */
354 hci_req_add(req
, HCI_OP_READ_LOCAL_NAME
, 0, NULL
);
356 /* Read Voice Setting */
357 hci_req_add(req
, HCI_OP_READ_VOICE_SETTING
, 0, NULL
);
359 /* Clear Event Filters */
360 flt_type
= HCI_FLT_CLEAR_ALL
;
361 hci_req_add(req
, HCI_OP_SET_EVENT_FLT
, 1, &flt_type
);
363 /* Connection accept timeout ~20 secs */
364 param
= __constant_cpu_to_le16(0x7d00);
365 hci_req_add(req
, HCI_OP_WRITE_CA_TIMEOUT
, 2, ¶m
);
367 bacpy(&cp
.bdaddr
, BDADDR_ANY
);
368 cp
.delete_all
= 0x01;
369 hci_req_add(req
, HCI_OP_DELETE_STORED_LINK_KEY
, sizeof(cp
), &cp
);
371 /* Read page scan parameters */
372 if (req
->hdev
->hci_ver
> BLUETOOTH_VER_1_1
) {
373 hci_req_add(req
, HCI_OP_READ_PAGE_SCAN_ACTIVITY
, 0, NULL
);
374 hci_req_add(req
, HCI_OP_READ_PAGE_SCAN_TYPE
, 0, NULL
);
378 static void le_setup(struct hci_request
*req
)
380 /* Read LE Buffer Size */
381 hci_req_add(req
, HCI_OP_LE_READ_BUFFER_SIZE
, 0, NULL
);
383 /* Read LE Local Supported Features */
384 hci_req_add(req
, HCI_OP_LE_READ_LOCAL_FEATURES
, 0, NULL
);
386 /* Read LE Advertising Channel TX Power */
387 hci_req_add(req
, HCI_OP_LE_READ_ADV_TX_POWER
, 0, NULL
);
389 /* Read LE White List Size */
390 hci_req_add(req
, HCI_OP_LE_READ_WHITE_LIST_SIZE
, 0, NULL
);
392 /* Read LE Supported States */
393 hci_req_add(req
, HCI_OP_LE_READ_SUPPORTED_STATES
, 0, NULL
);
396 static u8
hci_get_inquiry_mode(struct hci_dev
*hdev
)
398 if (lmp_ext_inq_capable(hdev
))
401 if (lmp_inq_rssi_capable(hdev
))
404 if (hdev
->manufacturer
== 11 && hdev
->hci_rev
== 0x00 &&
405 hdev
->lmp_subver
== 0x0757)
408 if (hdev
->manufacturer
== 15) {
409 if (hdev
->hci_rev
== 0x03 && hdev
->lmp_subver
== 0x6963)
411 if (hdev
->hci_rev
== 0x09 && hdev
->lmp_subver
== 0x6963)
413 if (hdev
->hci_rev
== 0x00 && hdev
->lmp_subver
== 0x6965)
417 if (hdev
->manufacturer
== 31 && hdev
->hci_rev
== 0x2005 &&
418 hdev
->lmp_subver
== 0x1805)
424 static void hci_setup_inquiry_mode(struct hci_request
*req
)
428 mode
= hci_get_inquiry_mode(req
->hdev
);
430 hci_req_add(req
, HCI_OP_WRITE_INQUIRY_MODE
, 1, &mode
);
433 static void hci_setup_event_mask(struct hci_request
*req
)
435 struct hci_dev
*hdev
= req
->hdev
;
437 /* The second byte is 0xff instead of 0x9f (two reserved bits
438 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
441 u8 events
[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
443 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
444 * any event mask for pre 1.2 devices.
446 if (hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
449 if (lmp_bredr_capable(hdev
)) {
450 events
[4] |= 0x01; /* Flow Specification Complete */
451 events
[4] |= 0x02; /* Inquiry Result with RSSI */
452 events
[4] |= 0x04; /* Read Remote Extended Features Complete */
453 events
[5] |= 0x08; /* Synchronous Connection Complete */
454 events
[5] |= 0x10; /* Synchronous Connection Changed */
457 if (lmp_inq_rssi_capable(hdev
))
458 events
[4] |= 0x02; /* Inquiry Result with RSSI */
460 if (lmp_sniffsubr_capable(hdev
))
461 events
[5] |= 0x20; /* Sniff Subrating */
463 if (lmp_pause_enc_capable(hdev
))
464 events
[5] |= 0x80; /* Encryption Key Refresh Complete */
466 if (lmp_ext_inq_capable(hdev
))
467 events
[5] |= 0x40; /* Extended Inquiry Result */
469 if (lmp_no_flush_capable(hdev
))
470 events
[7] |= 0x01; /* Enhanced Flush Complete */
472 if (lmp_lsto_capable(hdev
))
473 events
[6] |= 0x80; /* Link Supervision Timeout Changed */
475 if (lmp_ssp_capable(hdev
)) {
476 events
[6] |= 0x01; /* IO Capability Request */
477 events
[6] |= 0x02; /* IO Capability Response */
478 events
[6] |= 0x04; /* User Confirmation Request */
479 events
[6] |= 0x08; /* User Passkey Request */
480 events
[6] |= 0x10; /* Remote OOB Data Request */
481 events
[6] |= 0x20; /* Simple Pairing Complete */
482 events
[7] |= 0x04; /* User Passkey Notification */
483 events
[7] |= 0x08; /* Keypress Notification */
484 events
[7] |= 0x10; /* Remote Host Supported
485 * Features Notification
489 if (lmp_le_capable(hdev
))
490 events
[7] |= 0x20; /* LE Meta-Event */
492 hci_req_add(req
, HCI_OP_SET_EVENT_MASK
, sizeof(events
), events
);
494 if (lmp_le_capable(hdev
)) {
495 memset(events
, 0, sizeof(events
));
497 hci_req_add(req
, HCI_OP_LE_SET_EVENT_MASK
,
498 sizeof(events
), events
);
502 static void hci_init2_req(struct hci_request
*req
, unsigned long opt
)
504 struct hci_dev
*hdev
= req
->hdev
;
506 if (lmp_bredr_capable(hdev
))
509 if (lmp_le_capable(hdev
))
512 hci_setup_event_mask(req
);
514 if (hdev
->hci_ver
> BLUETOOTH_VER_1_1
)
515 hci_req_add(req
, HCI_OP_READ_LOCAL_COMMANDS
, 0, NULL
);
517 if (lmp_ssp_capable(hdev
)) {
518 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
520 hci_req_add(req
, HCI_OP_WRITE_SSP_MODE
,
521 sizeof(mode
), &mode
);
523 struct hci_cp_write_eir cp
;
525 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
526 memset(&cp
, 0, sizeof(cp
));
528 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
532 if (lmp_inq_rssi_capable(hdev
))
533 hci_setup_inquiry_mode(req
);
535 if (lmp_inq_tx_pwr_capable(hdev
))
536 hci_req_add(req
, HCI_OP_READ_INQ_RSP_TX_POWER
, 0, NULL
);
538 if (lmp_ext_feat_capable(hdev
)) {
539 struct hci_cp_read_local_ext_features cp
;
542 hci_req_add(req
, HCI_OP_READ_LOCAL_EXT_FEATURES
,
546 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
)) {
548 hci_req_add(req
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(enable
),
553 static void hci_setup_link_policy(struct hci_request
*req
)
555 struct hci_dev
*hdev
= req
->hdev
;
556 struct hci_cp_write_def_link_policy cp
;
559 if (lmp_rswitch_capable(hdev
))
560 link_policy
|= HCI_LP_RSWITCH
;
561 if (lmp_hold_capable(hdev
))
562 link_policy
|= HCI_LP_HOLD
;
563 if (lmp_sniff_capable(hdev
))
564 link_policy
|= HCI_LP_SNIFF
;
565 if (lmp_park_capable(hdev
))
566 link_policy
|= HCI_LP_PARK
;
568 cp
.policy
= cpu_to_le16(link_policy
);
569 hci_req_add(req
, HCI_OP_WRITE_DEF_LINK_POLICY
, sizeof(cp
), &cp
);
572 static void hci_set_le_support(struct hci_request
*req
)
574 struct hci_dev
*hdev
= req
->hdev
;
575 struct hci_cp_write_le_host_supported cp
;
577 memset(&cp
, 0, sizeof(cp
));
579 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
581 cp
.simul
= lmp_le_br_capable(hdev
);
584 if (cp
.le
!= lmp_host_le_capable(hdev
))
585 hci_req_add(req
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(cp
),
589 static void hci_init3_req(struct hci_request
*req
, unsigned long opt
)
591 struct hci_dev
*hdev
= req
->hdev
;
594 if (hdev
->commands
[5] & 0x10)
595 hci_setup_link_policy(req
);
597 if (lmp_le_capable(hdev
)) {
598 hci_set_le_support(req
);
602 /* Read features beyond page 1 if available */
603 for (p
= 2; p
< HCI_MAX_PAGES
&& p
<= hdev
->max_page
; p
++) {
604 struct hci_cp_read_local_ext_features cp
;
607 hci_req_add(req
, HCI_OP_READ_LOCAL_EXT_FEATURES
,
612 static int __hci_init(struct hci_dev
*hdev
)
616 err
= __hci_req_sync(hdev
, hci_init1_req
, 0, HCI_INIT_TIMEOUT
);
620 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
621 * BR/EDR/LE type controllers. AMP controllers only need the
624 if (hdev
->dev_type
!= HCI_BREDR
)
627 err
= __hci_req_sync(hdev
, hci_init2_req
, 0, HCI_INIT_TIMEOUT
);
631 return __hci_req_sync(hdev
, hci_init3_req
, 0, HCI_INIT_TIMEOUT
);
634 static void hci_scan_req(struct hci_request
*req
, unsigned long opt
)
638 BT_DBG("%s %x", req
->hdev
->name
, scan
);
640 /* Inquiry and Page scans */
641 hci_req_add(req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
644 static void hci_auth_req(struct hci_request
*req
, unsigned long opt
)
648 BT_DBG("%s %x", req
->hdev
->name
, auth
);
651 hci_req_add(req
, HCI_OP_WRITE_AUTH_ENABLE
, 1, &auth
);
654 static void hci_encrypt_req(struct hci_request
*req
, unsigned long opt
)
658 BT_DBG("%s %x", req
->hdev
->name
, encrypt
);
661 hci_req_add(req
, HCI_OP_WRITE_ENCRYPT_MODE
, 1, &encrypt
);
664 static void hci_linkpol_req(struct hci_request
*req
, unsigned long opt
)
666 __le16 policy
= cpu_to_le16(opt
);
668 BT_DBG("%s %x", req
->hdev
->name
, policy
);
670 /* Default link policy */
671 hci_req_add(req
, HCI_OP_WRITE_DEF_LINK_POLICY
, 2, &policy
);
674 /* Get HCI device by index.
675 * Device is held on return. */
676 struct hci_dev
*hci_dev_get(int index
)
678 struct hci_dev
*hdev
= NULL
, *d
;
685 read_lock(&hci_dev_list_lock
);
686 list_for_each_entry(d
, &hci_dev_list
, list
) {
687 if (d
->id
== index
) {
688 hdev
= hci_dev_hold(d
);
692 read_unlock(&hci_dev_list_lock
);
696 /* ---- Inquiry support ---- */
698 bool hci_discovery_active(struct hci_dev
*hdev
)
700 struct discovery_state
*discov
= &hdev
->discovery
;
702 switch (discov
->state
) {
703 case DISCOVERY_FINDING
:
704 case DISCOVERY_RESOLVING
:
712 void hci_discovery_set_state(struct hci_dev
*hdev
, int state
)
714 BT_DBG("%s state %u -> %u", hdev
->name
, hdev
->discovery
.state
, state
);
716 if (hdev
->discovery
.state
== state
)
720 case DISCOVERY_STOPPED
:
721 if (hdev
->discovery
.state
!= DISCOVERY_STARTING
)
722 mgmt_discovering(hdev
, 0);
724 case DISCOVERY_STARTING
:
726 case DISCOVERY_FINDING
:
727 mgmt_discovering(hdev
, 1);
729 case DISCOVERY_RESOLVING
:
731 case DISCOVERY_STOPPING
:
735 hdev
->discovery
.state
= state
;
738 static void inquiry_cache_flush(struct hci_dev
*hdev
)
740 struct discovery_state
*cache
= &hdev
->discovery
;
741 struct inquiry_entry
*p
, *n
;
743 list_for_each_entry_safe(p
, n
, &cache
->all
, all
) {
748 INIT_LIST_HEAD(&cache
->unknown
);
749 INIT_LIST_HEAD(&cache
->resolve
);
752 struct inquiry_entry
*hci_inquiry_cache_lookup(struct hci_dev
*hdev
,
755 struct discovery_state
*cache
= &hdev
->discovery
;
756 struct inquiry_entry
*e
;
758 BT_DBG("cache %p, %pMR", cache
, bdaddr
);
760 list_for_each_entry(e
, &cache
->all
, all
) {
761 if (!bacmp(&e
->data
.bdaddr
, bdaddr
))
768 struct inquiry_entry
*hci_inquiry_cache_lookup_unknown(struct hci_dev
*hdev
,
771 struct discovery_state
*cache
= &hdev
->discovery
;
772 struct inquiry_entry
*e
;
774 BT_DBG("cache %p, %pMR", cache
, bdaddr
);
776 list_for_each_entry(e
, &cache
->unknown
, list
) {
777 if (!bacmp(&e
->data
.bdaddr
, bdaddr
))
784 struct inquiry_entry
*hci_inquiry_cache_lookup_resolve(struct hci_dev
*hdev
,
788 struct discovery_state
*cache
= &hdev
->discovery
;
789 struct inquiry_entry
*e
;
791 BT_DBG("cache %p bdaddr %pMR state %d", cache
, bdaddr
, state
);
793 list_for_each_entry(e
, &cache
->resolve
, list
) {
794 if (!bacmp(bdaddr
, BDADDR_ANY
) && e
->name_state
== state
)
796 if (!bacmp(&e
->data
.bdaddr
, bdaddr
))
803 void hci_inquiry_cache_update_resolve(struct hci_dev
*hdev
,
804 struct inquiry_entry
*ie
)
806 struct discovery_state
*cache
= &hdev
->discovery
;
807 struct list_head
*pos
= &cache
->resolve
;
808 struct inquiry_entry
*p
;
812 list_for_each_entry(p
, &cache
->resolve
, list
) {
813 if (p
->name_state
!= NAME_PENDING
&&
814 abs(p
->data
.rssi
) >= abs(ie
->data
.rssi
))
819 list_add(&ie
->list
, pos
);
822 bool hci_inquiry_cache_update(struct hci_dev
*hdev
, struct inquiry_data
*data
,
823 bool name_known
, bool *ssp
)
825 struct discovery_state
*cache
= &hdev
->discovery
;
826 struct inquiry_entry
*ie
;
828 BT_DBG("cache %p, %pMR", cache
, &data
->bdaddr
);
830 hci_remove_remote_oob_data(hdev
, &data
->bdaddr
);
833 *ssp
= data
->ssp_mode
;
835 ie
= hci_inquiry_cache_lookup(hdev
, &data
->bdaddr
);
837 if (ie
->data
.ssp_mode
&& ssp
)
840 if (ie
->name_state
== NAME_NEEDED
&&
841 data
->rssi
!= ie
->data
.rssi
) {
842 ie
->data
.rssi
= data
->rssi
;
843 hci_inquiry_cache_update_resolve(hdev
, ie
);
849 /* Entry not in the cache. Add new one. */
850 ie
= kzalloc(sizeof(struct inquiry_entry
), GFP_ATOMIC
);
854 list_add(&ie
->all
, &cache
->all
);
857 ie
->name_state
= NAME_KNOWN
;
859 ie
->name_state
= NAME_NOT_KNOWN
;
860 list_add(&ie
->list
, &cache
->unknown
);
864 if (name_known
&& ie
->name_state
!= NAME_KNOWN
&&
865 ie
->name_state
!= NAME_PENDING
) {
866 ie
->name_state
= NAME_KNOWN
;
870 memcpy(&ie
->data
, data
, sizeof(*data
));
871 ie
->timestamp
= jiffies
;
872 cache
->timestamp
= jiffies
;
874 if (ie
->name_state
== NAME_NOT_KNOWN
)
880 static int inquiry_cache_dump(struct hci_dev
*hdev
, int num
, __u8
*buf
)
882 struct discovery_state
*cache
= &hdev
->discovery
;
883 struct inquiry_info
*info
= (struct inquiry_info
*) buf
;
884 struct inquiry_entry
*e
;
887 list_for_each_entry(e
, &cache
->all
, all
) {
888 struct inquiry_data
*data
= &e
->data
;
893 bacpy(&info
->bdaddr
, &data
->bdaddr
);
894 info
->pscan_rep_mode
= data
->pscan_rep_mode
;
895 info
->pscan_period_mode
= data
->pscan_period_mode
;
896 info
->pscan_mode
= data
->pscan_mode
;
897 memcpy(info
->dev_class
, data
->dev_class
, 3);
898 info
->clock_offset
= data
->clock_offset
;
904 BT_DBG("cache %p, copied %d", cache
, copied
);
908 static void hci_inq_req(struct hci_request
*req
, unsigned long opt
)
910 struct hci_inquiry_req
*ir
= (struct hci_inquiry_req
*) opt
;
911 struct hci_dev
*hdev
= req
->hdev
;
912 struct hci_cp_inquiry cp
;
914 BT_DBG("%s", hdev
->name
);
916 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
920 memcpy(&cp
.lap
, &ir
->lap
, 3);
921 cp
.length
= ir
->length
;
922 cp
.num_rsp
= ir
->num_rsp
;
923 hci_req_add(req
, HCI_OP_INQUIRY
, sizeof(cp
), &cp
);
926 static int wait_inquiry(void *word
)
929 return signal_pending(current
);
932 int hci_inquiry(void __user
*arg
)
934 __u8 __user
*ptr
= arg
;
935 struct hci_inquiry_req ir
;
936 struct hci_dev
*hdev
;
937 int err
= 0, do_inquiry
= 0, max_rsp
;
941 if (copy_from_user(&ir
, ptr
, sizeof(ir
)))
944 hdev
= hci_dev_get(ir
.dev_id
);
949 if (inquiry_cache_age(hdev
) > INQUIRY_CACHE_AGE_MAX
||
950 inquiry_cache_empty(hdev
) || ir
.flags
& IREQ_CACHE_FLUSH
) {
951 inquiry_cache_flush(hdev
);
954 hci_dev_unlock(hdev
);
956 timeo
= ir
.length
* msecs_to_jiffies(2000);
959 err
= hci_req_sync(hdev
, hci_inq_req
, (unsigned long) &ir
,
964 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
965 * cleared). If it is interrupted by a signal, return -EINTR.
967 if (wait_on_bit(&hdev
->flags
, HCI_INQUIRY
, wait_inquiry
,
972 /* for unlimited number of responses we will use buffer with
975 max_rsp
= (ir
.num_rsp
== 0) ? 255 : ir
.num_rsp
;
977 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
978 * copy it to the user space.
980 buf
= kmalloc(sizeof(struct inquiry_info
) * max_rsp
, GFP_KERNEL
);
987 ir
.num_rsp
= inquiry_cache_dump(hdev
, max_rsp
, buf
);
988 hci_dev_unlock(hdev
);
990 BT_DBG("num_rsp %d", ir
.num_rsp
);
992 if (!copy_to_user(ptr
, &ir
, sizeof(ir
))) {
994 if (copy_to_user(ptr
, buf
, sizeof(struct inquiry_info
) *
1007 static u8
create_ad(struct hci_dev
*hdev
, u8
*ptr
)
1009 u8 ad_len
= 0, flags
= 0;
1012 if (test_bit(HCI_LE_PERIPHERAL
, &hdev
->dev_flags
))
1013 flags
|= LE_AD_GENERAL
;
1015 if (!lmp_bredr_capable(hdev
))
1016 flags
|= LE_AD_NO_BREDR
;
1018 if (lmp_le_br_capable(hdev
))
1019 flags
|= LE_AD_SIM_LE_BREDR_CTRL
;
1021 if (lmp_host_le_br_capable(hdev
))
1022 flags
|= LE_AD_SIM_LE_BREDR_HOST
;
1025 BT_DBG("adv flags 0x%02x", flags
);
1035 if (hdev
->adv_tx_power
!= HCI_TX_POWER_INVALID
) {
1037 ptr
[1] = EIR_TX_POWER
;
1038 ptr
[2] = (u8
) hdev
->adv_tx_power
;
1044 name_len
= strlen(hdev
->dev_name
);
1046 size_t max_len
= HCI_MAX_AD_LENGTH
- ad_len
- 2;
1048 if (name_len
> max_len
) {
1050 ptr
[1] = EIR_NAME_SHORT
;
1052 ptr
[1] = EIR_NAME_COMPLETE
;
1054 ptr
[0] = name_len
+ 1;
1056 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
1058 ad_len
+= (name_len
+ 2);
1059 ptr
+= (name_len
+ 2);
1065 void hci_update_ad(struct hci_request
*req
)
1067 struct hci_dev
*hdev
= req
->hdev
;
1068 struct hci_cp_le_set_adv_data cp
;
1071 if (!lmp_le_capable(hdev
))
1074 memset(&cp
, 0, sizeof(cp
));
1076 len
= create_ad(hdev
, cp
.data
);
1078 if (hdev
->adv_data_len
== len
&&
1079 memcmp(cp
.data
, hdev
->adv_data
, len
) == 0)
1082 memcpy(hdev
->adv_data
, cp
.data
, sizeof(cp
.data
));
1083 hdev
->adv_data_len
= len
;
1087 hci_req_add(req
, HCI_OP_LE_SET_ADV_DATA
, sizeof(cp
), &cp
);
1090 /* ---- HCI ioctl helpers ---- */
1092 int hci_dev_open(__u16 dev
)
1094 struct hci_dev
*hdev
;
1097 hdev
= hci_dev_get(dev
);
1101 BT_DBG("%s %p", hdev
->name
, hdev
);
1105 if (test_bit(HCI_UNREGISTER
, &hdev
->dev_flags
)) {
1110 if (hdev
->rfkill
&& rfkill_blocked(hdev
->rfkill
)) {
1115 if (test_bit(HCI_UP
, &hdev
->flags
)) {
1120 if (hdev
->open(hdev
)) {
1125 atomic_set(&hdev
->cmd_cnt
, 1);
1126 set_bit(HCI_INIT
, &hdev
->flags
);
1128 if (hdev
->setup
&& test_bit(HCI_SETUP
, &hdev
->dev_flags
))
1129 ret
= hdev
->setup(hdev
);
1132 /* Treat all non BR/EDR controllers as raw devices if
1133 * enable_hs is not set.
1135 if (hdev
->dev_type
!= HCI_BREDR
&& !enable_hs
)
1136 set_bit(HCI_RAW
, &hdev
->flags
);
1138 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
))
1139 set_bit(HCI_RAW
, &hdev
->flags
);
1141 if (!test_bit(HCI_RAW
, &hdev
->flags
))
1142 ret
= __hci_init(hdev
);
1145 clear_bit(HCI_INIT
, &hdev
->flags
);
1149 set_bit(HCI_UP
, &hdev
->flags
);
1150 hci_notify(hdev
, HCI_DEV_UP
);
1151 if (!test_bit(HCI_SETUP
, &hdev
->dev_flags
) &&
1152 mgmt_valid_hdev(hdev
)) {
1154 mgmt_powered(hdev
, 1);
1155 hci_dev_unlock(hdev
);
1158 /* Init failed, cleanup */
1159 flush_work(&hdev
->tx_work
);
1160 flush_work(&hdev
->cmd_work
);
1161 flush_work(&hdev
->rx_work
);
1163 skb_queue_purge(&hdev
->cmd_q
);
1164 skb_queue_purge(&hdev
->rx_q
);
1169 if (hdev
->sent_cmd
) {
1170 kfree_skb(hdev
->sent_cmd
);
1171 hdev
->sent_cmd
= NULL
;
1179 hci_req_unlock(hdev
);
1184 static int hci_dev_do_close(struct hci_dev
*hdev
)
1186 BT_DBG("%s %p", hdev
->name
, hdev
);
1188 cancel_work_sync(&hdev
->le_scan
);
1190 cancel_delayed_work(&hdev
->power_off
);
1192 hci_req_cancel(hdev
, ENODEV
);
1195 if (!test_and_clear_bit(HCI_UP
, &hdev
->flags
)) {
1196 del_timer_sync(&hdev
->cmd_timer
);
1197 hci_req_unlock(hdev
);
1201 /* Flush RX and TX works */
1202 flush_work(&hdev
->tx_work
);
1203 flush_work(&hdev
->rx_work
);
1205 if (hdev
->discov_timeout
> 0) {
1206 cancel_delayed_work(&hdev
->discov_off
);
1207 hdev
->discov_timeout
= 0;
1208 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1211 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
1212 cancel_delayed_work(&hdev
->service_cache
);
1214 cancel_delayed_work_sync(&hdev
->le_scan_disable
);
1217 inquiry_cache_flush(hdev
);
1218 hci_conn_hash_flush(hdev
);
1219 hci_dev_unlock(hdev
);
1221 hci_notify(hdev
, HCI_DEV_DOWN
);
1227 skb_queue_purge(&hdev
->cmd_q
);
1228 atomic_set(&hdev
->cmd_cnt
, 1);
1229 if (!test_bit(HCI_RAW
, &hdev
->flags
) &&
1230 test_bit(HCI_QUIRK_RESET_ON_CLOSE
, &hdev
->quirks
)) {
1231 set_bit(HCI_INIT
, &hdev
->flags
);
1232 __hci_req_sync(hdev
, hci_reset_req
, 0, HCI_CMD_TIMEOUT
);
1233 clear_bit(HCI_INIT
, &hdev
->flags
);
1236 /* flush cmd work */
1237 flush_work(&hdev
->cmd_work
);
1240 skb_queue_purge(&hdev
->rx_q
);
1241 skb_queue_purge(&hdev
->cmd_q
);
1242 skb_queue_purge(&hdev
->raw_q
);
1244 /* Drop last sent command */
1245 if (hdev
->sent_cmd
) {
1246 del_timer_sync(&hdev
->cmd_timer
);
1247 kfree_skb(hdev
->sent_cmd
);
1248 hdev
->sent_cmd
= NULL
;
1251 kfree_skb(hdev
->recv_evt
);
1252 hdev
->recv_evt
= NULL
;
1254 /* After this point our queues are empty
1255 * and no tasks are scheduled. */
1260 hdev
->dev_flags
&= ~HCI_PERSISTENT_MASK
;
1262 if (!test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
) &&
1263 mgmt_valid_hdev(hdev
)) {
1265 mgmt_powered(hdev
, 0);
1266 hci_dev_unlock(hdev
);
1269 /* Controller radio is available but is currently powered down */
1270 hdev
->amp_status
= 0;
1272 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
1273 memset(hdev
->dev_class
, 0, sizeof(hdev
->dev_class
));
1275 hci_req_unlock(hdev
);
1281 int hci_dev_close(__u16 dev
)
1283 struct hci_dev
*hdev
;
1286 hdev
= hci_dev_get(dev
);
1290 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
))
1291 cancel_delayed_work(&hdev
->power_off
);
1293 err
= hci_dev_do_close(hdev
);
1299 int hci_dev_reset(__u16 dev
)
1301 struct hci_dev
*hdev
;
1304 hdev
= hci_dev_get(dev
);
1310 if (!test_bit(HCI_UP
, &hdev
->flags
))
1314 skb_queue_purge(&hdev
->rx_q
);
1315 skb_queue_purge(&hdev
->cmd_q
);
1318 inquiry_cache_flush(hdev
);
1319 hci_conn_hash_flush(hdev
);
1320 hci_dev_unlock(hdev
);
1325 atomic_set(&hdev
->cmd_cnt
, 1);
1326 hdev
->acl_cnt
= 0; hdev
->sco_cnt
= 0; hdev
->le_cnt
= 0;
1328 if (!test_bit(HCI_RAW
, &hdev
->flags
))
1329 ret
= __hci_req_sync(hdev
, hci_reset_req
, 0, HCI_INIT_TIMEOUT
);
1332 hci_req_unlock(hdev
);
1337 int hci_dev_reset_stat(__u16 dev
)
1339 struct hci_dev
*hdev
;
1342 hdev
= hci_dev_get(dev
);
1346 memset(&hdev
->stat
, 0, sizeof(struct hci_dev_stats
));
1353 int hci_dev_cmd(unsigned int cmd
, void __user
*arg
)
1355 struct hci_dev
*hdev
;
1356 struct hci_dev_req dr
;
1359 if (copy_from_user(&dr
, arg
, sizeof(dr
)))
1362 hdev
= hci_dev_get(dr
.dev_id
);
1368 err
= hci_req_sync(hdev
, hci_auth_req
, dr
.dev_opt
,
1373 if (!lmp_encrypt_capable(hdev
)) {
1378 if (!test_bit(HCI_AUTH
, &hdev
->flags
)) {
1379 /* Auth must be enabled first */
1380 err
= hci_req_sync(hdev
, hci_auth_req
, dr
.dev_opt
,
1386 err
= hci_req_sync(hdev
, hci_encrypt_req
, dr
.dev_opt
,
1391 err
= hci_req_sync(hdev
, hci_scan_req
, dr
.dev_opt
,
1396 err
= hci_req_sync(hdev
, hci_linkpol_req
, dr
.dev_opt
,
1400 case HCISETLINKMODE
:
1401 hdev
->link_mode
= ((__u16
) dr
.dev_opt
) &
1402 (HCI_LM_MASTER
| HCI_LM_ACCEPT
);
1406 hdev
->pkt_type
= (__u16
) dr
.dev_opt
;
1410 hdev
->acl_mtu
= *((__u16
*) &dr
.dev_opt
+ 1);
1411 hdev
->acl_pkts
= *((__u16
*) &dr
.dev_opt
+ 0);
1415 hdev
->sco_mtu
= *((__u16
*) &dr
.dev_opt
+ 1);
1416 hdev
->sco_pkts
= *((__u16
*) &dr
.dev_opt
+ 0);
1428 int hci_get_dev_list(void __user
*arg
)
1430 struct hci_dev
*hdev
;
1431 struct hci_dev_list_req
*dl
;
1432 struct hci_dev_req
*dr
;
1433 int n
= 0, size
, err
;
1436 if (get_user(dev_num
, (__u16 __user
*) arg
))
1439 if (!dev_num
|| dev_num
> (PAGE_SIZE
* 2) / sizeof(*dr
))
1442 size
= sizeof(*dl
) + dev_num
* sizeof(*dr
);
1444 dl
= kzalloc(size
, GFP_KERNEL
);
1450 read_lock(&hci_dev_list_lock
);
1451 list_for_each_entry(hdev
, &hci_dev_list
, list
) {
1452 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
))
1453 cancel_delayed_work(&hdev
->power_off
);
1455 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1456 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1458 (dr
+ n
)->dev_id
= hdev
->id
;
1459 (dr
+ n
)->dev_opt
= hdev
->flags
;
1464 read_unlock(&hci_dev_list_lock
);
1467 size
= sizeof(*dl
) + n
* sizeof(*dr
);
1469 err
= copy_to_user(arg
, dl
, size
);
1472 return err
? -EFAULT
: 0;
1475 int hci_get_dev_info(void __user
*arg
)
1477 struct hci_dev
*hdev
;
1478 struct hci_dev_info di
;
1481 if (copy_from_user(&di
, arg
, sizeof(di
)))
1484 hdev
= hci_dev_get(di
.dev_id
);
1488 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
))
1489 cancel_delayed_work_sync(&hdev
->power_off
);
1491 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
1492 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1494 strcpy(di
.name
, hdev
->name
);
1495 di
.bdaddr
= hdev
->bdaddr
;
1496 di
.type
= (hdev
->bus
& 0x0f) | (hdev
->dev_type
<< 4);
1497 di
.flags
= hdev
->flags
;
1498 di
.pkt_type
= hdev
->pkt_type
;
1499 if (lmp_bredr_capable(hdev
)) {
1500 di
.acl_mtu
= hdev
->acl_mtu
;
1501 di
.acl_pkts
= hdev
->acl_pkts
;
1502 di
.sco_mtu
= hdev
->sco_mtu
;
1503 di
.sco_pkts
= hdev
->sco_pkts
;
1505 di
.acl_mtu
= hdev
->le_mtu
;
1506 di
.acl_pkts
= hdev
->le_pkts
;
1510 di
.link_policy
= hdev
->link_policy
;
1511 di
.link_mode
= hdev
->link_mode
;
1513 memcpy(&di
.stat
, &hdev
->stat
, sizeof(di
.stat
));
1514 memcpy(&di
.features
, &hdev
->features
, sizeof(di
.features
));
1516 if (copy_to_user(arg
, &di
, sizeof(di
)))
1524 /* ---- Interface to HCI drivers ---- */
1526 static int hci_rfkill_set_block(void *data
, bool blocked
)
1528 struct hci_dev
*hdev
= data
;
1530 BT_DBG("%p name %s blocked %d", hdev
, hdev
->name
, blocked
);
1535 hci_dev_do_close(hdev
);
1540 static const struct rfkill_ops hci_rfkill_ops
= {
1541 .set_block
= hci_rfkill_set_block
,
1544 static void hci_power_on(struct work_struct
*work
)
1546 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, power_on
);
1548 BT_DBG("%s", hdev
->name
);
1550 if (hci_dev_open(hdev
->id
) < 0)
1553 if (test_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
))
1554 queue_delayed_work(hdev
->req_workqueue
, &hdev
->power_off
,
1555 HCI_AUTO_OFF_TIMEOUT
);
1557 if (test_and_clear_bit(HCI_SETUP
, &hdev
->dev_flags
))
1558 mgmt_index_added(hdev
);
1561 static void hci_power_off(struct work_struct
*work
)
1563 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
1566 BT_DBG("%s", hdev
->name
);
1568 hci_dev_do_close(hdev
);
1571 static void hci_discov_off(struct work_struct
*work
)
1573 struct hci_dev
*hdev
;
1574 u8 scan
= SCAN_PAGE
;
1576 hdev
= container_of(work
, struct hci_dev
, discov_off
.work
);
1578 BT_DBG("%s", hdev
->name
);
1582 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, sizeof(scan
), &scan
);
1584 hdev
->discov_timeout
= 0;
1586 hci_dev_unlock(hdev
);
1589 int hci_uuids_clear(struct hci_dev
*hdev
)
1591 struct bt_uuid
*uuid
, *tmp
;
1593 list_for_each_entry_safe(uuid
, tmp
, &hdev
->uuids
, list
) {
1594 list_del(&uuid
->list
);
1601 int hci_link_keys_clear(struct hci_dev
*hdev
)
1603 struct list_head
*p
, *n
;
1605 list_for_each_safe(p
, n
, &hdev
->link_keys
) {
1606 struct link_key
*key
;
1608 key
= list_entry(p
, struct link_key
, list
);
1617 int hci_smp_ltks_clear(struct hci_dev
*hdev
)
1619 struct smp_ltk
*k
, *tmp
;
1621 list_for_each_entry_safe(k
, tmp
, &hdev
->long_term_keys
, list
) {
1629 struct link_key
*hci_find_link_key(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1633 list_for_each_entry(k
, &hdev
->link_keys
, list
)
1634 if (bacmp(bdaddr
, &k
->bdaddr
) == 0)
1640 static bool hci_persistent_key(struct hci_dev
*hdev
, struct hci_conn
*conn
,
1641 u8 key_type
, u8 old_key_type
)
1644 if (key_type
< 0x03)
1647 /* Debug keys are insecure so don't store them persistently */
1648 if (key_type
== HCI_LK_DEBUG_COMBINATION
)
1651 /* Changed combination key and there's no previous one */
1652 if (key_type
== HCI_LK_CHANGED_COMBINATION
&& old_key_type
== 0xff)
1655 /* Security mode 3 case */
1659 /* Neither local nor remote side had no-bonding as requirement */
1660 if (conn
->auth_type
> 0x01 && conn
->remote_auth
> 0x01)
1663 /* Local side had dedicated bonding as requirement */
1664 if (conn
->auth_type
== 0x02 || conn
->auth_type
== 0x03)
1667 /* Remote side had dedicated bonding as requirement */
1668 if (conn
->remote_auth
== 0x02 || conn
->remote_auth
== 0x03)
1671 /* If none of the above criteria match, then don't store the key
1676 struct smp_ltk
*hci_find_ltk(struct hci_dev
*hdev
, __le16 ediv
, u8 rand
[8])
1680 list_for_each_entry(k
, &hdev
->long_term_keys
, list
) {
1681 if (k
->ediv
!= ediv
||
1682 memcmp(rand
, k
->rand
, sizeof(k
->rand
)))
1691 struct smp_ltk
*hci_find_ltk_by_addr(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1696 list_for_each_entry(k
, &hdev
->long_term_keys
, list
)
1697 if (addr_type
== k
->bdaddr_type
&&
1698 bacmp(bdaddr
, &k
->bdaddr
) == 0)
1704 int hci_add_link_key(struct hci_dev
*hdev
, struct hci_conn
*conn
, int new_key
,
1705 bdaddr_t
*bdaddr
, u8
*val
, u8 type
, u8 pin_len
)
1707 struct link_key
*key
, *old_key
;
1711 old_key
= hci_find_link_key(hdev
, bdaddr
);
1713 old_key_type
= old_key
->type
;
1716 old_key_type
= conn
? conn
->key_type
: 0xff;
1717 key
= kzalloc(sizeof(*key
), GFP_ATOMIC
);
1720 list_add(&key
->list
, &hdev
->link_keys
);
1723 BT_DBG("%s key for %pMR type %u", hdev
->name
, bdaddr
, type
);
1725 /* Some buggy controller combinations generate a changed
1726 * combination key for legacy pairing even when there's no
1728 if (type
== HCI_LK_CHANGED_COMBINATION
&&
1729 (!conn
|| conn
->remote_auth
== 0xff) && old_key_type
== 0xff) {
1730 type
= HCI_LK_COMBINATION
;
1732 conn
->key_type
= type
;
1735 bacpy(&key
->bdaddr
, bdaddr
);
1736 memcpy(key
->val
, val
, HCI_LINK_KEY_SIZE
);
1737 key
->pin_len
= pin_len
;
1739 if (type
== HCI_LK_CHANGED_COMBINATION
)
1740 key
->type
= old_key_type
;
1747 persistent
= hci_persistent_key(hdev
, conn
, type
, old_key_type
);
1749 mgmt_new_link_key(hdev
, key
, persistent
);
1752 conn
->flush_key
= !persistent
;
1757 int hci_add_ltk(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 addr_type
, u8 type
,
1758 int new_key
, u8 authenticated
, u8 tk
[16], u8 enc_size
, __le16
1761 struct smp_ltk
*key
, *old_key
;
1763 if (!(type
& HCI_SMP_STK
) && !(type
& HCI_SMP_LTK
))
1766 old_key
= hci_find_ltk_by_addr(hdev
, bdaddr
, addr_type
);
1770 key
= kzalloc(sizeof(*key
), GFP_ATOMIC
);
1773 list_add(&key
->list
, &hdev
->long_term_keys
);
1776 bacpy(&key
->bdaddr
, bdaddr
);
1777 key
->bdaddr_type
= addr_type
;
1778 memcpy(key
->val
, tk
, sizeof(key
->val
));
1779 key
->authenticated
= authenticated
;
1781 key
->enc_size
= enc_size
;
1783 memcpy(key
->rand
, rand
, sizeof(key
->rand
));
1788 if (type
& HCI_SMP_LTK
)
1789 mgmt_new_ltk(hdev
, key
, 1);
1794 int hci_remove_link_key(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1796 struct link_key
*key
;
1798 key
= hci_find_link_key(hdev
, bdaddr
);
1802 BT_DBG("%s removing %pMR", hdev
->name
, bdaddr
);
1804 list_del(&key
->list
);
1810 int hci_remove_ltk(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1812 struct smp_ltk
*k
, *tmp
;
1814 list_for_each_entry_safe(k
, tmp
, &hdev
->long_term_keys
, list
) {
1815 if (bacmp(bdaddr
, &k
->bdaddr
))
1818 BT_DBG("%s removing %pMR", hdev
->name
, bdaddr
);
1827 /* HCI command timer function */
1828 static void hci_cmd_timeout(unsigned long arg
)
1830 struct hci_dev
*hdev
= (void *) arg
;
1832 if (hdev
->sent_cmd
) {
1833 struct hci_command_hdr
*sent
= (void *) hdev
->sent_cmd
->data
;
1834 u16 opcode
= __le16_to_cpu(sent
->opcode
);
1836 BT_ERR("%s command 0x%4.4x tx timeout", hdev
->name
, opcode
);
1838 BT_ERR("%s command tx timeout", hdev
->name
);
1841 atomic_set(&hdev
->cmd_cnt
, 1);
1842 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
1845 struct oob_data
*hci_find_remote_oob_data(struct hci_dev
*hdev
,
1848 struct oob_data
*data
;
1850 list_for_each_entry(data
, &hdev
->remote_oob_data
, list
)
1851 if (bacmp(bdaddr
, &data
->bdaddr
) == 0)
1857 int hci_remove_remote_oob_data(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1859 struct oob_data
*data
;
1861 data
= hci_find_remote_oob_data(hdev
, bdaddr
);
1865 BT_DBG("%s removing %pMR", hdev
->name
, bdaddr
);
1867 list_del(&data
->list
);
1873 int hci_remote_oob_data_clear(struct hci_dev
*hdev
)
1875 struct oob_data
*data
, *n
;
1877 list_for_each_entry_safe(data
, n
, &hdev
->remote_oob_data
, list
) {
1878 list_del(&data
->list
);
1885 int hci_add_remote_oob_data(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8
*hash
,
1888 struct oob_data
*data
;
1890 data
= hci_find_remote_oob_data(hdev
, bdaddr
);
1893 data
= kmalloc(sizeof(*data
), GFP_ATOMIC
);
1897 bacpy(&data
->bdaddr
, bdaddr
);
1898 list_add(&data
->list
, &hdev
->remote_oob_data
);
1901 memcpy(data
->hash
, hash
, sizeof(data
->hash
));
1902 memcpy(data
->randomizer
, randomizer
, sizeof(data
->randomizer
));
1904 BT_DBG("%s for %pMR", hdev
->name
, bdaddr
);
1909 struct bdaddr_list
*hci_blacklist_lookup(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1911 struct bdaddr_list
*b
;
1913 list_for_each_entry(b
, &hdev
->blacklist
, list
)
1914 if (bacmp(bdaddr
, &b
->bdaddr
) == 0)
1920 int hci_blacklist_clear(struct hci_dev
*hdev
)
1922 struct list_head
*p
, *n
;
1924 list_for_each_safe(p
, n
, &hdev
->blacklist
) {
1925 struct bdaddr_list
*b
;
1927 b
= list_entry(p
, struct bdaddr_list
, list
);
1936 int hci_blacklist_add(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
1938 struct bdaddr_list
*entry
;
1940 if (bacmp(bdaddr
, BDADDR_ANY
) == 0)
1943 if (hci_blacklist_lookup(hdev
, bdaddr
))
1946 entry
= kzalloc(sizeof(struct bdaddr_list
), GFP_KERNEL
);
1950 bacpy(&entry
->bdaddr
, bdaddr
);
1952 list_add(&entry
->list
, &hdev
->blacklist
);
1954 return mgmt_device_blocked(hdev
, bdaddr
, type
);
1957 int hci_blacklist_del(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
1959 struct bdaddr_list
*entry
;
1961 if (bacmp(bdaddr
, BDADDR_ANY
) == 0)
1962 return hci_blacklist_clear(hdev
);
1964 entry
= hci_blacklist_lookup(hdev
, bdaddr
);
1968 list_del(&entry
->list
);
1971 return mgmt_device_unblocked(hdev
, bdaddr
, type
);
1974 static void le_scan_param_req(struct hci_request
*req
, unsigned long opt
)
1976 struct le_scan_params
*param
= (struct le_scan_params
*) opt
;
1977 struct hci_cp_le_set_scan_param cp
;
1979 memset(&cp
, 0, sizeof(cp
));
1980 cp
.type
= param
->type
;
1981 cp
.interval
= cpu_to_le16(param
->interval
);
1982 cp
.window
= cpu_to_le16(param
->window
);
1984 hci_req_add(req
, HCI_OP_LE_SET_SCAN_PARAM
, sizeof(cp
), &cp
);
1987 static void le_scan_enable_req(struct hci_request
*req
, unsigned long opt
)
1989 struct hci_cp_le_set_scan_enable cp
;
1991 memset(&cp
, 0, sizeof(cp
));
1992 cp
.enable
= LE_SCAN_ENABLE
;
1993 cp
.filter_dup
= LE_SCAN_FILTER_DUP_ENABLE
;
1995 hci_req_add(req
, HCI_OP_LE_SET_SCAN_ENABLE
, sizeof(cp
), &cp
);
1998 static int hci_do_le_scan(struct hci_dev
*hdev
, u8 type
, u16 interval
,
1999 u16 window
, int timeout
)
2001 long timeo
= msecs_to_jiffies(3000);
2002 struct le_scan_params param
;
2005 BT_DBG("%s", hdev
->name
);
2007 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
))
2008 return -EINPROGRESS
;
2011 param
.interval
= interval
;
2012 param
.window
= window
;
2016 err
= __hci_req_sync(hdev
, le_scan_param_req
, (unsigned long) ¶m
,
2019 err
= __hci_req_sync(hdev
, le_scan_enable_req
, 0, timeo
);
2021 hci_req_unlock(hdev
);
2026 queue_delayed_work(hdev
->workqueue
, &hdev
->le_scan_disable
,
2032 int hci_cancel_le_scan(struct hci_dev
*hdev
)
2034 BT_DBG("%s", hdev
->name
);
2036 if (!test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
))
2039 if (cancel_delayed_work(&hdev
->le_scan_disable
)) {
2040 struct hci_cp_le_set_scan_enable cp
;
2042 /* Send HCI command to disable LE Scan */
2043 memset(&cp
, 0, sizeof(cp
));
2044 hci_send_cmd(hdev
, HCI_OP_LE_SET_SCAN_ENABLE
, sizeof(cp
), &cp
);
2050 static void le_scan_disable_work(struct work_struct
*work
)
2052 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
2053 le_scan_disable
.work
);
2054 struct hci_cp_le_set_scan_enable cp
;
2056 BT_DBG("%s", hdev
->name
);
2058 memset(&cp
, 0, sizeof(cp
));
2060 hci_send_cmd(hdev
, HCI_OP_LE_SET_SCAN_ENABLE
, sizeof(cp
), &cp
);
2063 static void le_scan_work(struct work_struct
*work
)
2065 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, le_scan
);
2066 struct le_scan_params
*param
= &hdev
->le_scan_params
;
2068 BT_DBG("%s", hdev
->name
);
2070 hci_do_le_scan(hdev
, param
->type
, param
->interval
, param
->window
,
2074 int hci_le_scan(struct hci_dev
*hdev
, u8 type
, u16 interval
, u16 window
,
2077 struct le_scan_params
*param
= &hdev
->le_scan_params
;
2079 BT_DBG("%s", hdev
->name
);
2081 if (test_bit(HCI_LE_PERIPHERAL
, &hdev
->dev_flags
))
2084 if (work_busy(&hdev
->le_scan
))
2085 return -EINPROGRESS
;
2088 param
->interval
= interval
;
2089 param
->window
= window
;
2090 param
->timeout
= timeout
;
2092 queue_work(system_long_wq
, &hdev
->le_scan
);
2097 /* Alloc HCI device */
2098 struct hci_dev
*hci_alloc_dev(void)
2100 struct hci_dev
*hdev
;
2102 hdev
= kzalloc(sizeof(struct hci_dev
), GFP_KERNEL
);
2106 hdev
->pkt_type
= (HCI_DM1
| HCI_DH1
| HCI_HV1
);
2107 hdev
->esco_type
= (ESCO_HV1
);
2108 hdev
->link_mode
= (HCI_LM_ACCEPT
);
2109 hdev
->io_capability
= 0x03; /* No Input No Output */
2110 hdev
->inq_tx_power
= HCI_TX_POWER_INVALID
;
2111 hdev
->adv_tx_power
= HCI_TX_POWER_INVALID
;
2113 hdev
->sniff_max_interval
= 800;
2114 hdev
->sniff_min_interval
= 80;
2116 mutex_init(&hdev
->lock
);
2117 mutex_init(&hdev
->req_lock
);
2119 INIT_LIST_HEAD(&hdev
->mgmt_pending
);
2120 INIT_LIST_HEAD(&hdev
->blacklist
);
2121 INIT_LIST_HEAD(&hdev
->uuids
);
2122 INIT_LIST_HEAD(&hdev
->link_keys
);
2123 INIT_LIST_HEAD(&hdev
->long_term_keys
);
2124 INIT_LIST_HEAD(&hdev
->remote_oob_data
);
2125 INIT_LIST_HEAD(&hdev
->conn_hash
.list
);
2127 INIT_WORK(&hdev
->rx_work
, hci_rx_work
);
2128 INIT_WORK(&hdev
->cmd_work
, hci_cmd_work
);
2129 INIT_WORK(&hdev
->tx_work
, hci_tx_work
);
2130 INIT_WORK(&hdev
->power_on
, hci_power_on
);
2131 INIT_WORK(&hdev
->le_scan
, le_scan_work
);
2133 INIT_DELAYED_WORK(&hdev
->power_off
, hci_power_off
);
2134 INIT_DELAYED_WORK(&hdev
->discov_off
, hci_discov_off
);
2135 INIT_DELAYED_WORK(&hdev
->le_scan_disable
, le_scan_disable_work
);
2137 skb_queue_head_init(&hdev
->rx_q
);
2138 skb_queue_head_init(&hdev
->cmd_q
);
2139 skb_queue_head_init(&hdev
->raw_q
);
2141 init_waitqueue_head(&hdev
->req_wait_q
);
2143 setup_timer(&hdev
->cmd_timer
, hci_cmd_timeout
, (unsigned long) hdev
);
2145 hci_init_sysfs(hdev
);
2146 discovery_init(hdev
);
2150 EXPORT_SYMBOL(hci_alloc_dev
);
2152 /* Free HCI device */
2153 void hci_free_dev(struct hci_dev
*hdev
)
2155 /* will free via device release */
2156 put_device(&hdev
->dev
);
2158 EXPORT_SYMBOL(hci_free_dev
);
2160 /* Register HCI device */
2161 int hci_register_dev(struct hci_dev
*hdev
)
2165 if (!hdev
->open
|| !hdev
->close
)
2168 /* Do not allow HCI_AMP devices to register at index 0,
2169 * so the index can be used as the AMP controller ID.
2171 switch (hdev
->dev_type
) {
2173 id
= ida_simple_get(&hci_index_ida
, 0, 0, GFP_KERNEL
);
2176 id
= ida_simple_get(&hci_index_ida
, 1, 0, GFP_KERNEL
);
2185 sprintf(hdev
->name
, "hci%d", id
);
2188 BT_DBG("%p name %s bus %d", hdev
, hdev
->name
, hdev
->bus
);
2190 write_lock(&hci_dev_list_lock
);
2191 list_add(&hdev
->list
, &hci_dev_list
);
2192 write_unlock(&hci_dev_list_lock
);
2194 hdev
->workqueue
= alloc_workqueue(hdev
->name
, WQ_HIGHPRI
| WQ_UNBOUND
|
2196 if (!hdev
->workqueue
) {
2201 hdev
->req_workqueue
= alloc_workqueue(hdev
->name
,
2202 WQ_HIGHPRI
| WQ_UNBOUND
|
2204 if (!hdev
->req_workqueue
) {
2205 destroy_workqueue(hdev
->workqueue
);
2210 error
= hci_add_sysfs(hdev
);
2214 hdev
->rfkill
= rfkill_alloc(hdev
->name
, &hdev
->dev
,
2215 RFKILL_TYPE_BLUETOOTH
, &hci_rfkill_ops
,
2218 if (rfkill_register(hdev
->rfkill
) < 0) {
2219 rfkill_destroy(hdev
->rfkill
);
2220 hdev
->rfkill
= NULL
;
2224 set_bit(HCI_SETUP
, &hdev
->dev_flags
);
2226 if (hdev
->dev_type
!= HCI_AMP
)
2227 set_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
);
2229 hci_notify(hdev
, HCI_DEV_REG
);
2232 queue_work(hdev
->req_workqueue
, &hdev
->power_on
);
2237 destroy_workqueue(hdev
->workqueue
);
2238 destroy_workqueue(hdev
->req_workqueue
);
2240 ida_simple_remove(&hci_index_ida
, hdev
->id
);
2241 write_lock(&hci_dev_list_lock
);
2242 list_del(&hdev
->list
);
2243 write_unlock(&hci_dev_list_lock
);
2247 EXPORT_SYMBOL(hci_register_dev
);
2249 /* Unregister HCI device */
2250 void hci_unregister_dev(struct hci_dev
*hdev
)
2254 BT_DBG("%p name %s bus %d", hdev
, hdev
->name
, hdev
->bus
);
2256 set_bit(HCI_UNREGISTER
, &hdev
->dev_flags
);
2260 write_lock(&hci_dev_list_lock
);
2261 list_del(&hdev
->list
);
2262 write_unlock(&hci_dev_list_lock
);
2264 hci_dev_do_close(hdev
);
2266 for (i
= 0; i
< NUM_REASSEMBLY
; i
++)
2267 kfree_skb(hdev
->reassembly
[i
]);
2269 cancel_work_sync(&hdev
->power_on
);
2271 if (!test_bit(HCI_INIT
, &hdev
->flags
) &&
2272 !test_bit(HCI_SETUP
, &hdev
->dev_flags
)) {
2274 mgmt_index_removed(hdev
);
2275 hci_dev_unlock(hdev
);
2278 /* mgmt_index_removed should take care of emptying the
2280 BUG_ON(!list_empty(&hdev
->mgmt_pending
));
2282 hci_notify(hdev
, HCI_DEV_UNREG
);
2285 rfkill_unregister(hdev
->rfkill
);
2286 rfkill_destroy(hdev
->rfkill
);
2289 hci_del_sysfs(hdev
);
2291 destroy_workqueue(hdev
->workqueue
);
2292 destroy_workqueue(hdev
->req_workqueue
);
2295 hci_blacklist_clear(hdev
);
2296 hci_uuids_clear(hdev
);
2297 hci_link_keys_clear(hdev
);
2298 hci_smp_ltks_clear(hdev
);
2299 hci_remote_oob_data_clear(hdev
);
2300 hci_dev_unlock(hdev
);
2304 ida_simple_remove(&hci_index_ida
, id
);
2306 EXPORT_SYMBOL(hci_unregister_dev
);
2308 /* Suspend HCI device */
2309 int hci_suspend_dev(struct hci_dev
*hdev
)
2311 hci_notify(hdev
, HCI_DEV_SUSPEND
);
2314 EXPORT_SYMBOL(hci_suspend_dev
);
2316 /* Resume HCI device */
2317 int hci_resume_dev(struct hci_dev
*hdev
)
2319 hci_notify(hdev
, HCI_DEV_RESUME
);
2322 EXPORT_SYMBOL(hci_resume_dev
);
2324 /* Receive frame from HCI drivers */
2325 int hci_recv_frame(struct sk_buff
*skb
)
2327 struct hci_dev
*hdev
= (struct hci_dev
*) skb
->dev
;
2328 if (!hdev
|| (!test_bit(HCI_UP
, &hdev
->flags
)
2329 && !test_bit(HCI_INIT
, &hdev
->flags
))) {
2335 bt_cb(skb
)->incoming
= 1;
2338 __net_timestamp(skb
);
2340 skb_queue_tail(&hdev
->rx_q
, skb
);
2341 queue_work(hdev
->workqueue
, &hdev
->rx_work
);
2345 EXPORT_SYMBOL(hci_recv_frame
);
2347 static int hci_reassembly(struct hci_dev
*hdev
, int type
, void *data
,
2348 int count
, __u8 index
)
2353 struct sk_buff
*skb
;
2354 struct bt_skb_cb
*scb
;
2356 if ((type
< HCI_ACLDATA_PKT
|| type
> HCI_EVENT_PKT
) ||
2357 index
>= NUM_REASSEMBLY
)
2360 skb
= hdev
->reassembly
[index
];
2364 case HCI_ACLDATA_PKT
:
2365 len
= HCI_MAX_FRAME_SIZE
;
2366 hlen
= HCI_ACL_HDR_SIZE
;
2369 len
= HCI_MAX_EVENT_SIZE
;
2370 hlen
= HCI_EVENT_HDR_SIZE
;
2372 case HCI_SCODATA_PKT
:
2373 len
= HCI_MAX_SCO_SIZE
;
2374 hlen
= HCI_SCO_HDR_SIZE
;
2378 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
2382 scb
= (void *) skb
->cb
;
2384 scb
->pkt_type
= type
;
2386 skb
->dev
= (void *) hdev
;
2387 hdev
->reassembly
[index
] = skb
;
2391 scb
= (void *) skb
->cb
;
2392 len
= min_t(uint
, scb
->expect
, count
);
2394 memcpy(skb_put(skb
, len
), data
, len
);
2403 if (skb
->len
== HCI_EVENT_HDR_SIZE
) {
2404 struct hci_event_hdr
*h
= hci_event_hdr(skb
);
2405 scb
->expect
= h
->plen
;
2407 if (skb_tailroom(skb
) < scb
->expect
) {
2409 hdev
->reassembly
[index
] = NULL
;
2415 case HCI_ACLDATA_PKT
:
2416 if (skb
->len
== HCI_ACL_HDR_SIZE
) {
2417 struct hci_acl_hdr
*h
= hci_acl_hdr(skb
);
2418 scb
->expect
= __le16_to_cpu(h
->dlen
);
2420 if (skb_tailroom(skb
) < scb
->expect
) {
2422 hdev
->reassembly
[index
] = NULL
;
2428 case HCI_SCODATA_PKT
:
2429 if (skb
->len
== HCI_SCO_HDR_SIZE
) {
2430 struct hci_sco_hdr
*h
= hci_sco_hdr(skb
);
2431 scb
->expect
= h
->dlen
;
2433 if (skb_tailroom(skb
) < scb
->expect
) {
2435 hdev
->reassembly
[index
] = NULL
;
2442 if (scb
->expect
== 0) {
2443 /* Complete frame */
2445 bt_cb(skb
)->pkt_type
= type
;
2446 hci_recv_frame(skb
);
2448 hdev
->reassembly
[index
] = NULL
;
2456 int hci_recv_fragment(struct hci_dev
*hdev
, int type
, void *data
, int count
)
2460 if (type
< HCI_ACLDATA_PKT
|| type
> HCI_EVENT_PKT
)
2464 rem
= hci_reassembly(hdev
, type
, data
, count
, type
- 1);
2468 data
+= (count
- rem
);
2474 EXPORT_SYMBOL(hci_recv_fragment
);
2476 #define STREAM_REASSEMBLY 0
2478 int hci_recv_stream_fragment(struct hci_dev
*hdev
, void *data
, int count
)
2484 struct sk_buff
*skb
= hdev
->reassembly
[STREAM_REASSEMBLY
];
2487 struct { char type
; } *pkt
;
2489 /* Start of the frame */
2496 type
= bt_cb(skb
)->pkt_type
;
2498 rem
= hci_reassembly(hdev
, type
, data
, count
,
2503 data
+= (count
- rem
);
2509 EXPORT_SYMBOL(hci_recv_stream_fragment
);
2511 /* ---- Interface to upper protocols ---- */
2513 int hci_register_cb(struct hci_cb
*cb
)
2515 BT_DBG("%p name %s", cb
, cb
->name
);
2517 write_lock(&hci_cb_list_lock
);
2518 list_add(&cb
->list
, &hci_cb_list
);
2519 write_unlock(&hci_cb_list_lock
);
2523 EXPORT_SYMBOL(hci_register_cb
);
2525 int hci_unregister_cb(struct hci_cb
*cb
)
2527 BT_DBG("%p name %s", cb
, cb
->name
);
2529 write_lock(&hci_cb_list_lock
);
2530 list_del(&cb
->list
);
2531 write_unlock(&hci_cb_list_lock
);
2535 EXPORT_SYMBOL(hci_unregister_cb
);
2537 static int hci_send_frame(struct sk_buff
*skb
)
2539 struct hci_dev
*hdev
= (struct hci_dev
*) skb
->dev
;
2546 BT_DBG("%s type %d len %d", hdev
->name
, bt_cb(skb
)->pkt_type
, skb
->len
);
2549 __net_timestamp(skb
);
2551 /* Send copy to monitor */
2552 hci_send_to_monitor(hdev
, skb
);
2554 if (atomic_read(&hdev
->promisc
)) {
2555 /* Send copy to the sockets */
2556 hci_send_to_sock(hdev
, skb
);
2559 /* Get rid of skb owner, prior to sending to the driver. */
2562 return hdev
->send(skb
);
2565 void hci_req_init(struct hci_request
*req
, struct hci_dev
*hdev
)
2567 skb_queue_head_init(&req
->cmd_q
);
2572 int hci_req_run(struct hci_request
*req
, hci_req_complete_t complete
)
2574 struct hci_dev
*hdev
= req
->hdev
;
2575 struct sk_buff
*skb
;
2576 unsigned long flags
;
2578 BT_DBG("length %u", skb_queue_len(&req
->cmd_q
));
2580 /* If an error occured during request building, remove all HCI
2581 * commands queued on the HCI request queue.
2584 skb_queue_purge(&req
->cmd_q
);
2588 /* Do not allow empty requests */
2589 if (skb_queue_empty(&req
->cmd_q
))
2592 skb
= skb_peek_tail(&req
->cmd_q
);
2593 bt_cb(skb
)->req
.complete
= complete
;
2595 spin_lock_irqsave(&hdev
->cmd_q
.lock
, flags
);
2596 skb_queue_splice_tail(&req
->cmd_q
, &hdev
->cmd_q
);
2597 spin_unlock_irqrestore(&hdev
->cmd_q
.lock
, flags
);
2599 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2604 static struct sk_buff
*hci_prepare_cmd(struct hci_dev
*hdev
, u16 opcode
,
2605 u32 plen
, const void *param
)
2607 int len
= HCI_COMMAND_HDR_SIZE
+ plen
;
2608 struct hci_command_hdr
*hdr
;
2609 struct sk_buff
*skb
;
2611 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
2615 hdr
= (struct hci_command_hdr
*) skb_put(skb
, HCI_COMMAND_HDR_SIZE
);
2616 hdr
->opcode
= cpu_to_le16(opcode
);
2620 memcpy(skb_put(skb
, plen
), param
, plen
);
2622 BT_DBG("skb len %d", skb
->len
);
2624 bt_cb(skb
)->pkt_type
= HCI_COMMAND_PKT
;
2625 skb
->dev
= (void *) hdev
;
2630 /* Send HCI command */
2631 int hci_send_cmd(struct hci_dev
*hdev
, __u16 opcode
, __u32 plen
,
2634 struct sk_buff
*skb
;
2636 BT_DBG("%s opcode 0x%4.4x plen %d", hdev
->name
, opcode
, plen
);
2638 skb
= hci_prepare_cmd(hdev
, opcode
, plen
, param
);
2640 BT_ERR("%s no memory for command", hdev
->name
);
2644 /* Stand-alone HCI commands must be flaged as
2645 * single-command requests.
2647 bt_cb(skb
)->req
.start
= true;
2649 skb_queue_tail(&hdev
->cmd_q
, skb
);
2650 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2655 /* Queue a command to an asynchronous HCI request */
2656 void hci_req_add_ev(struct hci_request
*req
, u16 opcode
, u32 plen
,
2657 const void *param
, u8 event
)
2659 struct hci_dev
*hdev
= req
->hdev
;
2660 struct sk_buff
*skb
;
2662 BT_DBG("%s opcode 0x%4.4x plen %d", hdev
->name
, opcode
, plen
);
2664 /* If an error occured during request building, there is no point in
2665 * queueing the HCI command. We can simply return.
2670 skb
= hci_prepare_cmd(hdev
, opcode
, plen
, param
);
2672 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
2673 hdev
->name
, opcode
);
2678 if (skb_queue_empty(&req
->cmd_q
))
2679 bt_cb(skb
)->req
.start
= true;
2681 bt_cb(skb
)->req
.event
= event
;
2683 skb_queue_tail(&req
->cmd_q
, skb
);
2686 void hci_req_add(struct hci_request
*req
, u16 opcode
, u32 plen
,
2689 hci_req_add_ev(req
, opcode
, plen
, param
, 0);
2692 /* Get data from the previously sent command */
2693 void *hci_sent_cmd_data(struct hci_dev
*hdev
, __u16 opcode
)
2695 struct hci_command_hdr
*hdr
;
2697 if (!hdev
->sent_cmd
)
2700 hdr
= (void *) hdev
->sent_cmd
->data
;
2702 if (hdr
->opcode
!= cpu_to_le16(opcode
))
2705 BT_DBG("%s opcode 0x%4.4x", hdev
->name
, opcode
);
2707 return hdev
->sent_cmd
->data
+ HCI_COMMAND_HDR_SIZE
;
2711 static void hci_add_acl_hdr(struct sk_buff
*skb
, __u16 handle
, __u16 flags
)
2713 struct hci_acl_hdr
*hdr
;
2716 skb_push(skb
, HCI_ACL_HDR_SIZE
);
2717 skb_reset_transport_header(skb
);
2718 hdr
= (struct hci_acl_hdr
*)skb_transport_header(skb
);
2719 hdr
->handle
= cpu_to_le16(hci_handle_pack(handle
, flags
));
2720 hdr
->dlen
= cpu_to_le16(len
);
2723 static void hci_queue_acl(struct hci_chan
*chan
, struct sk_buff_head
*queue
,
2724 struct sk_buff
*skb
, __u16 flags
)
2726 struct hci_conn
*conn
= chan
->conn
;
2727 struct hci_dev
*hdev
= conn
->hdev
;
2728 struct sk_buff
*list
;
2730 skb
->len
= skb_headlen(skb
);
2733 bt_cb(skb
)->pkt_type
= HCI_ACLDATA_PKT
;
2735 switch (hdev
->dev_type
) {
2737 hci_add_acl_hdr(skb
, conn
->handle
, flags
);
2740 hci_add_acl_hdr(skb
, chan
->handle
, flags
);
2743 BT_ERR("%s unknown dev_type %d", hdev
->name
, hdev
->dev_type
);
2747 list
= skb_shinfo(skb
)->frag_list
;
2749 /* Non fragmented */
2750 BT_DBG("%s nonfrag skb %p len %d", hdev
->name
, skb
, skb
->len
);
2752 skb_queue_tail(queue
, skb
);
2755 BT_DBG("%s frag %p len %d", hdev
->name
, skb
, skb
->len
);
2757 skb_shinfo(skb
)->frag_list
= NULL
;
2759 /* Queue all fragments atomically */
2760 spin_lock(&queue
->lock
);
2762 __skb_queue_tail(queue
, skb
);
2764 flags
&= ~ACL_START
;
2767 skb
= list
; list
= list
->next
;
2769 skb
->dev
= (void *) hdev
;
2770 bt_cb(skb
)->pkt_type
= HCI_ACLDATA_PKT
;
2771 hci_add_acl_hdr(skb
, conn
->handle
, flags
);
2773 BT_DBG("%s frag %p len %d", hdev
->name
, skb
, skb
->len
);
2775 __skb_queue_tail(queue
, skb
);
2778 spin_unlock(&queue
->lock
);
2782 void hci_send_acl(struct hci_chan
*chan
, struct sk_buff
*skb
, __u16 flags
)
2784 struct hci_dev
*hdev
= chan
->conn
->hdev
;
2786 BT_DBG("%s chan %p flags 0x%4.4x", hdev
->name
, chan
, flags
);
2788 skb
->dev
= (void *) hdev
;
2790 hci_queue_acl(chan
, &chan
->data_q
, skb
, flags
);
2792 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2796 void hci_send_sco(struct hci_conn
*conn
, struct sk_buff
*skb
)
2798 struct hci_dev
*hdev
= conn
->hdev
;
2799 struct hci_sco_hdr hdr
;
2801 BT_DBG("%s len %d", hdev
->name
, skb
->len
);
2803 hdr
.handle
= cpu_to_le16(conn
->handle
);
2804 hdr
.dlen
= skb
->len
;
2806 skb_push(skb
, HCI_SCO_HDR_SIZE
);
2807 skb_reset_transport_header(skb
);
2808 memcpy(skb_transport_header(skb
), &hdr
, HCI_SCO_HDR_SIZE
);
2810 skb
->dev
= (void *) hdev
;
2811 bt_cb(skb
)->pkt_type
= HCI_SCODATA_PKT
;
2813 skb_queue_tail(&conn
->data_q
, skb
);
2814 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2817 /* ---- HCI TX task (outgoing data) ---- */
2819 /* HCI Connection scheduler */
2820 static struct hci_conn
*hci_low_sent(struct hci_dev
*hdev
, __u8 type
,
2823 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2824 struct hci_conn
*conn
= NULL
, *c
;
2825 unsigned int num
= 0, min
= ~0;
2827 /* We don't have to lock device here. Connections are always
2828 * added and removed with TX task disabled. */
2832 list_for_each_entry_rcu(c
, &h
->list
, list
) {
2833 if (c
->type
!= type
|| skb_queue_empty(&c
->data_q
))
2836 if (c
->state
!= BT_CONNECTED
&& c
->state
!= BT_CONFIG
)
2841 if (c
->sent
< min
) {
2846 if (hci_conn_num(hdev
, type
) == num
)
2855 switch (conn
->type
) {
2857 cnt
= hdev
->acl_cnt
;
2861 cnt
= hdev
->sco_cnt
;
2864 cnt
= hdev
->le_mtu
? hdev
->le_cnt
: hdev
->acl_cnt
;
2868 BT_ERR("Unknown link type");
2876 BT_DBG("conn %p quote %d", conn
, *quote
);
2880 static void hci_link_tx_to(struct hci_dev
*hdev
, __u8 type
)
2882 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2885 BT_ERR("%s link tx timeout", hdev
->name
);
2889 /* Kill stalled connections */
2890 list_for_each_entry_rcu(c
, &h
->list
, list
) {
2891 if (c
->type
== type
&& c
->sent
) {
2892 BT_ERR("%s killing stalled connection %pMR",
2893 hdev
->name
, &c
->dst
);
2894 hci_disconnect(c
, HCI_ERROR_REMOTE_USER_TERM
);
2901 static struct hci_chan
*hci_chan_sent(struct hci_dev
*hdev
, __u8 type
,
2904 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2905 struct hci_chan
*chan
= NULL
;
2906 unsigned int num
= 0, min
= ~0, cur_prio
= 0;
2907 struct hci_conn
*conn
;
2908 int cnt
, q
, conn_num
= 0;
2910 BT_DBG("%s", hdev
->name
);
2914 list_for_each_entry_rcu(conn
, &h
->list
, list
) {
2915 struct hci_chan
*tmp
;
2917 if (conn
->type
!= type
)
2920 if (conn
->state
!= BT_CONNECTED
&& conn
->state
!= BT_CONFIG
)
2925 list_for_each_entry_rcu(tmp
, &conn
->chan_list
, list
) {
2926 struct sk_buff
*skb
;
2928 if (skb_queue_empty(&tmp
->data_q
))
2931 skb
= skb_peek(&tmp
->data_q
);
2932 if (skb
->priority
< cur_prio
)
2935 if (skb
->priority
> cur_prio
) {
2938 cur_prio
= skb
->priority
;
2943 if (conn
->sent
< min
) {
2949 if (hci_conn_num(hdev
, type
) == conn_num
)
2958 switch (chan
->conn
->type
) {
2960 cnt
= hdev
->acl_cnt
;
2963 cnt
= hdev
->block_cnt
;
2967 cnt
= hdev
->sco_cnt
;
2970 cnt
= hdev
->le_mtu
? hdev
->le_cnt
: hdev
->acl_cnt
;
2974 BT_ERR("Unknown link type");
2979 BT_DBG("chan %p quote %d", chan
, *quote
);
2983 static void hci_prio_recalculate(struct hci_dev
*hdev
, __u8 type
)
2985 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2986 struct hci_conn
*conn
;
2989 BT_DBG("%s", hdev
->name
);
2993 list_for_each_entry_rcu(conn
, &h
->list
, list
) {
2994 struct hci_chan
*chan
;
2996 if (conn
->type
!= type
)
2999 if (conn
->state
!= BT_CONNECTED
&& conn
->state
!= BT_CONFIG
)
3004 list_for_each_entry_rcu(chan
, &conn
->chan_list
, list
) {
3005 struct sk_buff
*skb
;
3012 if (skb_queue_empty(&chan
->data_q
))
3015 skb
= skb_peek(&chan
->data_q
);
3016 if (skb
->priority
>= HCI_PRIO_MAX
- 1)
3019 skb
->priority
= HCI_PRIO_MAX
- 1;
3021 BT_DBG("chan %p skb %p promoted to %d", chan
, skb
,
3025 if (hci_conn_num(hdev
, type
) == num
)
3033 static inline int __get_blocks(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3035 /* Calculate count of blocks used by this packet */
3036 return DIV_ROUND_UP(skb
->len
- HCI_ACL_HDR_SIZE
, hdev
->block_len
);
3039 static void __check_timeout(struct hci_dev
*hdev
, unsigned int cnt
)
3041 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
3042 /* ACL tx timeout must be longer than maximum
3043 * link supervision timeout (40.9 seconds) */
3044 if (!cnt
&& time_after(jiffies
, hdev
->acl_last_tx
+
3045 HCI_ACL_TX_TIMEOUT
))
3046 hci_link_tx_to(hdev
, ACL_LINK
);
3050 static void hci_sched_acl_pkt(struct hci_dev
*hdev
)
3052 unsigned int cnt
= hdev
->acl_cnt
;
3053 struct hci_chan
*chan
;
3054 struct sk_buff
*skb
;
3057 __check_timeout(hdev
, cnt
);
3059 while (hdev
->acl_cnt
&&
3060 (chan
= hci_chan_sent(hdev
, ACL_LINK
, "e
))) {
3061 u32 priority
= (skb_peek(&chan
->data_q
))->priority
;
3062 while (quote
-- && (skb
= skb_peek(&chan
->data_q
))) {
3063 BT_DBG("chan %p skb %p len %d priority %u", chan
, skb
,
3064 skb
->len
, skb
->priority
);
3066 /* Stop if priority has changed */
3067 if (skb
->priority
< priority
)
3070 skb
= skb_dequeue(&chan
->data_q
);
3072 hci_conn_enter_active_mode(chan
->conn
,
3073 bt_cb(skb
)->force_active
);
3075 hci_send_frame(skb
);
3076 hdev
->acl_last_tx
= jiffies
;
3084 if (cnt
!= hdev
->acl_cnt
)
3085 hci_prio_recalculate(hdev
, ACL_LINK
);
3088 static void hci_sched_acl_blk(struct hci_dev
*hdev
)
3090 unsigned int cnt
= hdev
->block_cnt
;
3091 struct hci_chan
*chan
;
3092 struct sk_buff
*skb
;
3096 __check_timeout(hdev
, cnt
);
3098 BT_DBG("%s", hdev
->name
);
3100 if (hdev
->dev_type
== HCI_AMP
)
3105 while (hdev
->block_cnt
> 0 &&
3106 (chan
= hci_chan_sent(hdev
, type
, "e
))) {
3107 u32 priority
= (skb_peek(&chan
->data_q
))->priority
;
3108 while (quote
> 0 && (skb
= skb_peek(&chan
->data_q
))) {
3111 BT_DBG("chan %p skb %p len %d priority %u", chan
, skb
,
3112 skb
->len
, skb
->priority
);
3114 /* Stop if priority has changed */
3115 if (skb
->priority
< priority
)
3118 skb
= skb_dequeue(&chan
->data_q
);
3120 blocks
= __get_blocks(hdev
, skb
);
3121 if (blocks
> hdev
->block_cnt
)
3124 hci_conn_enter_active_mode(chan
->conn
,
3125 bt_cb(skb
)->force_active
);
3127 hci_send_frame(skb
);
3128 hdev
->acl_last_tx
= jiffies
;
3130 hdev
->block_cnt
-= blocks
;
3133 chan
->sent
+= blocks
;
3134 chan
->conn
->sent
+= blocks
;
3138 if (cnt
!= hdev
->block_cnt
)
3139 hci_prio_recalculate(hdev
, type
);
3142 static void hci_sched_acl(struct hci_dev
*hdev
)
3144 BT_DBG("%s", hdev
->name
);
3146 /* No ACL link over BR/EDR controller */
3147 if (!hci_conn_num(hdev
, ACL_LINK
) && hdev
->dev_type
== HCI_BREDR
)
3150 /* No AMP link over AMP controller */
3151 if (!hci_conn_num(hdev
, AMP_LINK
) && hdev
->dev_type
== HCI_AMP
)
3154 switch (hdev
->flow_ctl_mode
) {
3155 case HCI_FLOW_CTL_MODE_PACKET_BASED
:
3156 hci_sched_acl_pkt(hdev
);
3159 case HCI_FLOW_CTL_MODE_BLOCK_BASED
:
3160 hci_sched_acl_blk(hdev
);
3166 static void hci_sched_sco(struct hci_dev
*hdev
)
3168 struct hci_conn
*conn
;
3169 struct sk_buff
*skb
;
3172 BT_DBG("%s", hdev
->name
);
3174 if (!hci_conn_num(hdev
, SCO_LINK
))
3177 while (hdev
->sco_cnt
&& (conn
= hci_low_sent(hdev
, SCO_LINK
, "e
))) {
3178 while (quote
-- && (skb
= skb_dequeue(&conn
->data_q
))) {
3179 BT_DBG("skb %p len %d", skb
, skb
->len
);
3180 hci_send_frame(skb
);
3183 if (conn
->sent
== ~0)
3189 static void hci_sched_esco(struct hci_dev
*hdev
)
3191 struct hci_conn
*conn
;
3192 struct sk_buff
*skb
;
3195 BT_DBG("%s", hdev
->name
);
3197 if (!hci_conn_num(hdev
, ESCO_LINK
))
3200 while (hdev
->sco_cnt
&& (conn
= hci_low_sent(hdev
, ESCO_LINK
,
3202 while (quote
-- && (skb
= skb_dequeue(&conn
->data_q
))) {
3203 BT_DBG("skb %p len %d", skb
, skb
->len
);
3204 hci_send_frame(skb
);
3207 if (conn
->sent
== ~0)
3213 static void hci_sched_le(struct hci_dev
*hdev
)
3215 struct hci_chan
*chan
;
3216 struct sk_buff
*skb
;
3217 int quote
, cnt
, tmp
;
3219 BT_DBG("%s", hdev
->name
);
3221 if (!hci_conn_num(hdev
, LE_LINK
))
3224 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
3225 /* LE tx timeout must be longer than maximum
3226 * link supervision timeout (40.9 seconds) */
3227 if (!hdev
->le_cnt
&& hdev
->le_pkts
&&
3228 time_after(jiffies
, hdev
->le_last_tx
+ HZ
* 45))
3229 hci_link_tx_to(hdev
, LE_LINK
);
3232 cnt
= hdev
->le_pkts
? hdev
->le_cnt
: hdev
->acl_cnt
;
3234 while (cnt
&& (chan
= hci_chan_sent(hdev
, LE_LINK
, "e
))) {
3235 u32 priority
= (skb_peek(&chan
->data_q
))->priority
;
3236 while (quote
-- && (skb
= skb_peek(&chan
->data_q
))) {
3237 BT_DBG("chan %p skb %p len %d priority %u", chan
, skb
,
3238 skb
->len
, skb
->priority
);
3240 /* Stop if priority has changed */
3241 if (skb
->priority
< priority
)
3244 skb
= skb_dequeue(&chan
->data_q
);
3246 hci_send_frame(skb
);
3247 hdev
->le_last_tx
= jiffies
;
3258 hdev
->acl_cnt
= cnt
;
3261 hci_prio_recalculate(hdev
, LE_LINK
);
3264 static void hci_tx_work(struct work_struct
*work
)
3266 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, tx_work
);
3267 struct sk_buff
*skb
;
3269 BT_DBG("%s acl %d sco %d le %d", hdev
->name
, hdev
->acl_cnt
,
3270 hdev
->sco_cnt
, hdev
->le_cnt
);
3272 /* Schedule queues and send stuff to HCI driver */
3274 hci_sched_acl(hdev
);
3276 hci_sched_sco(hdev
);
3278 hci_sched_esco(hdev
);
3282 /* Send next queued raw (unknown type) packet */
3283 while ((skb
= skb_dequeue(&hdev
->raw_q
)))
3284 hci_send_frame(skb
);
3287 /* ----- HCI RX task (incoming data processing) ----- */
3289 /* ACL data packet */
3290 static void hci_acldata_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3292 struct hci_acl_hdr
*hdr
= (void *) skb
->data
;
3293 struct hci_conn
*conn
;
3294 __u16 handle
, flags
;
3296 skb_pull(skb
, HCI_ACL_HDR_SIZE
);
3298 handle
= __le16_to_cpu(hdr
->handle
);
3299 flags
= hci_flags(handle
);
3300 handle
= hci_handle(handle
);
3302 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev
->name
, skb
->len
,
3305 hdev
->stat
.acl_rx
++;
3308 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
3309 hci_dev_unlock(hdev
);
3312 hci_conn_enter_active_mode(conn
, BT_POWER_FORCE_ACTIVE_OFF
);
3314 /* Send to upper protocol */
3315 l2cap_recv_acldata(conn
, skb
, flags
);
3318 BT_ERR("%s ACL packet for unknown connection handle %d",
3319 hdev
->name
, handle
);
3325 /* SCO data packet */
3326 static void hci_scodata_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
3328 struct hci_sco_hdr
*hdr
= (void *) skb
->data
;
3329 struct hci_conn
*conn
;
3332 skb_pull(skb
, HCI_SCO_HDR_SIZE
);
3334 handle
= __le16_to_cpu(hdr
->handle
);
3336 BT_DBG("%s len %d handle 0x%4.4x", hdev
->name
, skb
->len
, handle
);
3338 hdev
->stat
.sco_rx
++;
3341 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
3342 hci_dev_unlock(hdev
);
3345 /* Send to upper protocol */
3346 sco_recv_scodata(conn
, skb
);
3349 BT_ERR("%s SCO packet for unknown connection handle %d",
3350 hdev
->name
, handle
);
3356 static bool hci_req_is_complete(struct hci_dev
*hdev
)
3358 struct sk_buff
*skb
;
3360 skb
= skb_peek(&hdev
->cmd_q
);
3364 return bt_cb(skb
)->req
.start
;
3367 static void hci_resend_last(struct hci_dev
*hdev
)
3369 struct hci_command_hdr
*sent
;
3370 struct sk_buff
*skb
;
3373 if (!hdev
->sent_cmd
)
3376 sent
= (void *) hdev
->sent_cmd
->data
;
3377 opcode
= __le16_to_cpu(sent
->opcode
);
3378 if (opcode
== HCI_OP_RESET
)
3381 skb
= skb_clone(hdev
->sent_cmd
, GFP_KERNEL
);
3385 skb_queue_head(&hdev
->cmd_q
, skb
);
3386 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
3389 void hci_req_cmd_complete(struct hci_dev
*hdev
, u16 opcode
, u8 status
)
3391 hci_req_complete_t req_complete
= NULL
;
3392 struct sk_buff
*skb
;
3393 unsigned long flags
;
3395 BT_DBG("opcode 0x%04x status 0x%02x", opcode
, status
);
3397 /* If the completed command doesn't match the last one that was
3398 * sent we need to do special handling of it.
3400 if (!hci_sent_cmd_data(hdev
, opcode
)) {
3401 /* Some CSR based controllers generate a spontaneous
3402 * reset complete event during init and any pending
3403 * command will never be completed. In such a case we
3404 * need to resend whatever was the last sent
3407 if (test_bit(HCI_INIT
, &hdev
->flags
) && opcode
== HCI_OP_RESET
)
3408 hci_resend_last(hdev
);
3413 /* If the command succeeded and there's still more commands in
3414 * this request the request is not yet complete.
3416 if (!status
&& !hci_req_is_complete(hdev
))
3419 /* If this was the last command in a request the complete
3420 * callback would be found in hdev->sent_cmd instead of the
3421 * command queue (hdev->cmd_q).
3423 if (hdev
->sent_cmd
) {
3424 req_complete
= bt_cb(hdev
->sent_cmd
)->req
.complete
;
3429 /* Remove all pending commands belonging to this request */
3430 spin_lock_irqsave(&hdev
->cmd_q
.lock
, flags
);
3431 while ((skb
= __skb_dequeue(&hdev
->cmd_q
))) {
3432 if (bt_cb(skb
)->req
.start
) {
3433 __skb_queue_head(&hdev
->cmd_q
, skb
);
3437 req_complete
= bt_cb(skb
)->req
.complete
;
3440 spin_unlock_irqrestore(&hdev
->cmd_q
.lock
, flags
);
3444 req_complete(hdev
, status
);
3447 static void hci_rx_work(struct work_struct
*work
)
3449 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, rx_work
);
3450 struct sk_buff
*skb
;
3452 BT_DBG("%s", hdev
->name
);
3454 while ((skb
= skb_dequeue(&hdev
->rx_q
))) {
3455 /* Send copy to monitor */
3456 hci_send_to_monitor(hdev
, skb
);
3458 if (atomic_read(&hdev
->promisc
)) {
3459 /* Send copy to the sockets */
3460 hci_send_to_sock(hdev
, skb
);
3463 if (test_bit(HCI_RAW
, &hdev
->flags
)) {
3468 if (test_bit(HCI_INIT
, &hdev
->flags
)) {
3469 /* Don't process data packets in this states. */
3470 switch (bt_cb(skb
)->pkt_type
) {
3471 case HCI_ACLDATA_PKT
:
3472 case HCI_SCODATA_PKT
:
3479 switch (bt_cb(skb
)->pkt_type
) {
3481 BT_DBG("%s Event packet", hdev
->name
);
3482 hci_event_packet(hdev
, skb
);
3485 case HCI_ACLDATA_PKT
:
3486 BT_DBG("%s ACL data packet", hdev
->name
);
3487 hci_acldata_packet(hdev
, skb
);
3490 case HCI_SCODATA_PKT
:
3491 BT_DBG("%s SCO data packet", hdev
->name
);
3492 hci_scodata_packet(hdev
, skb
);
3502 static void hci_cmd_work(struct work_struct
*work
)
3504 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, cmd_work
);
3505 struct sk_buff
*skb
;
3507 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev
->name
,
3508 atomic_read(&hdev
->cmd_cnt
), skb_queue_len(&hdev
->cmd_q
));
3510 /* Send queued commands */
3511 if (atomic_read(&hdev
->cmd_cnt
)) {
3512 skb
= skb_dequeue(&hdev
->cmd_q
);
3516 kfree_skb(hdev
->sent_cmd
);
3518 hdev
->sent_cmd
= skb_clone(skb
, GFP_ATOMIC
);
3519 if (hdev
->sent_cmd
) {
3520 atomic_dec(&hdev
->cmd_cnt
);
3521 hci_send_frame(skb
);
3522 if (test_bit(HCI_RESET
, &hdev
->flags
))
3523 del_timer(&hdev
->cmd_timer
);
3525 mod_timer(&hdev
->cmd_timer
,
3526 jiffies
+ HCI_CMD_TIMEOUT
);
3528 skb_queue_head(&hdev
->cmd_q
, skb
);
3529 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
3534 int hci_do_inquiry(struct hci_dev
*hdev
, u8 length
)
3536 /* General inquiry access code (GIAC) */
3537 u8 lap
[3] = { 0x33, 0x8b, 0x9e };
3538 struct hci_cp_inquiry cp
;
3540 BT_DBG("%s", hdev
->name
);
3542 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
3543 return -EINPROGRESS
;
3545 inquiry_cache_flush(hdev
);
3547 memset(&cp
, 0, sizeof(cp
));
3548 memcpy(&cp
.lap
, lap
, sizeof(cp
.lap
));
3551 return hci_send_cmd(hdev
, HCI_OP_INQUIRY
, sizeof(cp
), &cp
);
3554 int hci_cancel_inquiry(struct hci_dev
*hdev
)
3556 BT_DBG("%s", hdev
->name
);
3558 if (!test_bit(HCI_INQUIRY
, &hdev
->flags
))
3561 return hci_send_cmd(hdev
, HCI_OP_INQUIRY_CANCEL
, 0, NULL
);
3564 u8
bdaddr_to_le(u8 bdaddr_type
)
3566 switch (bdaddr_type
) {
3567 case BDADDR_LE_PUBLIC
:
3568 return ADDR_LE_DEV_PUBLIC
;
3571 /* Fallback to LE Random address type */
3572 return ADDR_LE_DEV_RANDOM
;