2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/jiffies.h>
29 #include <linux/module.h>
30 #include <linux/kmod.h>
32 #include <linux/types.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/skbuff.h>
41 #include <linux/workqueue.h>
42 #include <linux/interrupt.h>
43 #include <linux/notifier.h>
44 #include <linux/rfkill.h>
45 #include <linux/timer.h>
46 #include <linux/crypto.h>
49 #include <asm/system.h>
50 #include <linux/uaccess.h>
51 #include <asm/unaligned.h>
53 #include <net/bluetooth/bluetooth.h>
54 #include <net/bluetooth/hci_core.h>
56 #define AUTO_OFF_TIMEOUT 2000
60 static void hci_rx_work(struct work_struct
*work
);
61 static void hci_cmd_work(struct work_struct
*work
);
62 static void hci_tx_work(struct work_struct
*work
);
65 LIST_HEAD(hci_dev_list
);
66 DEFINE_RWLOCK(hci_dev_list_lock
);
68 /* HCI callback list */
69 LIST_HEAD(hci_cb_list
);
70 DEFINE_RWLOCK(hci_cb_list_lock
);
72 /* HCI notifiers list */
73 static ATOMIC_NOTIFIER_HEAD(hci_notifier
);
75 /* ---- HCI notifications ---- */
77 int hci_register_notifier(struct notifier_block
*nb
)
79 return atomic_notifier_chain_register(&hci_notifier
, nb
);
82 int hci_unregister_notifier(struct notifier_block
*nb
)
84 return atomic_notifier_chain_unregister(&hci_notifier
, nb
);
87 static void hci_notify(struct hci_dev
*hdev
, int event
)
89 atomic_notifier_call_chain(&hci_notifier
, event
, hdev
);
92 /* ---- HCI requests ---- */
94 void hci_req_complete(struct hci_dev
*hdev
, __u16 cmd
, int result
)
96 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev
->name
, cmd
, result
);
98 /* If this is the init phase check if the completed command matches
99 * the last init command, and if not just return.
101 if (test_bit(HCI_INIT
, &hdev
->flags
) && hdev
->init_last_cmd
!= cmd
)
104 if (hdev
->req_status
== HCI_REQ_PEND
) {
105 hdev
->req_result
= result
;
106 hdev
->req_status
= HCI_REQ_DONE
;
107 wake_up_interruptible(&hdev
->req_wait_q
);
111 static void hci_req_cancel(struct hci_dev
*hdev
, int err
)
113 BT_DBG("%s err 0x%2.2x", hdev
->name
, err
);
115 if (hdev
->req_status
== HCI_REQ_PEND
) {
116 hdev
->req_result
= err
;
117 hdev
->req_status
= HCI_REQ_CANCELED
;
118 wake_up_interruptible(&hdev
->req_wait_q
);
122 /* Execute request and wait for completion. */
123 static int __hci_request(struct hci_dev
*hdev
, void (*req
)(struct hci_dev
*hdev
, unsigned long opt
),
124 unsigned long opt
, __u32 timeout
)
126 DECLARE_WAITQUEUE(wait
, current
);
129 BT_DBG("%s start", hdev
->name
);
131 hdev
->req_status
= HCI_REQ_PEND
;
133 add_wait_queue(&hdev
->req_wait_q
, &wait
);
134 set_current_state(TASK_INTERRUPTIBLE
);
137 schedule_timeout(timeout
);
139 remove_wait_queue(&hdev
->req_wait_q
, &wait
);
141 if (signal_pending(current
))
144 switch (hdev
->req_status
) {
146 err
= -bt_to_errno(hdev
->req_result
);
149 case HCI_REQ_CANCELED
:
150 err
= -hdev
->req_result
;
158 hdev
->req_status
= hdev
->req_result
= 0;
160 BT_DBG("%s end: err %d", hdev
->name
, err
);
165 static inline int hci_request(struct hci_dev
*hdev
, void (*req
)(struct hci_dev
*hdev
, unsigned long opt
),
166 unsigned long opt
, __u32 timeout
)
170 if (!test_bit(HCI_UP
, &hdev
->flags
))
173 /* Serialize all requests */
175 ret
= __hci_request(hdev
, req
, opt
, timeout
);
176 hci_req_unlock(hdev
);
181 static void hci_reset_req(struct hci_dev
*hdev
, unsigned long opt
)
183 BT_DBG("%s %ld", hdev
->name
, opt
);
186 set_bit(HCI_RESET
, &hdev
->flags
);
187 hci_send_cmd(hdev
, HCI_OP_RESET
, 0, NULL
);
190 static void bredr_init(struct hci_dev
*hdev
)
192 struct hci_cp_delete_stored_link_key cp
;
196 hdev
->flow_ctl_mode
= HCI_FLOW_CTL_MODE_PACKET_BASED
;
198 /* Mandatory initialization */
201 if (!test_bit(HCI_QUIRK_NO_RESET
, &hdev
->quirks
)) {
202 set_bit(HCI_RESET
, &hdev
->flags
);
203 hci_send_cmd(hdev
, HCI_OP_RESET
, 0, NULL
);
206 /* Read Local Supported Features */
207 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_FEATURES
, 0, NULL
);
209 /* Read Local Version */
210 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_VERSION
, 0, NULL
);
212 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
213 hci_send_cmd(hdev
, HCI_OP_READ_BUFFER_SIZE
, 0, NULL
);
215 /* Read BD Address */
216 hci_send_cmd(hdev
, HCI_OP_READ_BD_ADDR
, 0, NULL
);
218 /* Read Class of Device */
219 hci_send_cmd(hdev
, HCI_OP_READ_CLASS_OF_DEV
, 0, NULL
);
221 /* Read Local Name */
222 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_NAME
, 0, NULL
);
224 /* Read Voice Setting */
225 hci_send_cmd(hdev
, HCI_OP_READ_VOICE_SETTING
, 0, NULL
);
227 /* Optional initialization */
229 /* Clear Event Filters */
230 flt_type
= HCI_FLT_CLEAR_ALL
;
231 hci_send_cmd(hdev
, HCI_OP_SET_EVENT_FLT
, 1, &flt_type
);
233 /* Connection accept timeout ~20 secs */
234 param
= cpu_to_le16(0x7d00);
235 hci_send_cmd(hdev
, HCI_OP_WRITE_CA_TIMEOUT
, 2, ¶m
);
237 bacpy(&cp
.bdaddr
, BDADDR_ANY
);
239 hci_send_cmd(hdev
, HCI_OP_DELETE_STORED_LINK_KEY
, sizeof(cp
), &cp
);
242 static void amp_init(struct hci_dev
*hdev
)
244 hdev
->flow_ctl_mode
= HCI_FLOW_CTL_MODE_BLOCK_BASED
;
247 hci_send_cmd(hdev
, HCI_OP_RESET
, 0, NULL
);
249 /* Read Local Version */
250 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_VERSION
, 0, NULL
);
253 static void hci_init_req(struct hci_dev
*hdev
, unsigned long opt
)
257 BT_DBG("%s %ld", hdev
->name
, opt
);
259 /* Driver initialization */
261 /* Special commands */
262 while ((skb
= skb_dequeue(&hdev
->driver_init
))) {
263 bt_cb(skb
)->pkt_type
= HCI_COMMAND_PKT
;
264 skb
->dev
= (void *) hdev
;
266 skb_queue_tail(&hdev
->cmd_q
, skb
);
267 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
269 skb_queue_purge(&hdev
->driver_init
);
271 switch (hdev
->dev_type
) {
281 BT_ERR("Unknown device type %d", hdev
->dev_type
);
287 static void hci_le_init_req(struct hci_dev
*hdev
, unsigned long opt
)
289 BT_DBG("%s", hdev
->name
);
291 /* Read LE buffer size */
292 hci_send_cmd(hdev
, HCI_OP_LE_READ_BUFFER_SIZE
, 0, NULL
);
295 static void hci_scan_req(struct hci_dev
*hdev
, unsigned long opt
)
299 BT_DBG("%s %x", hdev
->name
, scan
);
301 /* Inquiry and Page scans */
302 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
305 static void hci_auth_req(struct hci_dev
*hdev
, unsigned long opt
)
309 BT_DBG("%s %x", hdev
->name
, auth
);
312 hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, 1, &auth
);
315 static void hci_encrypt_req(struct hci_dev
*hdev
, unsigned long opt
)
319 BT_DBG("%s %x", hdev
->name
, encrypt
);
322 hci_send_cmd(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
, 1, &encrypt
);
325 static void hci_linkpol_req(struct hci_dev
*hdev
, unsigned long opt
)
327 __le16 policy
= cpu_to_le16(opt
);
329 BT_DBG("%s %x", hdev
->name
, policy
);
331 /* Default link policy */
332 hci_send_cmd(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
, 2, &policy
);
335 /* Get HCI device by index.
336 * Device is held on return. */
337 struct hci_dev
*hci_dev_get(int index
)
339 struct hci_dev
*hdev
= NULL
, *d
;
346 read_lock(&hci_dev_list_lock
);
347 list_for_each_entry(d
, &hci_dev_list
, list
) {
348 if (d
->id
== index
) {
349 hdev
= hci_dev_hold(d
);
353 read_unlock(&hci_dev_list_lock
);
357 /* ---- Inquiry support ---- */
359 void hci_discovery_set_state(struct hci_dev
*hdev
, int state
)
361 BT_DBG("%s state %u -> %u", hdev
->name
, hdev
->discovery
.state
, state
);
363 if (hdev
->discovery
.state
== state
)
367 case DISCOVERY_STOPPED
:
368 mgmt_discovering(hdev
, 0);
370 case DISCOVERY_STARTING
:
372 case DISCOVERY_ACTIVE
:
373 mgmt_discovering(hdev
, 1);
375 case DISCOVERY_STOPPING
:
379 hdev
->discovery
.state
= state
;
382 static void inquiry_cache_flush(struct hci_dev
*hdev
)
384 struct discovery_state
*cache
= &hdev
->discovery
;
385 struct inquiry_entry
*p
, *n
;
387 list_for_each_entry_safe(p
, n
, &cache
->all
, all
) {
392 INIT_LIST_HEAD(&cache
->unknown
);
393 INIT_LIST_HEAD(&cache
->resolve
);
394 cache
->state
= DISCOVERY_STOPPED
;
397 struct inquiry_entry
*hci_inquiry_cache_lookup(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
399 struct discovery_state
*cache
= &hdev
->discovery
;
400 struct inquiry_entry
*e
;
402 BT_DBG("cache %p, %s", cache
, batostr(bdaddr
));
404 list_for_each_entry(e
, &cache
->all
, all
) {
405 if (!bacmp(&e
->data
.bdaddr
, bdaddr
))
412 struct inquiry_entry
*hci_inquiry_cache_lookup_unknown(struct hci_dev
*hdev
,
415 struct discovery_state
*cache
= &hdev
->discovery
;
416 struct inquiry_entry
*e
;
418 BT_DBG("cache %p, %s", cache
, batostr(bdaddr
));
420 list_for_each_entry(e
, &cache
->unknown
, list
) {
421 if (!bacmp(&e
->data
.bdaddr
, bdaddr
))
428 bool hci_inquiry_cache_update(struct hci_dev
*hdev
, struct inquiry_data
*data
,
431 struct discovery_state
*cache
= &hdev
->discovery
;
432 struct inquiry_entry
*ie
;
434 BT_DBG("cache %p, %s", cache
, batostr(&data
->bdaddr
));
436 ie
= hci_inquiry_cache_lookup(hdev
, &data
->bdaddr
);
440 /* Entry not in the cache. Add new one. */
441 ie
= kzalloc(sizeof(struct inquiry_entry
), GFP_ATOMIC
);
445 list_add(&ie
->all
, &cache
->all
);
448 ie
->name_state
= NAME_KNOWN
;
450 ie
->name_state
= NAME_NOT_KNOWN
;
451 list_add(&ie
->list
, &cache
->unknown
);
455 if (name_known
&& ie
->name_state
!= NAME_KNOWN
&&
456 ie
->name_state
!= NAME_PENDING
) {
457 ie
->name_state
= NAME_KNOWN
;
461 memcpy(&ie
->data
, data
, sizeof(*data
));
462 ie
->timestamp
= jiffies
;
463 cache
->timestamp
= jiffies
;
465 if (ie
->name_state
== NAME_NOT_KNOWN
)
471 static int inquiry_cache_dump(struct hci_dev
*hdev
, int num
, __u8
*buf
)
473 struct discovery_state
*cache
= &hdev
->discovery
;
474 struct inquiry_info
*info
= (struct inquiry_info
*) buf
;
475 struct inquiry_entry
*e
;
478 list_for_each_entry(e
, &cache
->all
, all
) {
479 struct inquiry_data
*data
= &e
->data
;
484 bacpy(&info
->bdaddr
, &data
->bdaddr
);
485 info
->pscan_rep_mode
= data
->pscan_rep_mode
;
486 info
->pscan_period_mode
= data
->pscan_period_mode
;
487 info
->pscan_mode
= data
->pscan_mode
;
488 memcpy(info
->dev_class
, data
->dev_class
, 3);
489 info
->clock_offset
= data
->clock_offset
;
495 BT_DBG("cache %p, copied %d", cache
, copied
);
499 static void hci_inq_req(struct hci_dev
*hdev
, unsigned long opt
)
501 struct hci_inquiry_req
*ir
= (struct hci_inquiry_req
*) opt
;
502 struct hci_cp_inquiry cp
;
504 BT_DBG("%s", hdev
->name
);
506 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
510 memcpy(&cp
.lap
, &ir
->lap
, 3);
511 cp
.length
= ir
->length
;
512 cp
.num_rsp
= ir
->num_rsp
;
513 hci_send_cmd(hdev
, HCI_OP_INQUIRY
, sizeof(cp
), &cp
);
516 int hci_inquiry(void __user
*arg
)
518 __u8 __user
*ptr
= arg
;
519 struct hci_inquiry_req ir
;
520 struct hci_dev
*hdev
;
521 int err
= 0, do_inquiry
= 0, max_rsp
;
525 if (copy_from_user(&ir
, ptr
, sizeof(ir
)))
528 hdev
= hci_dev_get(ir
.dev_id
);
533 if (inquiry_cache_age(hdev
) > INQUIRY_CACHE_AGE_MAX
||
534 inquiry_cache_empty(hdev
) ||
535 ir
.flags
& IREQ_CACHE_FLUSH
) {
536 inquiry_cache_flush(hdev
);
539 hci_dev_unlock(hdev
);
541 timeo
= ir
.length
* msecs_to_jiffies(2000);
544 err
= hci_request(hdev
, hci_inq_req
, (unsigned long)&ir
, timeo
);
549 /* for unlimited number of responses we will use buffer with 255 entries */
550 max_rsp
= (ir
.num_rsp
== 0) ? 255 : ir
.num_rsp
;
552 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
553 * copy it to the user space.
555 buf
= kmalloc(sizeof(struct inquiry_info
) * max_rsp
, GFP_KERNEL
);
562 ir
.num_rsp
= inquiry_cache_dump(hdev
, max_rsp
, buf
);
563 hci_dev_unlock(hdev
);
565 BT_DBG("num_rsp %d", ir
.num_rsp
);
567 if (!copy_to_user(ptr
, &ir
, sizeof(ir
))) {
569 if (copy_to_user(ptr
, buf
, sizeof(struct inquiry_info
) *
582 /* ---- HCI ioctl helpers ---- */
584 int hci_dev_open(__u16 dev
)
586 struct hci_dev
*hdev
;
589 hdev
= hci_dev_get(dev
);
593 BT_DBG("%s %p", hdev
->name
, hdev
);
597 if (hdev
->rfkill
&& rfkill_blocked(hdev
->rfkill
)) {
602 if (test_bit(HCI_UP
, &hdev
->flags
)) {
607 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
))
608 set_bit(HCI_RAW
, &hdev
->flags
);
610 /* Treat all non BR/EDR controllers as raw devices if
611 enable_hs is not set */
612 if (hdev
->dev_type
!= HCI_BREDR
&& !enable_hs
)
613 set_bit(HCI_RAW
, &hdev
->flags
);
615 if (hdev
->open(hdev
)) {
620 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
621 atomic_set(&hdev
->cmd_cnt
, 1);
622 set_bit(HCI_INIT
, &hdev
->flags
);
623 hdev
->init_last_cmd
= 0;
625 ret
= __hci_request(hdev
, hci_init_req
, 0,
626 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
628 if (lmp_host_le_capable(hdev
))
629 ret
= __hci_request(hdev
, hci_le_init_req
, 0,
630 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
632 clear_bit(HCI_INIT
, &hdev
->flags
);
637 set_bit(HCI_UP
, &hdev
->flags
);
638 hci_notify(hdev
, HCI_DEV_UP
);
639 if (!test_bit(HCI_SETUP
, &hdev
->flags
)) {
641 mgmt_powered(hdev
, 1);
642 hci_dev_unlock(hdev
);
645 /* Init failed, cleanup */
646 flush_work(&hdev
->tx_work
);
647 flush_work(&hdev
->cmd_work
);
648 flush_work(&hdev
->rx_work
);
650 skb_queue_purge(&hdev
->cmd_q
);
651 skb_queue_purge(&hdev
->rx_q
);
656 if (hdev
->sent_cmd
) {
657 kfree_skb(hdev
->sent_cmd
);
658 hdev
->sent_cmd
= NULL
;
666 hci_req_unlock(hdev
);
671 static int hci_dev_do_close(struct hci_dev
*hdev
)
673 BT_DBG("%s %p", hdev
->name
, hdev
);
675 hci_req_cancel(hdev
, ENODEV
);
678 if (!test_and_clear_bit(HCI_UP
, &hdev
->flags
)) {
679 del_timer_sync(&hdev
->cmd_timer
);
680 hci_req_unlock(hdev
);
684 /* Flush RX and TX works */
685 flush_work(&hdev
->tx_work
);
686 flush_work(&hdev
->rx_work
);
688 if (hdev
->discov_timeout
> 0) {
689 cancel_delayed_work(&hdev
->discov_off
);
690 hdev
->discov_timeout
= 0;
693 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->flags
))
694 cancel_delayed_work(&hdev
->power_off
);
696 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->flags
))
697 cancel_delayed_work(&hdev
->service_cache
);
700 inquiry_cache_flush(hdev
);
701 hci_conn_hash_flush(hdev
);
702 hci_dev_unlock(hdev
);
704 hci_notify(hdev
, HCI_DEV_DOWN
);
710 skb_queue_purge(&hdev
->cmd_q
);
711 atomic_set(&hdev
->cmd_cnt
, 1);
712 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
713 set_bit(HCI_INIT
, &hdev
->flags
);
714 __hci_request(hdev
, hci_reset_req
, 0,
715 msecs_to_jiffies(250));
716 clear_bit(HCI_INIT
, &hdev
->flags
);
720 flush_work(&hdev
->cmd_work
);
723 skb_queue_purge(&hdev
->rx_q
);
724 skb_queue_purge(&hdev
->cmd_q
);
725 skb_queue_purge(&hdev
->raw_q
);
727 /* Drop last sent command */
728 if (hdev
->sent_cmd
) {
729 del_timer_sync(&hdev
->cmd_timer
);
730 kfree_skb(hdev
->sent_cmd
);
731 hdev
->sent_cmd
= NULL
;
734 /* After this point our queues are empty
735 * and no tasks are scheduled. */
739 mgmt_powered(hdev
, 0);
740 hci_dev_unlock(hdev
);
745 hci_req_unlock(hdev
);
751 int hci_dev_close(__u16 dev
)
753 struct hci_dev
*hdev
;
756 hdev
= hci_dev_get(dev
);
759 err
= hci_dev_do_close(hdev
);
764 int hci_dev_reset(__u16 dev
)
766 struct hci_dev
*hdev
;
769 hdev
= hci_dev_get(dev
);
775 if (!test_bit(HCI_UP
, &hdev
->flags
))
779 skb_queue_purge(&hdev
->rx_q
);
780 skb_queue_purge(&hdev
->cmd_q
);
783 inquiry_cache_flush(hdev
);
784 hci_conn_hash_flush(hdev
);
785 hci_dev_unlock(hdev
);
790 atomic_set(&hdev
->cmd_cnt
, 1);
791 hdev
->acl_cnt
= 0; hdev
->sco_cnt
= 0; hdev
->le_cnt
= 0;
793 if (!test_bit(HCI_RAW
, &hdev
->flags
))
794 ret
= __hci_request(hdev
, hci_reset_req
, 0,
795 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
798 hci_req_unlock(hdev
);
803 int hci_dev_reset_stat(__u16 dev
)
805 struct hci_dev
*hdev
;
808 hdev
= hci_dev_get(dev
);
812 memset(&hdev
->stat
, 0, sizeof(struct hci_dev_stats
));
819 int hci_dev_cmd(unsigned int cmd
, void __user
*arg
)
821 struct hci_dev
*hdev
;
822 struct hci_dev_req dr
;
825 if (copy_from_user(&dr
, arg
, sizeof(dr
)))
828 hdev
= hci_dev_get(dr
.dev_id
);
834 err
= hci_request(hdev
, hci_auth_req
, dr
.dev_opt
,
835 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
839 if (!lmp_encrypt_capable(hdev
)) {
844 if (!test_bit(HCI_AUTH
, &hdev
->flags
)) {
845 /* Auth must be enabled first */
846 err
= hci_request(hdev
, hci_auth_req
, dr
.dev_opt
,
847 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
852 err
= hci_request(hdev
, hci_encrypt_req
, dr
.dev_opt
,
853 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
857 err
= hci_request(hdev
, hci_scan_req
, dr
.dev_opt
,
858 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
862 err
= hci_request(hdev
, hci_linkpol_req
, dr
.dev_opt
,
863 msecs_to_jiffies(HCI_INIT_TIMEOUT
));
867 hdev
->link_mode
= ((__u16
) dr
.dev_opt
) &
868 (HCI_LM_MASTER
| HCI_LM_ACCEPT
);
872 hdev
->pkt_type
= (__u16
) dr
.dev_opt
;
876 hdev
->acl_mtu
= *((__u16
*) &dr
.dev_opt
+ 1);
877 hdev
->acl_pkts
= *((__u16
*) &dr
.dev_opt
+ 0);
881 hdev
->sco_mtu
= *((__u16
*) &dr
.dev_opt
+ 1);
882 hdev
->sco_pkts
= *((__u16
*) &dr
.dev_opt
+ 0);
894 int hci_get_dev_list(void __user
*arg
)
896 struct hci_dev
*hdev
;
897 struct hci_dev_list_req
*dl
;
898 struct hci_dev_req
*dr
;
899 int n
= 0, size
, err
;
902 if (get_user(dev_num
, (__u16 __user
*) arg
))
905 if (!dev_num
|| dev_num
> (PAGE_SIZE
* 2) / sizeof(*dr
))
908 size
= sizeof(*dl
) + dev_num
* sizeof(*dr
);
910 dl
= kzalloc(size
, GFP_KERNEL
);
916 read_lock(&hci_dev_list_lock
);
917 list_for_each_entry(hdev
, &hci_dev_list
, list
) {
918 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->flags
))
919 cancel_delayed_work(&hdev
->power_off
);
921 if (!test_bit(HCI_MGMT
, &hdev
->flags
))
922 set_bit(HCI_PAIRABLE
, &hdev
->flags
);
924 (dr
+ n
)->dev_id
= hdev
->id
;
925 (dr
+ n
)->dev_opt
= hdev
->flags
;
930 read_unlock(&hci_dev_list_lock
);
933 size
= sizeof(*dl
) + n
* sizeof(*dr
);
935 err
= copy_to_user(arg
, dl
, size
);
938 return err
? -EFAULT
: 0;
941 int hci_get_dev_info(void __user
*arg
)
943 struct hci_dev
*hdev
;
944 struct hci_dev_info di
;
947 if (copy_from_user(&di
, arg
, sizeof(di
)))
950 hdev
= hci_dev_get(di
.dev_id
);
954 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->flags
))
955 cancel_delayed_work_sync(&hdev
->power_off
);
957 if (!test_bit(HCI_MGMT
, &hdev
->flags
))
958 set_bit(HCI_PAIRABLE
, &hdev
->flags
);
960 strcpy(di
.name
, hdev
->name
);
961 di
.bdaddr
= hdev
->bdaddr
;
962 di
.type
= (hdev
->bus
& 0x0f) | (hdev
->dev_type
<< 4);
963 di
.flags
= hdev
->flags
;
964 di
.pkt_type
= hdev
->pkt_type
;
965 di
.acl_mtu
= hdev
->acl_mtu
;
966 di
.acl_pkts
= hdev
->acl_pkts
;
967 di
.sco_mtu
= hdev
->sco_mtu
;
968 di
.sco_pkts
= hdev
->sco_pkts
;
969 di
.link_policy
= hdev
->link_policy
;
970 di
.link_mode
= hdev
->link_mode
;
972 memcpy(&di
.stat
, &hdev
->stat
, sizeof(di
.stat
));
973 memcpy(&di
.features
, &hdev
->features
, sizeof(di
.features
));
975 if (copy_to_user(arg
, &di
, sizeof(di
)))
983 /* ---- Interface to HCI drivers ---- */
985 static int hci_rfkill_set_block(void *data
, bool blocked
)
987 struct hci_dev
*hdev
= data
;
989 BT_DBG("%p name %s blocked %d", hdev
, hdev
->name
, blocked
);
994 hci_dev_do_close(hdev
);
999 static const struct rfkill_ops hci_rfkill_ops
= {
1000 .set_block
= hci_rfkill_set_block
,
1003 /* Alloc HCI device */
1004 struct hci_dev
*hci_alloc_dev(void)
1006 struct hci_dev
*hdev
;
1008 hdev
= kzalloc(sizeof(struct hci_dev
), GFP_KERNEL
);
1012 hci_init_sysfs(hdev
);
1013 skb_queue_head_init(&hdev
->driver_init
);
1017 EXPORT_SYMBOL(hci_alloc_dev
);
1019 /* Free HCI device */
1020 void hci_free_dev(struct hci_dev
*hdev
)
1022 skb_queue_purge(&hdev
->driver_init
);
1024 /* will free via device release */
1025 put_device(&hdev
->dev
);
1027 EXPORT_SYMBOL(hci_free_dev
);
1029 static void hci_power_on(struct work_struct
*work
)
1031 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, power_on
);
1033 BT_DBG("%s", hdev
->name
);
1035 if (hci_dev_open(hdev
->id
) < 0)
1038 if (test_bit(HCI_AUTO_OFF
, &hdev
->flags
))
1039 schedule_delayed_work(&hdev
->power_off
,
1040 msecs_to_jiffies(AUTO_OFF_TIMEOUT
));
1042 if (test_and_clear_bit(HCI_SETUP
, &hdev
->flags
))
1043 mgmt_index_added(hdev
);
1046 static void hci_power_off(struct work_struct
*work
)
1048 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
1051 BT_DBG("%s", hdev
->name
);
1053 clear_bit(HCI_AUTO_OFF
, &hdev
->flags
);
1055 hci_dev_close(hdev
->id
);
1058 static void hci_discov_off(struct work_struct
*work
)
1060 struct hci_dev
*hdev
;
1061 u8 scan
= SCAN_PAGE
;
1063 hdev
= container_of(work
, struct hci_dev
, discov_off
.work
);
1065 BT_DBG("%s", hdev
->name
);
1069 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, sizeof(scan
), &scan
);
1071 hdev
->discov_timeout
= 0;
1073 hci_dev_unlock(hdev
);
1076 int hci_uuids_clear(struct hci_dev
*hdev
)
1078 struct list_head
*p
, *n
;
1080 list_for_each_safe(p
, n
, &hdev
->uuids
) {
1081 struct bt_uuid
*uuid
;
1083 uuid
= list_entry(p
, struct bt_uuid
, list
);
1092 int hci_link_keys_clear(struct hci_dev
*hdev
)
1094 struct list_head
*p
, *n
;
1096 list_for_each_safe(p
, n
, &hdev
->link_keys
) {
1097 struct link_key
*key
;
1099 key
= list_entry(p
, struct link_key
, list
);
1108 struct link_key
*hci_find_link_key(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1112 list_for_each_entry(k
, &hdev
->link_keys
, list
)
1113 if (bacmp(bdaddr
, &k
->bdaddr
) == 0)
1119 static int hci_persistent_key(struct hci_dev
*hdev
, struct hci_conn
*conn
,
1120 u8 key_type
, u8 old_key_type
)
1123 if (key_type
< 0x03)
1126 /* Debug keys are insecure so don't store them persistently */
1127 if (key_type
== HCI_LK_DEBUG_COMBINATION
)
1130 /* Changed combination key and there's no previous one */
1131 if (key_type
== HCI_LK_CHANGED_COMBINATION
&& old_key_type
== 0xff)
1134 /* Security mode 3 case */
1138 /* Neither local nor remote side had no-bonding as requirement */
1139 if (conn
->auth_type
> 0x01 && conn
->remote_auth
> 0x01)
1142 /* Local side had dedicated bonding as requirement */
1143 if (conn
->auth_type
== 0x02 || conn
->auth_type
== 0x03)
1146 /* Remote side had dedicated bonding as requirement */
1147 if (conn
->remote_auth
== 0x02 || conn
->remote_auth
== 0x03)
1150 /* If none of the above criteria match, then don't store the key
1155 struct link_key
*hci_find_ltk(struct hci_dev
*hdev
, __le16 ediv
, u8 rand
[8])
1159 list_for_each_entry(k
, &hdev
->link_keys
, list
) {
1160 struct key_master_id
*id
;
1162 if (k
->type
!= HCI_LK_SMP_LTK
)
1165 if (k
->dlen
!= sizeof(*id
))
1168 id
= (void *) &k
->data
;
1169 if (id
->ediv
== ediv
&&
1170 (memcmp(rand
, id
->rand
, sizeof(id
->rand
)) == 0))
1176 EXPORT_SYMBOL(hci_find_ltk
);
1178 struct link_key
*hci_find_link_key_type(struct hci_dev
*hdev
,
1179 bdaddr_t
*bdaddr
, u8 type
)
1183 list_for_each_entry(k
, &hdev
->link_keys
, list
)
1184 if (k
->type
== type
&& bacmp(bdaddr
, &k
->bdaddr
) == 0)
1189 EXPORT_SYMBOL(hci_find_link_key_type
);
1191 int hci_add_link_key(struct hci_dev
*hdev
, struct hci_conn
*conn
, int new_key
,
1192 bdaddr_t
*bdaddr
, u8
*val
, u8 type
, u8 pin_len
)
1194 struct link_key
*key
, *old_key
;
1195 u8 old_key_type
, persistent
;
1197 old_key
= hci_find_link_key(hdev
, bdaddr
);
1199 old_key_type
= old_key
->type
;
1202 old_key_type
= conn
? conn
->key_type
: 0xff;
1203 key
= kzalloc(sizeof(*key
), GFP_ATOMIC
);
1206 list_add(&key
->list
, &hdev
->link_keys
);
1209 BT_DBG("%s key for %s type %u", hdev
->name
, batostr(bdaddr
), type
);
1211 /* Some buggy controller combinations generate a changed
1212 * combination key for legacy pairing even when there's no
1214 if (type
== HCI_LK_CHANGED_COMBINATION
&&
1215 (!conn
|| conn
->remote_auth
== 0xff) &&
1216 old_key_type
== 0xff) {
1217 type
= HCI_LK_COMBINATION
;
1219 conn
->key_type
= type
;
1222 bacpy(&key
->bdaddr
, bdaddr
);
1223 memcpy(key
->val
, val
, 16);
1224 key
->pin_len
= pin_len
;
1226 if (type
== HCI_LK_CHANGED_COMBINATION
)
1227 key
->type
= old_key_type
;
1234 persistent
= hci_persistent_key(hdev
, conn
, type
, old_key_type
);
1236 mgmt_new_link_key(hdev
, key
, persistent
);
1239 list_del(&key
->list
);
1246 int hci_add_ltk(struct hci_dev
*hdev
, int new_key
, bdaddr_t
*bdaddr
,
1247 u8 key_size
, __le16 ediv
, u8 rand
[8], u8 ltk
[16])
1249 struct link_key
*key
, *old_key
;
1250 struct key_master_id
*id
;
1253 BT_DBG("%s addr %s", hdev
->name
, batostr(bdaddr
));
1255 old_key
= hci_find_link_key_type(hdev
, bdaddr
, HCI_LK_SMP_LTK
);
1258 old_key_type
= old_key
->type
;
1260 key
= kzalloc(sizeof(*key
) + sizeof(*id
), GFP_ATOMIC
);
1263 list_add(&key
->list
, &hdev
->link_keys
);
1264 old_key_type
= 0xff;
1267 key
->dlen
= sizeof(*id
);
1269 bacpy(&key
->bdaddr
, bdaddr
);
1270 memcpy(key
->val
, ltk
, sizeof(key
->val
));
1271 key
->type
= HCI_LK_SMP_LTK
;
1272 key
->pin_len
= key_size
;
1274 id
= (void *) &key
->data
;
1276 memcpy(id
->rand
, rand
, sizeof(id
->rand
));
1279 mgmt_new_link_key(hdev
, key
, old_key_type
);
1284 int hci_remove_link_key(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1286 struct link_key
*key
;
1288 key
= hci_find_link_key(hdev
, bdaddr
);
1292 BT_DBG("%s removing %s", hdev
->name
, batostr(bdaddr
));
1294 list_del(&key
->list
);
1300 /* HCI command timer function */
1301 static void hci_cmd_timer(unsigned long arg
)
1303 struct hci_dev
*hdev
= (void *) arg
;
1305 BT_ERR("%s command tx timeout", hdev
->name
);
1306 atomic_set(&hdev
->cmd_cnt
, 1);
1307 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
1310 struct oob_data
*hci_find_remote_oob_data(struct hci_dev
*hdev
,
1313 struct oob_data
*data
;
1315 list_for_each_entry(data
, &hdev
->remote_oob_data
, list
)
1316 if (bacmp(bdaddr
, &data
->bdaddr
) == 0)
1322 int hci_remove_remote_oob_data(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1324 struct oob_data
*data
;
1326 data
= hci_find_remote_oob_data(hdev
, bdaddr
);
1330 BT_DBG("%s removing %s", hdev
->name
, batostr(bdaddr
));
1332 list_del(&data
->list
);
1338 int hci_remote_oob_data_clear(struct hci_dev
*hdev
)
1340 struct oob_data
*data
, *n
;
1342 list_for_each_entry_safe(data
, n
, &hdev
->remote_oob_data
, list
) {
1343 list_del(&data
->list
);
1350 int hci_add_remote_oob_data(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8
*hash
,
1353 struct oob_data
*data
;
1355 data
= hci_find_remote_oob_data(hdev
, bdaddr
);
1358 data
= kmalloc(sizeof(*data
), GFP_ATOMIC
);
1362 bacpy(&data
->bdaddr
, bdaddr
);
1363 list_add(&data
->list
, &hdev
->remote_oob_data
);
1366 memcpy(data
->hash
, hash
, sizeof(data
->hash
));
1367 memcpy(data
->randomizer
, randomizer
, sizeof(data
->randomizer
));
1369 BT_DBG("%s for %s", hdev
->name
, batostr(bdaddr
));
1374 struct bdaddr_list
*hci_blacklist_lookup(struct hci_dev
*hdev
,
1377 struct bdaddr_list
*b
;
1379 list_for_each_entry(b
, &hdev
->blacklist
, list
)
1380 if (bacmp(bdaddr
, &b
->bdaddr
) == 0)
1386 int hci_blacklist_clear(struct hci_dev
*hdev
)
1388 struct list_head
*p
, *n
;
1390 list_for_each_safe(p
, n
, &hdev
->blacklist
) {
1391 struct bdaddr_list
*b
;
1393 b
= list_entry(p
, struct bdaddr_list
, list
);
1402 int hci_blacklist_add(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1404 struct bdaddr_list
*entry
;
1406 if (bacmp(bdaddr
, BDADDR_ANY
) == 0)
1409 if (hci_blacklist_lookup(hdev
, bdaddr
))
1412 entry
= kzalloc(sizeof(struct bdaddr_list
), GFP_KERNEL
);
1416 bacpy(&entry
->bdaddr
, bdaddr
);
1418 list_add(&entry
->list
, &hdev
->blacklist
);
1420 return mgmt_device_blocked(hdev
, bdaddr
);
1423 int hci_blacklist_del(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1425 struct bdaddr_list
*entry
;
1427 if (bacmp(bdaddr
, BDADDR_ANY
) == 0)
1428 return hci_blacklist_clear(hdev
);
1430 entry
= hci_blacklist_lookup(hdev
, bdaddr
);
1434 list_del(&entry
->list
);
1437 return mgmt_device_unblocked(hdev
, bdaddr
);
1440 static void hci_clear_adv_cache(struct work_struct
*work
)
1442 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
1447 hci_adv_entries_clear(hdev
);
1449 hci_dev_unlock(hdev
);
1452 int hci_adv_entries_clear(struct hci_dev
*hdev
)
1454 struct adv_entry
*entry
, *tmp
;
1456 list_for_each_entry_safe(entry
, tmp
, &hdev
->adv_entries
, list
) {
1457 list_del(&entry
->list
);
1461 BT_DBG("%s adv cache cleared", hdev
->name
);
1466 struct adv_entry
*hci_find_adv_entry(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
)
1468 struct adv_entry
*entry
;
1470 list_for_each_entry(entry
, &hdev
->adv_entries
, list
)
1471 if (bacmp(bdaddr
, &entry
->bdaddr
) == 0)
1477 static inline int is_connectable_adv(u8 evt_type
)
1479 if (evt_type
== ADV_IND
|| evt_type
== ADV_DIRECT_IND
)
1485 int hci_add_adv_entry(struct hci_dev
*hdev
,
1486 struct hci_ev_le_advertising_info
*ev
)
1488 struct adv_entry
*entry
;
1490 if (!is_connectable_adv(ev
->evt_type
))
1493 /* Only new entries should be added to adv_entries. So, if
1494 * bdaddr was found, don't add it. */
1495 if (hci_find_adv_entry(hdev
, &ev
->bdaddr
))
1498 entry
= kzalloc(sizeof(*entry
), GFP_ATOMIC
);
1502 bacpy(&entry
->bdaddr
, &ev
->bdaddr
);
1503 entry
->bdaddr_type
= ev
->bdaddr_type
;
1505 list_add(&entry
->list
, &hdev
->adv_entries
);
1507 BT_DBG("%s adv entry added: address %s type %u", hdev
->name
,
1508 batostr(&entry
->bdaddr
), entry
->bdaddr_type
);
1513 /* Register HCI device */
1514 int hci_register_dev(struct hci_dev
*hdev
)
1516 struct list_head
*head
= &hci_dev_list
, *p
;
1519 BT_DBG("%p name %s bus %d owner %p", hdev
, hdev
->name
,
1520 hdev
->bus
, hdev
->owner
);
1522 if (!hdev
->open
|| !hdev
->close
|| !hdev
->destruct
)
1525 /* Do not allow HCI_AMP devices to register at index 0,
1526 * so the index can be used as the AMP controller ID.
1528 id
= (hdev
->dev_type
== HCI_BREDR
) ? 0 : 1;
1530 write_lock(&hci_dev_list_lock
);
1532 /* Find first available device id */
1533 list_for_each(p
, &hci_dev_list
) {
1534 if (list_entry(p
, struct hci_dev
, list
)->id
!= id
)
1539 sprintf(hdev
->name
, "hci%d", id
);
1541 list_add_tail(&hdev
->list
, head
);
1543 atomic_set(&hdev
->refcnt
, 1);
1544 mutex_init(&hdev
->lock
);
1547 hdev
->dev_flags
= 0;
1548 hdev
->pkt_type
= (HCI_DM1
| HCI_DH1
| HCI_HV1
);
1549 hdev
->esco_type
= (ESCO_HV1
);
1550 hdev
->link_mode
= (HCI_LM_ACCEPT
);
1551 hdev
->io_capability
= 0x03; /* No Input No Output */
1553 hdev
->idle_timeout
= 0;
1554 hdev
->sniff_max_interval
= 800;
1555 hdev
->sniff_min_interval
= 80;
1557 INIT_WORK(&hdev
->rx_work
, hci_rx_work
);
1558 INIT_WORK(&hdev
->cmd_work
, hci_cmd_work
);
1559 INIT_WORK(&hdev
->tx_work
, hci_tx_work
);
1562 skb_queue_head_init(&hdev
->rx_q
);
1563 skb_queue_head_init(&hdev
->cmd_q
);
1564 skb_queue_head_init(&hdev
->raw_q
);
1566 setup_timer(&hdev
->cmd_timer
, hci_cmd_timer
, (unsigned long) hdev
);
1568 for (i
= 0; i
< NUM_REASSEMBLY
; i
++)
1569 hdev
->reassembly
[i
] = NULL
;
1571 init_waitqueue_head(&hdev
->req_wait_q
);
1572 mutex_init(&hdev
->req_lock
);
1574 discovery_init(hdev
);
1576 hci_conn_hash_init(hdev
);
1578 INIT_LIST_HEAD(&hdev
->mgmt_pending
);
1580 INIT_LIST_HEAD(&hdev
->blacklist
);
1582 INIT_LIST_HEAD(&hdev
->uuids
);
1584 INIT_LIST_HEAD(&hdev
->link_keys
);
1586 INIT_LIST_HEAD(&hdev
->remote_oob_data
);
1588 INIT_LIST_HEAD(&hdev
->adv_entries
);
1590 INIT_DELAYED_WORK(&hdev
->adv_work
, hci_clear_adv_cache
);
1591 INIT_WORK(&hdev
->power_on
, hci_power_on
);
1592 INIT_DELAYED_WORK(&hdev
->power_off
, hci_power_off
);
1594 INIT_DELAYED_WORK(&hdev
->discov_off
, hci_discov_off
);
1596 memset(&hdev
->stat
, 0, sizeof(struct hci_dev_stats
));
1598 atomic_set(&hdev
->promisc
, 0);
1600 write_unlock(&hci_dev_list_lock
);
1602 hdev
->workqueue
= alloc_workqueue(hdev
->name
, WQ_HIGHPRI
| WQ_UNBOUND
|
1604 if (!hdev
->workqueue
) {
1609 error
= hci_add_sysfs(hdev
);
1613 hdev
->rfkill
= rfkill_alloc(hdev
->name
, &hdev
->dev
,
1614 RFKILL_TYPE_BLUETOOTH
, &hci_rfkill_ops
, hdev
);
1616 if (rfkill_register(hdev
->rfkill
) < 0) {
1617 rfkill_destroy(hdev
->rfkill
);
1618 hdev
->rfkill
= NULL
;
1622 set_bit(HCI_AUTO_OFF
, &hdev
->flags
);
1623 set_bit(HCI_SETUP
, &hdev
->flags
);
1624 schedule_work(&hdev
->power_on
);
1626 hci_notify(hdev
, HCI_DEV_REG
);
1631 destroy_workqueue(hdev
->workqueue
);
1633 write_lock(&hci_dev_list_lock
);
1634 list_del(&hdev
->list
);
1635 write_unlock(&hci_dev_list_lock
);
1639 EXPORT_SYMBOL(hci_register_dev
);
1641 /* Unregister HCI device */
1642 void hci_unregister_dev(struct hci_dev
*hdev
)
1646 BT_DBG("%p name %s bus %d", hdev
, hdev
->name
, hdev
->bus
);
1648 write_lock(&hci_dev_list_lock
);
1649 list_del(&hdev
->list
);
1650 write_unlock(&hci_dev_list_lock
);
1652 hci_dev_do_close(hdev
);
1654 for (i
= 0; i
< NUM_REASSEMBLY
; i
++)
1655 kfree_skb(hdev
->reassembly
[i
]);
1657 if (!test_bit(HCI_INIT
, &hdev
->flags
) &&
1658 !test_bit(HCI_SETUP
, &hdev
->flags
)) {
1660 mgmt_index_removed(hdev
);
1661 hci_dev_unlock(hdev
);
1664 /* mgmt_index_removed should take care of emptying the
1666 BUG_ON(!list_empty(&hdev
->mgmt_pending
));
1668 hci_notify(hdev
, HCI_DEV_UNREG
);
1671 rfkill_unregister(hdev
->rfkill
);
1672 rfkill_destroy(hdev
->rfkill
);
1675 hci_del_sysfs(hdev
);
1677 cancel_delayed_work_sync(&hdev
->adv_work
);
1679 destroy_workqueue(hdev
->workqueue
);
1682 hci_blacklist_clear(hdev
);
1683 hci_uuids_clear(hdev
);
1684 hci_link_keys_clear(hdev
);
1685 hci_remote_oob_data_clear(hdev
);
1686 hci_adv_entries_clear(hdev
);
1687 hci_dev_unlock(hdev
);
1689 __hci_dev_put(hdev
);
1691 EXPORT_SYMBOL(hci_unregister_dev
);
1693 /* Suspend HCI device */
1694 int hci_suspend_dev(struct hci_dev
*hdev
)
1696 hci_notify(hdev
, HCI_DEV_SUSPEND
);
1699 EXPORT_SYMBOL(hci_suspend_dev
);
1701 /* Resume HCI device */
1702 int hci_resume_dev(struct hci_dev
*hdev
)
1704 hci_notify(hdev
, HCI_DEV_RESUME
);
1707 EXPORT_SYMBOL(hci_resume_dev
);
1709 /* Receive frame from HCI drivers */
1710 int hci_recv_frame(struct sk_buff
*skb
)
1712 struct hci_dev
*hdev
= (struct hci_dev
*) skb
->dev
;
1713 if (!hdev
|| (!test_bit(HCI_UP
, &hdev
->flags
)
1714 && !test_bit(HCI_INIT
, &hdev
->flags
))) {
1720 bt_cb(skb
)->incoming
= 1;
1723 __net_timestamp(skb
);
1725 skb_queue_tail(&hdev
->rx_q
, skb
);
1726 queue_work(hdev
->workqueue
, &hdev
->rx_work
);
1730 EXPORT_SYMBOL(hci_recv_frame
);
1732 static int hci_reassembly(struct hci_dev
*hdev
, int type
, void *data
,
1733 int count
, __u8 index
)
1738 struct sk_buff
*skb
;
1739 struct bt_skb_cb
*scb
;
1741 if ((type
< HCI_ACLDATA_PKT
|| type
> HCI_EVENT_PKT
) ||
1742 index
>= NUM_REASSEMBLY
)
1745 skb
= hdev
->reassembly
[index
];
1749 case HCI_ACLDATA_PKT
:
1750 len
= HCI_MAX_FRAME_SIZE
;
1751 hlen
= HCI_ACL_HDR_SIZE
;
1754 len
= HCI_MAX_EVENT_SIZE
;
1755 hlen
= HCI_EVENT_HDR_SIZE
;
1757 case HCI_SCODATA_PKT
:
1758 len
= HCI_MAX_SCO_SIZE
;
1759 hlen
= HCI_SCO_HDR_SIZE
;
1763 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
1767 scb
= (void *) skb
->cb
;
1769 scb
->pkt_type
= type
;
1771 skb
->dev
= (void *) hdev
;
1772 hdev
->reassembly
[index
] = skb
;
1776 scb
= (void *) skb
->cb
;
1777 len
= min(scb
->expect
, (__u16
)count
);
1779 memcpy(skb_put(skb
, len
), data
, len
);
1788 if (skb
->len
== HCI_EVENT_HDR_SIZE
) {
1789 struct hci_event_hdr
*h
= hci_event_hdr(skb
);
1790 scb
->expect
= h
->plen
;
1792 if (skb_tailroom(skb
) < scb
->expect
) {
1794 hdev
->reassembly
[index
] = NULL
;
1800 case HCI_ACLDATA_PKT
:
1801 if (skb
->len
== HCI_ACL_HDR_SIZE
) {
1802 struct hci_acl_hdr
*h
= hci_acl_hdr(skb
);
1803 scb
->expect
= __le16_to_cpu(h
->dlen
);
1805 if (skb_tailroom(skb
) < scb
->expect
) {
1807 hdev
->reassembly
[index
] = NULL
;
1813 case HCI_SCODATA_PKT
:
1814 if (skb
->len
== HCI_SCO_HDR_SIZE
) {
1815 struct hci_sco_hdr
*h
= hci_sco_hdr(skb
);
1816 scb
->expect
= h
->dlen
;
1818 if (skb_tailroom(skb
) < scb
->expect
) {
1820 hdev
->reassembly
[index
] = NULL
;
1827 if (scb
->expect
== 0) {
1828 /* Complete frame */
1830 bt_cb(skb
)->pkt_type
= type
;
1831 hci_recv_frame(skb
);
1833 hdev
->reassembly
[index
] = NULL
;
1841 int hci_recv_fragment(struct hci_dev
*hdev
, int type
, void *data
, int count
)
1845 if (type
< HCI_ACLDATA_PKT
|| type
> HCI_EVENT_PKT
)
1849 rem
= hci_reassembly(hdev
, type
, data
, count
, type
- 1);
1853 data
+= (count
- rem
);
1859 EXPORT_SYMBOL(hci_recv_fragment
);
1861 #define STREAM_REASSEMBLY 0
1863 int hci_recv_stream_fragment(struct hci_dev
*hdev
, void *data
, int count
)
1869 struct sk_buff
*skb
= hdev
->reassembly
[STREAM_REASSEMBLY
];
1872 struct { char type
; } *pkt
;
1874 /* Start of the frame */
1881 type
= bt_cb(skb
)->pkt_type
;
1883 rem
= hci_reassembly(hdev
, type
, data
, count
,
1888 data
+= (count
- rem
);
1894 EXPORT_SYMBOL(hci_recv_stream_fragment
);
1896 /* ---- Interface to upper protocols ---- */
1898 int hci_register_cb(struct hci_cb
*cb
)
1900 BT_DBG("%p name %s", cb
, cb
->name
);
1902 write_lock(&hci_cb_list_lock
);
1903 list_add(&cb
->list
, &hci_cb_list
);
1904 write_unlock(&hci_cb_list_lock
);
1908 EXPORT_SYMBOL(hci_register_cb
);
1910 int hci_unregister_cb(struct hci_cb
*cb
)
1912 BT_DBG("%p name %s", cb
, cb
->name
);
1914 write_lock(&hci_cb_list_lock
);
1915 list_del(&cb
->list
);
1916 write_unlock(&hci_cb_list_lock
);
1920 EXPORT_SYMBOL(hci_unregister_cb
);
1922 static int hci_send_frame(struct sk_buff
*skb
)
1924 struct hci_dev
*hdev
= (struct hci_dev
*) skb
->dev
;
1931 BT_DBG("%s type %d len %d", hdev
->name
, bt_cb(skb
)->pkt_type
, skb
->len
);
1933 if (atomic_read(&hdev
->promisc
)) {
1935 __net_timestamp(skb
);
1937 hci_send_to_sock(hdev
, skb
, NULL
);
1940 /* Get rid of skb owner, prior to sending to the driver. */
1943 return hdev
->send(skb
);
1946 /* Send HCI command */
1947 int hci_send_cmd(struct hci_dev
*hdev
, __u16 opcode
, __u32 plen
, void *param
)
1949 int len
= HCI_COMMAND_HDR_SIZE
+ plen
;
1950 struct hci_command_hdr
*hdr
;
1951 struct sk_buff
*skb
;
1953 BT_DBG("%s opcode 0x%x plen %d", hdev
->name
, opcode
, plen
);
1955 skb
= bt_skb_alloc(len
, GFP_ATOMIC
);
1957 BT_ERR("%s no memory for command", hdev
->name
);
1961 hdr
= (struct hci_command_hdr
*) skb_put(skb
, HCI_COMMAND_HDR_SIZE
);
1962 hdr
->opcode
= cpu_to_le16(opcode
);
1966 memcpy(skb_put(skb
, plen
), param
, plen
);
1968 BT_DBG("skb len %d", skb
->len
);
1970 bt_cb(skb
)->pkt_type
= HCI_COMMAND_PKT
;
1971 skb
->dev
= (void *) hdev
;
1973 if (test_bit(HCI_INIT
, &hdev
->flags
))
1974 hdev
->init_last_cmd
= opcode
;
1976 skb_queue_tail(&hdev
->cmd_q
, skb
);
1977 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
1982 /* Get data from the previously sent command */
1983 void *hci_sent_cmd_data(struct hci_dev
*hdev
, __u16 opcode
)
1985 struct hci_command_hdr
*hdr
;
1987 if (!hdev
->sent_cmd
)
1990 hdr
= (void *) hdev
->sent_cmd
->data
;
1992 if (hdr
->opcode
!= cpu_to_le16(opcode
))
1995 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
1997 return hdev
->sent_cmd
->data
+ HCI_COMMAND_HDR_SIZE
;
2001 static void hci_add_acl_hdr(struct sk_buff
*skb
, __u16 handle
, __u16 flags
)
2003 struct hci_acl_hdr
*hdr
;
2006 skb_push(skb
, HCI_ACL_HDR_SIZE
);
2007 skb_reset_transport_header(skb
);
2008 hdr
= (struct hci_acl_hdr
*)skb_transport_header(skb
);
2009 hdr
->handle
= cpu_to_le16(hci_handle_pack(handle
, flags
));
2010 hdr
->dlen
= cpu_to_le16(len
);
2013 static void hci_queue_acl(struct hci_conn
*conn
, struct sk_buff_head
*queue
,
2014 struct sk_buff
*skb
, __u16 flags
)
2016 struct hci_dev
*hdev
= conn
->hdev
;
2017 struct sk_buff
*list
;
2019 list
= skb_shinfo(skb
)->frag_list
;
2021 /* Non fragmented */
2022 BT_DBG("%s nonfrag skb %p len %d", hdev
->name
, skb
, skb
->len
);
2024 skb_queue_tail(queue
, skb
);
2027 BT_DBG("%s frag %p len %d", hdev
->name
, skb
, skb
->len
);
2029 skb_shinfo(skb
)->frag_list
= NULL
;
2031 /* Queue all fragments atomically */
2032 spin_lock(&queue
->lock
);
2034 __skb_queue_tail(queue
, skb
);
2036 flags
&= ~ACL_START
;
2039 skb
= list
; list
= list
->next
;
2041 skb
->dev
= (void *) hdev
;
2042 bt_cb(skb
)->pkt_type
= HCI_ACLDATA_PKT
;
2043 hci_add_acl_hdr(skb
, conn
->handle
, flags
);
2045 BT_DBG("%s frag %p len %d", hdev
->name
, skb
, skb
->len
);
2047 __skb_queue_tail(queue
, skb
);
2050 spin_unlock(&queue
->lock
);
2054 void hci_send_acl(struct hci_chan
*chan
, struct sk_buff
*skb
, __u16 flags
)
2056 struct hci_conn
*conn
= chan
->conn
;
2057 struct hci_dev
*hdev
= conn
->hdev
;
2059 BT_DBG("%s chan %p flags 0x%x", hdev
->name
, chan
, flags
);
2061 skb
->dev
= (void *) hdev
;
2062 bt_cb(skb
)->pkt_type
= HCI_ACLDATA_PKT
;
2063 hci_add_acl_hdr(skb
, conn
->handle
, flags
);
2065 hci_queue_acl(conn
, &chan
->data_q
, skb
, flags
);
2067 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2069 EXPORT_SYMBOL(hci_send_acl
);
2072 void hci_send_sco(struct hci_conn
*conn
, struct sk_buff
*skb
)
2074 struct hci_dev
*hdev
= conn
->hdev
;
2075 struct hci_sco_hdr hdr
;
2077 BT_DBG("%s len %d", hdev
->name
, skb
->len
);
2079 hdr
.handle
= cpu_to_le16(conn
->handle
);
2080 hdr
.dlen
= skb
->len
;
2082 skb_push(skb
, HCI_SCO_HDR_SIZE
);
2083 skb_reset_transport_header(skb
);
2084 memcpy(skb_transport_header(skb
), &hdr
, HCI_SCO_HDR_SIZE
);
2086 skb
->dev
= (void *) hdev
;
2087 bt_cb(skb
)->pkt_type
= HCI_SCODATA_PKT
;
2089 skb_queue_tail(&conn
->data_q
, skb
);
2090 queue_work(hdev
->workqueue
, &hdev
->tx_work
);
2092 EXPORT_SYMBOL(hci_send_sco
);
2094 /* ---- HCI TX task (outgoing data) ---- */
2096 /* HCI Connection scheduler */
2097 static inline struct hci_conn
*hci_low_sent(struct hci_dev
*hdev
, __u8 type
, int *quote
)
2099 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2100 struct hci_conn
*conn
= NULL
, *c
;
2101 int num
= 0, min
= ~0;
2103 /* We don't have to lock device here. Connections are always
2104 * added and removed with TX task disabled. */
2108 list_for_each_entry_rcu(c
, &h
->list
, list
) {
2109 if (c
->type
!= type
|| skb_queue_empty(&c
->data_q
))
2112 if (c
->state
!= BT_CONNECTED
&& c
->state
!= BT_CONFIG
)
2117 if (c
->sent
< min
) {
2122 if (hci_conn_num(hdev
, type
) == num
)
2131 switch (conn
->type
) {
2133 cnt
= hdev
->acl_cnt
;
2137 cnt
= hdev
->sco_cnt
;
2140 cnt
= hdev
->le_mtu
? hdev
->le_cnt
: hdev
->acl_cnt
;
2144 BT_ERR("Unknown link type");
2152 BT_DBG("conn %p quote %d", conn
, *quote
);
2156 static inline void hci_link_tx_to(struct hci_dev
*hdev
, __u8 type
)
2158 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2161 BT_ERR("%s link tx timeout", hdev
->name
);
2165 /* Kill stalled connections */
2166 list_for_each_entry_rcu(c
, &h
->list
, list
) {
2167 if (c
->type
== type
&& c
->sent
) {
2168 BT_ERR("%s killing stalled connection %s",
2169 hdev
->name
, batostr(&c
->dst
));
2170 hci_acl_disconn(c
, 0x13);
2177 static inline struct hci_chan
*hci_chan_sent(struct hci_dev
*hdev
, __u8 type
,
2180 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2181 struct hci_chan
*chan
= NULL
;
2182 int num
= 0, min
= ~0, cur_prio
= 0;
2183 struct hci_conn
*conn
;
2184 int cnt
, q
, conn_num
= 0;
2186 BT_DBG("%s", hdev
->name
);
2190 list_for_each_entry_rcu(conn
, &h
->list
, list
) {
2191 struct hci_chan
*tmp
;
2193 if (conn
->type
!= type
)
2196 if (conn
->state
!= BT_CONNECTED
&& conn
->state
!= BT_CONFIG
)
2201 list_for_each_entry_rcu(tmp
, &conn
->chan_list
, list
) {
2202 struct sk_buff
*skb
;
2204 if (skb_queue_empty(&tmp
->data_q
))
2207 skb
= skb_peek(&tmp
->data_q
);
2208 if (skb
->priority
< cur_prio
)
2211 if (skb
->priority
> cur_prio
) {
2214 cur_prio
= skb
->priority
;
2219 if (conn
->sent
< min
) {
2225 if (hci_conn_num(hdev
, type
) == conn_num
)
2234 switch (chan
->conn
->type
) {
2236 cnt
= hdev
->acl_cnt
;
2240 cnt
= hdev
->sco_cnt
;
2243 cnt
= hdev
->le_mtu
? hdev
->le_cnt
: hdev
->acl_cnt
;
2247 BT_ERR("Unknown link type");
2252 BT_DBG("chan %p quote %d", chan
, *quote
);
2256 static void hci_prio_recalculate(struct hci_dev
*hdev
, __u8 type
)
2258 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
2259 struct hci_conn
*conn
;
2262 BT_DBG("%s", hdev
->name
);
2266 list_for_each_entry_rcu(conn
, &h
->list
, list
) {
2267 struct hci_chan
*chan
;
2269 if (conn
->type
!= type
)
2272 if (conn
->state
!= BT_CONNECTED
&& conn
->state
!= BT_CONFIG
)
2277 list_for_each_entry_rcu(chan
, &conn
->chan_list
, list
) {
2278 struct sk_buff
*skb
;
2285 if (skb_queue_empty(&chan
->data_q
))
2288 skb
= skb_peek(&chan
->data_q
);
2289 if (skb
->priority
>= HCI_PRIO_MAX
- 1)
2292 skb
->priority
= HCI_PRIO_MAX
- 1;
2294 BT_DBG("chan %p skb %p promoted to %d", chan
, skb
,
2298 if (hci_conn_num(hdev
, type
) == num
)
2306 static inline void hci_sched_acl(struct hci_dev
*hdev
)
2308 struct hci_chan
*chan
;
2309 struct sk_buff
*skb
;
2313 BT_DBG("%s", hdev
->name
);
2315 if (!hci_conn_num(hdev
, ACL_LINK
))
2318 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
2319 /* ACL tx timeout must be longer than maximum
2320 * link supervision timeout (40.9 seconds) */
2321 if (!hdev
->acl_cnt
&& time_after(jiffies
, hdev
->acl_last_tx
+ HZ
* 45))
2322 hci_link_tx_to(hdev
, ACL_LINK
);
2325 cnt
= hdev
->acl_cnt
;
2327 while (hdev
->acl_cnt
&&
2328 (chan
= hci_chan_sent(hdev
, ACL_LINK
, "e
))) {
2329 u32 priority
= (skb_peek(&chan
->data_q
))->priority
;
2330 while (quote
-- && (skb
= skb_peek(&chan
->data_q
))) {
2331 BT_DBG("chan %p skb %p len %d priority %u", chan
, skb
,
2332 skb
->len
, skb
->priority
);
2334 /* Stop if priority has changed */
2335 if (skb
->priority
< priority
)
2338 skb
= skb_dequeue(&chan
->data_q
);
2340 hci_conn_enter_active_mode(chan
->conn
,
2341 bt_cb(skb
)->force_active
);
2343 hci_send_frame(skb
);
2344 hdev
->acl_last_tx
= jiffies
;
2352 if (cnt
!= hdev
->acl_cnt
)
2353 hci_prio_recalculate(hdev
, ACL_LINK
);
2357 static inline void hci_sched_sco(struct hci_dev
*hdev
)
2359 struct hci_conn
*conn
;
2360 struct sk_buff
*skb
;
2363 BT_DBG("%s", hdev
->name
);
2365 if (!hci_conn_num(hdev
, SCO_LINK
))
2368 while (hdev
->sco_cnt
&& (conn
= hci_low_sent(hdev
, SCO_LINK
, "e
))) {
2369 while (quote
-- && (skb
= skb_dequeue(&conn
->data_q
))) {
2370 BT_DBG("skb %p len %d", skb
, skb
->len
);
2371 hci_send_frame(skb
);
2374 if (conn
->sent
== ~0)
2380 static inline void hci_sched_esco(struct hci_dev
*hdev
)
2382 struct hci_conn
*conn
;
2383 struct sk_buff
*skb
;
2386 BT_DBG("%s", hdev
->name
);
2388 if (!hci_conn_num(hdev
, ESCO_LINK
))
2391 while (hdev
->sco_cnt
&& (conn
= hci_low_sent(hdev
, ESCO_LINK
, "e
))) {
2392 while (quote
-- && (skb
= skb_dequeue(&conn
->data_q
))) {
2393 BT_DBG("skb %p len %d", skb
, skb
->len
);
2394 hci_send_frame(skb
);
2397 if (conn
->sent
== ~0)
2403 static inline void hci_sched_le(struct hci_dev
*hdev
)
2405 struct hci_chan
*chan
;
2406 struct sk_buff
*skb
;
2407 int quote
, cnt
, tmp
;
2409 BT_DBG("%s", hdev
->name
);
2411 if (!hci_conn_num(hdev
, LE_LINK
))
2414 if (!test_bit(HCI_RAW
, &hdev
->flags
)) {
2415 /* LE tx timeout must be longer than maximum
2416 * link supervision timeout (40.9 seconds) */
2417 if (!hdev
->le_cnt
&& hdev
->le_pkts
&&
2418 time_after(jiffies
, hdev
->le_last_tx
+ HZ
* 45))
2419 hci_link_tx_to(hdev
, LE_LINK
);
2422 cnt
= hdev
->le_pkts
? hdev
->le_cnt
: hdev
->acl_cnt
;
2424 while (cnt
&& (chan
= hci_chan_sent(hdev
, LE_LINK
, "e
))) {
2425 u32 priority
= (skb_peek(&chan
->data_q
))->priority
;
2426 while (quote
-- && (skb
= skb_peek(&chan
->data_q
))) {
2427 BT_DBG("chan %p skb %p len %d priority %u", chan
, skb
,
2428 skb
->len
, skb
->priority
);
2430 /* Stop if priority has changed */
2431 if (skb
->priority
< priority
)
2434 skb
= skb_dequeue(&chan
->data_q
);
2436 hci_send_frame(skb
);
2437 hdev
->le_last_tx
= jiffies
;
2448 hdev
->acl_cnt
= cnt
;
2451 hci_prio_recalculate(hdev
, LE_LINK
);
2454 static void hci_tx_work(struct work_struct
*work
)
2456 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, tx_work
);
2457 struct sk_buff
*skb
;
2459 BT_DBG("%s acl %d sco %d le %d", hdev
->name
, hdev
->acl_cnt
,
2460 hdev
->sco_cnt
, hdev
->le_cnt
);
2462 /* Schedule queues and send stuff to HCI driver */
2464 hci_sched_acl(hdev
);
2466 hci_sched_sco(hdev
);
2468 hci_sched_esco(hdev
);
2472 /* Send next queued raw (unknown type) packet */
2473 while ((skb
= skb_dequeue(&hdev
->raw_q
)))
2474 hci_send_frame(skb
);
2477 /* ----- HCI RX task (incoming data processing) ----- */
2479 /* ACL data packet */
2480 static inline void hci_acldata_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2482 struct hci_acl_hdr
*hdr
= (void *) skb
->data
;
2483 struct hci_conn
*conn
;
2484 __u16 handle
, flags
;
2486 skb_pull(skb
, HCI_ACL_HDR_SIZE
);
2488 handle
= __le16_to_cpu(hdr
->handle
);
2489 flags
= hci_flags(handle
);
2490 handle
= hci_handle(handle
);
2492 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev
->name
, skb
->len
, handle
, flags
);
2494 hdev
->stat
.acl_rx
++;
2497 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2498 hci_dev_unlock(hdev
);
2501 hci_conn_enter_active_mode(conn
, BT_POWER_FORCE_ACTIVE_OFF
);
2503 /* Send to upper protocol */
2504 l2cap_recv_acldata(conn
, skb
, flags
);
2507 BT_ERR("%s ACL packet for unknown connection handle %d",
2508 hdev
->name
, handle
);
2514 /* SCO data packet */
2515 static inline void hci_scodata_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2517 struct hci_sco_hdr
*hdr
= (void *) skb
->data
;
2518 struct hci_conn
*conn
;
2521 skb_pull(skb
, HCI_SCO_HDR_SIZE
);
2523 handle
= __le16_to_cpu(hdr
->handle
);
2525 BT_DBG("%s len %d handle 0x%x", hdev
->name
, skb
->len
, handle
);
2527 hdev
->stat
.sco_rx
++;
2530 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
2531 hci_dev_unlock(hdev
);
2534 /* Send to upper protocol */
2535 sco_recv_scodata(conn
, skb
);
2538 BT_ERR("%s SCO packet for unknown connection handle %d",
2539 hdev
->name
, handle
);
2545 static void hci_rx_work(struct work_struct
*work
)
2547 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, rx_work
);
2548 struct sk_buff
*skb
;
2550 BT_DBG("%s", hdev
->name
);
2552 while ((skb
= skb_dequeue(&hdev
->rx_q
))) {
2553 if (atomic_read(&hdev
->promisc
)) {
2554 /* Send copy to the sockets */
2555 hci_send_to_sock(hdev
, skb
, NULL
);
2558 if (test_bit(HCI_RAW
, &hdev
->flags
)) {
2563 if (test_bit(HCI_INIT
, &hdev
->flags
)) {
2564 /* Don't process data packets in this states. */
2565 switch (bt_cb(skb
)->pkt_type
) {
2566 case HCI_ACLDATA_PKT
:
2567 case HCI_SCODATA_PKT
:
2574 switch (bt_cb(skb
)->pkt_type
) {
2576 BT_DBG("%s Event packet", hdev
->name
);
2577 hci_event_packet(hdev
, skb
);
2580 case HCI_ACLDATA_PKT
:
2581 BT_DBG("%s ACL data packet", hdev
->name
);
2582 hci_acldata_packet(hdev
, skb
);
2585 case HCI_SCODATA_PKT
:
2586 BT_DBG("%s SCO data packet", hdev
->name
);
2587 hci_scodata_packet(hdev
, skb
);
2597 static void hci_cmd_work(struct work_struct
*work
)
2599 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
, cmd_work
);
2600 struct sk_buff
*skb
;
2602 BT_DBG("%s cmd %d", hdev
->name
, atomic_read(&hdev
->cmd_cnt
));
2604 /* Send queued commands */
2605 if (atomic_read(&hdev
->cmd_cnt
)) {
2606 skb
= skb_dequeue(&hdev
->cmd_q
);
2610 kfree_skb(hdev
->sent_cmd
);
2612 hdev
->sent_cmd
= skb_clone(skb
, GFP_ATOMIC
);
2613 if (hdev
->sent_cmd
) {
2614 atomic_dec(&hdev
->cmd_cnt
);
2615 hci_send_frame(skb
);
2616 if (test_bit(HCI_RESET
, &hdev
->flags
))
2617 del_timer(&hdev
->cmd_timer
);
2619 mod_timer(&hdev
->cmd_timer
,
2620 jiffies
+ msecs_to_jiffies(HCI_CMD_TIMEOUT
));
2622 skb_queue_head(&hdev
->cmd_q
, skb
);
2623 queue_work(hdev
->workqueue
, &hdev
->cmd_work
);
2628 int hci_do_inquiry(struct hci_dev
*hdev
, u8 length
)
2630 /* General inquiry access code (GIAC) */
2631 u8 lap
[3] = { 0x33, 0x8b, 0x9e };
2632 struct hci_cp_inquiry cp
;
2634 BT_DBG("%s", hdev
->name
);
2636 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
2637 return -EINPROGRESS
;
2639 inquiry_cache_flush(hdev
);
2641 memset(&cp
, 0, sizeof(cp
));
2642 memcpy(&cp
.lap
, lap
, sizeof(cp
.lap
));
2645 return hci_send_cmd(hdev
, HCI_OP_INQUIRY
, sizeof(cp
), &cp
);
2648 int hci_cancel_inquiry(struct hci_dev
*hdev
)
2650 BT_DBG("%s", hdev
->name
);
2652 if (!test_bit(HCI_INQUIRY
, &hdev
->flags
))
2655 return hci_send_cmd(hdev
, HCI_OP_INQUIRY_CANCEL
, 0, NULL
);
2658 module_param(enable_hs
, bool, 0644);
2659 MODULE_PARM_DESC(enable_hs
, "Enable High Speed");