2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
42 static void hci_rx_work(struct work_struct *work);
43 static void hci_cmd_work(struct work_struct *work);
44 static void hci_tx_work(struct work_struct *work);
47 LIST_HEAD(hci_dev_list);
48 DEFINE_RWLOCK(hci_dev_list_lock);
50 /* HCI callback list */
51 LIST_HEAD(hci_cb_list);
52 DEFINE_RWLOCK(hci_cb_list_lock);
54 /* HCI ID Numbering */
55 static DEFINE_IDA(hci_index_ida);
57 /* ----- HCI requests ----- */
59 #define HCI_REQ_DONE 0
60 #define HCI_REQ_PEND 1
61 #define HCI_REQ_CANCELED 2
63 #define hci_req_lock(d) mutex_lock(&d->req_lock)
64 #define hci_req_unlock(d) mutex_unlock(&d->req_lock)
66 /* ---- HCI notifications ---- */
68 static void hci_notify(struct hci_dev *hdev, int event)
70 hci_sock_dev_event(hdev, event);
73 /* ---- HCI debugfs entries ---- */
75 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
76 size_t count, loff_t *ppos)
78 struct hci_dev *hdev = file->private_data;
81 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dbg_flags) ? 'Y': 'N';
84 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
87 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
88 size_t count, loff_t *ppos)
90 struct hci_dev *hdev = file->private_data;
93 size_t buf_size = min(count, (sizeof(buf)-1));
97 if (!test_bit(HCI_UP, &hdev->flags))
100 if (copy_from_user(buf, user_buf, buf_size))
103 buf[buf_size] = '\0';
104 if (strtobool(buf, &enable))
107 if (enable == test_bit(HCI_DUT_MODE, &hdev->dbg_flags))
112 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
115 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
117 hci_req_unlock(hdev);
122 err = -bt_to_errno(skb->data[0]);
128 change_bit(HCI_DUT_MODE, &hdev->dbg_flags);
133 static const struct file_operations dut_mode_fops = {
135 .read = dut_mode_read,
136 .write = dut_mode_write,
137 .llseek = default_llseek,
140 static int features_show(struct seq_file *f, void *ptr)
142 struct hci_dev *hdev = f->private;
146 for (p = 0; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
147 seq_printf(f, "%2u: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
148 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", p,
149 hdev->features[p][0], hdev->features[p][1],
150 hdev->features[p][2], hdev->features[p][3],
151 hdev->features[p][4], hdev->features[p][5],
152 hdev->features[p][6], hdev->features[p][7]);
154 if (lmp_le_capable(hdev))
155 seq_printf(f, "LE: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
156 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
157 hdev->le_features[0], hdev->le_features[1],
158 hdev->le_features[2], hdev->le_features[3],
159 hdev->le_features[4], hdev->le_features[5],
160 hdev->le_features[6], hdev->le_features[7]);
161 hci_dev_unlock(hdev);
166 static int features_open(struct inode *inode, struct file *file)
168 return single_open(file, features_show, inode->i_private);
171 static const struct file_operations features_fops = {
172 .open = features_open,
175 .release = single_release,
178 static int blacklist_show(struct seq_file *f, void *p)
180 struct hci_dev *hdev = f->private;
181 struct bdaddr_list *b;
184 list_for_each_entry(b, &hdev->blacklist, list)
185 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
186 hci_dev_unlock(hdev);
191 static int blacklist_open(struct inode *inode, struct file *file)
193 return single_open(file, blacklist_show, inode->i_private);
196 static const struct file_operations blacklist_fops = {
197 .open = blacklist_open,
200 .release = single_release,
203 static int whitelist_show(struct seq_file *f, void *p)
205 struct hci_dev *hdev = f->private;
206 struct bdaddr_list *b;
209 list_for_each_entry(b, &hdev->whitelist, list)
210 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
211 hci_dev_unlock(hdev);
216 static int whitelist_open(struct inode *inode, struct file *file)
218 return single_open(file, whitelist_show, inode->i_private);
221 static const struct file_operations whitelist_fops = {
222 .open = whitelist_open,
225 .release = single_release,
228 static int uuids_show(struct seq_file *f, void *p)
230 struct hci_dev *hdev = f->private;
231 struct bt_uuid *uuid;
234 list_for_each_entry(uuid, &hdev->uuids, list) {
237 /* The Bluetooth UUID values are stored in big endian,
238 * but with reversed byte order. So convert them into
239 * the right order for the %pUb modifier.
241 for (i = 0; i < 16; i++)
242 val[i] = uuid->uuid[15 - i];
244 seq_printf(f, "%pUb\n", val);
246 hci_dev_unlock(hdev);
251 static int uuids_open(struct inode *inode, struct file *file)
253 return single_open(file, uuids_show, inode->i_private);
256 static const struct file_operations uuids_fops = {
260 .release = single_release,
263 static int inquiry_cache_show(struct seq_file *f, void *p)
265 struct hci_dev *hdev = f->private;
266 struct discovery_state *cache = &hdev->discovery;
267 struct inquiry_entry *e;
271 list_for_each_entry(e, &cache->all, all) {
272 struct inquiry_data *data = &e->data;
273 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
275 data->pscan_rep_mode, data->pscan_period_mode,
276 data->pscan_mode, data->dev_class[2],
277 data->dev_class[1], data->dev_class[0],
278 __le16_to_cpu(data->clock_offset),
279 data->rssi, data->ssp_mode, e->timestamp);
282 hci_dev_unlock(hdev);
287 static int inquiry_cache_open(struct inode *inode, struct file *file)
289 return single_open(file, inquiry_cache_show, inode->i_private);
292 static const struct file_operations inquiry_cache_fops = {
293 .open = inquiry_cache_open,
296 .release = single_release,
299 static int link_keys_show(struct seq_file *f, void *ptr)
301 struct hci_dev *hdev = f->private;
302 struct list_head *p, *n;
305 list_for_each_safe(p, n, &hdev->link_keys) {
306 struct link_key *key = list_entry(p, struct link_key, list);
307 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
308 HCI_LINK_KEY_SIZE, key->val, key->pin_len);
310 hci_dev_unlock(hdev);
315 static int link_keys_open(struct inode *inode, struct file *file)
317 return single_open(file, link_keys_show, inode->i_private);
320 static const struct file_operations link_keys_fops = {
321 .open = link_keys_open,
324 .release = single_release,
327 static int dev_class_show(struct seq_file *f, void *ptr)
329 struct hci_dev *hdev = f->private;
332 seq_printf(f, "0x%.2x%.2x%.2x\n", hdev->dev_class[2],
333 hdev->dev_class[1], hdev->dev_class[0]);
334 hci_dev_unlock(hdev);
339 static int dev_class_open(struct inode *inode, struct file *file)
341 return single_open(file, dev_class_show, inode->i_private);
344 static const struct file_operations dev_class_fops = {
345 .open = dev_class_open,
348 .release = single_release,
351 static int voice_setting_get(void *data, u64 *val)
353 struct hci_dev *hdev = data;
356 *val = hdev->voice_setting;
357 hci_dev_unlock(hdev);
362 DEFINE_SIMPLE_ATTRIBUTE(voice_setting_fops, voice_setting_get,
363 NULL, "0x%4.4llx\n");
365 static int auto_accept_delay_set(void *data, u64 val)
367 struct hci_dev *hdev = data;
370 hdev->auto_accept_delay = val;
371 hci_dev_unlock(hdev);
376 static int auto_accept_delay_get(void *data, u64 *val)
378 struct hci_dev *hdev = data;
381 *val = hdev->auto_accept_delay;
382 hci_dev_unlock(hdev);
387 DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
388 auto_accept_delay_set, "%llu\n");
390 static ssize_t force_sc_support_read(struct file *file, char __user *user_buf,
391 size_t count, loff_t *ppos)
393 struct hci_dev *hdev = file->private_data;
396 buf[0] = test_bit(HCI_FORCE_SC, &hdev->dbg_flags) ? 'Y': 'N';
399 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
402 static ssize_t force_sc_support_write(struct file *file,
403 const char __user *user_buf,
404 size_t count, loff_t *ppos)
406 struct hci_dev *hdev = file->private_data;
408 size_t buf_size = min(count, (sizeof(buf)-1));
411 if (test_bit(HCI_UP, &hdev->flags))
414 if (copy_from_user(buf, user_buf, buf_size))
417 buf[buf_size] = '\0';
418 if (strtobool(buf, &enable))
421 if (enable == test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
424 change_bit(HCI_FORCE_SC, &hdev->dbg_flags);
429 static const struct file_operations force_sc_support_fops = {
431 .read = force_sc_support_read,
432 .write = force_sc_support_write,
433 .llseek = default_llseek,
436 static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf,
437 size_t count, loff_t *ppos)
439 struct hci_dev *hdev = file->private_data;
442 buf[0] = test_bit(HCI_SC_ONLY, &hdev->dev_flags) ? 'Y': 'N';
445 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
448 static const struct file_operations sc_only_mode_fops = {
450 .read = sc_only_mode_read,
451 .llseek = default_llseek,
454 static int idle_timeout_set(void *data, u64 val)
456 struct hci_dev *hdev = data;
458 if (val != 0 && (val < 500 || val > 3600000))
462 hdev->idle_timeout = val;
463 hci_dev_unlock(hdev);
468 static int idle_timeout_get(void *data, u64 *val)
470 struct hci_dev *hdev = data;
473 *val = hdev->idle_timeout;
474 hci_dev_unlock(hdev);
479 DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
480 idle_timeout_set, "%llu\n");
482 static int rpa_timeout_set(void *data, u64 val)
484 struct hci_dev *hdev = data;
486 /* Require the RPA timeout to be at least 30 seconds and at most
489 if (val < 30 || val > (60 * 60 * 24))
493 hdev->rpa_timeout = val;
494 hci_dev_unlock(hdev);
499 static int rpa_timeout_get(void *data, u64 *val)
501 struct hci_dev *hdev = data;
504 *val = hdev->rpa_timeout;
505 hci_dev_unlock(hdev);
510 DEFINE_SIMPLE_ATTRIBUTE(rpa_timeout_fops, rpa_timeout_get,
511 rpa_timeout_set, "%llu\n");
513 static int sniff_min_interval_set(void *data, u64 val)
515 struct hci_dev *hdev = data;
517 if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
521 hdev->sniff_min_interval = val;
522 hci_dev_unlock(hdev);
527 static int sniff_min_interval_get(void *data, u64 *val)
529 struct hci_dev *hdev = data;
532 *val = hdev->sniff_min_interval;
533 hci_dev_unlock(hdev);
538 DEFINE_SIMPLE_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get,
539 sniff_min_interval_set, "%llu\n");
541 static int sniff_max_interval_set(void *data, u64 val)
543 struct hci_dev *hdev = data;
545 if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
549 hdev->sniff_max_interval = val;
550 hci_dev_unlock(hdev);
555 static int sniff_max_interval_get(void *data, u64 *val)
557 struct hci_dev *hdev = data;
560 *val = hdev->sniff_max_interval;
561 hci_dev_unlock(hdev);
566 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
567 sniff_max_interval_set, "%llu\n");
569 static int conn_info_min_age_set(void *data, u64 val)
571 struct hci_dev *hdev = data;
573 if (val == 0 || val > hdev->conn_info_max_age)
577 hdev->conn_info_min_age = val;
578 hci_dev_unlock(hdev);
583 static int conn_info_min_age_get(void *data, u64 *val)
585 struct hci_dev *hdev = data;
588 *val = hdev->conn_info_min_age;
589 hci_dev_unlock(hdev);
594 DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
595 conn_info_min_age_set, "%llu\n");
597 static int conn_info_max_age_set(void *data, u64 val)
599 struct hci_dev *hdev = data;
601 if (val == 0 || val < hdev->conn_info_min_age)
605 hdev->conn_info_max_age = val;
606 hci_dev_unlock(hdev);
611 static int conn_info_max_age_get(void *data, u64 *val)
613 struct hci_dev *hdev = data;
616 *val = hdev->conn_info_max_age;
617 hci_dev_unlock(hdev);
622 DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get,
623 conn_info_max_age_set, "%llu\n");
625 static int identity_show(struct seq_file *f, void *p)
627 struct hci_dev *hdev = f->private;
633 hci_copy_identity_address(hdev, &addr, &addr_type);
635 seq_printf(f, "%pMR (type %u) %*phN %pMR\n", &addr, addr_type,
636 16, hdev->irk, &hdev->rpa);
638 hci_dev_unlock(hdev);
643 static int identity_open(struct inode *inode, struct file *file)
645 return single_open(file, identity_show, inode->i_private);
648 static const struct file_operations identity_fops = {
649 .open = identity_open,
652 .release = single_release,
655 static int random_address_show(struct seq_file *f, void *p)
657 struct hci_dev *hdev = f->private;
660 seq_printf(f, "%pMR\n", &hdev->random_addr);
661 hci_dev_unlock(hdev);
666 static int random_address_open(struct inode *inode, struct file *file)
668 return single_open(file, random_address_show, inode->i_private);
671 static const struct file_operations random_address_fops = {
672 .open = random_address_open,
675 .release = single_release,
678 static int static_address_show(struct seq_file *f, void *p)
680 struct hci_dev *hdev = f->private;
683 seq_printf(f, "%pMR\n", &hdev->static_addr);
684 hci_dev_unlock(hdev);
689 static int static_address_open(struct inode *inode, struct file *file)
691 return single_open(file, static_address_show, inode->i_private);
694 static const struct file_operations static_address_fops = {
695 .open = static_address_open,
698 .release = single_release,
701 static ssize_t force_static_address_read(struct file *file,
702 char __user *user_buf,
703 size_t count, loff_t *ppos)
705 struct hci_dev *hdev = file->private_data;
708 buf[0] = test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ? 'Y': 'N';
711 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
714 static ssize_t force_static_address_write(struct file *file,
715 const char __user *user_buf,
716 size_t count, loff_t *ppos)
718 struct hci_dev *hdev = file->private_data;
720 size_t buf_size = min(count, (sizeof(buf)-1));
723 if (test_bit(HCI_UP, &hdev->flags))
726 if (copy_from_user(buf, user_buf, buf_size))
729 buf[buf_size] = '\0';
730 if (strtobool(buf, &enable))
733 if (enable == test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags))
736 change_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags);
741 static const struct file_operations force_static_address_fops = {
743 .read = force_static_address_read,
744 .write = force_static_address_write,
745 .llseek = default_llseek,
748 static int white_list_show(struct seq_file *f, void *ptr)
750 struct hci_dev *hdev = f->private;
751 struct bdaddr_list *b;
754 list_for_each_entry(b, &hdev->le_white_list, list)
755 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
756 hci_dev_unlock(hdev);
761 static int white_list_open(struct inode *inode, struct file *file)
763 return single_open(file, white_list_show, inode->i_private);
766 static const struct file_operations white_list_fops = {
767 .open = white_list_open,
770 .release = single_release,
773 static int identity_resolving_keys_show(struct seq_file *f, void *ptr)
775 struct hci_dev *hdev = f->private;
776 struct list_head *p, *n;
779 list_for_each_safe(p, n, &hdev->identity_resolving_keys) {
780 struct smp_irk *irk = list_entry(p, struct smp_irk, list);
781 seq_printf(f, "%pMR (type %u) %*phN %pMR\n",
782 &irk->bdaddr, irk->addr_type,
783 16, irk->val, &irk->rpa);
785 hci_dev_unlock(hdev);
790 static int identity_resolving_keys_open(struct inode *inode, struct file *file)
792 return single_open(file, identity_resolving_keys_show,
796 static const struct file_operations identity_resolving_keys_fops = {
797 .open = identity_resolving_keys_open,
800 .release = single_release,
803 static int long_term_keys_show(struct seq_file *f, void *ptr)
805 struct hci_dev *hdev = f->private;
806 struct list_head *p, *n;
809 list_for_each_safe(p, n, &hdev->long_term_keys) {
810 struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list);
811 seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %.16llx %*phN\n",
812 <k->bdaddr, ltk->bdaddr_type, ltk->authenticated,
813 ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
814 __le64_to_cpu(ltk->rand), 16, ltk->val);
816 hci_dev_unlock(hdev);
821 static int long_term_keys_open(struct inode *inode, struct file *file)
823 return single_open(file, long_term_keys_show, inode->i_private);
826 static const struct file_operations long_term_keys_fops = {
827 .open = long_term_keys_open,
830 .release = single_release,
833 static int conn_min_interval_set(void *data, u64 val)
835 struct hci_dev *hdev = data;
837 if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval)
841 hdev->le_conn_min_interval = val;
842 hci_dev_unlock(hdev);
847 static int conn_min_interval_get(void *data, u64 *val)
849 struct hci_dev *hdev = data;
852 *val = hdev->le_conn_min_interval;
853 hci_dev_unlock(hdev);
858 DEFINE_SIMPLE_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get,
859 conn_min_interval_set, "%llu\n");
861 static int conn_max_interval_set(void *data, u64 val)
863 struct hci_dev *hdev = data;
865 if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval)
869 hdev->le_conn_max_interval = val;
870 hci_dev_unlock(hdev);
875 static int conn_max_interval_get(void *data, u64 *val)
877 struct hci_dev *hdev = data;
880 *val = hdev->le_conn_max_interval;
881 hci_dev_unlock(hdev);
886 DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get,
887 conn_max_interval_set, "%llu\n");
889 static int conn_latency_set(void *data, u64 val)
891 struct hci_dev *hdev = data;
897 hdev->le_conn_latency = val;
898 hci_dev_unlock(hdev);
903 static int conn_latency_get(void *data, u64 *val)
905 struct hci_dev *hdev = data;
908 *val = hdev->le_conn_latency;
909 hci_dev_unlock(hdev);
914 DEFINE_SIMPLE_ATTRIBUTE(conn_latency_fops, conn_latency_get,
915 conn_latency_set, "%llu\n");
917 static int supervision_timeout_set(void *data, u64 val)
919 struct hci_dev *hdev = data;
921 if (val < 0x000a || val > 0x0c80)
925 hdev->le_supv_timeout = val;
926 hci_dev_unlock(hdev);
931 static int supervision_timeout_get(void *data, u64 *val)
933 struct hci_dev *hdev = data;
936 *val = hdev->le_supv_timeout;
937 hci_dev_unlock(hdev);
942 DEFINE_SIMPLE_ATTRIBUTE(supervision_timeout_fops, supervision_timeout_get,
943 supervision_timeout_set, "%llu\n");
945 static int adv_channel_map_set(void *data, u64 val)
947 struct hci_dev *hdev = data;
949 if (val < 0x01 || val > 0x07)
953 hdev->le_adv_channel_map = val;
954 hci_dev_unlock(hdev);
959 static int adv_channel_map_get(void *data, u64 *val)
961 struct hci_dev *hdev = data;
964 *val = hdev->le_adv_channel_map;
965 hci_dev_unlock(hdev);
970 DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get,
971 adv_channel_map_set, "%llu\n");
973 static int device_list_show(struct seq_file *f, void *ptr)
975 struct hci_dev *hdev = f->private;
976 struct hci_conn_params *p;
979 list_for_each_entry(p, &hdev->le_conn_params, list) {
980 seq_printf(f, "%pMR %u %u\n", &p->addr, p->addr_type,
983 hci_dev_unlock(hdev);
988 static int device_list_open(struct inode *inode, struct file *file)
990 return single_open(file, device_list_show, inode->i_private);
993 static const struct file_operations device_list_fops = {
994 .open = device_list_open,
997 .release = single_release,
1000 /* ---- HCI requests ---- */
1002 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
1004 BT_DBG("%s result 0x%2.2x", hdev->name, result);
1006 if (hdev->req_status == HCI_REQ_PEND) {
1007 hdev->req_result = result;
1008 hdev->req_status = HCI_REQ_DONE;
1009 wake_up_interruptible(&hdev->req_wait_q);
1013 static void hci_req_cancel(struct hci_dev *hdev, int err)
1015 BT_DBG("%s err 0x%2.2x", hdev->name, err);
1017 if (hdev->req_status == HCI_REQ_PEND) {
1018 hdev->req_result = err;
1019 hdev->req_status = HCI_REQ_CANCELED;
1020 wake_up_interruptible(&hdev->req_wait_q);
1024 static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
1027 struct hci_ev_cmd_complete *ev;
1028 struct hci_event_hdr *hdr;
1029 struct sk_buff *skb;
1033 skb = hdev->recv_evt;
1034 hdev->recv_evt = NULL;
1036 hci_dev_unlock(hdev);
1039 return ERR_PTR(-ENODATA);
1041 if (skb->len < sizeof(*hdr)) {
1042 BT_ERR("Too short HCI event");
1046 hdr = (void *) skb->data;
1047 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1050 if (hdr->evt != event)
1055 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
1056 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
1060 if (skb->len < sizeof(*ev)) {
1061 BT_ERR("Too short cmd_complete event");
1065 ev = (void *) skb->data;
1066 skb_pull(skb, sizeof(*ev));
1068 if (opcode == __le16_to_cpu(ev->opcode))
1071 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
1072 __le16_to_cpu(ev->opcode));
1076 return ERR_PTR(-ENODATA);
1079 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
1080 const void *param, u8 event, u32 timeout)
1082 DECLARE_WAITQUEUE(wait, current);
1083 struct hci_request req;
1086 BT_DBG("%s", hdev->name);
1088 hci_req_init(&req, hdev);
1090 hci_req_add_ev(&req, opcode, plen, param, event);
1092 hdev->req_status = HCI_REQ_PEND;
1094 err = hci_req_run(&req, hci_req_sync_complete);
1096 return ERR_PTR(err);
1098 add_wait_queue(&hdev->req_wait_q, &wait);
1099 set_current_state(TASK_INTERRUPTIBLE);
1101 schedule_timeout(timeout);
1103 remove_wait_queue(&hdev->req_wait_q, &wait);
1105 if (signal_pending(current))
1106 return ERR_PTR(-EINTR);
1108 switch (hdev->req_status) {
1110 err = -bt_to_errno(hdev->req_result);
1113 case HCI_REQ_CANCELED:
1114 err = -hdev->req_result;
1122 hdev->req_status = hdev->req_result = 0;
1124 BT_DBG("%s end: err %d", hdev->name, err);
1127 return ERR_PTR(err);
1129 return hci_get_cmd_complete(hdev, opcode, event);
1131 EXPORT_SYMBOL(__hci_cmd_sync_ev);
1133 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
1134 const void *param, u32 timeout)
1136 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
1138 EXPORT_SYMBOL(__hci_cmd_sync);
1140 /* Execute request and wait for completion. */
1141 static int __hci_req_sync(struct hci_dev *hdev,
1142 void (*func)(struct hci_request *req,
1144 unsigned long opt, __u32 timeout)
1146 struct hci_request req;
1147 DECLARE_WAITQUEUE(wait, current);
1150 BT_DBG("%s start", hdev->name);
1152 hci_req_init(&req, hdev);
1154 hdev->req_status = HCI_REQ_PEND;
1158 err = hci_req_run(&req, hci_req_sync_complete);
1160 hdev->req_status = 0;
1162 /* ENODATA means the HCI request command queue is empty.
1163 * This can happen when a request with conditionals doesn't
1164 * trigger any commands to be sent. This is normal behavior
1165 * and should not trigger an error return.
1167 if (err == -ENODATA)
1173 add_wait_queue(&hdev->req_wait_q, &wait);
1174 set_current_state(TASK_INTERRUPTIBLE);
1176 schedule_timeout(timeout);
1178 remove_wait_queue(&hdev->req_wait_q, &wait);
1180 if (signal_pending(current))
1183 switch (hdev->req_status) {
1185 err = -bt_to_errno(hdev->req_result);
1188 case HCI_REQ_CANCELED:
1189 err = -hdev->req_result;
1197 hdev->req_status = hdev->req_result = 0;
1199 BT_DBG("%s end: err %d", hdev->name, err);
1204 static int hci_req_sync(struct hci_dev *hdev,
1205 void (*req)(struct hci_request *req,
1207 unsigned long opt, __u32 timeout)
1211 if (!test_bit(HCI_UP, &hdev->flags))
1214 /* Serialize all requests */
1216 ret = __hci_req_sync(hdev, req, opt, timeout);
1217 hci_req_unlock(hdev);
1222 static void hci_reset_req(struct hci_request *req, unsigned long opt)
1224 BT_DBG("%s %ld", req->hdev->name, opt);
1227 set_bit(HCI_RESET, &req->hdev->flags);
1228 hci_req_add(req, HCI_OP_RESET, 0, NULL);
1231 static void bredr_init(struct hci_request *req)
1233 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
1235 /* Read Local Supported Features */
1236 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1238 /* Read Local Version */
1239 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1241 /* Read BD Address */
1242 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1245 static void amp_init(struct hci_request *req)
1247 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
1249 /* Read Local Version */
1250 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1252 /* Read Local Supported Commands */
1253 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1255 /* Read Local Supported Features */
1256 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1258 /* Read Local AMP Info */
1259 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
1261 /* Read Data Blk size */
1262 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
1264 /* Read Flow Control Mode */
1265 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
1267 /* Read Location Data */
1268 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
1271 static void hci_init1_req(struct hci_request *req, unsigned long opt)
1273 struct hci_dev *hdev = req->hdev;
1275 BT_DBG("%s %ld", hdev->name, opt);
1278 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1279 hci_reset_req(req, 0);
1281 switch (hdev->dev_type) {
1291 BT_ERR("Unknown device type %d", hdev->dev_type);
1296 static void bredr_setup(struct hci_request *req)
1298 struct hci_dev *hdev = req->hdev;
1303 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
1304 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
1306 /* Read Class of Device */
1307 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
1309 /* Read Local Name */
1310 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
1312 /* Read Voice Setting */
1313 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
1315 /* Read Number of Supported IAC */
1316 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
1318 /* Read Current IAC LAP */
1319 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
1321 /* Clear Event Filters */
1322 flt_type = HCI_FLT_CLEAR_ALL;
1323 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
1325 /* Connection accept timeout ~20 secs */
1326 param = cpu_to_le16(0x7d00);
1327 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
1329 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
1330 * but it does not support page scan related HCI commands.
1332 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
1333 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
1334 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
1338 static void le_setup(struct hci_request *req)
1340 struct hci_dev *hdev = req->hdev;
1342 /* Read LE Buffer Size */
1343 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
1345 /* Read LE Local Supported Features */
1346 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
1348 /* Read LE Supported States */
1349 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1351 /* Read LE White List Size */
1352 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
1354 /* Clear LE White List */
1355 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
1357 /* LE-only controllers have LE implicitly enabled */
1358 if (!lmp_bredr_capable(hdev))
1359 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1362 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
1364 if (lmp_ext_inq_capable(hdev))
1367 if (lmp_inq_rssi_capable(hdev))
1370 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
1371 hdev->lmp_subver == 0x0757)
1374 if (hdev->manufacturer == 15) {
1375 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
1377 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
1379 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
1383 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
1384 hdev->lmp_subver == 0x1805)
1390 static void hci_setup_inquiry_mode(struct hci_request *req)
1394 mode = hci_get_inquiry_mode(req->hdev);
1396 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
1399 static void hci_setup_event_mask(struct hci_request *req)
1401 struct hci_dev *hdev = req->hdev;
1403 /* The second byte is 0xff instead of 0x9f (two reserved bits
1404 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
1405 * command otherwise.
1407 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
1409 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
1410 * any event mask for pre 1.2 devices.
1412 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1415 if (lmp_bredr_capable(hdev)) {
1416 events[4] |= 0x01; /* Flow Specification Complete */
1417 events[4] |= 0x02; /* Inquiry Result with RSSI */
1418 events[4] |= 0x04; /* Read Remote Extended Features Complete */
1419 events[5] |= 0x08; /* Synchronous Connection Complete */
1420 events[5] |= 0x10; /* Synchronous Connection Changed */
1422 /* Use a different default for LE-only devices */
1423 memset(events, 0, sizeof(events));
1424 events[0] |= 0x10; /* Disconnection Complete */
1425 events[1] |= 0x08; /* Read Remote Version Information Complete */
1426 events[1] |= 0x20; /* Command Complete */
1427 events[1] |= 0x40; /* Command Status */
1428 events[1] |= 0x80; /* Hardware Error */
1429 events[2] |= 0x04; /* Number of Completed Packets */
1430 events[3] |= 0x02; /* Data Buffer Overflow */
1432 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
1433 events[0] |= 0x80; /* Encryption Change */
1434 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1438 if (lmp_inq_rssi_capable(hdev))
1439 events[4] |= 0x02; /* Inquiry Result with RSSI */
1441 if (lmp_sniffsubr_capable(hdev))
1442 events[5] |= 0x20; /* Sniff Subrating */
1444 if (lmp_pause_enc_capable(hdev))
1445 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1447 if (lmp_ext_inq_capable(hdev))
1448 events[5] |= 0x40; /* Extended Inquiry Result */
1450 if (lmp_no_flush_capable(hdev))
1451 events[7] |= 0x01; /* Enhanced Flush Complete */
1453 if (lmp_lsto_capable(hdev))
1454 events[6] |= 0x80; /* Link Supervision Timeout Changed */
1456 if (lmp_ssp_capable(hdev)) {
1457 events[6] |= 0x01; /* IO Capability Request */
1458 events[6] |= 0x02; /* IO Capability Response */
1459 events[6] |= 0x04; /* User Confirmation Request */
1460 events[6] |= 0x08; /* User Passkey Request */
1461 events[6] |= 0x10; /* Remote OOB Data Request */
1462 events[6] |= 0x20; /* Simple Pairing Complete */
1463 events[7] |= 0x04; /* User Passkey Notification */
1464 events[7] |= 0x08; /* Keypress Notification */
1465 events[7] |= 0x10; /* Remote Host Supported
1466 * Features Notification
1470 if (lmp_le_capable(hdev))
1471 events[7] |= 0x20; /* LE Meta-Event */
1473 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
1476 static void hci_init2_req(struct hci_request *req, unsigned long opt)
1478 struct hci_dev *hdev = req->hdev;
1480 if (lmp_bredr_capable(hdev))
1483 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
1485 if (lmp_le_capable(hdev))
1488 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
1489 * local supported commands HCI command.
1491 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1)
1492 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1494 if (lmp_ssp_capable(hdev)) {
1495 /* When SSP is available, then the host features page
1496 * should also be available as well. However some
1497 * controllers list the max_page as 0 as long as SSP
1498 * has not been enabled. To achieve proper debugging
1499 * output, force the minimum max_page to 1 at least.
1501 hdev->max_page = 0x01;
1503 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1505 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
1506 sizeof(mode), &mode);
1508 struct hci_cp_write_eir cp;
1510 memset(hdev->eir, 0, sizeof(hdev->eir));
1511 memset(&cp, 0, sizeof(cp));
1513 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1517 if (lmp_inq_rssi_capable(hdev))
1518 hci_setup_inquiry_mode(req);
1520 if (lmp_inq_tx_pwr_capable(hdev))
1521 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
1523 if (lmp_ext_feat_capable(hdev)) {
1524 struct hci_cp_read_local_ext_features cp;
1527 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1531 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
1533 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
1538 static void hci_setup_link_policy(struct hci_request *req)
1540 struct hci_dev *hdev = req->hdev;
1541 struct hci_cp_write_def_link_policy cp;
1542 u16 link_policy = 0;
1544 if (lmp_rswitch_capable(hdev))
1545 link_policy |= HCI_LP_RSWITCH;
1546 if (lmp_hold_capable(hdev))
1547 link_policy |= HCI_LP_HOLD;
1548 if (lmp_sniff_capable(hdev))
1549 link_policy |= HCI_LP_SNIFF;
1550 if (lmp_park_capable(hdev))
1551 link_policy |= HCI_LP_PARK;
1553 cp.policy = cpu_to_le16(link_policy);
1554 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
1557 static void hci_set_le_support(struct hci_request *req)
1559 struct hci_dev *hdev = req->hdev;
1560 struct hci_cp_write_le_host_supported cp;
1562 /* LE-only devices do not support explicit enablement */
1563 if (!lmp_bredr_capable(hdev))
1566 memset(&cp, 0, sizeof(cp));
1568 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1570 cp.simul = lmp_le_br_capable(hdev);
1573 if (cp.le != lmp_host_le_capable(hdev))
1574 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
1578 static void hci_set_event_mask_page_2(struct hci_request *req)
1580 struct hci_dev *hdev = req->hdev;
1581 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
1583 /* If Connectionless Slave Broadcast master role is supported
1584 * enable all necessary events for it.
1586 if (lmp_csb_master_capable(hdev)) {
1587 events[1] |= 0x40; /* Triggered Clock Capture */
1588 events[1] |= 0x80; /* Synchronization Train Complete */
1589 events[2] |= 0x10; /* Slave Page Response Timeout */
1590 events[2] |= 0x20; /* CSB Channel Map Change */
1593 /* If Connectionless Slave Broadcast slave role is supported
1594 * enable all necessary events for it.
1596 if (lmp_csb_slave_capable(hdev)) {
1597 events[2] |= 0x01; /* Synchronization Train Received */
1598 events[2] |= 0x02; /* CSB Receive */
1599 events[2] |= 0x04; /* CSB Timeout */
1600 events[2] |= 0x08; /* Truncated Page Complete */
1603 /* Enable Authenticated Payload Timeout Expired event if supported */
1604 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
1607 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
1610 static void hci_init3_req(struct hci_request *req, unsigned long opt)
1612 struct hci_dev *hdev = req->hdev;
1615 hci_setup_event_mask(req);
1617 /* Some Broadcom based Bluetooth controllers do not support the
1618 * Delete Stored Link Key command. They are clearly indicating its
1619 * absence in the bit mask of supported commands.
1621 * Check the supported commands and only if the the command is marked
1622 * as supported send it. If not supported assume that the controller
1623 * does not have actual support for stored link keys which makes this
1624 * command redundant anyway.
1626 * Some controllers indicate that they support handling deleting
1627 * stored link keys, but they don't. The quirk lets a driver
1628 * just disable this command.
1630 if (hdev->commands[6] & 0x80 &&
1631 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
1632 struct hci_cp_delete_stored_link_key cp;
1634 bacpy(&cp.bdaddr, BDADDR_ANY);
1635 cp.delete_all = 0x01;
1636 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
1640 if (hdev->commands[5] & 0x10)
1641 hci_setup_link_policy(req);
1643 if (lmp_le_capable(hdev)) {
1646 memset(events, 0, sizeof(events));
1649 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
1650 events[0] |= 0x10; /* LE Long Term Key Request */
1652 /* If controller supports the Connection Parameters Request
1653 * Link Layer Procedure, enable the corresponding event.
1655 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
1656 events[0] |= 0x20; /* LE Remote Connection
1660 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
1663 if (hdev->commands[25] & 0x40) {
1664 /* Read LE Advertising Channel TX Power */
1665 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1668 hci_set_le_support(req);
1671 /* Read features beyond page 1 if available */
1672 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
1673 struct hci_cp_read_local_ext_features cp;
1676 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1681 static void hci_init4_req(struct hci_request *req, unsigned long opt)
1683 struct hci_dev *hdev = req->hdev;
1685 /* Set event mask page 2 if the HCI command for it is supported */
1686 if (hdev->commands[22] & 0x04)
1687 hci_set_event_mask_page_2(req);
1689 /* Read local codec list if the HCI command is supported */
1690 if (hdev->commands[29] & 0x20)
1691 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
1693 /* Get MWS transport configuration if the HCI command is supported */
1694 if (hdev->commands[30] & 0x08)
1695 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
1697 /* Check for Synchronization Train support */
1698 if (lmp_sync_train_capable(hdev))
1699 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1701 /* Enable Secure Connections if supported and configured */
1702 if ((lmp_sc_capable(hdev) ||
1703 test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) &&
1704 test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
1706 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
1707 sizeof(support), &support);
1711 static int __hci_init(struct hci_dev *hdev)
1715 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
1719 /* The Device Under Test (DUT) mode is special and available for
1720 * all controller types. So just create it early on.
1722 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1723 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
1727 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
1728 * BR/EDR/LE type controllers. AMP controllers only need the
1731 if (hdev->dev_type != HCI_BREDR)
1734 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
1738 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
1742 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
1746 /* Only create debugfs entries during the initial setup
1747 * phase and not every time the controller gets powered on.
1749 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
1752 debugfs_create_file("features", 0444, hdev->debugfs, hdev,
1754 debugfs_create_u16("manufacturer", 0444, hdev->debugfs,
1755 &hdev->manufacturer);
1756 debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver);
1757 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
1758 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1760 debugfs_create_file("whitelist", 0444, hdev->debugfs, hdev,
1762 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1764 debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
1765 &conn_info_min_age_fops);
1766 debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev,
1767 &conn_info_max_age_fops);
1769 if (lmp_bredr_capable(hdev)) {
1770 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
1771 hdev, &inquiry_cache_fops);
1772 debugfs_create_file("link_keys", 0400, hdev->debugfs,
1773 hdev, &link_keys_fops);
1774 debugfs_create_file("dev_class", 0444, hdev->debugfs,
1775 hdev, &dev_class_fops);
1776 debugfs_create_file("voice_setting", 0444, hdev->debugfs,
1777 hdev, &voice_setting_fops);
1780 if (lmp_ssp_capable(hdev)) {
1781 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs,
1782 hdev, &auto_accept_delay_fops);
1783 debugfs_create_file("force_sc_support", 0644, hdev->debugfs,
1784 hdev, &force_sc_support_fops);
1785 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs,
1786 hdev, &sc_only_mode_fops);
1789 if (lmp_sniff_capable(hdev)) {
1790 debugfs_create_file("idle_timeout", 0644, hdev->debugfs,
1791 hdev, &idle_timeout_fops);
1792 debugfs_create_file("sniff_min_interval", 0644, hdev->debugfs,
1793 hdev, &sniff_min_interval_fops);
1794 debugfs_create_file("sniff_max_interval", 0644, hdev->debugfs,
1795 hdev, &sniff_max_interval_fops);
1798 if (lmp_le_capable(hdev)) {
1799 debugfs_create_file("identity", 0400, hdev->debugfs,
1800 hdev, &identity_fops);
1801 debugfs_create_file("rpa_timeout", 0644, hdev->debugfs,
1802 hdev, &rpa_timeout_fops);
1803 debugfs_create_file("random_address", 0444, hdev->debugfs,
1804 hdev, &random_address_fops);
1805 debugfs_create_file("static_address", 0444, hdev->debugfs,
1806 hdev, &static_address_fops);
1808 /* For controllers with a public address, provide a debug
1809 * option to force the usage of the configured static
1810 * address. By default the public address is used.
1812 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1813 debugfs_create_file("force_static_address", 0644,
1814 hdev->debugfs, hdev,
1815 &force_static_address_fops);
1817 debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
1818 &hdev->le_white_list_size);
1819 debugfs_create_file("white_list", 0444, hdev->debugfs, hdev,
1821 debugfs_create_file("identity_resolving_keys", 0400,
1822 hdev->debugfs, hdev,
1823 &identity_resolving_keys_fops);
1824 debugfs_create_file("long_term_keys", 0400, hdev->debugfs,
1825 hdev, &long_term_keys_fops);
1826 debugfs_create_file("conn_min_interval", 0644, hdev->debugfs,
1827 hdev, &conn_min_interval_fops);
1828 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs,
1829 hdev, &conn_max_interval_fops);
1830 debugfs_create_file("conn_latency", 0644, hdev->debugfs,
1831 hdev, &conn_latency_fops);
1832 debugfs_create_file("supervision_timeout", 0644, hdev->debugfs,
1833 hdev, &supervision_timeout_fops);
1834 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs,
1835 hdev, &adv_channel_map_fops);
1836 debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
1838 debugfs_create_u16("discov_interleaved_timeout", 0644,
1840 &hdev->discov_interleaved_timeout);
1846 static void hci_init0_req(struct hci_request *req, unsigned long opt)
1848 struct hci_dev *hdev = req->hdev;
1850 BT_DBG("%s %ld", hdev->name, opt);
1853 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1854 hci_reset_req(req, 0);
1856 /* Read Local Version */
1857 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1859 /* Read BD Address */
1860 if (hdev->set_bdaddr)
1861 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1864 static int __hci_unconf_init(struct hci_dev *hdev)
1868 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1871 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT);
1878 static void hci_scan_req(struct hci_request *req, unsigned long opt)
1882 BT_DBG("%s %x", req->hdev->name, scan);
1884 /* Inquiry and Page scans */
1885 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1888 static void hci_auth_req(struct hci_request *req, unsigned long opt)
1892 BT_DBG("%s %x", req->hdev->name, auth);
1894 /* Authentication */
1895 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1898 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
1902 BT_DBG("%s %x", req->hdev->name, encrypt);
1905 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1908 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
1910 __le16 policy = cpu_to_le16(opt);
1912 BT_DBG("%s %x", req->hdev->name, policy);
1914 /* Default link policy */
1915 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1918 /* Get HCI device by index.
1919 * Device is held on return. */
1920 struct hci_dev *hci_dev_get(int index)
1922 struct hci_dev *hdev = NULL, *d;
1924 BT_DBG("%d", index);
1929 read_lock(&hci_dev_list_lock);
1930 list_for_each_entry(d, &hci_dev_list, list) {
1931 if (d->id == index) {
1932 hdev = hci_dev_hold(d);
1936 read_unlock(&hci_dev_list_lock);
1940 /* ---- Inquiry support ---- */
1942 bool hci_discovery_active(struct hci_dev *hdev)
1944 struct discovery_state *discov = &hdev->discovery;
1946 switch (discov->state) {
1947 case DISCOVERY_FINDING:
1948 case DISCOVERY_RESOLVING:
1956 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1958 int old_state = hdev->discovery.state;
1960 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1962 if (old_state == state)
1965 hdev->discovery.state = state;
1968 case DISCOVERY_STOPPED:
1969 hci_update_background_scan(hdev);
1971 if (old_state != DISCOVERY_STARTING)
1972 mgmt_discovering(hdev, 0);
1974 case DISCOVERY_STARTING:
1976 case DISCOVERY_FINDING:
1977 mgmt_discovering(hdev, 1);
1979 case DISCOVERY_RESOLVING:
1981 case DISCOVERY_STOPPING:
1986 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1988 struct discovery_state *cache = &hdev->discovery;
1989 struct inquiry_entry *p, *n;
1991 list_for_each_entry_safe(p, n, &cache->all, all) {
1996 INIT_LIST_HEAD(&cache->unknown);
1997 INIT_LIST_HEAD(&cache->resolve);
2000 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
2003 struct discovery_state *cache = &hdev->discovery;
2004 struct inquiry_entry *e;
2006 BT_DBG("cache %p, %pMR", cache, bdaddr);
2008 list_for_each_entry(e, &cache->all, all) {
2009 if (!bacmp(&e->data.bdaddr, bdaddr))
2016 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
2019 struct discovery_state *cache = &hdev->discovery;
2020 struct inquiry_entry *e;
2022 BT_DBG("cache %p, %pMR", cache, bdaddr);
2024 list_for_each_entry(e, &cache->unknown, list) {
2025 if (!bacmp(&e->data.bdaddr, bdaddr))
2032 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
2036 struct discovery_state *cache = &hdev->discovery;
2037 struct inquiry_entry *e;
2039 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
2041 list_for_each_entry(e, &cache->resolve, list) {
2042 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
2044 if (!bacmp(&e->data.bdaddr, bdaddr))
2051 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
2052 struct inquiry_entry *ie)
2054 struct discovery_state *cache = &hdev->discovery;
2055 struct list_head *pos = &cache->resolve;
2056 struct inquiry_entry *p;
2058 list_del(&ie->list);
2060 list_for_each_entry(p, &cache->resolve, list) {
2061 if (p->name_state != NAME_PENDING &&
2062 abs(p->data.rssi) >= abs(ie->data.rssi))
2067 list_add(&ie->list, pos);
2070 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
2073 struct discovery_state *cache = &hdev->discovery;
2074 struct inquiry_entry *ie;
2077 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
2079 hci_remove_remote_oob_data(hdev, &data->bdaddr);
2081 if (!data->ssp_mode)
2082 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2084 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
2086 if (!ie->data.ssp_mode)
2087 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2089 if (ie->name_state == NAME_NEEDED &&
2090 data->rssi != ie->data.rssi) {
2091 ie->data.rssi = data->rssi;
2092 hci_inquiry_cache_update_resolve(hdev, ie);
2098 /* Entry not in the cache. Add new one. */
2099 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
2101 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2105 list_add(&ie->all, &cache->all);
2108 ie->name_state = NAME_KNOWN;
2110 ie->name_state = NAME_NOT_KNOWN;
2111 list_add(&ie->list, &cache->unknown);
2115 if (name_known && ie->name_state != NAME_KNOWN &&
2116 ie->name_state != NAME_PENDING) {
2117 ie->name_state = NAME_KNOWN;
2118 list_del(&ie->list);
2121 memcpy(&ie->data, data, sizeof(*data));
2122 ie->timestamp = jiffies;
2123 cache->timestamp = jiffies;
2125 if (ie->name_state == NAME_NOT_KNOWN)
2126 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2132 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
2134 struct discovery_state *cache = &hdev->discovery;
2135 struct inquiry_info *info = (struct inquiry_info *) buf;
2136 struct inquiry_entry *e;
2139 list_for_each_entry(e, &cache->all, all) {
2140 struct inquiry_data *data = &e->data;
2145 bacpy(&info->bdaddr, &data->bdaddr);
2146 info->pscan_rep_mode = data->pscan_rep_mode;
2147 info->pscan_period_mode = data->pscan_period_mode;
2148 info->pscan_mode = data->pscan_mode;
2149 memcpy(info->dev_class, data->dev_class, 3);
2150 info->clock_offset = data->clock_offset;
2156 BT_DBG("cache %p, copied %d", cache, copied);
2160 static void hci_inq_req(struct hci_request *req, unsigned long opt)
2162 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
2163 struct hci_dev *hdev = req->hdev;
2164 struct hci_cp_inquiry cp;
2166 BT_DBG("%s", hdev->name);
2168 if (test_bit(HCI_INQUIRY, &hdev->flags))
2172 memcpy(&cp.lap, &ir->lap, 3);
2173 cp.length = ir->length;
2174 cp.num_rsp = ir->num_rsp;
2175 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2178 static int wait_inquiry(void *word)
2181 return signal_pending(current);
2184 int hci_inquiry(void __user *arg)
2186 __u8 __user *ptr = arg;
2187 struct hci_inquiry_req ir;
2188 struct hci_dev *hdev;
2189 int err = 0, do_inquiry = 0, max_rsp;
2193 if (copy_from_user(&ir, ptr, sizeof(ir)))
2196 hdev = hci_dev_get(ir.dev_id);
2200 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2205 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2210 if (hdev->dev_type != HCI_BREDR) {
2215 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2221 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
2222 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
2223 hci_inquiry_cache_flush(hdev);
2226 hci_dev_unlock(hdev);
2228 timeo = ir.length * msecs_to_jiffies(2000);
2231 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
2236 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
2237 * cleared). If it is interrupted by a signal, return -EINTR.
2239 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry,
2240 TASK_INTERRUPTIBLE))
2244 /* for unlimited number of responses we will use buffer with
2247 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
2249 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
2250 * copy it to the user space.
2252 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
2259 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
2260 hci_dev_unlock(hdev);
2262 BT_DBG("num_rsp %d", ir.num_rsp);
2264 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
2266 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
2279 static int hci_dev_do_open(struct hci_dev *hdev)
2283 BT_DBG("%s %p", hdev->name, hdev);
2287 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
2292 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2293 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2294 /* Check for rfkill but allow the HCI setup stage to
2295 * proceed (which in itself doesn't cause any RF activity).
2297 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) {
2302 /* Check for valid public address or a configured static
2303 * random adddress, but let the HCI setup proceed to
2304 * be able to determine if there is a public address
2307 * In case of user channel usage, it is not important
2308 * if a public address or static random address is
2311 * This check is only valid for BR/EDR controllers
2312 * since AMP controllers do not have an address.
2314 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2315 hdev->dev_type == HCI_BREDR &&
2316 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2317 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
2318 ret = -EADDRNOTAVAIL;
2323 if (test_bit(HCI_UP, &hdev->flags)) {
2328 if (hdev->open(hdev)) {
2333 atomic_set(&hdev->cmd_cnt, 1);
2334 set_bit(HCI_INIT, &hdev->flags);
2336 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
2338 ret = hdev->setup(hdev);
2340 /* The transport driver can set these quirks before
2341 * creating the HCI device or in its setup callback.
2343 * In case any of them is set, the controller has to
2344 * start up as unconfigured.
2346 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
2347 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
2348 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
2350 /* For an unconfigured controller it is required to
2351 * read at least the version information provided by
2352 * the Read Local Version Information command.
2354 * If the set_bdaddr driver callback is provided, then
2355 * also the original Bluetooth public device address
2356 * will be read using the Read BD Address command.
2358 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
2359 ret = __hci_unconf_init(hdev);
2362 if (test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2363 /* If public address change is configured, ensure that
2364 * the address gets programmed. If the driver does not
2365 * support changing the public address, fail the power
2368 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
2370 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
2372 ret = -EADDRNOTAVAIL;
2376 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2377 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2378 ret = __hci_init(hdev);
2381 clear_bit(HCI_INIT, &hdev->flags);
2385 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2386 set_bit(HCI_UP, &hdev->flags);
2387 hci_notify(hdev, HCI_DEV_UP);
2388 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2389 !test_bit(HCI_CONFIG, &hdev->dev_flags) &&
2390 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2391 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2392 hdev->dev_type == HCI_BREDR) {
2394 mgmt_powered(hdev, 1);
2395 hci_dev_unlock(hdev);
2398 /* Init failed, cleanup */
2399 flush_work(&hdev->tx_work);
2400 flush_work(&hdev->cmd_work);
2401 flush_work(&hdev->rx_work);
2403 skb_queue_purge(&hdev->cmd_q);
2404 skb_queue_purge(&hdev->rx_q);
2409 if (hdev->sent_cmd) {
2410 kfree_skb(hdev->sent_cmd);
2411 hdev->sent_cmd = NULL;
2415 hdev->flags &= BIT(HCI_RAW);
2419 hci_req_unlock(hdev);
2423 /* ---- HCI ioctl helpers ---- */
2425 int hci_dev_open(__u16 dev)
2427 struct hci_dev *hdev;
2430 hdev = hci_dev_get(dev);
2434 /* Devices that are marked as unconfigured can only be powered
2435 * up as user channel. Trying to bring them up as normal devices
2436 * will result into a failure. Only user channel operation is
2439 * When this function is called for a user channel, the flag
2440 * HCI_USER_CHANNEL will be set first before attempting to
2443 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2444 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2449 /* We need to ensure that no other power on/off work is pending
2450 * before proceeding to call hci_dev_do_open. This is
2451 * particularly important if the setup procedure has not yet
2454 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2455 cancel_delayed_work(&hdev->power_off);
2457 /* After this call it is guaranteed that the setup procedure
2458 * has finished. This means that error conditions like RFKILL
2459 * or no valid public or static random address apply.
2461 flush_workqueue(hdev->req_workqueue);
2463 /* For controllers not using the management interface and that
2464 * are brought up using legacy ioctl, set the HCI_PAIRABLE bit
2465 * so that pairing works for them. Once the management interface
2466 * is in use this bit will be cleared again and userspace has
2467 * to explicitly enable it.
2469 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2470 !test_bit(HCI_MGMT, &hdev->dev_flags))
2471 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
2473 err = hci_dev_do_open(hdev);
2480 /* This function requires the caller holds hdev->lock */
2481 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
2483 struct hci_conn_params *p;
2485 list_for_each_entry(p, &hdev->le_conn_params, list)
2486 list_del_init(&p->action);
2488 BT_DBG("All LE pending actions cleared");
2491 static int hci_dev_do_close(struct hci_dev *hdev)
2493 BT_DBG("%s %p", hdev->name, hdev);
2495 cancel_delayed_work(&hdev->power_off);
2497 hci_req_cancel(hdev, ENODEV);
2500 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
2501 cancel_delayed_work_sync(&hdev->cmd_timer);
2502 hci_req_unlock(hdev);
2506 /* Flush RX and TX works */
2507 flush_work(&hdev->tx_work);
2508 flush_work(&hdev->rx_work);
2510 if (hdev->discov_timeout > 0) {
2511 cancel_delayed_work(&hdev->discov_off);
2512 hdev->discov_timeout = 0;
2513 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2514 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2517 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
2518 cancel_delayed_work(&hdev->service_cache);
2520 cancel_delayed_work_sync(&hdev->le_scan_disable);
2522 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2523 cancel_delayed_work_sync(&hdev->rpa_expired);
2526 hci_inquiry_cache_flush(hdev);
2527 hci_conn_hash_flush(hdev);
2528 hci_pend_le_actions_clear(hdev);
2529 hci_dev_unlock(hdev);
2531 hci_notify(hdev, HCI_DEV_DOWN);
2537 skb_queue_purge(&hdev->cmd_q);
2538 atomic_set(&hdev->cmd_cnt, 1);
2539 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
2540 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2541 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
2542 set_bit(HCI_INIT, &hdev->flags);
2543 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
2544 clear_bit(HCI_INIT, &hdev->flags);
2547 /* flush cmd work */
2548 flush_work(&hdev->cmd_work);
2551 skb_queue_purge(&hdev->rx_q);
2552 skb_queue_purge(&hdev->cmd_q);
2553 skb_queue_purge(&hdev->raw_q);
2555 /* Drop last sent command */
2556 if (hdev->sent_cmd) {
2557 cancel_delayed_work_sync(&hdev->cmd_timer);
2558 kfree_skb(hdev->sent_cmd);
2559 hdev->sent_cmd = NULL;
2562 kfree_skb(hdev->recv_evt);
2563 hdev->recv_evt = NULL;
2565 /* After this point our queues are empty
2566 * and no tasks are scheduled. */
2570 hdev->flags &= BIT(HCI_RAW);
2571 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2573 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2574 if (hdev->dev_type == HCI_BREDR) {
2576 mgmt_powered(hdev, 0);
2577 hci_dev_unlock(hdev);
2581 /* Controller radio is available but is currently powered down */
2582 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
2584 memset(hdev->eir, 0, sizeof(hdev->eir));
2585 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
2586 bacpy(&hdev->random_addr, BDADDR_ANY);
2588 hci_req_unlock(hdev);
2594 int hci_dev_close(__u16 dev)
2596 struct hci_dev *hdev;
2599 hdev = hci_dev_get(dev);
2603 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2608 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2609 cancel_delayed_work(&hdev->power_off);
2611 err = hci_dev_do_close(hdev);
2618 int hci_dev_reset(__u16 dev)
2620 struct hci_dev *hdev;
2623 hdev = hci_dev_get(dev);
2629 if (!test_bit(HCI_UP, &hdev->flags)) {
2634 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2639 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2645 skb_queue_purge(&hdev->rx_q);
2646 skb_queue_purge(&hdev->cmd_q);
2649 hci_inquiry_cache_flush(hdev);
2650 hci_conn_hash_flush(hdev);
2651 hci_dev_unlock(hdev);
2656 atomic_set(&hdev->cmd_cnt, 1);
2657 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
2659 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2662 hci_req_unlock(hdev);
2667 int hci_dev_reset_stat(__u16 dev)
2669 struct hci_dev *hdev;
2672 hdev = hci_dev_get(dev);
2676 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2681 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2686 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
2693 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
2695 bool conn_changed, discov_changed;
2697 BT_DBG("%s scan 0x%02x", hdev->name, scan);
2699 if ((scan & SCAN_PAGE))
2700 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
2703 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
2706 if ((scan & SCAN_INQUIRY)) {
2707 discov_changed = !test_and_set_bit(HCI_DISCOVERABLE,
2710 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2711 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
2715 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2718 if (conn_changed || discov_changed) {
2719 /* In case this was disabled through mgmt */
2720 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
2722 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2723 mgmt_update_adv_data(hdev);
2725 mgmt_new_settings(hdev);
2729 int hci_dev_cmd(unsigned int cmd, void __user *arg)
2731 struct hci_dev *hdev;
2732 struct hci_dev_req dr;
2735 if (copy_from_user(&dr, arg, sizeof(dr)))
2738 hdev = hci_dev_get(dr.dev_id);
2742 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2747 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2752 if (hdev->dev_type != HCI_BREDR) {
2757 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2764 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2769 if (!lmp_encrypt_capable(hdev)) {
2774 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2775 /* Auth must be enabled first */
2776 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2782 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2787 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2790 /* Ensure that the connectable and discoverable states
2791 * get correctly modified as this was a non-mgmt change.
2794 hci_update_scan_state(hdev, dr.dev_opt);
2798 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2802 case HCISETLINKMODE:
2803 hdev->link_mode = ((__u16) dr.dev_opt) &
2804 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2808 hdev->pkt_type = (__u16) dr.dev_opt;
2812 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2813 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2817 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2818 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2831 int hci_get_dev_list(void __user *arg)
2833 struct hci_dev *hdev;
2834 struct hci_dev_list_req *dl;
2835 struct hci_dev_req *dr;
2836 int n = 0, size, err;
2839 if (get_user(dev_num, (__u16 __user *) arg))
2842 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2845 size = sizeof(*dl) + dev_num * sizeof(*dr);
2847 dl = kzalloc(size, GFP_KERNEL);
2853 read_lock(&hci_dev_list_lock);
2854 list_for_each_entry(hdev, &hci_dev_list, list) {
2855 unsigned long flags = hdev->flags;
2857 /* When the auto-off is configured it means the transport
2858 * is running, but in that case still indicate that the
2859 * device is actually down.
2861 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2862 flags &= ~BIT(HCI_UP);
2864 (dr + n)->dev_id = hdev->id;
2865 (dr + n)->dev_opt = flags;
2870 read_unlock(&hci_dev_list_lock);
2873 size = sizeof(*dl) + n * sizeof(*dr);
2875 err = copy_to_user(arg, dl, size);
2878 return err ? -EFAULT : 0;
2881 int hci_get_dev_info(void __user *arg)
2883 struct hci_dev *hdev;
2884 struct hci_dev_info di;
2885 unsigned long flags;
2888 if (copy_from_user(&di, arg, sizeof(di)))
2891 hdev = hci_dev_get(di.dev_id);
2895 /* When the auto-off is configured it means the transport
2896 * is running, but in that case still indicate that the
2897 * device is actually down.
2899 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2900 flags = hdev->flags & ~BIT(HCI_UP);
2902 flags = hdev->flags;
2904 strcpy(di.name, hdev->name);
2905 di.bdaddr = hdev->bdaddr;
2906 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2908 di.pkt_type = hdev->pkt_type;
2909 if (lmp_bredr_capable(hdev)) {
2910 di.acl_mtu = hdev->acl_mtu;
2911 di.acl_pkts = hdev->acl_pkts;
2912 di.sco_mtu = hdev->sco_mtu;
2913 di.sco_pkts = hdev->sco_pkts;
2915 di.acl_mtu = hdev->le_mtu;
2916 di.acl_pkts = hdev->le_pkts;
2920 di.link_policy = hdev->link_policy;
2921 di.link_mode = hdev->link_mode;
2923 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2924 memcpy(&di.features, &hdev->features, sizeof(di.features));
2926 if (copy_to_user(arg, &di, sizeof(di)))
2934 /* ---- Interface to HCI drivers ---- */
2936 static int hci_rfkill_set_block(void *data, bool blocked)
2938 struct hci_dev *hdev = data;
2940 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2942 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2946 set_bit(HCI_RFKILLED, &hdev->dev_flags);
2947 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2948 !test_bit(HCI_CONFIG, &hdev->dev_flags))
2949 hci_dev_do_close(hdev);
2951 clear_bit(HCI_RFKILLED, &hdev->dev_flags);
2957 static const struct rfkill_ops hci_rfkill_ops = {
2958 .set_block = hci_rfkill_set_block,
2961 static void hci_power_on(struct work_struct *work)
2963 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2966 BT_DBG("%s", hdev->name);
2968 err = hci_dev_do_open(hdev);
2970 mgmt_set_powered_failed(hdev, err);
2974 /* During the HCI setup phase, a few error conditions are
2975 * ignored and they need to be checked now. If they are still
2976 * valid, it is important to turn the device back off.
2978 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
2979 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
2980 (hdev->dev_type == HCI_BREDR &&
2981 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2982 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2983 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2984 hci_dev_do_close(hdev);
2985 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2986 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2987 HCI_AUTO_OFF_TIMEOUT);
2990 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) {
2991 /* For unconfigured devices, set the HCI_RAW flag
2992 * so that userspace can easily identify them.
2994 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
2995 set_bit(HCI_RAW, &hdev->flags);
2997 /* For fully configured devices, this will send
2998 * the Index Added event. For unconfigured devices,
2999 * it will send Unconfigued Index Added event.
3001 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
3002 * and no event will be send.
3004 mgmt_index_added(hdev);
3005 } else if (test_and_clear_bit(HCI_CONFIG, &hdev->dev_flags)) {
3006 /* When the controller is now configured, then it
3007 * is important to clear the HCI_RAW flag.
3009 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3010 clear_bit(HCI_RAW, &hdev->flags);
3012 /* Powering on the controller with HCI_CONFIG set only
3013 * happens with the transition from unconfigured to
3014 * configured. This will send the Index Added event.
3016 mgmt_index_added(hdev);
3020 static void hci_power_off(struct work_struct *work)
3022 struct hci_dev *hdev = container_of(work, struct hci_dev,
3025 BT_DBG("%s", hdev->name);
3027 hci_dev_do_close(hdev);
3030 static void hci_discov_off(struct work_struct *work)
3032 struct hci_dev *hdev;
3034 hdev = container_of(work, struct hci_dev, discov_off.work);
3036 BT_DBG("%s", hdev->name);
3038 mgmt_discoverable_timeout(hdev);
3041 void hci_uuids_clear(struct hci_dev *hdev)
3043 struct bt_uuid *uuid, *tmp;
3045 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
3046 list_del(&uuid->list);
3051 void hci_link_keys_clear(struct hci_dev *hdev)
3053 struct list_head *p, *n;
3055 list_for_each_safe(p, n, &hdev->link_keys) {
3056 struct link_key *key;
3058 key = list_entry(p, struct link_key, list);
3065 void hci_smp_ltks_clear(struct hci_dev *hdev)
3067 struct smp_ltk *k, *tmp;
3069 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
3075 void hci_smp_irks_clear(struct hci_dev *hdev)
3077 struct smp_irk *k, *tmp;
3079 list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
3085 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3089 list_for_each_entry(k, &hdev->link_keys, list)
3090 if (bacmp(bdaddr, &k->bdaddr) == 0)
3096 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
3097 u8 key_type, u8 old_key_type)
3100 if (key_type < 0x03)
3103 /* Debug keys are insecure so don't store them persistently */
3104 if (key_type == HCI_LK_DEBUG_COMBINATION)
3107 /* Changed combination key and there's no previous one */
3108 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
3111 /* Security mode 3 case */
3115 /* Neither local nor remote side had no-bonding as requirement */
3116 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
3119 /* Local side had dedicated bonding as requirement */
3120 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
3123 /* Remote side had dedicated bonding as requirement */
3124 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
3127 /* If none of the above criteria match, then don't store the key
3132 static u8 ltk_role(u8 type)
3134 if (type == SMP_LTK)
3135 return HCI_ROLE_MASTER;
3137 return HCI_ROLE_SLAVE;
3140 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
3145 list_for_each_entry(k, &hdev->long_term_keys, list) {
3146 if (k->ediv != ediv || k->rand != rand)
3149 if (ltk_role(k->type) != role)
3158 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3159 u8 addr_type, u8 role)
3163 list_for_each_entry(k, &hdev->long_term_keys, list)
3164 if (addr_type == k->bdaddr_type &&
3165 bacmp(bdaddr, &k->bdaddr) == 0 &&
3166 ltk_role(k->type) == role)
3172 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
3174 struct smp_irk *irk;
3176 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3177 if (!bacmp(&irk->rpa, rpa))
3181 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3182 if (smp_irk_matches(hdev->tfm_aes, irk->val, rpa)) {
3183 bacpy(&irk->rpa, rpa);
3191 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3194 struct smp_irk *irk;
3196 /* Identity Address must be public or static random */
3197 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
3200 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3201 if (addr_type == irk->addr_type &&
3202 bacmp(bdaddr, &irk->bdaddr) == 0)
3209 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
3210 bdaddr_t *bdaddr, u8 *val, u8 type,
3211 u8 pin_len, bool *persistent)
3213 struct link_key *key, *old_key;
3216 old_key = hci_find_link_key(hdev, bdaddr);
3218 old_key_type = old_key->type;
3221 old_key_type = conn ? conn->key_type : 0xff;
3222 key = kzalloc(sizeof(*key), GFP_KERNEL);
3225 list_add(&key->list, &hdev->link_keys);
3228 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
3230 /* Some buggy controller combinations generate a changed
3231 * combination key for legacy pairing even when there's no
3233 if (type == HCI_LK_CHANGED_COMBINATION &&
3234 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
3235 type = HCI_LK_COMBINATION;
3237 conn->key_type = type;
3240 bacpy(&key->bdaddr, bdaddr);
3241 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
3242 key->pin_len = pin_len;
3244 if (type == HCI_LK_CHANGED_COMBINATION)
3245 key->type = old_key_type;
3250 *persistent = hci_persistent_key(hdev, conn, type,
3256 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3257 u8 addr_type, u8 type, u8 authenticated,
3258 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
3260 struct smp_ltk *key, *old_key;
3261 u8 role = ltk_role(type);
3263 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type, role);
3267 key = kzalloc(sizeof(*key), GFP_KERNEL);
3270 list_add(&key->list, &hdev->long_term_keys);
3273 bacpy(&key->bdaddr, bdaddr);
3274 key->bdaddr_type = addr_type;
3275 memcpy(key->val, tk, sizeof(key->val));
3276 key->authenticated = authenticated;
3279 key->enc_size = enc_size;
3285 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3286 u8 addr_type, u8 val[16], bdaddr_t *rpa)
3288 struct smp_irk *irk;
3290 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
3292 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
3296 bacpy(&irk->bdaddr, bdaddr);
3297 irk->addr_type = addr_type;
3299 list_add(&irk->list, &hdev->identity_resolving_keys);
3302 memcpy(irk->val, val, 16);
3303 bacpy(&irk->rpa, rpa);
3308 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3310 struct link_key *key;
3312 key = hci_find_link_key(hdev, bdaddr);
3316 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3318 list_del(&key->list);
3324 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
3326 struct smp_ltk *k, *tmp;
3329 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
3330 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
3333 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3340 return removed ? 0 : -ENOENT;
3343 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
3345 struct smp_irk *k, *tmp;
3347 list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
3348 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
3351 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3358 /* HCI command timer function */
3359 static void hci_cmd_timeout(struct work_struct *work)
3361 struct hci_dev *hdev = container_of(work, struct hci_dev,
3364 if (hdev->sent_cmd) {
3365 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
3366 u16 opcode = __le16_to_cpu(sent->opcode);
3368 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
3370 BT_ERR("%s command tx timeout", hdev->name);
3373 atomic_set(&hdev->cmd_cnt, 1);
3374 queue_work(hdev->workqueue, &hdev->cmd_work);
3377 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
3380 struct oob_data *data;
3382 list_for_each_entry(data, &hdev->remote_oob_data, list)
3383 if (bacmp(bdaddr, &data->bdaddr) == 0)
3389 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
3391 struct oob_data *data;
3393 data = hci_find_remote_oob_data(hdev, bdaddr);
3397 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3399 list_del(&data->list);
3405 void hci_remote_oob_data_clear(struct hci_dev *hdev)
3407 struct oob_data *data, *n;
3409 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
3410 list_del(&data->list);
3415 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3416 u8 *hash, u8 *randomizer)
3418 struct oob_data *data;
3420 data = hci_find_remote_oob_data(hdev, bdaddr);
3422 data = kmalloc(sizeof(*data), GFP_KERNEL);
3426 bacpy(&data->bdaddr, bdaddr);
3427 list_add(&data->list, &hdev->remote_oob_data);
3430 memcpy(data->hash192, hash, sizeof(data->hash192));
3431 memcpy(data->randomizer192, randomizer, sizeof(data->randomizer192));
3433 memset(data->hash256, 0, sizeof(data->hash256));
3434 memset(data->randomizer256, 0, sizeof(data->randomizer256));
3436 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3441 int hci_add_remote_oob_ext_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3442 u8 *hash192, u8 *randomizer192,
3443 u8 *hash256, u8 *randomizer256)
3445 struct oob_data *data;
3447 data = hci_find_remote_oob_data(hdev, bdaddr);
3449 data = kmalloc(sizeof(*data), GFP_KERNEL);
3453 bacpy(&data->bdaddr, bdaddr);
3454 list_add(&data->list, &hdev->remote_oob_data);
3457 memcpy(data->hash192, hash192, sizeof(data->hash192));
3458 memcpy(data->randomizer192, randomizer192, sizeof(data->randomizer192));
3460 memcpy(data->hash256, hash256, sizeof(data->hash256));
3461 memcpy(data->randomizer256, randomizer256, sizeof(data->randomizer256));
3463 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3468 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3469 bdaddr_t *bdaddr, u8 type)
3471 struct bdaddr_list *b;
3473 list_for_each_entry(b, bdaddr_list, list) {
3474 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3481 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3483 struct list_head *p, *n;
3485 list_for_each_safe(p, n, bdaddr_list) {
3486 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
3493 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3495 struct bdaddr_list *entry;
3497 if (!bacmp(bdaddr, BDADDR_ANY))
3500 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3503 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3507 bacpy(&entry->bdaddr, bdaddr);
3508 entry->bdaddr_type = type;
3510 list_add(&entry->list, list);
3515 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3517 struct bdaddr_list *entry;
3519 if (!bacmp(bdaddr, BDADDR_ANY)) {
3520 hci_bdaddr_list_clear(list);
3524 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3528 list_del(&entry->list);
3534 /* This function requires the caller holds hdev->lock */
3535 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3536 bdaddr_t *addr, u8 addr_type)
3538 struct hci_conn_params *params;
3540 /* The conn params list only contains identity addresses */
3541 if (!hci_is_identity_address(addr, addr_type))
3544 list_for_each_entry(params, &hdev->le_conn_params, list) {
3545 if (bacmp(¶ms->addr, addr) == 0 &&
3546 params->addr_type == addr_type) {
3554 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
3556 struct hci_conn *conn;
3558 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
3562 if (conn->dst_type != type)
3565 if (conn->state != BT_CONNECTED)
3571 /* This function requires the caller holds hdev->lock */
3572 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3573 bdaddr_t *addr, u8 addr_type)
3575 struct hci_conn_params *param;
3577 /* The list only contains identity addresses */
3578 if (!hci_is_identity_address(addr, addr_type))
3581 list_for_each_entry(param, list, action) {
3582 if (bacmp(¶m->addr, addr) == 0 &&
3583 param->addr_type == addr_type)
3590 /* This function requires the caller holds hdev->lock */
3591 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3592 bdaddr_t *addr, u8 addr_type)
3594 struct hci_conn_params *params;
3596 if (!hci_is_identity_address(addr, addr_type))
3599 params = hci_conn_params_lookup(hdev, addr, addr_type);
3603 params = kzalloc(sizeof(*params), GFP_KERNEL);
3605 BT_ERR("Out of memory");
3609 bacpy(¶ms->addr, addr);
3610 params->addr_type = addr_type;
3612 list_add(¶ms->list, &hdev->le_conn_params);
3613 INIT_LIST_HEAD(¶ms->action);
3615 params->conn_min_interval = hdev->le_conn_min_interval;
3616 params->conn_max_interval = hdev->le_conn_max_interval;
3617 params->conn_latency = hdev->le_conn_latency;
3618 params->supervision_timeout = hdev->le_supv_timeout;
3619 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3621 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3626 /* This function requires the caller holds hdev->lock */
3627 int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3630 struct hci_conn_params *params;
3632 params = hci_conn_params_add(hdev, addr, addr_type);
3636 if (params->auto_connect == auto_connect)
3639 list_del_init(¶ms->action);
3641 switch (auto_connect) {
3642 case HCI_AUTO_CONN_DISABLED:
3643 case HCI_AUTO_CONN_LINK_LOSS:
3644 hci_update_background_scan(hdev);
3646 case HCI_AUTO_CONN_REPORT:
3647 list_add(¶ms->action, &hdev->pend_le_reports);
3648 hci_update_background_scan(hdev);
3650 case HCI_AUTO_CONN_ALWAYS:
3651 if (!is_connected(hdev, addr, addr_type)) {
3652 list_add(¶ms->action, &hdev->pend_le_conns);
3653 hci_update_background_scan(hdev);
3658 params->auto_connect = auto_connect;
3660 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
3666 /* This function requires the caller holds hdev->lock */
3667 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3669 struct hci_conn_params *params;
3671 params = hci_conn_params_lookup(hdev, addr, addr_type);
3675 list_del(¶ms->action);
3676 list_del(¶ms->list);
3679 hci_update_background_scan(hdev);
3681 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3684 /* This function requires the caller holds hdev->lock */
3685 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3687 struct hci_conn_params *params, *tmp;
3689 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3690 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3692 list_del(¶ms->list);
3696 BT_DBG("All LE disabled connection parameters were removed");
3699 /* This function requires the caller holds hdev->lock */
3700 void hci_conn_params_clear_all(struct hci_dev *hdev)
3702 struct hci_conn_params *params, *tmp;
3704 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3705 list_del(¶ms->action);
3706 list_del(¶ms->list);
3710 hci_update_background_scan(hdev);
3712 BT_DBG("All LE connection parameters were removed");
3715 static void inquiry_complete(struct hci_dev *hdev, u8 status)
3718 BT_ERR("Failed to start inquiry: status %d", status);
3721 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3722 hci_dev_unlock(hdev);
3727 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status)
3729 /* General inquiry access code (GIAC) */
3730 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3731 struct hci_request req;
3732 struct hci_cp_inquiry cp;
3736 BT_ERR("Failed to disable LE scanning: status %d", status);
3740 switch (hdev->discovery.type) {
3741 case DISCOV_TYPE_LE:
3743 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3744 hci_dev_unlock(hdev);
3747 case DISCOV_TYPE_INTERLEAVED:
3748 hci_req_init(&req, hdev);
3750 memset(&cp, 0, sizeof(cp));
3751 memcpy(&cp.lap, lap, sizeof(cp.lap));
3752 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
3753 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3757 hci_inquiry_cache_flush(hdev);
3759 err = hci_req_run(&req, inquiry_complete);
3761 BT_ERR("Inquiry request failed: err %d", err);
3762 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3765 hci_dev_unlock(hdev);
3770 static void le_scan_disable_work(struct work_struct *work)
3772 struct hci_dev *hdev = container_of(work, struct hci_dev,
3773 le_scan_disable.work);
3774 struct hci_request req;
3777 BT_DBG("%s", hdev->name);
3779 hci_req_init(&req, hdev);
3781 hci_req_add_le_scan_disable(&req);
3783 err = hci_req_run(&req, le_scan_disable_work_complete);
3785 BT_ERR("Disable LE scanning request failed: err %d", err);
3788 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
3790 struct hci_dev *hdev = req->hdev;
3792 /* If we're advertising or initiating an LE connection we can't
3793 * go ahead and change the random address at this time. This is
3794 * because the eventual initiator address used for the
3795 * subsequently created connection will be undefined (some
3796 * controllers use the new address and others the one we had
3797 * when the operation started).
3799 * In this kind of scenario skip the update and let the random
3800 * address be updated at the next cycle.
3802 if (test_bit(HCI_LE_ADV, &hdev->dev_flags) ||
3803 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3804 BT_DBG("Deferring random address update");
3808 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
3811 int hci_update_random_address(struct hci_request *req, bool require_privacy,
3814 struct hci_dev *hdev = req->hdev;
3817 /* If privacy is enabled use a resolvable private address. If
3818 * current RPA has expired or there is something else than
3819 * the current RPA in use, then generate a new one.
3821 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3824 *own_addr_type = ADDR_LE_DEV_RANDOM;
3826 if (!test_and_clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags) &&
3827 !bacmp(&hdev->random_addr, &hdev->rpa))
3830 err = smp_generate_rpa(hdev->tfm_aes, hdev->irk, &hdev->rpa);
3832 BT_ERR("%s failed to generate new RPA", hdev->name);
3836 set_random_addr(req, &hdev->rpa);
3838 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
3839 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
3844 /* In case of required privacy without resolvable private address,
3845 * use an unresolvable private address. This is useful for active
3846 * scanning and non-connectable advertising.
3848 if (require_privacy) {
3851 get_random_bytes(&urpa, 6);
3852 urpa.b[5] &= 0x3f; /* Clear two most significant bits */
3854 *own_addr_type = ADDR_LE_DEV_RANDOM;
3855 set_random_addr(req, &urpa);
3859 /* If forcing static address is in use or there is no public
3860 * address use the static address as random address (but skip
3861 * the HCI command if the current random address is already the
3864 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3865 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3866 *own_addr_type = ADDR_LE_DEV_RANDOM;
3867 if (bacmp(&hdev->static_addr, &hdev->random_addr))
3868 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3869 &hdev->static_addr);
3873 /* Neither privacy nor static address is being used so use a
3876 *own_addr_type = ADDR_LE_DEV_PUBLIC;
3881 /* Copy the Identity Address of the controller.
3883 * If the controller has a public BD_ADDR, then by default use that one.
3884 * If this is a LE only controller without a public address, default to
3885 * the static random address.
3887 * For debugging purposes it is possible to force controllers with a
3888 * public address to use the static random address instead.
3890 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3893 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3894 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3895 bacpy(bdaddr, &hdev->static_addr);
3896 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3898 bacpy(bdaddr, &hdev->bdaddr);
3899 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3903 /* Alloc HCI device */
3904 struct hci_dev *hci_alloc_dev(void)
3906 struct hci_dev *hdev;
3908 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3912 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3913 hdev->esco_type = (ESCO_HV1);
3914 hdev->link_mode = (HCI_LM_ACCEPT);
3915 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3916 hdev->io_capability = 0x03; /* No Input No Output */
3917 hdev->manufacturer = 0xffff; /* Default to internal use */
3918 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3919 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3921 hdev->sniff_max_interval = 800;
3922 hdev->sniff_min_interval = 80;
3924 hdev->le_adv_channel_map = 0x07;
3925 hdev->le_scan_interval = 0x0060;
3926 hdev->le_scan_window = 0x0030;
3927 hdev->le_conn_min_interval = 0x0028;
3928 hdev->le_conn_max_interval = 0x0038;
3929 hdev->le_conn_latency = 0x0000;
3930 hdev->le_supv_timeout = 0x002a;
3932 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3933 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3934 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3935 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3937 mutex_init(&hdev->lock);
3938 mutex_init(&hdev->req_lock);
3940 INIT_LIST_HEAD(&hdev->mgmt_pending);
3941 INIT_LIST_HEAD(&hdev->blacklist);
3942 INIT_LIST_HEAD(&hdev->whitelist);
3943 INIT_LIST_HEAD(&hdev->uuids);
3944 INIT_LIST_HEAD(&hdev->link_keys);
3945 INIT_LIST_HEAD(&hdev->long_term_keys);
3946 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3947 INIT_LIST_HEAD(&hdev->remote_oob_data);
3948 INIT_LIST_HEAD(&hdev->le_white_list);
3949 INIT_LIST_HEAD(&hdev->le_conn_params);
3950 INIT_LIST_HEAD(&hdev->pend_le_conns);
3951 INIT_LIST_HEAD(&hdev->pend_le_reports);
3952 INIT_LIST_HEAD(&hdev->conn_hash.list);
3954 INIT_WORK(&hdev->rx_work, hci_rx_work);
3955 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3956 INIT_WORK(&hdev->tx_work, hci_tx_work);
3957 INIT_WORK(&hdev->power_on, hci_power_on);
3959 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3960 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
3961 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
3963 skb_queue_head_init(&hdev->rx_q);
3964 skb_queue_head_init(&hdev->cmd_q);
3965 skb_queue_head_init(&hdev->raw_q);
3967 init_waitqueue_head(&hdev->req_wait_q);
3969 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3971 hci_init_sysfs(hdev);
3972 discovery_init(hdev);
3976 EXPORT_SYMBOL(hci_alloc_dev);
3978 /* Free HCI device */
3979 void hci_free_dev(struct hci_dev *hdev)
3981 /* will free via device release */
3982 put_device(&hdev->dev);
3984 EXPORT_SYMBOL(hci_free_dev);
3986 /* Register HCI device */
3987 int hci_register_dev(struct hci_dev *hdev)
3991 if (!hdev->open || !hdev->close || !hdev->send)
3994 /* Do not allow HCI_AMP devices to register at index 0,
3995 * so the index can be used as the AMP controller ID.
3997 switch (hdev->dev_type) {
3999 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
4002 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
4011 sprintf(hdev->name, "hci%d", id);
4014 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4016 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4017 WQ_MEM_RECLAIM, 1, hdev->name);
4018 if (!hdev->workqueue) {
4023 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4024 WQ_MEM_RECLAIM, 1, hdev->name);
4025 if (!hdev->req_workqueue) {
4026 destroy_workqueue(hdev->workqueue);
4031 if (!IS_ERR_OR_NULL(bt_debugfs))
4032 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
4034 dev_set_name(&hdev->dev, "%s", hdev->name);
4036 hdev->tfm_aes = crypto_alloc_blkcipher("ecb(aes)", 0,
4038 if (IS_ERR(hdev->tfm_aes)) {
4039 BT_ERR("Unable to create crypto context");
4040 error = PTR_ERR(hdev->tfm_aes);
4041 hdev->tfm_aes = NULL;
4045 error = device_add(&hdev->dev);
4049 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
4050 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
4053 if (rfkill_register(hdev->rfkill) < 0) {
4054 rfkill_destroy(hdev->rfkill);
4055 hdev->rfkill = NULL;
4059 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
4060 set_bit(HCI_RFKILLED, &hdev->dev_flags);
4062 set_bit(HCI_SETUP, &hdev->dev_flags);
4063 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
4065 if (hdev->dev_type == HCI_BREDR) {
4066 /* Assume BR/EDR support until proven otherwise (such as
4067 * through reading supported features during init.
4069 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4072 write_lock(&hci_dev_list_lock);
4073 list_add(&hdev->list, &hci_dev_list);
4074 write_unlock(&hci_dev_list_lock);
4076 /* Devices that are marked for raw-only usage are unconfigured
4077 * and should not be included in normal operation.
4079 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
4080 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
4082 hci_notify(hdev, HCI_DEV_REG);
4085 queue_work(hdev->req_workqueue, &hdev->power_on);
4090 crypto_free_blkcipher(hdev->tfm_aes);
4092 destroy_workqueue(hdev->workqueue);
4093 destroy_workqueue(hdev->req_workqueue);
4095 ida_simple_remove(&hci_index_ida, hdev->id);
4099 EXPORT_SYMBOL(hci_register_dev);
4101 /* Unregister HCI device */
4102 void hci_unregister_dev(struct hci_dev *hdev)
4106 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4108 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
4112 write_lock(&hci_dev_list_lock);
4113 list_del(&hdev->list);
4114 write_unlock(&hci_dev_list_lock);
4116 hci_dev_do_close(hdev);
4118 for (i = 0; i < NUM_REASSEMBLY; i++)
4119 kfree_skb(hdev->reassembly[i]);
4121 cancel_work_sync(&hdev->power_on);
4123 if (!test_bit(HCI_INIT, &hdev->flags) &&
4124 !test_bit(HCI_SETUP, &hdev->dev_flags) &&
4125 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
4127 mgmt_index_removed(hdev);
4128 hci_dev_unlock(hdev);
4131 /* mgmt_index_removed should take care of emptying the
4133 BUG_ON(!list_empty(&hdev->mgmt_pending));
4135 hci_notify(hdev, HCI_DEV_UNREG);
4138 rfkill_unregister(hdev->rfkill);
4139 rfkill_destroy(hdev->rfkill);
4143 crypto_free_blkcipher(hdev->tfm_aes);
4145 device_del(&hdev->dev);
4147 debugfs_remove_recursive(hdev->debugfs);
4149 destroy_workqueue(hdev->workqueue);
4150 destroy_workqueue(hdev->req_workqueue);
4153 hci_bdaddr_list_clear(&hdev->blacklist);
4154 hci_bdaddr_list_clear(&hdev->whitelist);
4155 hci_uuids_clear(hdev);
4156 hci_link_keys_clear(hdev);
4157 hci_smp_ltks_clear(hdev);
4158 hci_smp_irks_clear(hdev);
4159 hci_remote_oob_data_clear(hdev);
4160 hci_bdaddr_list_clear(&hdev->le_white_list);
4161 hci_conn_params_clear_all(hdev);
4162 hci_dev_unlock(hdev);
4166 ida_simple_remove(&hci_index_ida, id);
4168 EXPORT_SYMBOL(hci_unregister_dev);
4170 /* Suspend HCI device */
4171 int hci_suspend_dev(struct hci_dev *hdev)
4173 hci_notify(hdev, HCI_DEV_SUSPEND);
4176 EXPORT_SYMBOL(hci_suspend_dev);
4178 /* Resume HCI device */
4179 int hci_resume_dev(struct hci_dev *hdev)
4181 hci_notify(hdev, HCI_DEV_RESUME);
4184 EXPORT_SYMBOL(hci_resume_dev);
4186 /* Receive frame from HCI drivers */
4187 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
4189 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
4190 && !test_bit(HCI_INIT, &hdev->flags))) {
4196 bt_cb(skb)->incoming = 1;
4199 __net_timestamp(skb);
4201 skb_queue_tail(&hdev->rx_q, skb);
4202 queue_work(hdev->workqueue, &hdev->rx_work);
4206 EXPORT_SYMBOL(hci_recv_frame);
4208 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
4209 int count, __u8 index)
4214 struct sk_buff *skb;
4215 struct bt_skb_cb *scb;
4217 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
4218 index >= NUM_REASSEMBLY)
4221 skb = hdev->reassembly[index];
4225 case HCI_ACLDATA_PKT:
4226 len = HCI_MAX_FRAME_SIZE;
4227 hlen = HCI_ACL_HDR_SIZE;
4230 len = HCI_MAX_EVENT_SIZE;
4231 hlen = HCI_EVENT_HDR_SIZE;
4233 case HCI_SCODATA_PKT:
4234 len = HCI_MAX_SCO_SIZE;
4235 hlen = HCI_SCO_HDR_SIZE;
4239 skb = bt_skb_alloc(len, GFP_ATOMIC);
4243 scb = (void *) skb->cb;
4245 scb->pkt_type = type;
4247 hdev->reassembly[index] = skb;
4251 scb = (void *) skb->cb;
4252 len = min_t(uint, scb->expect, count);
4254 memcpy(skb_put(skb, len), data, len);
4263 if (skb->len == HCI_EVENT_HDR_SIZE) {
4264 struct hci_event_hdr *h = hci_event_hdr(skb);
4265 scb->expect = h->plen;
4267 if (skb_tailroom(skb) < scb->expect) {
4269 hdev->reassembly[index] = NULL;
4275 case HCI_ACLDATA_PKT:
4276 if (skb->len == HCI_ACL_HDR_SIZE) {
4277 struct hci_acl_hdr *h = hci_acl_hdr(skb);
4278 scb->expect = __le16_to_cpu(h->dlen);
4280 if (skb_tailroom(skb) < scb->expect) {
4282 hdev->reassembly[index] = NULL;
4288 case HCI_SCODATA_PKT:
4289 if (skb->len == HCI_SCO_HDR_SIZE) {
4290 struct hci_sco_hdr *h = hci_sco_hdr(skb);
4291 scb->expect = h->dlen;
4293 if (skb_tailroom(skb) < scb->expect) {
4295 hdev->reassembly[index] = NULL;
4302 if (scb->expect == 0) {
4303 /* Complete frame */
4305 bt_cb(skb)->pkt_type = type;
4306 hci_recv_frame(hdev, skb);
4308 hdev->reassembly[index] = NULL;
4316 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
4320 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
4324 rem = hci_reassembly(hdev, type, data, count, type - 1);
4328 data += (count - rem);
4334 EXPORT_SYMBOL(hci_recv_fragment);
4336 #define STREAM_REASSEMBLY 0
4338 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
4344 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
4347 struct { char type; } *pkt;
4349 /* Start of the frame */
4356 type = bt_cb(skb)->pkt_type;
4358 rem = hci_reassembly(hdev, type, data, count,
4363 data += (count - rem);
4369 EXPORT_SYMBOL(hci_recv_stream_fragment);
4371 /* ---- Interface to upper protocols ---- */
4373 int hci_register_cb(struct hci_cb *cb)
4375 BT_DBG("%p name %s", cb, cb->name);
4377 write_lock(&hci_cb_list_lock);
4378 list_add(&cb->list, &hci_cb_list);
4379 write_unlock(&hci_cb_list_lock);
4383 EXPORT_SYMBOL(hci_register_cb);
4385 int hci_unregister_cb(struct hci_cb *cb)
4387 BT_DBG("%p name %s", cb, cb->name);
4389 write_lock(&hci_cb_list_lock);
4390 list_del(&cb->list);
4391 write_unlock(&hci_cb_list_lock);
4395 EXPORT_SYMBOL(hci_unregister_cb);
4397 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4401 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
4404 __net_timestamp(skb);
4406 /* Send copy to monitor */
4407 hci_send_to_monitor(hdev, skb);
4409 if (atomic_read(&hdev->promisc)) {
4410 /* Send copy to the sockets */
4411 hci_send_to_sock(hdev, skb);
4414 /* Get rid of skb owner, prior to sending to the driver. */
4417 err = hdev->send(hdev, skb);
4419 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
4424 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
4426 skb_queue_head_init(&req->cmd_q);
4431 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
4433 struct hci_dev *hdev = req->hdev;
4434 struct sk_buff *skb;
4435 unsigned long flags;
4437 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
4439 /* If an error occured during request building, remove all HCI
4440 * commands queued on the HCI request queue.
4443 skb_queue_purge(&req->cmd_q);
4447 /* Do not allow empty requests */
4448 if (skb_queue_empty(&req->cmd_q))
4451 skb = skb_peek_tail(&req->cmd_q);
4452 bt_cb(skb)->req.complete = complete;
4454 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4455 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
4456 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4458 queue_work(hdev->workqueue, &hdev->cmd_work);
4463 bool hci_req_pending(struct hci_dev *hdev)
4465 return (hdev->req_status == HCI_REQ_PEND);
4468 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
4469 u32 plen, const void *param)
4471 int len = HCI_COMMAND_HDR_SIZE + plen;
4472 struct hci_command_hdr *hdr;
4473 struct sk_buff *skb;
4475 skb = bt_skb_alloc(len, GFP_ATOMIC);
4479 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
4480 hdr->opcode = cpu_to_le16(opcode);
4484 memcpy(skb_put(skb, plen), param, plen);
4486 BT_DBG("skb len %d", skb->len);
4488 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
4493 /* Send HCI command */
4494 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
4497 struct sk_buff *skb;
4499 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4501 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4503 BT_ERR("%s no memory for command", hdev->name);
4507 /* Stand-alone HCI commands must be flaged as
4508 * single-command requests.
4510 bt_cb(skb)->req.start = true;
4512 skb_queue_tail(&hdev->cmd_q, skb);
4513 queue_work(hdev->workqueue, &hdev->cmd_work);
4518 /* Queue a command to an asynchronous HCI request */
4519 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
4520 const void *param, u8 event)
4522 struct hci_dev *hdev = req->hdev;
4523 struct sk_buff *skb;
4525 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4527 /* If an error occured during request building, there is no point in
4528 * queueing the HCI command. We can simply return.
4533 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4535 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
4536 hdev->name, opcode);
4541 if (skb_queue_empty(&req->cmd_q))
4542 bt_cb(skb)->req.start = true;
4544 bt_cb(skb)->req.event = event;
4546 skb_queue_tail(&req->cmd_q, skb);
4549 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
4552 hci_req_add_ev(req, opcode, plen, param, 0);
4555 /* Get data from the previously sent command */
4556 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
4558 struct hci_command_hdr *hdr;
4560 if (!hdev->sent_cmd)
4563 hdr = (void *) hdev->sent_cmd->data;
4565 if (hdr->opcode != cpu_to_le16(opcode))
4568 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
4570 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
4574 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
4576 struct hci_acl_hdr *hdr;
4579 skb_push(skb, HCI_ACL_HDR_SIZE);
4580 skb_reset_transport_header(skb);
4581 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
4582 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
4583 hdr->dlen = cpu_to_le16(len);
4586 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
4587 struct sk_buff *skb, __u16 flags)
4589 struct hci_conn *conn = chan->conn;
4590 struct hci_dev *hdev = conn->hdev;
4591 struct sk_buff *list;
4593 skb->len = skb_headlen(skb);
4596 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4598 switch (hdev->dev_type) {
4600 hci_add_acl_hdr(skb, conn->handle, flags);
4603 hci_add_acl_hdr(skb, chan->handle, flags);
4606 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
4610 list = skb_shinfo(skb)->frag_list;
4612 /* Non fragmented */
4613 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
4615 skb_queue_tail(queue, skb);
4618 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4620 skb_shinfo(skb)->frag_list = NULL;
4622 /* Queue all fragments atomically */
4623 spin_lock(&queue->lock);
4625 __skb_queue_tail(queue, skb);
4627 flags &= ~ACL_START;
4630 skb = list; list = list->next;
4632 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4633 hci_add_acl_hdr(skb, conn->handle, flags);
4635 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4637 __skb_queue_tail(queue, skb);
4640 spin_unlock(&queue->lock);
4644 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
4646 struct hci_dev *hdev = chan->conn->hdev;
4648 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
4650 hci_queue_acl(chan, &chan->data_q, skb, flags);
4652 queue_work(hdev->workqueue, &hdev->tx_work);
4656 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
4658 struct hci_dev *hdev = conn->hdev;
4659 struct hci_sco_hdr hdr;
4661 BT_DBG("%s len %d", hdev->name, skb->len);
4663 hdr.handle = cpu_to_le16(conn->handle);
4664 hdr.dlen = skb->len;
4666 skb_push(skb, HCI_SCO_HDR_SIZE);
4667 skb_reset_transport_header(skb);
4668 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
4670 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
4672 skb_queue_tail(&conn->data_q, skb);
4673 queue_work(hdev->workqueue, &hdev->tx_work);
4676 /* ---- HCI TX task (outgoing data) ---- */
4678 /* HCI Connection scheduler */
4679 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
4682 struct hci_conn_hash *h = &hdev->conn_hash;
4683 struct hci_conn *conn = NULL, *c;
4684 unsigned int num = 0, min = ~0;
4686 /* We don't have to lock device here. Connections are always
4687 * added and removed with TX task disabled. */
4691 list_for_each_entry_rcu(c, &h->list, list) {
4692 if (c->type != type || skb_queue_empty(&c->data_q))
4695 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
4700 if (c->sent < min) {
4705 if (hci_conn_num(hdev, type) == num)
4714 switch (conn->type) {
4716 cnt = hdev->acl_cnt;
4720 cnt = hdev->sco_cnt;
4723 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4727 BT_ERR("Unknown link type");
4735 BT_DBG("conn %p quote %d", conn, *quote);
4739 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
4741 struct hci_conn_hash *h = &hdev->conn_hash;
4744 BT_ERR("%s link tx timeout", hdev->name);
4748 /* Kill stalled connections */
4749 list_for_each_entry_rcu(c, &h->list, list) {
4750 if (c->type == type && c->sent) {
4751 BT_ERR("%s killing stalled connection %pMR",
4752 hdev->name, &c->dst);
4753 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
4760 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
4763 struct hci_conn_hash *h = &hdev->conn_hash;
4764 struct hci_chan *chan = NULL;
4765 unsigned int num = 0, min = ~0, cur_prio = 0;
4766 struct hci_conn *conn;
4767 int cnt, q, conn_num = 0;
4769 BT_DBG("%s", hdev->name);
4773 list_for_each_entry_rcu(conn, &h->list, list) {
4774 struct hci_chan *tmp;
4776 if (conn->type != type)
4779 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4784 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
4785 struct sk_buff *skb;
4787 if (skb_queue_empty(&tmp->data_q))
4790 skb = skb_peek(&tmp->data_q);
4791 if (skb->priority < cur_prio)
4794 if (skb->priority > cur_prio) {
4797 cur_prio = skb->priority;
4802 if (conn->sent < min) {
4808 if (hci_conn_num(hdev, type) == conn_num)
4817 switch (chan->conn->type) {
4819 cnt = hdev->acl_cnt;
4822 cnt = hdev->block_cnt;
4826 cnt = hdev->sco_cnt;
4829 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4833 BT_ERR("Unknown link type");
4838 BT_DBG("chan %p quote %d", chan, *quote);
4842 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
4844 struct hci_conn_hash *h = &hdev->conn_hash;
4845 struct hci_conn *conn;
4848 BT_DBG("%s", hdev->name);
4852 list_for_each_entry_rcu(conn, &h->list, list) {
4853 struct hci_chan *chan;
4855 if (conn->type != type)
4858 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4863 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
4864 struct sk_buff *skb;
4871 if (skb_queue_empty(&chan->data_q))
4874 skb = skb_peek(&chan->data_q);
4875 if (skb->priority >= HCI_PRIO_MAX - 1)
4878 skb->priority = HCI_PRIO_MAX - 1;
4880 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
4884 if (hci_conn_num(hdev, type) == num)
4892 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4894 /* Calculate count of blocks used by this packet */
4895 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4898 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
4900 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
4901 /* ACL tx timeout must be longer than maximum
4902 * link supervision timeout (40.9 seconds) */
4903 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
4904 HCI_ACL_TX_TIMEOUT))
4905 hci_link_tx_to(hdev, ACL_LINK);
4909 static void hci_sched_acl_pkt(struct hci_dev *hdev)
4911 unsigned int cnt = hdev->acl_cnt;
4912 struct hci_chan *chan;
4913 struct sk_buff *skb;
4916 __check_timeout(hdev, cnt);
4918 while (hdev->acl_cnt &&
4919 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
4920 u32 priority = (skb_peek(&chan->data_q))->priority;
4921 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4922 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4923 skb->len, skb->priority);
4925 /* Stop if priority has changed */
4926 if (skb->priority < priority)
4929 skb = skb_dequeue(&chan->data_q);
4931 hci_conn_enter_active_mode(chan->conn,
4932 bt_cb(skb)->force_active);
4934 hci_send_frame(hdev, skb);
4935 hdev->acl_last_tx = jiffies;
4943 if (cnt != hdev->acl_cnt)
4944 hci_prio_recalculate(hdev, ACL_LINK);
4947 static void hci_sched_acl_blk(struct hci_dev *hdev)
4949 unsigned int cnt = hdev->block_cnt;
4950 struct hci_chan *chan;
4951 struct sk_buff *skb;
4955 __check_timeout(hdev, cnt);
4957 BT_DBG("%s", hdev->name);
4959 if (hdev->dev_type == HCI_AMP)
4964 while (hdev->block_cnt > 0 &&
4965 (chan = hci_chan_sent(hdev, type, "e))) {
4966 u32 priority = (skb_peek(&chan->data_q))->priority;
4967 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
4970 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4971 skb->len, skb->priority);
4973 /* Stop if priority has changed */
4974 if (skb->priority < priority)
4977 skb = skb_dequeue(&chan->data_q);
4979 blocks = __get_blocks(hdev, skb);
4980 if (blocks > hdev->block_cnt)
4983 hci_conn_enter_active_mode(chan->conn,
4984 bt_cb(skb)->force_active);
4986 hci_send_frame(hdev, skb);
4987 hdev->acl_last_tx = jiffies;
4989 hdev->block_cnt -= blocks;
4992 chan->sent += blocks;
4993 chan->conn->sent += blocks;
4997 if (cnt != hdev->block_cnt)
4998 hci_prio_recalculate(hdev, type);
5001 static void hci_sched_acl(struct hci_dev *hdev)
5003 BT_DBG("%s", hdev->name);
5005 /* No ACL link over BR/EDR controller */
5006 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
5009 /* No AMP link over AMP controller */
5010 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
5013 switch (hdev->flow_ctl_mode) {
5014 case HCI_FLOW_CTL_MODE_PACKET_BASED:
5015 hci_sched_acl_pkt(hdev);
5018 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
5019 hci_sched_acl_blk(hdev);
5025 static void hci_sched_sco(struct hci_dev *hdev)
5027 struct hci_conn *conn;
5028 struct sk_buff *skb;
5031 BT_DBG("%s", hdev->name);
5033 if (!hci_conn_num(hdev, SCO_LINK))
5036 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
5037 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5038 BT_DBG("skb %p len %d", skb, skb->len);
5039 hci_send_frame(hdev, skb);
5042 if (conn->sent == ~0)
5048 static void hci_sched_esco(struct hci_dev *hdev)
5050 struct hci_conn *conn;
5051 struct sk_buff *skb;
5054 BT_DBG("%s", hdev->name);
5056 if (!hci_conn_num(hdev, ESCO_LINK))
5059 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
5061 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5062 BT_DBG("skb %p len %d", skb, skb->len);
5063 hci_send_frame(hdev, skb);
5066 if (conn->sent == ~0)
5072 static void hci_sched_le(struct hci_dev *hdev)
5074 struct hci_chan *chan;
5075 struct sk_buff *skb;
5076 int quote, cnt, tmp;
5078 BT_DBG("%s", hdev->name);
5080 if (!hci_conn_num(hdev, LE_LINK))
5083 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5084 /* LE tx timeout must be longer than maximum
5085 * link supervision timeout (40.9 seconds) */
5086 if (!hdev->le_cnt && hdev->le_pkts &&
5087 time_after(jiffies, hdev->le_last_tx + HZ * 45))
5088 hci_link_tx_to(hdev, LE_LINK);
5091 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
5093 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
5094 u32 priority = (skb_peek(&chan->data_q))->priority;
5095 while (quote-- && (skb = skb_peek(&chan->data_q))) {
5096 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5097 skb->len, skb->priority);
5099 /* Stop if priority has changed */
5100 if (skb->priority < priority)
5103 skb = skb_dequeue(&chan->data_q);
5105 hci_send_frame(hdev, skb);
5106 hdev->le_last_tx = jiffies;
5117 hdev->acl_cnt = cnt;
5120 hci_prio_recalculate(hdev, LE_LINK);
5123 static void hci_tx_work(struct work_struct *work)
5125 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
5126 struct sk_buff *skb;
5128 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
5129 hdev->sco_cnt, hdev->le_cnt);
5131 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5132 /* Schedule queues and send stuff to HCI driver */
5133 hci_sched_acl(hdev);
5134 hci_sched_sco(hdev);
5135 hci_sched_esco(hdev);
5139 /* Send next queued raw (unknown type) packet */
5140 while ((skb = skb_dequeue(&hdev->raw_q)))
5141 hci_send_frame(hdev, skb);
5144 /* ----- HCI RX task (incoming data processing) ----- */
5146 /* ACL data packet */
5147 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5149 struct hci_acl_hdr *hdr = (void *) skb->data;
5150 struct hci_conn *conn;
5151 __u16 handle, flags;
5153 skb_pull(skb, HCI_ACL_HDR_SIZE);
5155 handle = __le16_to_cpu(hdr->handle);
5156 flags = hci_flags(handle);
5157 handle = hci_handle(handle);
5159 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
5162 hdev->stat.acl_rx++;
5165 conn = hci_conn_hash_lookup_handle(hdev, handle);
5166 hci_dev_unlock(hdev);
5169 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
5171 /* Send to upper protocol */
5172 l2cap_recv_acldata(conn, skb, flags);
5175 BT_ERR("%s ACL packet for unknown connection handle %d",
5176 hdev->name, handle);
5182 /* SCO data packet */
5183 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5185 struct hci_sco_hdr *hdr = (void *) skb->data;
5186 struct hci_conn *conn;
5189 skb_pull(skb, HCI_SCO_HDR_SIZE);
5191 handle = __le16_to_cpu(hdr->handle);
5193 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
5195 hdev->stat.sco_rx++;
5198 conn = hci_conn_hash_lookup_handle(hdev, handle);
5199 hci_dev_unlock(hdev);
5202 /* Send to upper protocol */
5203 sco_recv_scodata(conn, skb);
5206 BT_ERR("%s SCO packet for unknown connection handle %d",
5207 hdev->name, handle);
5213 static bool hci_req_is_complete(struct hci_dev *hdev)
5215 struct sk_buff *skb;
5217 skb = skb_peek(&hdev->cmd_q);
5221 return bt_cb(skb)->req.start;
5224 static void hci_resend_last(struct hci_dev *hdev)
5226 struct hci_command_hdr *sent;
5227 struct sk_buff *skb;
5230 if (!hdev->sent_cmd)
5233 sent = (void *) hdev->sent_cmd->data;
5234 opcode = __le16_to_cpu(sent->opcode);
5235 if (opcode == HCI_OP_RESET)
5238 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
5242 skb_queue_head(&hdev->cmd_q, skb);
5243 queue_work(hdev->workqueue, &hdev->cmd_work);
5246 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
5248 hci_req_complete_t req_complete = NULL;
5249 struct sk_buff *skb;
5250 unsigned long flags;
5252 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
5254 /* If the completed command doesn't match the last one that was
5255 * sent we need to do special handling of it.
5257 if (!hci_sent_cmd_data(hdev, opcode)) {
5258 /* Some CSR based controllers generate a spontaneous
5259 * reset complete event during init and any pending
5260 * command will never be completed. In such a case we
5261 * need to resend whatever was the last sent
5264 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
5265 hci_resend_last(hdev);
5270 /* If the command succeeded and there's still more commands in
5271 * this request the request is not yet complete.
5273 if (!status && !hci_req_is_complete(hdev))
5276 /* If this was the last command in a request the complete
5277 * callback would be found in hdev->sent_cmd instead of the
5278 * command queue (hdev->cmd_q).
5280 if (hdev->sent_cmd) {
5281 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
5284 /* We must set the complete callback to NULL to
5285 * avoid calling the callback more than once if
5286 * this function gets called again.
5288 bt_cb(hdev->sent_cmd)->req.complete = NULL;
5294 /* Remove all pending commands belonging to this request */
5295 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
5296 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
5297 if (bt_cb(skb)->req.start) {
5298 __skb_queue_head(&hdev->cmd_q, skb);
5302 req_complete = bt_cb(skb)->req.complete;
5305 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
5309 req_complete(hdev, status);
5312 static void hci_rx_work(struct work_struct *work)
5314 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
5315 struct sk_buff *skb;
5317 BT_DBG("%s", hdev->name);
5319 while ((skb = skb_dequeue(&hdev->rx_q))) {
5320 /* Send copy to monitor */
5321 hci_send_to_monitor(hdev, skb);
5323 if (atomic_read(&hdev->promisc)) {
5324 /* Send copy to the sockets */
5325 hci_send_to_sock(hdev, skb);
5328 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5333 if (test_bit(HCI_INIT, &hdev->flags)) {
5334 /* Don't process data packets in this states. */
5335 switch (bt_cb(skb)->pkt_type) {
5336 case HCI_ACLDATA_PKT:
5337 case HCI_SCODATA_PKT:
5344 switch (bt_cb(skb)->pkt_type) {
5346 BT_DBG("%s Event packet", hdev->name);
5347 hci_event_packet(hdev, skb);
5350 case HCI_ACLDATA_PKT:
5351 BT_DBG("%s ACL data packet", hdev->name);
5352 hci_acldata_packet(hdev, skb);
5355 case HCI_SCODATA_PKT:
5356 BT_DBG("%s SCO data packet", hdev->name);
5357 hci_scodata_packet(hdev, skb);
5367 static void hci_cmd_work(struct work_struct *work)
5369 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
5370 struct sk_buff *skb;
5372 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
5373 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
5375 /* Send queued commands */
5376 if (atomic_read(&hdev->cmd_cnt)) {
5377 skb = skb_dequeue(&hdev->cmd_q);
5381 kfree_skb(hdev->sent_cmd);
5383 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
5384 if (hdev->sent_cmd) {
5385 atomic_dec(&hdev->cmd_cnt);
5386 hci_send_frame(hdev, skb);
5387 if (test_bit(HCI_RESET, &hdev->flags))
5388 cancel_delayed_work(&hdev->cmd_timer);
5390 schedule_delayed_work(&hdev->cmd_timer,
5393 skb_queue_head(&hdev->cmd_q, skb);
5394 queue_work(hdev->workqueue, &hdev->cmd_work);
5399 void hci_req_add_le_scan_disable(struct hci_request *req)
5401 struct hci_cp_le_set_scan_enable cp;
5403 memset(&cp, 0, sizeof(cp));
5404 cp.enable = LE_SCAN_DISABLE;
5405 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
5408 void hci_req_add_le_passive_scan(struct hci_request *req)
5410 struct hci_cp_le_set_scan_param param_cp;
5411 struct hci_cp_le_set_scan_enable enable_cp;
5412 struct hci_dev *hdev = req->hdev;
5415 /* Set require_privacy to false since no SCAN_REQ are send
5416 * during passive scanning. Not using an unresolvable address
5417 * here is important so that peer devices using direct
5418 * advertising with our address will be correctly reported
5419 * by the controller.
5421 if (hci_update_random_address(req, false, &own_addr_type))
5424 memset(¶m_cp, 0, sizeof(param_cp));
5425 param_cp.type = LE_SCAN_PASSIVE;
5426 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5427 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5428 param_cp.own_address_type = own_addr_type;
5429 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5432 memset(&enable_cp, 0, sizeof(enable_cp));
5433 enable_cp.enable = LE_SCAN_ENABLE;
5434 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
5435 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5439 static void update_background_scan_complete(struct hci_dev *hdev, u8 status)
5442 BT_DBG("HCI request failed to update background scanning: "
5443 "status 0x%2.2x", status);
5446 /* This function controls the background scanning based on hdev->pend_le_conns
5447 * list. If there are pending LE connection we start the background scanning,
5448 * otherwise we stop it.
5450 * This function requires the caller holds hdev->lock.
5452 void hci_update_background_scan(struct hci_dev *hdev)
5454 struct hci_request req;
5455 struct hci_conn *conn;
5458 if (!test_bit(HCI_UP, &hdev->flags) ||
5459 test_bit(HCI_INIT, &hdev->flags) ||
5460 test_bit(HCI_SETUP, &hdev->dev_flags) ||
5461 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5462 test_bit(HCI_AUTO_OFF, &hdev->dev_flags) ||
5463 test_bit(HCI_UNREGISTER, &hdev->dev_flags))
5466 /* No point in doing scanning if LE support hasn't been enabled */
5467 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5470 /* If discovery is active don't interfere with it */
5471 if (hdev->discovery.state != DISCOVERY_STOPPED)
5474 hci_req_init(&req, hdev);
5476 if (list_empty(&hdev->pend_le_conns) &&
5477 list_empty(&hdev->pend_le_reports)) {
5478 /* If there is no pending LE connections or devices
5479 * to be scanned for, we should stop the background
5483 /* If controller is not scanning we are done. */
5484 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5487 hci_req_add_le_scan_disable(&req);
5489 BT_DBG("%s stopping background scanning", hdev->name);
5491 /* If there is at least one pending LE connection, we should
5492 * keep the background scan running.
5495 /* If controller is connecting, we should not start scanning
5496 * since some controllers are not able to scan and connect at
5499 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
5503 /* If controller is currently scanning, we stop it to ensure we
5504 * don't miss any advertising (due to duplicates filter).
5506 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5507 hci_req_add_le_scan_disable(&req);
5509 hci_req_add_le_passive_scan(&req);
5511 BT_DBG("%s starting background scanning", hdev->name);
5514 err = hci_req_run(&req, update_background_scan_complete);
5516 BT_ERR("Failed to run HCI request: err %d", err);
projects / firefly-linux-kernel-4.4.55.git / blob