2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
42 static void hci_rx_work(struct work_struct *work);
43 static void hci_cmd_work(struct work_struct *work);
44 static void hci_tx_work(struct work_struct *work);
47 LIST_HEAD(hci_dev_list);
48 DEFINE_RWLOCK(hci_dev_list_lock);
50 /* HCI callback list */
51 LIST_HEAD(hci_cb_list);
52 DEFINE_RWLOCK(hci_cb_list_lock);
54 /* HCI ID Numbering */
55 static DEFINE_IDA(hci_index_ida);
57 /* ----- HCI requests ----- */
59 #define HCI_REQ_DONE 0
60 #define HCI_REQ_PEND 1
61 #define HCI_REQ_CANCELED 2
63 #define hci_req_lock(d) mutex_lock(&d->req_lock)
64 #define hci_req_unlock(d) mutex_unlock(&d->req_lock)
66 /* ---- HCI notifications ---- */
68 static void hci_notify(struct hci_dev *hdev, int event)
70 hci_sock_dev_event(hdev, event);
73 /* ---- HCI debugfs entries ---- */
75 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
76 size_t count, loff_t *ppos)
78 struct hci_dev *hdev = file->private_data;
81 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dbg_flags) ? 'Y': 'N';
84 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
87 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
88 size_t count, loff_t *ppos)
90 struct hci_dev *hdev = file->private_data;
93 size_t buf_size = min(count, (sizeof(buf)-1));
97 if (!test_bit(HCI_UP, &hdev->flags))
100 if (copy_from_user(buf, user_buf, buf_size))
103 buf[buf_size] = '\0';
104 if (strtobool(buf, &enable))
107 if (enable == test_bit(HCI_DUT_MODE, &hdev->dbg_flags))
112 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
115 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
117 hci_req_unlock(hdev);
122 err = -bt_to_errno(skb->data[0]);
128 change_bit(HCI_DUT_MODE, &hdev->dbg_flags);
133 static const struct file_operations dut_mode_fops = {
135 .read = dut_mode_read,
136 .write = dut_mode_write,
137 .llseek = default_llseek,
140 static int features_show(struct seq_file *f, void *ptr)
142 struct hci_dev *hdev = f->private;
146 for (p = 0; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
147 seq_printf(f, "%2u: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
148 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", p,
149 hdev->features[p][0], hdev->features[p][1],
150 hdev->features[p][2], hdev->features[p][3],
151 hdev->features[p][4], hdev->features[p][5],
152 hdev->features[p][6], hdev->features[p][7]);
154 if (lmp_le_capable(hdev))
155 seq_printf(f, "LE: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
156 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
157 hdev->le_features[0], hdev->le_features[1],
158 hdev->le_features[2], hdev->le_features[3],
159 hdev->le_features[4], hdev->le_features[5],
160 hdev->le_features[6], hdev->le_features[7]);
161 hci_dev_unlock(hdev);
166 static int features_open(struct inode *inode, struct file *file)
168 return single_open(file, features_show, inode->i_private);
171 static const struct file_operations features_fops = {
172 .open = features_open,
175 .release = single_release,
178 static int blacklist_show(struct seq_file *f, void *p)
180 struct hci_dev *hdev = f->private;
181 struct bdaddr_list *b;
184 list_for_each_entry(b, &hdev->blacklist, list)
185 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
186 hci_dev_unlock(hdev);
191 static int blacklist_open(struct inode *inode, struct file *file)
193 return single_open(file, blacklist_show, inode->i_private);
196 static const struct file_operations blacklist_fops = {
197 .open = blacklist_open,
200 .release = single_release,
203 static int uuids_show(struct seq_file *f, void *p)
205 struct hci_dev *hdev = f->private;
206 struct bt_uuid *uuid;
209 list_for_each_entry(uuid, &hdev->uuids, list) {
212 /* The Bluetooth UUID values are stored in big endian,
213 * but with reversed byte order. So convert them into
214 * the right order for the %pUb modifier.
216 for (i = 0; i < 16; i++)
217 val[i] = uuid->uuid[15 - i];
219 seq_printf(f, "%pUb\n", val);
221 hci_dev_unlock(hdev);
226 static int uuids_open(struct inode *inode, struct file *file)
228 return single_open(file, uuids_show, inode->i_private);
231 static const struct file_operations uuids_fops = {
235 .release = single_release,
238 static int inquiry_cache_show(struct seq_file *f, void *p)
240 struct hci_dev *hdev = f->private;
241 struct discovery_state *cache = &hdev->discovery;
242 struct inquiry_entry *e;
246 list_for_each_entry(e, &cache->all, all) {
247 struct inquiry_data *data = &e->data;
248 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
250 data->pscan_rep_mode, data->pscan_period_mode,
251 data->pscan_mode, data->dev_class[2],
252 data->dev_class[1], data->dev_class[0],
253 __le16_to_cpu(data->clock_offset),
254 data->rssi, data->ssp_mode, e->timestamp);
257 hci_dev_unlock(hdev);
262 static int inquiry_cache_open(struct inode *inode, struct file *file)
264 return single_open(file, inquiry_cache_show, inode->i_private);
267 static const struct file_operations inquiry_cache_fops = {
268 .open = inquiry_cache_open,
271 .release = single_release,
274 static int link_keys_show(struct seq_file *f, void *ptr)
276 struct hci_dev *hdev = f->private;
277 struct link_key *key;
280 list_for_each_entry_rcu(key, &hdev->link_keys, list)
281 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
282 HCI_LINK_KEY_SIZE, key->val, key->pin_len);
288 static int link_keys_open(struct inode *inode, struct file *file)
290 return single_open(file, link_keys_show, inode->i_private);
293 static const struct file_operations link_keys_fops = {
294 .open = link_keys_open,
297 .release = single_release,
300 static int dev_class_show(struct seq_file *f, void *ptr)
302 struct hci_dev *hdev = f->private;
305 seq_printf(f, "0x%.2x%.2x%.2x\n", hdev->dev_class[2],
306 hdev->dev_class[1], hdev->dev_class[0]);
307 hci_dev_unlock(hdev);
312 static int dev_class_open(struct inode *inode, struct file *file)
314 return single_open(file, dev_class_show, inode->i_private);
317 static const struct file_operations dev_class_fops = {
318 .open = dev_class_open,
321 .release = single_release,
324 static int voice_setting_get(void *data, u64 *val)
326 struct hci_dev *hdev = data;
329 *val = hdev->voice_setting;
330 hci_dev_unlock(hdev);
335 DEFINE_SIMPLE_ATTRIBUTE(voice_setting_fops, voice_setting_get,
336 NULL, "0x%4.4llx\n");
338 static int auto_accept_delay_set(void *data, u64 val)
340 struct hci_dev *hdev = data;
343 hdev->auto_accept_delay = val;
344 hci_dev_unlock(hdev);
349 static int auto_accept_delay_get(void *data, u64 *val)
351 struct hci_dev *hdev = data;
354 *val = hdev->auto_accept_delay;
355 hci_dev_unlock(hdev);
360 DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
361 auto_accept_delay_set, "%llu\n");
363 static ssize_t force_sc_support_read(struct file *file, char __user *user_buf,
364 size_t count, loff_t *ppos)
366 struct hci_dev *hdev = file->private_data;
369 buf[0] = test_bit(HCI_FORCE_SC, &hdev->dbg_flags) ? 'Y': 'N';
372 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
375 static ssize_t force_sc_support_write(struct file *file,
376 const char __user *user_buf,
377 size_t count, loff_t *ppos)
379 struct hci_dev *hdev = file->private_data;
381 size_t buf_size = min(count, (sizeof(buf)-1));
384 if (test_bit(HCI_UP, &hdev->flags))
387 if (copy_from_user(buf, user_buf, buf_size))
390 buf[buf_size] = '\0';
391 if (strtobool(buf, &enable))
394 if (enable == test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
397 change_bit(HCI_FORCE_SC, &hdev->dbg_flags);
402 static const struct file_operations force_sc_support_fops = {
404 .read = force_sc_support_read,
405 .write = force_sc_support_write,
406 .llseek = default_llseek,
409 static ssize_t force_lesc_support_read(struct file *file, char __user *user_buf,
410 size_t count, loff_t *ppos)
412 struct hci_dev *hdev = file->private_data;
415 buf[0] = test_bit(HCI_FORCE_LESC, &hdev->dbg_flags) ? 'Y': 'N';
418 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
421 static ssize_t force_lesc_support_write(struct file *file,
422 const char __user *user_buf,
423 size_t count, loff_t *ppos)
425 struct hci_dev *hdev = file->private_data;
427 size_t buf_size = min(count, (sizeof(buf)-1));
430 if (copy_from_user(buf, user_buf, buf_size))
433 buf[buf_size] = '\0';
434 if (strtobool(buf, &enable))
437 if (enable == test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
440 change_bit(HCI_FORCE_LESC, &hdev->dbg_flags);
445 static const struct file_operations force_lesc_support_fops = {
447 .read = force_lesc_support_read,
448 .write = force_lesc_support_write,
449 .llseek = default_llseek,
452 static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf,
453 size_t count, loff_t *ppos)
455 struct hci_dev *hdev = file->private_data;
458 buf[0] = test_bit(HCI_SC_ONLY, &hdev->dev_flags) ? 'Y': 'N';
461 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
464 static const struct file_operations sc_only_mode_fops = {
466 .read = sc_only_mode_read,
467 .llseek = default_llseek,
470 static int idle_timeout_set(void *data, u64 val)
472 struct hci_dev *hdev = data;
474 if (val != 0 && (val < 500 || val > 3600000))
478 hdev->idle_timeout = val;
479 hci_dev_unlock(hdev);
484 static int idle_timeout_get(void *data, u64 *val)
486 struct hci_dev *hdev = data;
489 *val = hdev->idle_timeout;
490 hci_dev_unlock(hdev);
495 DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
496 idle_timeout_set, "%llu\n");
498 static int rpa_timeout_set(void *data, u64 val)
500 struct hci_dev *hdev = data;
502 /* Require the RPA timeout to be at least 30 seconds and at most
505 if (val < 30 || val > (60 * 60 * 24))
509 hdev->rpa_timeout = val;
510 hci_dev_unlock(hdev);
515 static int rpa_timeout_get(void *data, u64 *val)
517 struct hci_dev *hdev = data;
520 *val = hdev->rpa_timeout;
521 hci_dev_unlock(hdev);
526 DEFINE_SIMPLE_ATTRIBUTE(rpa_timeout_fops, rpa_timeout_get,
527 rpa_timeout_set, "%llu\n");
529 static int sniff_min_interval_set(void *data, u64 val)
531 struct hci_dev *hdev = data;
533 if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
537 hdev->sniff_min_interval = val;
538 hci_dev_unlock(hdev);
543 static int sniff_min_interval_get(void *data, u64 *val)
545 struct hci_dev *hdev = data;
548 *val = hdev->sniff_min_interval;
549 hci_dev_unlock(hdev);
554 DEFINE_SIMPLE_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get,
555 sniff_min_interval_set, "%llu\n");
557 static int sniff_max_interval_set(void *data, u64 val)
559 struct hci_dev *hdev = data;
561 if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
565 hdev->sniff_max_interval = val;
566 hci_dev_unlock(hdev);
571 static int sniff_max_interval_get(void *data, u64 *val)
573 struct hci_dev *hdev = data;
576 *val = hdev->sniff_max_interval;
577 hci_dev_unlock(hdev);
582 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
583 sniff_max_interval_set, "%llu\n");
585 static int conn_info_min_age_set(void *data, u64 val)
587 struct hci_dev *hdev = data;
589 if (val == 0 || val > hdev->conn_info_max_age)
593 hdev->conn_info_min_age = val;
594 hci_dev_unlock(hdev);
599 static int conn_info_min_age_get(void *data, u64 *val)
601 struct hci_dev *hdev = data;
604 *val = hdev->conn_info_min_age;
605 hci_dev_unlock(hdev);
610 DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
611 conn_info_min_age_set, "%llu\n");
613 static int conn_info_max_age_set(void *data, u64 val)
615 struct hci_dev *hdev = data;
617 if (val == 0 || val < hdev->conn_info_min_age)
621 hdev->conn_info_max_age = val;
622 hci_dev_unlock(hdev);
627 static int conn_info_max_age_get(void *data, u64 *val)
629 struct hci_dev *hdev = data;
632 *val = hdev->conn_info_max_age;
633 hci_dev_unlock(hdev);
638 DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get,
639 conn_info_max_age_set, "%llu\n");
641 static int identity_show(struct seq_file *f, void *p)
643 struct hci_dev *hdev = f->private;
649 hci_copy_identity_address(hdev, &addr, &addr_type);
651 seq_printf(f, "%pMR (type %u) %*phN %pMR\n", &addr, addr_type,
652 16, hdev->irk, &hdev->rpa);
654 hci_dev_unlock(hdev);
659 static int identity_open(struct inode *inode, struct file *file)
661 return single_open(file, identity_show, inode->i_private);
664 static const struct file_operations identity_fops = {
665 .open = identity_open,
668 .release = single_release,
671 static int random_address_show(struct seq_file *f, void *p)
673 struct hci_dev *hdev = f->private;
676 seq_printf(f, "%pMR\n", &hdev->random_addr);
677 hci_dev_unlock(hdev);
682 static int random_address_open(struct inode *inode, struct file *file)
684 return single_open(file, random_address_show, inode->i_private);
687 static const struct file_operations random_address_fops = {
688 .open = random_address_open,
691 .release = single_release,
694 static int static_address_show(struct seq_file *f, void *p)
696 struct hci_dev *hdev = f->private;
699 seq_printf(f, "%pMR\n", &hdev->static_addr);
700 hci_dev_unlock(hdev);
705 static int static_address_open(struct inode *inode, struct file *file)
707 return single_open(file, static_address_show, inode->i_private);
710 static const struct file_operations static_address_fops = {
711 .open = static_address_open,
714 .release = single_release,
717 static ssize_t force_static_address_read(struct file *file,
718 char __user *user_buf,
719 size_t count, loff_t *ppos)
721 struct hci_dev *hdev = file->private_data;
724 buf[0] = test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ? 'Y': 'N';
727 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
730 static ssize_t force_static_address_write(struct file *file,
731 const char __user *user_buf,
732 size_t count, loff_t *ppos)
734 struct hci_dev *hdev = file->private_data;
736 size_t buf_size = min(count, (sizeof(buf)-1));
739 if (test_bit(HCI_UP, &hdev->flags))
742 if (copy_from_user(buf, user_buf, buf_size))
745 buf[buf_size] = '\0';
746 if (strtobool(buf, &enable))
749 if (enable == test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags))
752 change_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags);
757 static const struct file_operations force_static_address_fops = {
759 .read = force_static_address_read,
760 .write = force_static_address_write,
761 .llseek = default_llseek,
764 static int white_list_show(struct seq_file *f, void *ptr)
766 struct hci_dev *hdev = f->private;
767 struct bdaddr_list *b;
770 list_for_each_entry(b, &hdev->le_white_list, list)
771 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
772 hci_dev_unlock(hdev);
777 static int white_list_open(struct inode *inode, struct file *file)
779 return single_open(file, white_list_show, inode->i_private);
782 static const struct file_operations white_list_fops = {
783 .open = white_list_open,
786 .release = single_release,
789 static int identity_resolving_keys_show(struct seq_file *f, void *ptr)
791 struct hci_dev *hdev = f->private;
795 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
796 seq_printf(f, "%pMR (type %u) %*phN %pMR\n",
797 &irk->bdaddr, irk->addr_type,
798 16, irk->val, &irk->rpa);
805 static int identity_resolving_keys_open(struct inode *inode, struct file *file)
807 return single_open(file, identity_resolving_keys_show,
811 static const struct file_operations identity_resolving_keys_fops = {
812 .open = identity_resolving_keys_open,
815 .release = single_release,
818 static int long_term_keys_show(struct seq_file *f, void *ptr)
820 struct hci_dev *hdev = f->private;
824 list_for_each_entry_rcu(ltk, &hdev->long_term_keys, list)
825 seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %.16llx %*phN\n",
826 <k->bdaddr, ltk->bdaddr_type, ltk->authenticated,
827 ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
828 __le64_to_cpu(ltk->rand), 16, ltk->val);
834 static int long_term_keys_open(struct inode *inode, struct file *file)
836 return single_open(file, long_term_keys_show, inode->i_private);
839 static const struct file_operations long_term_keys_fops = {
840 .open = long_term_keys_open,
843 .release = single_release,
846 static int conn_min_interval_set(void *data, u64 val)
848 struct hci_dev *hdev = data;
850 if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval)
854 hdev->le_conn_min_interval = val;
855 hci_dev_unlock(hdev);
860 static int conn_min_interval_get(void *data, u64 *val)
862 struct hci_dev *hdev = data;
865 *val = hdev->le_conn_min_interval;
866 hci_dev_unlock(hdev);
871 DEFINE_SIMPLE_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get,
872 conn_min_interval_set, "%llu\n");
874 static int conn_max_interval_set(void *data, u64 val)
876 struct hci_dev *hdev = data;
878 if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval)
882 hdev->le_conn_max_interval = val;
883 hci_dev_unlock(hdev);
888 static int conn_max_interval_get(void *data, u64 *val)
890 struct hci_dev *hdev = data;
893 *val = hdev->le_conn_max_interval;
894 hci_dev_unlock(hdev);
899 DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get,
900 conn_max_interval_set, "%llu\n");
902 static int conn_latency_set(void *data, u64 val)
904 struct hci_dev *hdev = data;
910 hdev->le_conn_latency = val;
911 hci_dev_unlock(hdev);
916 static int conn_latency_get(void *data, u64 *val)
918 struct hci_dev *hdev = data;
921 *val = hdev->le_conn_latency;
922 hci_dev_unlock(hdev);
927 DEFINE_SIMPLE_ATTRIBUTE(conn_latency_fops, conn_latency_get,
928 conn_latency_set, "%llu\n");
930 static int supervision_timeout_set(void *data, u64 val)
932 struct hci_dev *hdev = data;
934 if (val < 0x000a || val > 0x0c80)
938 hdev->le_supv_timeout = val;
939 hci_dev_unlock(hdev);
944 static int supervision_timeout_get(void *data, u64 *val)
946 struct hci_dev *hdev = data;
949 *val = hdev->le_supv_timeout;
950 hci_dev_unlock(hdev);
955 DEFINE_SIMPLE_ATTRIBUTE(supervision_timeout_fops, supervision_timeout_get,
956 supervision_timeout_set, "%llu\n");
958 static int adv_channel_map_set(void *data, u64 val)
960 struct hci_dev *hdev = data;
962 if (val < 0x01 || val > 0x07)
966 hdev->le_adv_channel_map = val;
967 hci_dev_unlock(hdev);
972 static int adv_channel_map_get(void *data, u64 *val)
974 struct hci_dev *hdev = data;
977 *val = hdev->le_adv_channel_map;
978 hci_dev_unlock(hdev);
983 DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get,
984 adv_channel_map_set, "%llu\n");
986 static int adv_min_interval_set(void *data, u64 val)
988 struct hci_dev *hdev = data;
990 if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval)
994 hdev->le_adv_min_interval = val;
995 hci_dev_unlock(hdev);
1000 static int adv_min_interval_get(void *data, u64 *val)
1002 struct hci_dev *hdev = data;
1005 *val = hdev->le_adv_min_interval;
1006 hci_dev_unlock(hdev);
1011 DEFINE_SIMPLE_ATTRIBUTE(adv_min_interval_fops, adv_min_interval_get,
1012 adv_min_interval_set, "%llu\n");
1014 static int adv_max_interval_set(void *data, u64 val)
1016 struct hci_dev *hdev = data;
1018 if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval)
1022 hdev->le_adv_max_interval = val;
1023 hci_dev_unlock(hdev);
1028 static int adv_max_interval_get(void *data, u64 *val)
1030 struct hci_dev *hdev = data;
1033 *val = hdev->le_adv_max_interval;
1034 hci_dev_unlock(hdev);
1039 DEFINE_SIMPLE_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get,
1040 adv_max_interval_set, "%llu\n");
1042 static int device_list_show(struct seq_file *f, void *ptr)
1044 struct hci_dev *hdev = f->private;
1045 struct hci_conn_params *p;
1046 struct bdaddr_list *b;
1049 list_for_each_entry(b, &hdev->whitelist, list)
1050 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
1051 list_for_each_entry(p, &hdev->le_conn_params, list) {
1052 seq_printf(f, "%pMR (type %u) %u\n", &p->addr, p->addr_type,
1055 hci_dev_unlock(hdev);
1060 static int device_list_open(struct inode *inode, struct file *file)
1062 return single_open(file, device_list_show, inode->i_private);
1065 static const struct file_operations device_list_fops = {
1066 .open = device_list_open,
1068 .llseek = seq_lseek,
1069 .release = single_release,
1072 /* ---- HCI requests ---- */
1074 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
1076 BT_DBG("%s result 0x%2.2x", hdev->name, result);
1078 if (hdev->req_status == HCI_REQ_PEND) {
1079 hdev->req_result = result;
1080 hdev->req_status = HCI_REQ_DONE;
1081 wake_up_interruptible(&hdev->req_wait_q);
1085 static void hci_req_cancel(struct hci_dev *hdev, int err)
1087 BT_DBG("%s err 0x%2.2x", hdev->name, err);
1089 if (hdev->req_status == HCI_REQ_PEND) {
1090 hdev->req_result = err;
1091 hdev->req_status = HCI_REQ_CANCELED;
1092 wake_up_interruptible(&hdev->req_wait_q);
1096 static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
1099 struct hci_ev_cmd_complete *ev;
1100 struct hci_event_hdr *hdr;
1101 struct sk_buff *skb;
1105 skb = hdev->recv_evt;
1106 hdev->recv_evt = NULL;
1108 hci_dev_unlock(hdev);
1111 return ERR_PTR(-ENODATA);
1113 if (skb->len < sizeof(*hdr)) {
1114 BT_ERR("Too short HCI event");
1118 hdr = (void *) skb->data;
1119 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1122 if (hdr->evt != event)
1127 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
1128 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
1132 if (skb->len < sizeof(*ev)) {
1133 BT_ERR("Too short cmd_complete event");
1137 ev = (void *) skb->data;
1138 skb_pull(skb, sizeof(*ev));
1140 if (opcode == __le16_to_cpu(ev->opcode))
1143 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
1144 __le16_to_cpu(ev->opcode));
1148 return ERR_PTR(-ENODATA);
1151 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
1152 const void *param, u8 event, u32 timeout)
1154 DECLARE_WAITQUEUE(wait, current);
1155 struct hci_request req;
1158 BT_DBG("%s", hdev->name);
1160 hci_req_init(&req, hdev);
1162 hci_req_add_ev(&req, opcode, plen, param, event);
1164 hdev->req_status = HCI_REQ_PEND;
1166 add_wait_queue(&hdev->req_wait_q, &wait);
1167 set_current_state(TASK_INTERRUPTIBLE);
1169 err = hci_req_run(&req, hci_req_sync_complete);
1171 remove_wait_queue(&hdev->req_wait_q, &wait);
1172 set_current_state(TASK_RUNNING);
1173 return ERR_PTR(err);
1176 schedule_timeout(timeout);
1178 remove_wait_queue(&hdev->req_wait_q, &wait);
1180 if (signal_pending(current))
1181 return ERR_PTR(-EINTR);
1183 switch (hdev->req_status) {
1185 err = -bt_to_errno(hdev->req_result);
1188 case HCI_REQ_CANCELED:
1189 err = -hdev->req_result;
1197 hdev->req_status = hdev->req_result = 0;
1199 BT_DBG("%s end: err %d", hdev->name, err);
1202 return ERR_PTR(err);
1204 return hci_get_cmd_complete(hdev, opcode, event);
1206 EXPORT_SYMBOL(__hci_cmd_sync_ev);
1208 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
1209 const void *param, u32 timeout)
1211 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
1213 EXPORT_SYMBOL(__hci_cmd_sync);
1215 /* Execute request and wait for completion. */
1216 static int __hci_req_sync(struct hci_dev *hdev,
1217 void (*func)(struct hci_request *req,
1219 unsigned long opt, __u32 timeout)
1221 struct hci_request req;
1222 DECLARE_WAITQUEUE(wait, current);
1225 BT_DBG("%s start", hdev->name);
1227 hci_req_init(&req, hdev);
1229 hdev->req_status = HCI_REQ_PEND;
1233 add_wait_queue(&hdev->req_wait_q, &wait);
1234 set_current_state(TASK_INTERRUPTIBLE);
1236 err = hci_req_run(&req, hci_req_sync_complete);
1238 hdev->req_status = 0;
1240 remove_wait_queue(&hdev->req_wait_q, &wait);
1241 set_current_state(TASK_RUNNING);
1243 /* ENODATA means the HCI request command queue is empty.
1244 * This can happen when a request with conditionals doesn't
1245 * trigger any commands to be sent. This is normal behavior
1246 * and should not trigger an error return.
1248 if (err == -ENODATA)
1254 schedule_timeout(timeout);
1256 remove_wait_queue(&hdev->req_wait_q, &wait);
1258 if (signal_pending(current))
1261 switch (hdev->req_status) {
1263 err = -bt_to_errno(hdev->req_result);
1266 case HCI_REQ_CANCELED:
1267 err = -hdev->req_result;
1275 hdev->req_status = hdev->req_result = 0;
1277 BT_DBG("%s end: err %d", hdev->name, err);
1282 static int hci_req_sync(struct hci_dev *hdev,
1283 void (*req)(struct hci_request *req,
1285 unsigned long opt, __u32 timeout)
1289 if (!test_bit(HCI_UP, &hdev->flags))
1292 /* Serialize all requests */
1294 ret = __hci_req_sync(hdev, req, opt, timeout);
1295 hci_req_unlock(hdev);
1300 static void hci_reset_req(struct hci_request *req, unsigned long opt)
1302 BT_DBG("%s %ld", req->hdev->name, opt);
1305 set_bit(HCI_RESET, &req->hdev->flags);
1306 hci_req_add(req, HCI_OP_RESET, 0, NULL);
1309 static void bredr_init(struct hci_request *req)
1311 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
1313 /* Read Local Supported Features */
1314 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1316 /* Read Local Version */
1317 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1319 /* Read BD Address */
1320 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1323 static void amp_init(struct hci_request *req)
1325 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
1327 /* Read Local Version */
1328 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1330 /* Read Local Supported Commands */
1331 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1333 /* Read Local Supported Features */
1334 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1336 /* Read Local AMP Info */
1337 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
1339 /* Read Data Blk size */
1340 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
1342 /* Read Flow Control Mode */
1343 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
1345 /* Read Location Data */
1346 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
1349 static void hci_init1_req(struct hci_request *req, unsigned long opt)
1351 struct hci_dev *hdev = req->hdev;
1353 BT_DBG("%s %ld", hdev->name, opt);
1356 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1357 hci_reset_req(req, 0);
1359 switch (hdev->dev_type) {
1369 BT_ERR("Unknown device type %d", hdev->dev_type);
1374 static void bredr_setup(struct hci_request *req)
1376 struct hci_dev *hdev = req->hdev;
1381 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
1382 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
1384 /* Read Class of Device */
1385 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
1387 /* Read Local Name */
1388 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
1390 /* Read Voice Setting */
1391 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
1393 /* Read Number of Supported IAC */
1394 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
1396 /* Read Current IAC LAP */
1397 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
1399 /* Clear Event Filters */
1400 flt_type = HCI_FLT_CLEAR_ALL;
1401 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
1403 /* Connection accept timeout ~20 secs */
1404 param = cpu_to_le16(0x7d00);
1405 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
1407 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
1408 * but it does not support page scan related HCI commands.
1410 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
1411 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
1412 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
1416 static void le_setup(struct hci_request *req)
1418 struct hci_dev *hdev = req->hdev;
1420 /* Read LE Buffer Size */
1421 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
1423 /* Read LE Local Supported Features */
1424 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
1426 /* Read LE Supported States */
1427 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1429 /* Read LE White List Size */
1430 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
1432 /* Clear LE White List */
1433 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
1435 /* LE-only controllers have LE implicitly enabled */
1436 if (!lmp_bredr_capable(hdev))
1437 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1440 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
1442 if (lmp_ext_inq_capable(hdev))
1445 if (lmp_inq_rssi_capable(hdev))
1448 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
1449 hdev->lmp_subver == 0x0757)
1452 if (hdev->manufacturer == 15) {
1453 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
1455 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
1457 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
1461 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
1462 hdev->lmp_subver == 0x1805)
1468 static void hci_setup_inquiry_mode(struct hci_request *req)
1472 mode = hci_get_inquiry_mode(req->hdev);
1474 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
1477 static void hci_setup_event_mask(struct hci_request *req)
1479 struct hci_dev *hdev = req->hdev;
1481 /* The second byte is 0xff instead of 0x9f (two reserved bits
1482 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
1483 * command otherwise.
1485 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
1487 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
1488 * any event mask for pre 1.2 devices.
1490 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1493 if (lmp_bredr_capable(hdev)) {
1494 events[4] |= 0x01; /* Flow Specification Complete */
1495 events[4] |= 0x02; /* Inquiry Result with RSSI */
1496 events[4] |= 0x04; /* Read Remote Extended Features Complete */
1497 events[5] |= 0x08; /* Synchronous Connection Complete */
1498 events[5] |= 0x10; /* Synchronous Connection Changed */
1500 /* Use a different default for LE-only devices */
1501 memset(events, 0, sizeof(events));
1502 events[0] |= 0x10; /* Disconnection Complete */
1503 events[1] |= 0x08; /* Read Remote Version Information Complete */
1504 events[1] |= 0x20; /* Command Complete */
1505 events[1] |= 0x40; /* Command Status */
1506 events[1] |= 0x80; /* Hardware Error */
1507 events[2] |= 0x04; /* Number of Completed Packets */
1508 events[3] |= 0x02; /* Data Buffer Overflow */
1510 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
1511 events[0] |= 0x80; /* Encryption Change */
1512 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1516 if (lmp_inq_rssi_capable(hdev))
1517 events[4] |= 0x02; /* Inquiry Result with RSSI */
1519 if (lmp_sniffsubr_capable(hdev))
1520 events[5] |= 0x20; /* Sniff Subrating */
1522 if (lmp_pause_enc_capable(hdev))
1523 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1525 if (lmp_ext_inq_capable(hdev))
1526 events[5] |= 0x40; /* Extended Inquiry Result */
1528 if (lmp_no_flush_capable(hdev))
1529 events[7] |= 0x01; /* Enhanced Flush Complete */
1531 if (lmp_lsto_capable(hdev))
1532 events[6] |= 0x80; /* Link Supervision Timeout Changed */
1534 if (lmp_ssp_capable(hdev)) {
1535 events[6] |= 0x01; /* IO Capability Request */
1536 events[6] |= 0x02; /* IO Capability Response */
1537 events[6] |= 0x04; /* User Confirmation Request */
1538 events[6] |= 0x08; /* User Passkey Request */
1539 events[6] |= 0x10; /* Remote OOB Data Request */
1540 events[6] |= 0x20; /* Simple Pairing Complete */
1541 events[7] |= 0x04; /* User Passkey Notification */
1542 events[7] |= 0x08; /* Keypress Notification */
1543 events[7] |= 0x10; /* Remote Host Supported
1544 * Features Notification
1548 if (lmp_le_capable(hdev))
1549 events[7] |= 0x20; /* LE Meta-Event */
1551 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
1554 static void hci_init2_req(struct hci_request *req, unsigned long opt)
1556 struct hci_dev *hdev = req->hdev;
1558 if (lmp_bredr_capable(hdev))
1561 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
1563 if (lmp_le_capable(hdev))
1566 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
1567 * local supported commands HCI command.
1569 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1)
1570 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1572 if (lmp_ssp_capable(hdev)) {
1573 /* When SSP is available, then the host features page
1574 * should also be available as well. However some
1575 * controllers list the max_page as 0 as long as SSP
1576 * has not been enabled. To achieve proper debugging
1577 * output, force the minimum max_page to 1 at least.
1579 hdev->max_page = 0x01;
1581 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1583 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
1584 sizeof(mode), &mode);
1586 struct hci_cp_write_eir cp;
1588 memset(hdev->eir, 0, sizeof(hdev->eir));
1589 memset(&cp, 0, sizeof(cp));
1591 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1595 if (lmp_inq_rssi_capable(hdev))
1596 hci_setup_inquiry_mode(req);
1598 if (lmp_inq_tx_pwr_capable(hdev))
1599 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
1601 if (lmp_ext_feat_capable(hdev)) {
1602 struct hci_cp_read_local_ext_features cp;
1605 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1609 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
1611 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
1616 static void hci_setup_link_policy(struct hci_request *req)
1618 struct hci_dev *hdev = req->hdev;
1619 struct hci_cp_write_def_link_policy cp;
1620 u16 link_policy = 0;
1622 if (lmp_rswitch_capable(hdev))
1623 link_policy |= HCI_LP_RSWITCH;
1624 if (lmp_hold_capable(hdev))
1625 link_policy |= HCI_LP_HOLD;
1626 if (lmp_sniff_capable(hdev))
1627 link_policy |= HCI_LP_SNIFF;
1628 if (lmp_park_capable(hdev))
1629 link_policy |= HCI_LP_PARK;
1631 cp.policy = cpu_to_le16(link_policy);
1632 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
1635 static void hci_set_le_support(struct hci_request *req)
1637 struct hci_dev *hdev = req->hdev;
1638 struct hci_cp_write_le_host_supported cp;
1640 /* LE-only devices do not support explicit enablement */
1641 if (!lmp_bredr_capable(hdev))
1644 memset(&cp, 0, sizeof(cp));
1646 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1651 if (cp.le != lmp_host_le_capable(hdev))
1652 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
1656 static void hci_set_event_mask_page_2(struct hci_request *req)
1658 struct hci_dev *hdev = req->hdev;
1659 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
1661 /* If Connectionless Slave Broadcast master role is supported
1662 * enable all necessary events for it.
1664 if (lmp_csb_master_capable(hdev)) {
1665 events[1] |= 0x40; /* Triggered Clock Capture */
1666 events[1] |= 0x80; /* Synchronization Train Complete */
1667 events[2] |= 0x10; /* Slave Page Response Timeout */
1668 events[2] |= 0x20; /* CSB Channel Map Change */
1671 /* If Connectionless Slave Broadcast slave role is supported
1672 * enable all necessary events for it.
1674 if (lmp_csb_slave_capable(hdev)) {
1675 events[2] |= 0x01; /* Synchronization Train Received */
1676 events[2] |= 0x02; /* CSB Receive */
1677 events[2] |= 0x04; /* CSB Timeout */
1678 events[2] |= 0x08; /* Truncated Page Complete */
1681 /* Enable Authenticated Payload Timeout Expired event if supported */
1682 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
1685 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
1688 static void hci_init3_req(struct hci_request *req, unsigned long opt)
1690 struct hci_dev *hdev = req->hdev;
1693 hci_setup_event_mask(req);
1695 /* Some Broadcom based Bluetooth controllers do not support the
1696 * Delete Stored Link Key command. They are clearly indicating its
1697 * absence in the bit mask of supported commands.
1699 * Check the supported commands and only if the the command is marked
1700 * as supported send it. If not supported assume that the controller
1701 * does not have actual support for stored link keys which makes this
1702 * command redundant anyway.
1704 * Some controllers indicate that they support handling deleting
1705 * stored link keys, but they don't. The quirk lets a driver
1706 * just disable this command.
1708 if (hdev->commands[6] & 0x80 &&
1709 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
1710 struct hci_cp_delete_stored_link_key cp;
1712 bacpy(&cp.bdaddr, BDADDR_ANY);
1713 cp.delete_all = 0x01;
1714 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
1718 if (hdev->commands[5] & 0x10)
1719 hci_setup_link_policy(req);
1721 if (lmp_le_capable(hdev)) {
1724 memset(events, 0, sizeof(events));
1727 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
1728 events[0] |= 0x10; /* LE Long Term Key Request */
1730 /* If controller supports the Connection Parameters Request
1731 * Link Layer Procedure, enable the corresponding event.
1733 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
1734 events[0] |= 0x20; /* LE Remote Connection
1738 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
1741 if (hdev->commands[25] & 0x40) {
1742 /* Read LE Advertising Channel TX Power */
1743 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1746 hci_set_le_support(req);
1749 /* Read features beyond page 1 if available */
1750 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
1751 struct hci_cp_read_local_ext_features cp;
1754 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1759 static void hci_init4_req(struct hci_request *req, unsigned long opt)
1761 struct hci_dev *hdev = req->hdev;
1763 /* Set event mask page 2 if the HCI command for it is supported */
1764 if (hdev->commands[22] & 0x04)
1765 hci_set_event_mask_page_2(req);
1767 /* Read local codec list if the HCI command is supported */
1768 if (hdev->commands[29] & 0x20)
1769 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
1771 /* Get MWS transport configuration if the HCI command is supported */
1772 if (hdev->commands[30] & 0x08)
1773 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
1775 /* Check for Synchronization Train support */
1776 if (lmp_sync_train_capable(hdev))
1777 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1779 /* Enable Secure Connections if supported and configured */
1780 if (bredr_sc_enabled(hdev)) {
1782 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
1783 sizeof(support), &support);
1787 static int __hci_init(struct hci_dev *hdev)
1791 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
1795 /* The Device Under Test (DUT) mode is special and available for
1796 * all controller types. So just create it early on.
1798 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1799 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
1803 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
1804 * BR/EDR/LE type controllers. AMP controllers only need the
1807 if (hdev->dev_type != HCI_BREDR)
1810 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
1814 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
1818 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
1822 /* Only create debugfs entries during the initial setup
1823 * phase and not every time the controller gets powered on.
1825 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
1828 debugfs_create_file("features", 0444, hdev->debugfs, hdev,
1830 debugfs_create_u16("manufacturer", 0444, hdev->debugfs,
1831 &hdev->manufacturer);
1832 debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver);
1833 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
1834 debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
1836 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1838 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1840 debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
1841 &conn_info_min_age_fops);
1842 debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev,
1843 &conn_info_max_age_fops);
1845 if (lmp_bredr_capable(hdev)) {
1846 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
1847 hdev, &inquiry_cache_fops);
1848 debugfs_create_file("link_keys", 0400, hdev->debugfs,
1849 hdev, &link_keys_fops);
1850 debugfs_create_file("dev_class", 0444, hdev->debugfs,
1851 hdev, &dev_class_fops);
1852 debugfs_create_file("voice_setting", 0444, hdev->debugfs,
1853 hdev, &voice_setting_fops);
1856 if (lmp_ssp_capable(hdev)) {
1857 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs,
1858 hdev, &auto_accept_delay_fops);
1859 debugfs_create_file("force_sc_support", 0644, hdev->debugfs,
1860 hdev, &force_sc_support_fops);
1861 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs,
1862 hdev, &sc_only_mode_fops);
1863 if (lmp_le_capable(hdev))
1864 debugfs_create_file("force_lesc_support", 0644,
1865 hdev->debugfs, hdev,
1866 &force_lesc_support_fops);
1869 if (lmp_sniff_capable(hdev)) {
1870 debugfs_create_file("idle_timeout", 0644, hdev->debugfs,
1871 hdev, &idle_timeout_fops);
1872 debugfs_create_file("sniff_min_interval", 0644, hdev->debugfs,
1873 hdev, &sniff_min_interval_fops);
1874 debugfs_create_file("sniff_max_interval", 0644, hdev->debugfs,
1875 hdev, &sniff_max_interval_fops);
1878 if (lmp_le_capable(hdev)) {
1879 debugfs_create_file("identity", 0400, hdev->debugfs,
1880 hdev, &identity_fops);
1881 debugfs_create_file("rpa_timeout", 0644, hdev->debugfs,
1882 hdev, &rpa_timeout_fops);
1883 debugfs_create_file("random_address", 0444, hdev->debugfs,
1884 hdev, &random_address_fops);
1885 debugfs_create_file("static_address", 0444, hdev->debugfs,
1886 hdev, &static_address_fops);
1888 /* For controllers with a public address, provide a debug
1889 * option to force the usage of the configured static
1890 * address. By default the public address is used.
1892 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1893 debugfs_create_file("force_static_address", 0644,
1894 hdev->debugfs, hdev,
1895 &force_static_address_fops);
1897 debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
1898 &hdev->le_white_list_size);
1899 debugfs_create_file("white_list", 0444, hdev->debugfs, hdev,
1901 debugfs_create_file("identity_resolving_keys", 0400,
1902 hdev->debugfs, hdev,
1903 &identity_resolving_keys_fops);
1904 debugfs_create_file("long_term_keys", 0400, hdev->debugfs,
1905 hdev, &long_term_keys_fops);
1906 debugfs_create_file("conn_min_interval", 0644, hdev->debugfs,
1907 hdev, &conn_min_interval_fops);
1908 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs,
1909 hdev, &conn_max_interval_fops);
1910 debugfs_create_file("conn_latency", 0644, hdev->debugfs,
1911 hdev, &conn_latency_fops);
1912 debugfs_create_file("supervision_timeout", 0644, hdev->debugfs,
1913 hdev, &supervision_timeout_fops);
1914 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs,
1915 hdev, &adv_channel_map_fops);
1916 debugfs_create_file("adv_min_interval", 0644, hdev->debugfs,
1917 hdev, &adv_min_interval_fops);
1918 debugfs_create_file("adv_max_interval", 0644, hdev->debugfs,
1919 hdev, &adv_max_interval_fops);
1920 debugfs_create_u16("discov_interleaved_timeout", 0644,
1922 &hdev->discov_interleaved_timeout);
1930 static void hci_init0_req(struct hci_request *req, unsigned long opt)
1932 struct hci_dev *hdev = req->hdev;
1934 BT_DBG("%s %ld", hdev->name, opt);
1937 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1938 hci_reset_req(req, 0);
1940 /* Read Local Version */
1941 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1943 /* Read BD Address */
1944 if (hdev->set_bdaddr)
1945 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1948 static int __hci_unconf_init(struct hci_dev *hdev)
1952 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1955 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT);
1962 static void hci_scan_req(struct hci_request *req, unsigned long opt)
1966 BT_DBG("%s %x", req->hdev->name, scan);
1968 /* Inquiry and Page scans */
1969 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1972 static void hci_auth_req(struct hci_request *req, unsigned long opt)
1976 BT_DBG("%s %x", req->hdev->name, auth);
1978 /* Authentication */
1979 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1982 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
1986 BT_DBG("%s %x", req->hdev->name, encrypt);
1989 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1992 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
1994 __le16 policy = cpu_to_le16(opt);
1996 BT_DBG("%s %x", req->hdev->name, policy);
1998 /* Default link policy */
1999 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
2002 /* Get HCI device by index.
2003 * Device is held on return. */
2004 struct hci_dev *hci_dev_get(int index)
2006 struct hci_dev *hdev = NULL, *d;
2008 BT_DBG("%d", index);
2013 read_lock(&hci_dev_list_lock);
2014 list_for_each_entry(d, &hci_dev_list, list) {
2015 if (d->id == index) {
2016 hdev = hci_dev_hold(d);
2020 read_unlock(&hci_dev_list_lock);
2024 /* ---- Inquiry support ---- */
2026 bool hci_discovery_active(struct hci_dev *hdev)
2028 struct discovery_state *discov = &hdev->discovery;
2030 switch (discov->state) {
2031 case DISCOVERY_FINDING:
2032 case DISCOVERY_RESOLVING:
2040 void hci_discovery_set_state(struct hci_dev *hdev, int state)
2042 int old_state = hdev->discovery.state;
2044 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
2046 if (old_state == state)
2049 hdev->discovery.state = state;
2052 case DISCOVERY_STOPPED:
2053 hci_update_background_scan(hdev);
2055 /* Reset RSSI and UUID filters to ensure Start Discovery
2056 * and Start Service Discovery operate properly no matter
2057 * which one started the previous discovery.
2059 * While the Start Discovery and Start Service Discovery
2060 * operations will set proper values for RSSI and UUID
2061 * count, it is important to actually free the allocated
2062 * list of UUIDs here.
2064 hci_discovery_filter_clear(hdev);
2066 if (old_state != DISCOVERY_STARTING)
2067 mgmt_discovering(hdev, 0);
2069 case DISCOVERY_STARTING:
2071 case DISCOVERY_FINDING:
2072 mgmt_discovering(hdev, 1);
2074 case DISCOVERY_RESOLVING:
2076 case DISCOVERY_STOPPING:
2081 void hci_inquiry_cache_flush(struct hci_dev *hdev)
2083 struct discovery_state *cache = &hdev->discovery;
2084 struct inquiry_entry *p, *n;
2086 list_for_each_entry_safe(p, n, &cache->all, all) {
2091 INIT_LIST_HEAD(&cache->unknown);
2092 INIT_LIST_HEAD(&cache->resolve);
2095 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
2098 struct discovery_state *cache = &hdev->discovery;
2099 struct inquiry_entry *e;
2101 BT_DBG("cache %p, %pMR", cache, bdaddr);
2103 list_for_each_entry(e, &cache->all, all) {
2104 if (!bacmp(&e->data.bdaddr, bdaddr))
2111 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
2114 struct discovery_state *cache = &hdev->discovery;
2115 struct inquiry_entry *e;
2117 BT_DBG("cache %p, %pMR", cache, bdaddr);
2119 list_for_each_entry(e, &cache->unknown, list) {
2120 if (!bacmp(&e->data.bdaddr, bdaddr))
2127 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
2131 struct discovery_state *cache = &hdev->discovery;
2132 struct inquiry_entry *e;
2134 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
2136 list_for_each_entry(e, &cache->resolve, list) {
2137 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
2139 if (!bacmp(&e->data.bdaddr, bdaddr))
2146 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
2147 struct inquiry_entry *ie)
2149 struct discovery_state *cache = &hdev->discovery;
2150 struct list_head *pos = &cache->resolve;
2151 struct inquiry_entry *p;
2153 list_del(&ie->list);
2155 list_for_each_entry(p, &cache->resolve, list) {
2156 if (p->name_state != NAME_PENDING &&
2157 abs(p->data.rssi) >= abs(ie->data.rssi))
2162 list_add(&ie->list, pos);
2165 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
2168 struct discovery_state *cache = &hdev->discovery;
2169 struct inquiry_entry *ie;
2172 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
2174 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
2176 if (!data->ssp_mode)
2177 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2179 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
2181 if (!ie->data.ssp_mode)
2182 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2184 if (ie->name_state == NAME_NEEDED &&
2185 data->rssi != ie->data.rssi) {
2186 ie->data.rssi = data->rssi;
2187 hci_inquiry_cache_update_resolve(hdev, ie);
2193 /* Entry not in the cache. Add new one. */
2194 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
2196 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2200 list_add(&ie->all, &cache->all);
2203 ie->name_state = NAME_KNOWN;
2205 ie->name_state = NAME_NOT_KNOWN;
2206 list_add(&ie->list, &cache->unknown);
2210 if (name_known && ie->name_state != NAME_KNOWN &&
2211 ie->name_state != NAME_PENDING) {
2212 ie->name_state = NAME_KNOWN;
2213 list_del(&ie->list);
2216 memcpy(&ie->data, data, sizeof(*data));
2217 ie->timestamp = jiffies;
2218 cache->timestamp = jiffies;
2220 if (ie->name_state == NAME_NOT_KNOWN)
2221 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2227 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
2229 struct discovery_state *cache = &hdev->discovery;
2230 struct inquiry_info *info = (struct inquiry_info *) buf;
2231 struct inquiry_entry *e;
2234 list_for_each_entry(e, &cache->all, all) {
2235 struct inquiry_data *data = &e->data;
2240 bacpy(&info->bdaddr, &data->bdaddr);
2241 info->pscan_rep_mode = data->pscan_rep_mode;
2242 info->pscan_period_mode = data->pscan_period_mode;
2243 info->pscan_mode = data->pscan_mode;
2244 memcpy(info->dev_class, data->dev_class, 3);
2245 info->clock_offset = data->clock_offset;
2251 BT_DBG("cache %p, copied %d", cache, copied);
2255 static void hci_inq_req(struct hci_request *req, unsigned long opt)
2257 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
2258 struct hci_dev *hdev = req->hdev;
2259 struct hci_cp_inquiry cp;
2261 BT_DBG("%s", hdev->name);
2263 if (test_bit(HCI_INQUIRY, &hdev->flags))
2267 memcpy(&cp.lap, &ir->lap, 3);
2268 cp.length = ir->length;
2269 cp.num_rsp = ir->num_rsp;
2270 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2273 int hci_inquiry(void __user *arg)
2275 __u8 __user *ptr = arg;
2276 struct hci_inquiry_req ir;
2277 struct hci_dev *hdev;
2278 int err = 0, do_inquiry = 0, max_rsp;
2282 if (copy_from_user(&ir, ptr, sizeof(ir)))
2285 hdev = hci_dev_get(ir.dev_id);
2289 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2294 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2299 if (hdev->dev_type != HCI_BREDR) {
2304 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2310 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
2311 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
2312 hci_inquiry_cache_flush(hdev);
2315 hci_dev_unlock(hdev);
2317 timeo = ir.length * msecs_to_jiffies(2000);
2320 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
2325 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
2326 * cleared). If it is interrupted by a signal, return -EINTR.
2328 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
2329 TASK_INTERRUPTIBLE))
2333 /* for unlimited number of responses we will use buffer with
2336 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
2338 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
2339 * copy it to the user space.
2341 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
2348 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
2349 hci_dev_unlock(hdev);
2351 BT_DBG("num_rsp %d", ir.num_rsp);
2353 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
2355 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
2368 static int hci_dev_do_open(struct hci_dev *hdev)
2372 BT_DBG("%s %p", hdev->name, hdev);
2376 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
2381 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2382 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2383 /* Check for rfkill but allow the HCI setup stage to
2384 * proceed (which in itself doesn't cause any RF activity).
2386 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) {
2391 /* Check for valid public address or a configured static
2392 * random adddress, but let the HCI setup proceed to
2393 * be able to determine if there is a public address
2396 * In case of user channel usage, it is not important
2397 * if a public address or static random address is
2400 * This check is only valid for BR/EDR controllers
2401 * since AMP controllers do not have an address.
2403 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2404 hdev->dev_type == HCI_BREDR &&
2405 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2406 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
2407 ret = -EADDRNOTAVAIL;
2412 if (test_bit(HCI_UP, &hdev->flags)) {
2417 if (hdev->open(hdev)) {
2422 atomic_set(&hdev->cmd_cnt, 1);
2423 set_bit(HCI_INIT, &hdev->flags);
2425 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
2427 ret = hdev->setup(hdev);
2429 /* The transport driver can set these quirks before
2430 * creating the HCI device or in its setup callback.
2432 * In case any of them is set, the controller has to
2433 * start up as unconfigured.
2435 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
2436 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
2437 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
2439 /* For an unconfigured controller it is required to
2440 * read at least the version information provided by
2441 * the Read Local Version Information command.
2443 * If the set_bdaddr driver callback is provided, then
2444 * also the original Bluetooth public device address
2445 * will be read using the Read BD Address command.
2447 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
2448 ret = __hci_unconf_init(hdev);
2451 if (test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2452 /* If public address change is configured, ensure that
2453 * the address gets programmed. If the driver does not
2454 * support changing the public address, fail the power
2457 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
2459 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
2461 ret = -EADDRNOTAVAIL;
2465 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2466 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2467 ret = __hci_init(hdev);
2470 clear_bit(HCI_INIT, &hdev->flags);
2474 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2475 set_bit(HCI_UP, &hdev->flags);
2476 hci_notify(hdev, HCI_DEV_UP);
2477 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2478 !test_bit(HCI_CONFIG, &hdev->dev_flags) &&
2479 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2480 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2481 hdev->dev_type == HCI_BREDR) {
2483 mgmt_powered(hdev, 1);
2484 hci_dev_unlock(hdev);
2487 /* Init failed, cleanup */
2488 flush_work(&hdev->tx_work);
2489 flush_work(&hdev->cmd_work);
2490 flush_work(&hdev->rx_work);
2492 skb_queue_purge(&hdev->cmd_q);
2493 skb_queue_purge(&hdev->rx_q);
2498 if (hdev->sent_cmd) {
2499 kfree_skb(hdev->sent_cmd);
2500 hdev->sent_cmd = NULL;
2504 hdev->flags &= BIT(HCI_RAW);
2508 hci_req_unlock(hdev);
2512 /* ---- HCI ioctl helpers ---- */
2514 int hci_dev_open(__u16 dev)
2516 struct hci_dev *hdev;
2519 hdev = hci_dev_get(dev);
2523 /* Devices that are marked as unconfigured can only be powered
2524 * up as user channel. Trying to bring them up as normal devices
2525 * will result into a failure. Only user channel operation is
2528 * When this function is called for a user channel, the flag
2529 * HCI_USER_CHANNEL will be set first before attempting to
2532 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2533 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2538 /* We need to ensure that no other power on/off work is pending
2539 * before proceeding to call hci_dev_do_open. This is
2540 * particularly important if the setup procedure has not yet
2543 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2544 cancel_delayed_work(&hdev->power_off);
2546 /* After this call it is guaranteed that the setup procedure
2547 * has finished. This means that error conditions like RFKILL
2548 * or no valid public or static random address apply.
2550 flush_workqueue(hdev->req_workqueue);
2552 /* For controllers not using the management interface and that
2553 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
2554 * so that pairing works for them. Once the management interface
2555 * is in use this bit will be cleared again and userspace has
2556 * to explicitly enable it.
2558 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2559 !test_bit(HCI_MGMT, &hdev->dev_flags))
2560 set_bit(HCI_BONDABLE, &hdev->dev_flags);
2562 err = hci_dev_do_open(hdev);
2569 /* This function requires the caller holds hdev->lock */
2570 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
2572 struct hci_conn_params *p;
2574 list_for_each_entry(p, &hdev->le_conn_params, list) {
2576 hci_conn_drop(p->conn);
2577 hci_conn_put(p->conn);
2580 list_del_init(&p->action);
2583 BT_DBG("All LE pending actions cleared");
2586 static int hci_dev_do_close(struct hci_dev *hdev)
2588 BT_DBG("%s %p", hdev->name, hdev);
2590 cancel_delayed_work(&hdev->power_off);
2592 hci_req_cancel(hdev, ENODEV);
2595 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
2596 cancel_delayed_work_sync(&hdev->cmd_timer);
2597 hci_req_unlock(hdev);
2601 /* Flush RX and TX works */
2602 flush_work(&hdev->tx_work);
2603 flush_work(&hdev->rx_work);
2605 if (hdev->discov_timeout > 0) {
2606 cancel_delayed_work(&hdev->discov_off);
2607 hdev->discov_timeout = 0;
2608 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2609 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2612 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
2613 cancel_delayed_work(&hdev->service_cache);
2615 cancel_delayed_work_sync(&hdev->le_scan_disable);
2617 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2618 cancel_delayed_work_sync(&hdev->rpa_expired);
2620 /* Avoid potential lockdep warnings from the *_flush() calls by
2621 * ensuring the workqueue is empty up front.
2623 drain_workqueue(hdev->workqueue);
2626 hci_inquiry_cache_flush(hdev);
2627 hci_pend_le_actions_clear(hdev);
2628 hci_conn_hash_flush(hdev);
2629 hci_dev_unlock(hdev);
2631 hci_notify(hdev, HCI_DEV_DOWN);
2637 skb_queue_purge(&hdev->cmd_q);
2638 atomic_set(&hdev->cmd_cnt, 1);
2639 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
2640 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2641 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
2642 set_bit(HCI_INIT, &hdev->flags);
2643 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
2644 clear_bit(HCI_INIT, &hdev->flags);
2647 /* flush cmd work */
2648 flush_work(&hdev->cmd_work);
2651 skb_queue_purge(&hdev->rx_q);
2652 skb_queue_purge(&hdev->cmd_q);
2653 skb_queue_purge(&hdev->raw_q);
2655 /* Drop last sent command */
2656 if (hdev->sent_cmd) {
2657 cancel_delayed_work_sync(&hdev->cmd_timer);
2658 kfree_skb(hdev->sent_cmd);
2659 hdev->sent_cmd = NULL;
2662 kfree_skb(hdev->recv_evt);
2663 hdev->recv_evt = NULL;
2665 /* After this point our queues are empty
2666 * and no tasks are scheduled. */
2670 hdev->flags &= BIT(HCI_RAW);
2671 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2673 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2674 if (hdev->dev_type == HCI_BREDR) {
2676 mgmt_powered(hdev, 0);
2677 hci_dev_unlock(hdev);
2681 /* Controller radio is available but is currently powered down */
2682 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
2684 memset(hdev->eir, 0, sizeof(hdev->eir));
2685 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
2686 bacpy(&hdev->random_addr, BDADDR_ANY);
2688 hci_req_unlock(hdev);
2694 int hci_dev_close(__u16 dev)
2696 struct hci_dev *hdev;
2699 hdev = hci_dev_get(dev);
2703 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2708 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2709 cancel_delayed_work(&hdev->power_off);
2711 err = hci_dev_do_close(hdev);
2718 int hci_dev_reset(__u16 dev)
2720 struct hci_dev *hdev;
2723 hdev = hci_dev_get(dev);
2729 if (!test_bit(HCI_UP, &hdev->flags)) {
2734 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2739 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2745 skb_queue_purge(&hdev->rx_q);
2746 skb_queue_purge(&hdev->cmd_q);
2748 /* Avoid potential lockdep warnings from the *_flush() calls by
2749 * ensuring the workqueue is empty up front.
2751 drain_workqueue(hdev->workqueue);
2754 hci_inquiry_cache_flush(hdev);
2755 hci_conn_hash_flush(hdev);
2756 hci_dev_unlock(hdev);
2761 atomic_set(&hdev->cmd_cnt, 1);
2762 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
2764 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2767 hci_req_unlock(hdev);
2772 int hci_dev_reset_stat(__u16 dev)
2774 struct hci_dev *hdev;
2777 hdev = hci_dev_get(dev);
2781 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2786 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2791 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
2798 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
2800 bool conn_changed, discov_changed;
2802 BT_DBG("%s scan 0x%02x", hdev->name, scan);
2804 if ((scan & SCAN_PAGE))
2805 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
2808 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
2811 if ((scan & SCAN_INQUIRY)) {
2812 discov_changed = !test_and_set_bit(HCI_DISCOVERABLE,
2815 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2816 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
2820 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2823 if (conn_changed || discov_changed) {
2824 /* In case this was disabled through mgmt */
2825 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
2827 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2828 mgmt_update_adv_data(hdev);
2830 mgmt_new_settings(hdev);
2834 int hci_dev_cmd(unsigned int cmd, void __user *arg)
2836 struct hci_dev *hdev;
2837 struct hci_dev_req dr;
2840 if (copy_from_user(&dr, arg, sizeof(dr)))
2843 hdev = hci_dev_get(dr.dev_id);
2847 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2852 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2857 if (hdev->dev_type != HCI_BREDR) {
2862 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2869 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2874 if (!lmp_encrypt_capable(hdev)) {
2879 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2880 /* Auth must be enabled first */
2881 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2887 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2892 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2895 /* Ensure that the connectable and discoverable states
2896 * get correctly modified as this was a non-mgmt change.
2899 hci_update_scan_state(hdev, dr.dev_opt);
2903 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2907 case HCISETLINKMODE:
2908 hdev->link_mode = ((__u16) dr.dev_opt) &
2909 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2913 hdev->pkt_type = (__u16) dr.dev_opt;
2917 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2918 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2922 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2923 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2936 int hci_get_dev_list(void __user *arg)
2938 struct hci_dev *hdev;
2939 struct hci_dev_list_req *dl;
2940 struct hci_dev_req *dr;
2941 int n = 0, size, err;
2944 if (get_user(dev_num, (__u16 __user *) arg))
2947 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2950 size = sizeof(*dl) + dev_num * sizeof(*dr);
2952 dl = kzalloc(size, GFP_KERNEL);
2958 read_lock(&hci_dev_list_lock);
2959 list_for_each_entry(hdev, &hci_dev_list, list) {
2960 unsigned long flags = hdev->flags;
2962 /* When the auto-off is configured it means the transport
2963 * is running, but in that case still indicate that the
2964 * device is actually down.
2966 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2967 flags &= ~BIT(HCI_UP);
2969 (dr + n)->dev_id = hdev->id;
2970 (dr + n)->dev_opt = flags;
2975 read_unlock(&hci_dev_list_lock);
2978 size = sizeof(*dl) + n * sizeof(*dr);
2980 err = copy_to_user(arg, dl, size);
2983 return err ? -EFAULT : 0;
2986 int hci_get_dev_info(void __user *arg)
2988 struct hci_dev *hdev;
2989 struct hci_dev_info di;
2990 unsigned long flags;
2993 if (copy_from_user(&di, arg, sizeof(di)))
2996 hdev = hci_dev_get(di.dev_id);
3000 /* When the auto-off is configured it means the transport
3001 * is running, but in that case still indicate that the
3002 * device is actually down.
3004 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
3005 flags = hdev->flags & ~BIT(HCI_UP);
3007 flags = hdev->flags;
3009 strcpy(di.name, hdev->name);
3010 di.bdaddr = hdev->bdaddr;
3011 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
3013 di.pkt_type = hdev->pkt_type;
3014 if (lmp_bredr_capable(hdev)) {
3015 di.acl_mtu = hdev->acl_mtu;
3016 di.acl_pkts = hdev->acl_pkts;
3017 di.sco_mtu = hdev->sco_mtu;
3018 di.sco_pkts = hdev->sco_pkts;
3020 di.acl_mtu = hdev->le_mtu;
3021 di.acl_pkts = hdev->le_pkts;
3025 di.link_policy = hdev->link_policy;
3026 di.link_mode = hdev->link_mode;
3028 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
3029 memcpy(&di.features, &hdev->features, sizeof(di.features));
3031 if (copy_to_user(arg, &di, sizeof(di)))
3039 /* ---- Interface to HCI drivers ---- */
3041 static int hci_rfkill_set_block(void *data, bool blocked)
3043 struct hci_dev *hdev = data;
3045 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
3047 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
3051 set_bit(HCI_RFKILLED, &hdev->dev_flags);
3052 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
3053 !test_bit(HCI_CONFIG, &hdev->dev_flags))
3054 hci_dev_do_close(hdev);
3056 clear_bit(HCI_RFKILLED, &hdev->dev_flags);
3062 static const struct rfkill_ops hci_rfkill_ops = {
3063 .set_block = hci_rfkill_set_block,
3066 static void hci_power_on(struct work_struct *work)
3068 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
3071 BT_DBG("%s", hdev->name);
3073 err = hci_dev_do_open(hdev);
3075 mgmt_set_powered_failed(hdev, err);
3079 /* During the HCI setup phase, a few error conditions are
3080 * ignored and they need to be checked now. If they are still
3081 * valid, it is important to turn the device back off.
3083 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
3084 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
3085 (hdev->dev_type == HCI_BREDR &&
3086 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
3087 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
3088 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
3089 hci_dev_do_close(hdev);
3090 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
3091 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
3092 HCI_AUTO_OFF_TIMEOUT);
3095 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) {
3096 /* For unconfigured devices, set the HCI_RAW flag
3097 * so that userspace can easily identify them.
3099 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3100 set_bit(HCI_RAW, &hdev->flags);
3102 /* For fully configured devices, this will send
3103 * the Index Added event. For unconfigured devices,
3104 * it will send Unconfigued Index Added event.
3106 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
3107 * and no event will be send.
3109 mgmt_index_added(hdev);
3110 } else if (test_and_clear_bit(HCI_CONFIG, &hdev->dev_flags)) {
3111 /* When the controller is now configured, then it
3112 * is important to clear the HCI_RAW flag.
3114 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3115 clear_bit(HCI_RAW, &hdev->flags);
3117 /* Powering on the controller with HCI_CONFIG set only
3118 * happens with the transition from unconfigured to
3119 * configured. This will send the Index Added event.
3121 mgmt_index_added(hdev);
3125 static void hci_power_off(struct work_struct *work)
3127 struct hci_dev *hdev = container_of(work, struct hci_dev,
3130 BT_DBG("%s", hdev->name);
3132 hci_dev_do_close(hdev);
3135 static void hci_discov_off(struct work_struct *work)
3137 struct hci_dev *hdev;
3139 hdev = container_of(work, struct hci_dev, discov_off.work);
3141 BT_DBG("%s", hdev->name);
3143 mgmt_discoverable_timeout(hdev);
3146 void hci_uuids_clear(struct hci_dev *hdev)
3148 struct bt_uuid *uuid, *tmp;
3150 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
3151 list_del(&uuid->list);
3156 void hci_link_keys_clear(struct hci_dev *hdev)
3158 struct link_key *key;
3160 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
3161 list_del_rcu(&key->list);
3162 kfree_rcu(key, rcu);
3166 void hci_smp_ltks_clear(struct hci_dev *hdev)
3170 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
3171 list_del_rcu(&k->list);
3176 void hci_smp_irks_clear(struct hci_dev *hdev)
3180 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
3181 list_del_rcu(&k->list);
3186 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3191 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
3192 if (bacmp(bdaddr, &k->bdaddr) == 0) {
3202 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
3203 u8 key_type, u8 old_key_type)
3206 if (key_type < 0x03)
3209 /* Debug keys are insecure so don't store them persistently */
3210 if (key_type == HCI_LK_DEBUG_COMBINATION)
3213 /* Changed combination key and there's no previous one */
3214 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
3217 /* Security mode 3 case */
3221 /* BR/EDR key derived using SC from an LE link */
3222 if (conn->type == LE_LINK)
3225 /* Neither local nor remote side had no-bonding as requirement */
3226 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
3229 /* Local side had dedicated bonding as requirement */
3230 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
3233 /* Remote side had dedicated bonding as requirement */
3234 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
3237 /* If none of the above criteria match, then don't store the key
3242 static u8 ltk_role(u8 type)
3244 if (type == SMP_LTK)
3245 return HCI_ROLE_MASTER;
3247 return HCI_ROLE_SLAVE;
3250 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3251 u8 addr_type, u8 role)
3256 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
3257 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
3260 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
3270 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
3272 struct smp_irk *irk;
3275 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
3276 if (!bacmp(&irk->rpa, rpa)) {
3282 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
3283 if (smp_irk_matches(hdev, irk->val, rpa)) {
3284 bacpy(&irk->rpa, rpa);
3294 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3297 struct smp_irk *irk;
3299 /* Identity Address must be public or static random */
3300 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
3304 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
3305 if (addr_type == irk->addr_type &&
3306 bacmp(bdaddr, &irk->bdaddr) == 0) {
3316 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
3317 bdaddr_t *bdaddr, u8 *val, u8 type,
3318 u8 pin_len, bool *persistent)
3320 struct link_key *key, *old_key;
3323 old_key = hci_find_link_key(hdev, bdaddr);
3325 old_key_type = old_key->type;
3328 old_key_type = conn ? conn->key_type : 0xff;
3329 key = kzalloc(sizeof(*key), GFP_KERNEL);
3332 list_add_rcu(&key->list, &hdev->link_keys);
3335 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
3337 /* Some buggy controller combinations generate a changed
3338 * combination key for legacy pairing even when there's no
3340 if (type == HCI_LK_CHANGED_COMBINATION &&
3341 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
3342 type = HCI_LK_COMBINATION;
3344 conn->key_type = type;
3347 bacpy(&key->bdaddr, bdaddr);
3348 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
3349 key->pin_len = pin_len;
3351 if (type == HCI_LK_CHANGED_COMBINATION)
3352 key->type = old_key_type;
3357 *persistent = hci_persistent_key(hdev, conn, type,
3363 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3364 u8 addr_type, u8 type, u8 authenticated,
3365 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
3367 struct smp_ltk *key, *old_key;
3368 u8 role = ltk_role(type);
3370 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
3374 key = kzalloc(sizeof(*key), GFP_KERNEL);
3377 list_add_rcu(&key->list, &hdev->long_term_keys);
3380 bacpy(&key->bdaddr, bdaddr);
3381 key->bdaddr_type = addr_type;
3382 memcpy(key->val, tk, sizeof(key->val));
3383 key->authenticated = authenticated;
3386 key->enc_size = enc_size;
3392 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3393 u8 addr_type, u8 val[16], bdaddr_t *rpa)
3395 struct smp_irk *irk;
3397 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
3399 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
3403 bacpy(&irk->bdaddr, bdaddr);
3404 irk->addr_type = addr_type;
3406 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
3409 memcpy(irk->val, val, 16);
3410 bacpy(&irk->rpa, rpa);
3415 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3417 struct link_key *key;
3419 key = hci_find_link_key(hdev, bdaddr);
3423 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3425 list_del_rcu(&key->list);
3426 kfree_rcu(key, rcu);
3431 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
3436 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
3437 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
3440 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3442 list_del_rcu(&k->list);
3447 return removed ? 0 : -ENOENT;
3450 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
3454 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
3455 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
3458 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3460 list_del_rcu(&k->list);
3465 /* HCI command timer function */
3466 static void hci_cmd_timeout(struct work_struct *work)
3468 struct hci_dev *hdev = container_of(work, struct hci_dev,
3471 if (hdev->sent_cmd) {
3472 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
3473 u16 opcode = __le16_to_cpu(sent->opcode);
3475 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
3477 BT_ERR("%s command tx timeout", hdev->name);
3480 atomic_set(&hdev->cmd_cnt, 1);
3481 queue_work(hdev->workqueue, &hdev->cmd_work);
3484 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
3485 bdaddr_t *bdaddr, u8 bdaddr_type)
3487 struct oob_data *data;
3489 list_for_each_entry(data, &hdev->remote_oob_data, list) {
3490 if (bacmp(bdaddr, &data->bdaddr) != 0)
3492 if (data->bdaddr_type != bdaddr_type)
3500 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3503 struct oob_data *data;
3505 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
3509 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
3511 list_del(&data->list);
3517 void hci_remote_oob_data_clear(struct hci_dev *hdev)
3519 struct oob_data *data, *n;
3521 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
3522 list_del(&data->list);
3527 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3528 u8 bdaddr_type, u8 *hash192, u8 *rand192,
3529 u8 *hash256, u8 *rand256)
3531 struct oob_data *data;
3533 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
3535 data = kmalloc(sizeof(*data), GFP_KERNEL);
3539 bacpy(&data->bdaddr, bdaddr);
3540 data->bdaddr_type = bdaddr_type;
3541 list_add(&data->list, &hdev->remote_oob_data);
3544 if (hash192 && rand192) {
3545 memcpy(data->hash192, hash192, sizeof(data->hash192));
3546 memcpy(data->rand192, rand192, sizeof(data->rand192));
3548 memset(data->hash192, 0, sizeof(data->hash192));
3549 memset(data->rand192, 0, sizeof(data->rand192));
3552 if (hash256 && rand256) {
3553 memcpy(data->hash256, hash256, sizeof(data->hash256));
3554 memcpy(data->rand256, rand256, sizeof(data->rand256));
3556 memset(data->hash256, 0, sizeof(data->hash256));
3557 memset(data->rand256, 0, sizeof(data->rand256));
3560 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3565 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3566 bdaddr_t *bdaddr, u8 type)
3568 struct bdaddr_list *b;
3570 list_for_each_entry(b, bdaddr_list, list) {
3571 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3578 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3580 struct list_head *p, *n;
3582 list_for_each_safe(p, n, bdaddr_list) {
3583 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
3590 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3592 struct bdaddr_list *entry;
3594 if (!bacmp(bdaddr, BDADDR_ANY))
3597 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3600 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3604 bacpy(&entry->bdaddr, bdaddr);
3605 entry->bdaddr_type = type;
3607 list_add(&entry->list, list);
3612 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3614 struct bdaddr_list *entry;
3616 if (!bacmp(bdaddr, BDADDR_ANY)) {
3617 hci_bdaddr_list_clear(list);
3621 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3625 list_del(&entry->list);
3631 /* This function requires the caller holds hdev->lock */
3632 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3633 bdaddr_t *addr, u8 addr_type)
3635 struct hci_conn_params *params;
3637 /* The conn params list only contains identity addresses */
3638 if (!hci_is_identity_address(addr, addr_type))
3641 list_for_each_entry(params, &hdev->le_conn_params, list) {
3642 if (bacmp(¶ms->addr, addr) == 0 &&
3643 params->addr_type == addr_type) {
3651 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
3653 struct hci_conn *conn;
3655 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
3659 if (conn->dst_type != type)
3662 if (conn->state != BT_CONNECTED)
3668 /* This function requires the caller holds hdev->lock */
3669 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3670 bdaddr_t *addr, u8 addr_type)
3672 struct hci_conn_params *param;
3674 /* The list only contains identity addresses */
3675 if (!hci_is_identity_address(addr, addr_type))
3678 list_for_each_entry(param, list, action) {
3679 if (bacmp(¶m->addr, addr) == 0 &&
3680 param->addr_type == addr_type)
3687 /* This function requires the caller holds hdev->lock */
3688 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3689 bdaddr_t *addr, u8 addr_type)
3691 struct hci_conn_params *params;
3693 if (!hci_is_identity_address(addr, addr_type))
3696 params = hci_conn_params_lookup(hdev, addr, addr_type);
3700 params = kzalloc(sizeof(*params), GFP_KERNEL);
3702 BT_ERR("Out of memory");
3706 bacpy(¶ms->addr, addr);
3707 params->addr_type = addr_type;
3709 list_add(¶ms->list, &hdev->le_conn_params);
3710 INIT_LIST_HEAD(¶ms->action);
3712 params->conn_min_interval = hdev->le_conn_min_interval;
3713 params->conn_max_interval = hdev->le_conn_max_interval;
3714 params->conn_latency = hdev->le_conn_latency;
3715 params->supervision_timeout = hdev->le_supv_timeout;
3716 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3718 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3723 /* This function requires the caller holds hdev->lock */
3724 int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3727 struct hci_conn_params *params;
3729 params = hci_conn_params_add(hdev, addr, addr_type);
3733 if (params->auto_connect == auto_connect)
3736 list_del_init(¶ms->action);
3738 switch (auto_connect) {
3739 case HCI_AUTO_CONN_DISABLED:
3740 case HCI_AUTO_CONN_LINK_LOSS:
3741 hci_update_background_scan(hdev);
3743 case HCI_AUTO_CONN_REPORT:
3744 list_add(¶ms->action, &hdev->pend_le_reports);
3745 hci_update_background_scan(hdev);
3747 case HCI_AUTO_CONN_DIRECT:
3748 case HCI_AUTO_CONN_ALWAYS:
3749 if (!is_connected(hdev, addr, addr_type)) {
3750 list_add(¶ms->action, &hdev->pend_le_conns);
3751 hci_update_background_scan(hdev);
3756 params->auto_connect = auto_connect;
3758 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
3764 static void hci_conn_params_free(struct hci_conn_params *params)
3767 hci_conn_drop(params->conn);
3768 hci_conn_put(params->conn);
3771 list_del(¶ms->action);
3772 list_del(¶ms->list);
3776 /* This function requires the caller holds hdev->lock */
3777 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3779 struct hci_conn_params *params;
3781 params = hci_conn_params_lookup(hdev, addr, addr_type);
3785 hci_conn_params_free(params);
3787 hci_update_background_scan(hdev);
3789 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3792 /* This function requires the caller holds hdev->lock */
3793 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3795 struct hci_conn_params *params, *tmp;
3797 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3798 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3800 list_del(¶ms->list);
3804 BT_DBG("All LE disabled connection parameters were removed");
3807 /* This function requires the caller holds hdev->lock */
3808 void hci_conn_params_clear_all(struct hci_dev *hdev)
3810 struct hci_conn_params *params, *tmp;
3812 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
3813 hci_conn_params_free(params);
3815 hci_update_background_scan(hdev);
3817 BT_DBG("All LE connection parameters were removed");
3820 static void inquiry_complete(struct hci_dev *hdev, u8 status)
3823 BT_ERR("Failed to start inquiry: status %d", status);
3826 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3827 hci_dev_unlock(hdev);
3832 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status)
3834 /* General inquiry access code (GIAC) */
3835 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3836 struct hci_request req;
3837 struct hci_cp_inquiry cp;
3841 BT_ERR("Failed to disable LE scanning: status %d", status);
3845 switch (hdev->discovery.type) {
3846 case DISCOV_TYPE_LE:
3848 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3849 hci_dev_unlock(hdev);
3852 case DISCOV_TYPE_INTERLEAVED:
3853 hci_req_init(&req, hdev);
3855 memset(&cp, 0, sizeof(cp));
3856 memcpy(&cp.lap, lap, sizeof(cp.lap));
3857 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
3858 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3862 hci_inquiry_cache_flush(hdev);
3864 err = hci_req_run(&req, inquiry_complete);
3866 BT_ERR("Inquiry request failed: err %d", err);
3867 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3870 hci_dev_unlock(hdev);
3875 static void le_scan_disable_work(struct work_struct *work)
3877 struct hci_dev *hdev = container_of(work, struct hci_dev,
3878 le_scan_disable.work);
3879 struct hci_request req;
3882 BT_DBG("%s", hdev->name);
3884 hci_req_init(&req, hdev);
3886 hci_req_add_le_scan_disable(&req);
3888 err = hci_req_run(&req, le_scan_disable_work_complete);
3890 BT_ERR("Disable LE scanning request failed: err %d", err);
3893 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
3895 struct hci_dev *hdev = req->hdev;
3897 /* If we're advertising or initiating an LE connection we can't
3898 * go ahead and change the random address at this time. This is
3899 * because the eventual initiator address used for the
3900 * subsequently created connection will be undefined (some
3901 * controllers use the new address and others the one we had
3902 * when the operation started).
3904 * In this kind of scenario skip the update and let the random
3905 * address be updated at the next cycle.
3907 if (test_bit(HCI_LE_ADV, &hdev->dev_flags) ||
3908 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3909 BT_DBG("Deferring random address update");
3910 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
3914 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
3917 int hci_update_random_address(struct hci_request *req, bool require_privacy,
3920 struct hci_dev *hdev = req->hdev;
3923 /* If privacy is enabled use a resolvable private address. If
3924 * current RPA has expired or there is something else than
3925 * the current RPA in use, then generate a new one.
3927 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3930 *own_addr_type = ADDR_LE_DEV_RANDOM;
3932 if (!test_and_clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags) &&
3933 !bacmp(&hdev->random_addr, &hdev->rpa))
3936 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
3938 BT_ERR("%s failed to generate new RPA", hdev->name);
3942 set_random_addr(req, &hdev->rpa);
3944 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
3945 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
3950 /* In case of required privacy without resolvable private address,
3951 * use an unresolvable private address. This is useful for active
3952 * scanning and non-connectable advertising.
3954 if (require_privacy) {
3957 get_random_bytes(&urpa, 6);
3958 urpa.b[5] &= 0x3f; /* Clear two most significant bits */
3960 *own_addr_type = ADDR_LE_DEV_RANDOM;
3961 set_random_addr(req, &urpa);
3965 /* If forcing static address is in use or there is no public
3966 * address use the static address as random address (but skip
3967 * the HCI command if the current random address is already the
3970 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3971 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3972 *own_addr_type = ADDR_LE_DEV_RANDOM;
3973 if (bacmp(&hdev->static_addr, &hdev->random_addr))
3974 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3975 &hdev->static_addr);
3979 /* Neither privacy nor static address is being used so use a
3982 *own_addr_type = ADDR_LE_DEV_PUBLIC;
3987 /* Copy the Identity Address of the controller.
3989 * If the controller has a public BD_ADDR, then by default use that one.
3990 * If this is a LE only controller without a public address, default to
3991 * the static random address.
3993 * For debugging purposes it is possible to force controllers with a
3994 * public address to use the static random address instead.
3996 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3999 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
4000 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
4001 bacpy(bdaddr, &hdev->static_addr);
4002 *bdaddr_type = ADDR_LE_DEV_RANDOM;
4004 bacpy(bdaddr, &hdev->bdaddr);
4005 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
4009 /* Alloc HCI device */
4010 struct hci_dev *hci_alloc_dev(void)
4012 struct hci_dev *hdev;
4014 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
4018 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
4019 hdev->esco_type = (ESCO_HV1);
4020 hdev->link_mode = (HCI_LM_ACCEPT);
4021 hdev->num_iac = 0x01; /* One IAC support is mandatory */
4022 hdev->io_capability = 0x03; /* No Input No Output */
4023 hdev->manufacturer = 0xffff; /* Default to internal use */
4024 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
4025 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
4027 hdev->sniff_max_interval = 800;
4028 hdev->sniff_min_interval = 80;
4030 hdev->le_adv_channel_map = 0x07;
4031 hdev->le_adv_min_interval = 0x0800;
4032 hdev->le_adv_max_interval = 0x0800;
4033 hdev->le_scan_interval = 0x0060;
4034 hdev->le_scan_window = 0x0030;
4035 hdev->le_conn_min_interval = 0x0028;
4036 hdev->le_conn_max_interval = 0x0038;
4037 hdev->le_conn_latency = 0x0000;
4038 hdev->le_supv_timeout = 0x002a;
4040 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
4041 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
4042 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
4043 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
4045 mutex_init(&hdev->lock);
4046 mutex_init(&hdev->req_lock);
4048 INIT_LIST_HEAD(&hdev->mgmt_pending);
4049 INIT_LIST_HEAD(&hdev->blacklist);
4050 INIT_LIST_HEAD(&hdev->whitelist);
4051 INIT_LIST_HEAD(&hdev->uuids);
4052 INIT_LIST_HEAD(&hdev->link_keys);
4053 INIT_LIST_HEAD(&hdev->long_term_keys);
4054 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
4055 INIT_LIST_HEAD(&hdev->remote_oob_data);
4056 INIT_LIST_HEAD(&hdev->le_white_list);
4057 INIT_LIST_HEAD(&hdev->le_conn_params);
4058 INIT_LIST_HEAD(&hdev->pend_le_conns);
4059 INIT_LIST_HEAD(&hdev->pend_le_reports);
4060 INIT_LIST_HEAD(&hdev->conn_hash.list);
4062 INIT_WORK(&hdev->rx_work, hci_rx_work);
4063 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
4064 INIT_WORK(&hdev->tx_work, hci_tx_work);
4065 INIT_WORK(&hdev->power_on, hci_power_on);
4067 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
4068 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
4069 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
4071 skb_queue_head_init(&hdev->rx_q);
4072 skb_queue_head_init(&hdev->cmd_q);
4073 skb_queue_head_init(&hdev->raw_q);
4075 init_waitqueue_head(&hdev->req_wait_q);
4077 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
4079 hci_init_sysfs(hdev);
4080 discovery_init(hdev);
4084 EXPORT_SYMBOL(hci_alloc_dev);
4086 /* Free HCI device */
4087 void hci_free_dev(struct hci_dev *hdev)
4089 /* will free via device release */
4090 put_device(&hdev->dev);
4092 EXPORT_SYMBOL(hci_free_dev);
4094 /* Register HCI device */
4095 int hci_register_dev(struct hci_dev *hdev)
4099 if (!hdev->open || !hdev->close || !hdev->send)
4102 /* Do not allow HCI_AMP devices to register at index 0,
4103 * so the index can be used as the AMP controller ID.
4105 switch (hdev->dev_type) {
4107 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
4110 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
4119 sprintf(hdev->name, "hci%d", id);
4122 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4124 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4125 WQ_MEM_RECLAIM, 1, hdev->name);
4126 if (!hdev->workqueue) {
4131 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4132 WQ_MEM_RECLAIM, 1, hdev->name);
4133 if (!hdev->req_workqueue) {
4134 destroy_workqueue(hdev->workqueue);
4139 if (!IS_ERR_OR_NULL(bt_debugfs))
4140 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
4142 dev_set_name(&hdev->dev, "%s", hdev->name);
4144 error = device_add(&hdev->dev);
4148 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
4149 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
4152 if (rfkill_register(hdev->rfkill) < 0) {
4153 rfkill_destroy(hdev->rfkill);
4154 hdev->rfkill = NULL;
4158 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
4159 set_bit(HCI_RFKILLED, &hdev->dev_flags);
4161 set_bit(HCI_SETUP, &hdev->dev_flags);
4162 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
4164 if (hdev->dev_type == HCI_BREDR) {
4165 /* Assume BR/EDR support until proven otherwise (such as
4166 * through reading supported features during init.
4168 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4171 write_lock(&hci_dev_list_lock);
4172 list_add(&hdev->list, &hci_dev_list);
4173 write_unlock(&hci_dev_list_lock);
4175 /* Devices that are marked for raw-only usage are unconfigured
4176 * and should not be included in normal operation.
4178 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
4179 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
4181 hci_notify(hdev, HCI_DEV_REG);
4184 queue_work(hdev->req_workqueue, &hdev->power_on);
4189 destroy_workqueue(hdev->workqueue);
4190 destroy_workqueue(hdev->req_workqueue);
4192 ida_simple_remove(&hci_index_ida, hdev->id);
4196 EXPORT_SYMBOL(hci_register_dev);
4198 /* Unregister HCI device */
4199 void hci_unregister_dev(struct hci_dev *hdev)
4203 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4205 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
4209 write_lock(&hci_dev_list_lock);
4210 list_del(&hdev->list);
4211 write_unlock(&hci_dev_list_lock);
4213 hci_dev_do_close(hdev);
4215 for (i = 0; i < NUM_REASSEMBLY; i++)
4216 kfree_skb(hdev->reassembly[i]);
4218 cancel_work_sync(&hdev->power_on);
4220 if (!test_bit(HCI_INIT, &hdev->flags) &&
4221 !test_bit(HCI_SETUP, &hdev->dev_flags) &&
4222 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
4224 mgmt_index_removed(hdev);
4225 hci_dev_unlock(hdev);
4228 /* mgmt_index_removed should take care of emptying the
4230 BUG_ON(!list_empty(&hdev->mgmt_pending));
4232 hci_notify(hdev, HCI_DEV_UNREG);
4235 rfkill_unregister(hdev->rfkill);
4236 rfkill_destroy(hdev->rfkill);
4239 smp_unregister(hdev);
4241 device_del(&hdev->dev);
4243 debugfs_remove_recursive(hdev->debugfs);
4245 destroy_workqueue(hdev->workqueue);
4246 destroy_workqueue(hdev->req_workqueue);
4249 hci_bdaddr_list_clear(&hdev->blacklist);
4250 hci_bdaddr_list_clear(&hdev->whitelist);
4251 hci_uuids_clear(hdev);
4252 hci_link_keys_clear(hdev);
4253 hci_smp_ltks_clear(hdev);
4254 hci_smp_irks_clear(hdev);
4255 hci_remote_oob_data_clear(hdev);
4256 hci_bdaddr_list_clear(&hdev->le_white_list);
4257 hci_conn_params_clear_all(hdev);
4258 hci_discovery_filter_clear(hdev);
4259 hci_dev_unlock(hdev);
4263 ida_simple_remove(&hci_index_ida, id);
4265 EXPORT_SYMBOL(hci_unregister_dev);
4267 /* Suspend HCI device */
4268 int hci_suspend_dev(struct hci_dev *hdev)
4270 hci_notify(hdev, HCI_DEV_SUSPEND);
4273 EXPORT_SYMBOL(hci_suspend_dev);
4275 /* Resume HCI device */
4276 int hci_resume_dev(struct hci_dev *hdev)
4278 hci_notify(hdev, HCI_DEV_RESUME);
4281 EXPORT_SYMBOL(hci_resume_dev);
4283 /* Reset HCI device */
4284 int hci_reset_dev(struct hci_dev *hdev)
4286 const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
4287 struct sk_buff *skb;
4289 skb = bt_skb_alloc(3, GFP_ATOMIC);
4293 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
4294 memcpy(skb_put(skb, 3), hw_err, 3);
4296 /* Send Hardware Error to upper stack */
4297 return hci_recv_frame(hdev, skb);
4299 EXPORT_SYMBOL(hci_reset_dev);
4301 /* Receive frame from HCI drivers */
4302 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
4304 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
4305 && !test_bit(HCI_INIT, &hdev->flags))) {
4311 bt_cb(skb)->incoming = 1;
4314 __net_timestamp(skb);
4316 skb_queue_tail(&hdev->rx_q, skb);
4317 queue_work(hdev->workqueue, &hdev->rx_work);
4321 EXPORT_SYMBOL(hci_recv_frame);
4323 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
4324 int count, __u8 index)
4329 struct sk_buff *skb;
4330 struct bt_skb_cb *scb;
4332 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
4333 index >= NUM_REASSEMBLY)
4336 skb = hdev->reassembly[index];
4340 case HCI_ACLDATA_PKT:
4341 len = HCI_MAX_FRAME_SIZE;
4342 hlen = HCI_ACL_HDR_SIZE;
4345 len = HCI_MAX_EVENT_SIZE;
4346 hlen = HCI_EVENT_HDR_SIZE;
4348 case HCI_SCODATA_PKT:
4349 len = HCI_MAX_SCO_SIZE;
4350 hlen = HCI_SCO_HDR_SIZE;
4354 skb = bt_skb_alloc(len, GFP_ATOMIC);
4358 scb = (void *) skb->cb;
4360 scb->pkt_type = type;
4362 hdev->reassembly[index] = skb;
4366 scb = (void *) skb->cb;
4367 len = min_t(uint, scb->expect, count);
4369 memcpy(skb_put(skb, len), data, len);
4378 if (skb->len == HCI_EVENT_HDR_SIZE) {
4379 struct hci_event_hdr *h = hci_event_hdr(skb);
4380 scb->expect = h->plen;
4382 if (skb_tailroom(skb) < scb->expect) {
4384 hdev->reassembly[index] = NULL;
4390 case HCI_ACLDATA_PKT:
4391 if (skb->len == HCI_ACL_HDR_SIZE) {
4392 struct hci_acl_hdr *h = hci_acl_hdr(skb);
4393 scb->expect = __le16_to_cpu(h->dlen);
4395 if (skb_tailroom(skb) < scb->expect) {
4397 hdev->reassembly[index] = NULL;
4403 case HCI_SCODATA_PKT:
4404 if (skb->len == HCI_SCO_HDR_SIZE) {
4405 struct hci_sco_hdr *h = hci_sco_hdr(skb);
4406 scb->expect = h->dlen;
4408 if (skb_tailroom(skb) < scb->expect) {
4410 hdev->reassembly[index] = NULL;
4417 if (scb->expect == 0) {
4418 /* Complete frame */
4420 bt_cb(skb)->pkt_type = type;
4421 hci_recv_frame(hdev, skb);
4423 hdev->reassembly[index] = NULL;
4431 #define STREAM_REASSEMBLY 0
4433 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
4439 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
4442 struct { char type; } *pkt;
4444 /* Start of the frame */
4451 type = bt_cb(skb)->pkt_type;
4453 rem = hci_reassembly(hdev, type, data, count,
4458 data += (count - rem);
4464 EXPORT_SYMBOL(hci_recv_stream_fragment);
4466 /* ---- Interface to upper protocols ---- */
4468 int hci_register_cb(struct hci_cb *cb)
4470 BT_DBG("%p name %s", cb, cb->name);
4472 write_lock(&hci_cb_list_lock);
4473 list_add(&cb->list, &hci_cb_list);
4474 write_unlock(&hci_cb_list_lock);
4478 EXPORT_SYMBOL(hci_register_cb);
4480 int hci_unregister_cb(struct hci_cb *cb)
4482 BT_DBG("%p name %s", cb, cb->name);
4484 write_lock(&hci_cb_list_lock);
4485 list_del(&cb->list);
4486 write_unlock(&hci_cb_list_lock);
4490 EXPORT_SYMBOL(hci_unregister_cb);
4492 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4496 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
4499 __net_timestamp(skb);
4501 /* Send copy to monitor */
4502 hci_send_to_monitor(hdev, skb);
4504 if (atomic_read(&hdev->promisc)) {
4505 /* Send copy to the sockets */
4506 hci_send_to_sock(hdev, skb);
4509 /* Get rid of skb owner, prior to sending to the driver. */
4512 err = hdev->send(hdev, skb);
4514 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
4519 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
4521 skb_queue_head_init(&req->cmd_q);
4526 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
4528 struct hci_dev *hdev = req->hdev;
4529 struct sk_buff *skb;
4530 unsigned long flags;
4532 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
4534 /* If an error occurred during request building, remove all HCI
4535 * commands queued on the HCI request queue.
4538 skb_queue_purge(&req->cmd_q);
4542 /* Do not allow empty requests */
4543 if (skb_queue_empty(&req->cmd_q))
4546 skb = skb_peek_tail(&req->cmd_q);
4547 bt_cb(skb)->req.complete = complete;
4549 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4550 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
4551 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4553 queue_work(hdev->workqueue, &hdev->cmd_work);
4558 bool hci_req_pending(struct hci_dev *hdev)
4560 return (hdev->req_status == HCI_REQ_PEND);
4563 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
4564 u32 plen, const void *param)
4566 int len = HCI_COMMAND_HDR_SIZE + plen;
4567 struct hci_command_hdr *hdr;
4568 struct sk_buff *skb;
4570 skb = bt_skb_alloc(len, GFP_ATOMIC);
4574 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
4575 hdr->opcode = cpu_to_le16(opcode);
4579 memcpy(skb_put(skb, plen), param, plen);
4581 BT_DBG("skb len %d", skb->len);
4583 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
4584 bt_cb(skb)->opcode = opcode;
4589 /* Send HCI command */
4590 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
4593 struct sk_buff *skb;
4595 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4597 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4599 BT_ERR("%s no memory for command", hdev->name);
4603 /* Stand-alone HCI commands must be flagged as
4604 * single-command requests.
4606 bt_cb(skb)->req.start = true;
4608 skb_queue_tail(&hdev->cmd_q, skb);
4609 queue_work(hdev->workqueue, &hdev->cmd_work);
4614 /* Queue a command to an asynchronous HCI request */
4615 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
4616 const void *param, u8 event)
4618 struct hci_dev *hdev = req->hdev;
4619 struct sk_buff *skb;
4621 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4623 /* If an error occurred during request building, there is no point in
4624 * queueing the HCI command. We can simply return.
4629 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4631 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
4632 hdev->name, opcode);
4637 if (skb_queue_empty(&req->cmd_q))
4638 bt_cb(skb)->req.start = true;
4640 bt_cb(skb)->req.event = event;
4642 skb_queue_tail(&req->cmd_q, skb);
4645 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
4648 hci_req_add_ev(req, opcode, plen, param, 0);
4651 /* Get data from the previously sent command */
4652 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
4654 struct hci_command_hdr *hdr;
4656 if (!hdev->sent_cmd)
4659 hdr = (void *) hdev->sent_cmd->data;
4661 if (hdr->opcode != cpu_to_le16(opcode))
4664 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
4666 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
4670 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
4672 struct hci_acl_hdr *hdr;
4675 skb_push(skb, HCI_ACL_HDR_SIZE);
4676 skb_reset_transport_header(skb);
4677 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
4678 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
4679 hdr->dlen = cpu_to_le16(len);
4682 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
4683 struct sk_buff *skb, __u16 flags)
4685 struct hci_conn *conn = chan->conn;
4686 struct hci_dev *hdev = conn->hdev;
4687 struct sk_buff *list;
4689 skb->len = skb_headlen(skb);
4692 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4694 switch (hdev->dev_type) {
4696 hci_add_acl_hdr(skb, conn->handle, flags);
4699 hci_add_acl_hdr(skb, chan->handle, flags);
4702 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
4706 list = skb_shinfo(skb)->frag_list;
4708 /* Non fragmented */
4709 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
4711 skb_queue_tail(queue, skb);
4714 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4716 skb_shinfo(skb)->frag_list = NULL;
4718 /* Queue all fragments atomically. We need to use spin_lock_bh
4719 * here because of 6LoWPAN links, as there this function is
4720 * called from softirq and using normal spin lock could cause
4723 spin_lock_bh(&queue->lock);
4725 __skb_queue_tail(queue, skb);
4727 flags &= ~ACL_START;
4730 skb = list; list = list->next;
4732 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4733 hci_add_acl_hdr(skb, conn->handle, flags);
4735 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4737 __skb_queue_tail(queue, skb);
4740 spin_unlock_bh(&queue->lock);
4744 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
4746 struct hci_dev *hdev = chan->conn->hdev;
4748 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
4750 hci_queue_acl(chan, &chan->data_q, skb, flags);
4752 queue_work(hdev->workqueue, &hdev->tx_work);
4756 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
4758 struct hci_dev *hdev = conn->hdev;
4759 struct hci_sco_hdr hdr;
4761 BT_DBG("%s len %d", hdev->name, skb->len);
4763 hdr.handle = cpu_to_le16(conn->handle);
4764 hdr.dlen = skb->len;
4766 skb_push(skb, HCI_SCO_HDR_SIZE);
4767 skb_reset_transport_header(skb);
4768 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
4770 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
4772 skb_queue_tail(&conn->data_q, skb);
4773 queue_work(hdev->workqueue, &hdev->tx_work);
4776 /* ---- HCI TX task (outgoing data) ---- */
4778 /* HCI Connection scheduler */
4779 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
4782 struct hci_conn_hash *h = &hdev->conn_hash;
4783 struct hci_conn *conn = NULL, *c;
4784 unsigned int num = 0, min = ~0;
4786 /* We don't have to lock device here. Connections are always
4787 * added and removed with TX task disabled. */
4791 list_for_each_entry_rcu(c, &h->list, list) {
4792 if (c->type != type || skb_queue_empty(&c->data_q))
4795 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
4800 if (c->sent < min) {
4805 if (hci_conn_num(hdev, type) == num)
4814 switch (conn->type) {
4816 cnt = hdev->acl_cnt;
4820 cnt = hdev->sco_cnt;
4823 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4827 BT_ERR("Unknown link type");
4835 BT_DBG("conn %p quote %d", conn, *quote);
4839 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
4841 struct hci_conn_hash *h = &hdev->conn_hash;
4844 BT_ERR("%s link tx timeout", hdev->name);
4848 /* Kill stalled connections */
4849 list_for_each_entry_rcu(c, &h->list, list) {
4850 if (c->type == type && c->sent) {
4851 BT_ERR("%s killing stalled connection %pMR",
4852 hdev->name, &c->dst);
4853 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
4860 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
4863 struct hci_conn_hash *h = &hdev->conn_hash;
4864 struct hci_chan *chan = NULL;
4865 unsigned int num = 0, min = ~0, cur_prio = 0;
4866 struct hci_conn *conn;
4867 int cnt, q, conn_num = 0;
4869 BT_DBG("%s", hdev->name);
4873 list_for_each_entry_rcu(conn, &h->list, list) {
4874 struct hci_chan *tmp;
4876 if (conn->type != type)
4879 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4884 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
4885 struct sk_buff *skb;
4887 if (skb_queue_empty(&tmp->data_q))
4890 skb = skb_peek(&tmp->data_q);
4891 if (skb->priority < cur_prio)
4894 if (skb->priority > cur_prio) {
4897 cur_prio = skb->priority;
4902 if (conn->sent < min) {
4908 if (hci_conn_num(hdev, type) == conn_num)
4917 switch (chan->conn->type) {
4919 cnt = hdev->acl_cnt;
4922 cnt = hdev->block_cnt;
4926 cnt = hdev->sco_cnt;
4929 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4933 BT_ERR("Unknown link type");
4938 BT_DBG("chan %p quote %d", chan, *quote);
4942 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
4944 struct hci_conn_hash *h = &hdev->conn_hash;
4945 struct hci_conn *conn;
4948 BT_DBG("%s", hdev->name);
4952 list_for_each_entry_rcu(conn, &h->list, list) {
4953 struct hci_chan *chan;
4955 if (conn->type != type)
4958 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4963 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
4964 struct sk_buff *skb;
4971 if (skb_queue_empty(&chan->data_q))
4974 skb = skb_peek(&chan->data_q);
4975 if (skb->priority >= HCI_PRIO_MAX - 1)
4978 skb->priority = HCI_PRIO_MAX - 1;
4980 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
4984 if (hci_conn_num(hdev, type) == num)
4992 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4994 /* Calculate count of blocks used by this packet */
4995 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4998 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
5000 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5001 /* ACL tx timeout must be longer than maximum
5002 * link supervision timeout (40.9 seconds) */
5003 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
5004 HCI_ACL_TX_TIMEOUT))
5005 hci_link_tx_to(hdev, ACL_LINK);
5009 static void hci_sched_acl_pkt(struct hci_dev *hdev)
5011 unsigned int cnt = hdev->acl_cnt;
5012 struct hci_chan *chan;
5013 struct sk_buff *skb;
5016 __check_timeout(hdev, cnt);
5018 while (hdev->acl_cnt &&
5019 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
5020 u32 priority = (skb_peek(&chan->data_q))->priority;
5021 while (quote-- && (skb = skb_peek(&chan->data_q))) {
5022 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5023 skb->len, skb->priority);
5025 /* Stop if priority has changed */
5026 if (skb->priority < priority)
5029 skb = skb_dequeue(&chan->data_q);
5031 hci_conn_enter_active_mode(chan->conn,
5032 bt_cb(skb)->force_active);
5034 hci_send_frame(hdev, skb);
5035 hdev->acl_last_tx = jiffies;
5043 if (cnt != hdev->acl_cnt)
5044 hci_prio_recalculate(hdev, ACL_LINK);
5047 static void hci_sched_acl_blk(struct hci_dev *hdev)
5049 unsigned int cnt = hdev->block_cnt;
5050 struct hci_chan *chan;
5051 struct sk_buff *skb;
5055 __check_timeout(hdev, cnt);
5057 BT_DBG("%s", hdev->name);
5059 if (hdev->dev_type == HCI_AMP)
5064 while (hdev->block_cnt > 0 &&
5065 (chan = hci_chan_sent(hdev, type, "e))) {
5066 u32 priority = (skb_peek(&chan->data_q))->priority;
5067 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
5070 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5071 skb->len, skb->priority);
5073 /* Stop if priority has changed */
5074 if (skb->priority < priority)
5077 skb = skb_dequeue(&chan->data_q);
5079 blocks = __get_blocks(hdev, skb);
5080 if (blocks > hdev->block_cnt)
5083 hci_conn_enter_active_mode(chan->conn,
5084 bt_cb(skb)->force_active);
5086 hci_send_frame(hdev, skb);
5087 hdev->acl_last_tx = jiffies;
5089 hdev->block_cnt -= blocks;
5092 chan->sent += blocks;
5093 chan->conn->sent += blocks;
5097 if (cnt != hdev->block_cnt)
5098 hci_prio_recalculate(hdev, type);
5101 static void hci_sched_acl(struct hci_dev *hdev)
5103 BT_DBG("%s", hdev->name);
5105 /* No ACL link over BR/EDR controller */
5106 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
5109 /* No AMP link over AMP controller */
5110 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
5113 switch (hdev->flow_ctl_mode) {
5114 case HCI_FLOW_CTL_MODE_PACKET_BASED:
5115 hci_sched_acl_pkt(hdev);
5118 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
5119 hci_sched_acl_blk(hdev);
5125 static void hci_sched_sco(struct hci_dev *hdev)
5127 struct hci_conn *conn;
5128 struct sk_buff *skb;
5131 BT_DBG("%s", hdev->name);
5133 if (!hci_conn_num(hdev, SCO_LINK))
5136 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
5137 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5138 BT_DBG("skb %p len %d", skb, skb->len);
5139 hci_send_frame(hdev, skb);
5142 if (conn->sent == ~0)
5148 static void hci_sched_esco(struct hci_dev *hdev)
5150 struct hci_conn *conn;
5151 struct sk_buff *skb;
5154 BT_DBG("%s", hdev->name);
5156 if (!hci_conn_num(hdev, ESCO_LINK))
5159 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
5161 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5162 BT_DBG("skb %p len %d", skb, skb->len);
5163 hci_send_frame(hdev, skb);
5166 if (conn->sent == ~0)
5172 static void hci_sched_le(struct hci_dev *hdev)
5174 struct hci_chan *chan;
5175 struct sk_buff *skb;
5176 int quote, cnt, tmp;
5178 BT_DBG("%s", hdev->name);
5180 if (!hci_conn_num(hdev, LE_LINK))
5183 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5184 /* LE tx timeout must be longer than maximum
5185 * link supervision timeout (40.9 seconds) */
5186 if (!hdev->le_cnt && hdev->le_pkts &&
5187 time_after(jiffies, hdev->le_last_tx + HZ * 45))
5188 hci_link_tx_to(hdev, LE_LINK);
5191 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
5193 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
5194 u32 priority = (skb_peek(&chan->data_q))->priority;
5195 while (quote-- && (skb = skb_peek(&chan->data_q))) {
5196 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5197 skb->len, skb->priority);
5199 /* Stop if priority has changed */
5200 if (skb->priority < priority)
5203 skb = skb_dequeue(&chan->data_q);
5205 hci_send_frame(hdev, skb);
5206 hdev->le_last_tx = jiffies;
5217 hdev->acl_cnt = cnt;
5220 hci_prio_recalculate(hdev, LE_LINK);
5223 static void hci_tx_work(struct work_struct *work)
5225 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
5226 struct sk_buff *skb;
5228 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
5229 hdev->sco_cnt, hdev->le_cnt);
5231 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5232 /* Schedule queues and send stuff to HCI driver */
5233 hci_sched_acl(hdev);
5234 hci_sched_sco(hdev);
5235 hci_sched_esco(hdev);
5239 /* Send next queued raw (unknown type) packet */
5240 while ((skb = skb_dequeue(&hdev->raw_q)))
5241 hci_send_frame(hdev, skb);
5244 /* ----- HCI RX task (incoming data processing) ----- */
5246 /* ACL data packet */
5247 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5249 struct hci_acl_hdr *hdr = (void *) skb->data;
5250 struct hci_conn *conn;
5251 __u16 handle, flags;
5253 skb_pull(skb, HCI_ACL_HDR_SIZE);
5255 handle = __le16_to_cpu(hdr->handle);
5256 flags = hci_flags(handle);
5257 handle = hci_handle(handle);
5259 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
5262 hdev->stat.acl_rx++;
5265 conn = hci_conn_hash_lookup_handle(hdev, handle);
5266 hci_dev_unlock(hdev);
5269 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
5271 /* Send to upper protocol */
5272 l2cap_recv_acldata(conn, skb, flags);
5275 BT_ERR("%s ACL packet for unknown connection handle %d",
5276 hdev->name, handle);
5282 /* SCO data packet */
5283 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5285 struct hci_sco_hdr *hdr = (void *) skb->data;
5286 struct hci_conn *conn;
5289 skb_pull(skb, HCI_SCO_HDR_SIZE);
5291 handle = __le16_to_cpu(hdr->handle);
5293 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
5295 hdev->stat.sco_rx++;
5298 conn = hci_conn_hash_lookup_handle(hdev, handle);
5299 hci_dev_unlock(hdev);
5302 /* Send to upper protocol */
5303 sco_recv_scodata(conn, skb);
5306 BT_ERR("%s SCO packet for unknown connection handle %d",
5307 hdev->name, handle);
5313 static bool hci_req_is_complete(struct hci_dev *hdev)
5315 struct sk_buff *skb;
5317 skb = skb_peek(&hdev->cmd_q);
5321 return bt_cb(skb)->req.start;
5324 static void hci_resend_last(struct hci_dev *hdev)
5326 struct hci_command_hdr *sent;
5327 struct sk_buff *skb;
5330 if (!hdev->sent_cmd)
5333 sent = (void *) hdev->sent_cmd->data;
5334 opcode = __le16_to_cpu(sent->opcode);
5335 if (opcode == HCI_OP_RESET)
5338 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
5342 skb_queue_head(&hdev->cmd_q, skb);
5343 queue_work(hdev->workqueue, &hdev->cmd_work);
5346 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
5348 hci_req_complete_t req_complete = NULL;
5349 struct sk_buff *skb;
5350 unsigned long flags;
5352 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
5354 /* If the completed command doesn't match the last one that was
5355 * sent we need to do special handling of it.
5357 if (!hci_sent_cmd_data(hdev, opcode)) {
5358 /* Some CSR based controllers generate a spontaneous
5359 * reset complete event during init and any pending
5360 * command will never be completed. In such a case we
5361 * need to resend whatever was the last sent
5364 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
5365 hci_resend_last(hdev);
5370 /* If the command succeeded and there's still more commands in
5371 * this request the request is not yet complete.
5373 if (!status && !hci_req_is_complete(hdev))
5376 /* If this was the last command in a request the complete
5377 * callback would be found in hdev->sent_cmd instead of the
5378 * command queue (hdev->cmd_q).
5380 if (hdev->sent_cmd) {
5381 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
5384 /* We must set the complete callback to NULL to
5385 * avoid calling the callback more than once if
5386 * this function gets called again.
5388 bt_cb(hdev->sent_cmd)->req.complete = NULL;
5394 /* Remove all pending commands belonging to this request */
5395 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
5396 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
5397 if (bt_cb(skb)->req.start) {
5398 __skb_queue_head(&hdev->cmd_q, skb);
5402 req_complete = bt_cb(skb)->req.complete;
5405 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
5409 req_complete(hdev, status);
5412 static void hci_rx_work(struct work_struct *work)
5414 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
5415 struct sk_buff *skb;
5417 BT_DBG("%s", hdev->name);
5419 while ((skb = skb_dequeue(&hdev->rx_q))) {
5420 /* Send copy to monitor */
5421 hci_send_to_monitor(hdev, skb);
5423 if (atomic_read(&hdev->promisc)) {
5424 /* Send copy to the sockets */
5425 hci_send_to_sock(hdev, skb);
5428 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5433 if (test_bit(HCI_INIT, &hdev->flags)) {
5434 /* Don't process data packets in this states. */
5435 switch (bt_cb(skb)->pkt_type) {
5436 case HCI_ACLDATA_PKT:
5437 case HCI_SCODATA_PKT:
5444 switch (bt_cb(skb)->pkt_type) {
5446 BT_DBG("%s Event packet", hdev->name);
5447 hci_event_packet(hdev, skb);
5450 case HCI_ACLDATA_PKT:
5451 BT_DBG("%s ACL data packet", hdev->name);
5452 hci_acldata_packet(hdev, skb);
5455 case HCI_SCODATA_PKT:
5456 BT_DBG("%s SCO data packet", hdev->name);
5457 hci_scodata_packet(hdev, skb);
5467 static void hci_cmd_work(struct work_struct *work)
5469 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
5470 struct sk_buff *skb;
5472 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
5473 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
5475 /* Send queued commands */
5476 if (atomic_read(&hdev->cmd_cnt)) {
5477 skb = skb_dequeue(&hdev->cmd_q);
5481 kfree_skb(hdev->sent_cmd);
5483 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
5484 if (hdev->sent_cmd) {
5485 atomic_dec(&hdev->cmd_cnt);
5486 hci_send_frame(hdev, skb);
5487 if (test_bit(HCI_RESET, &hdev->flags))
5488 cancel_delayed_work(&hdev->cmd_timer);
5490 schedule_delayed_work(&hdev->cmd_timer,
5493 skb_queue_head(&hdev->cmd_q, skb);
5494 queue_work(hdev->workqueue, &hdev->cmd_work);
5499 void hci_req_add_le_scan_disable(struct hci_request *req)
5501 struct hci_cp_le_set_scan_enable cp;
5503 memset(&cp, 0, sizeof(cp));
5504 cp.enable = LE_SCAN_DISABLE;
5505 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
5508 static void add_to_white_list(struct hci_request *req,
5509 struct hci_conn_params *params)
5511 struct hci_cp_le_add_to_white_list cp;
5513 cp.bdaddr_type = params->addr_type;
5514 bacpy(&cp.bdaddr, ¶ms->addr);
5516 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
5519 static u8 update_white_list(struct hci_request *req)
5521 struct hci_dev *hdev = req->hdev;
5522 struct hci_conn_params *params;
5523 struct bdaddr_list *b;
5524 uint8_t white_list_entries = 0;
5526 /* Go through the current white list programmed into the
5527 * controller one by one and check if that address is still
5528 * in the list of pending connections or list of devices to
5529 * report. If not present in either list, then queue the
5530 * command to remove it from the controller.
5532 list_for_each_entry(b, &hdev->le_white_list, list) {
5533 struct hci_cp_le_del_from_white_list cp;
5535 if (hci_pend_le_action_lookup(&hdev->pend_le_conns,
5536 &b->bdaddr, b->bdaddr_type) ||
5537 hci_pend_le_action_lookup(&hdev->pend_le_reports,
5538 &b->bdaddr, b->bdaddr_type)) {
5539 white_list_entries++;
5543 cp.bdaddr_type = b->bdaddr_type;
5544 bacpy(&cp.bdaddr, &b->bdaddr);
5546 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
5550 /* Since all no longer valid white list entries have been
5551 * removed, walk through the list of pending connections
5552 * and ensure that any new device gets programmed into
5555 * If the list of the devices is larger than the list of
5556 * available white list entries in the controller, then
5557 * just abort and return filer policy value to not use the
5560 list_for_each_entry(params, &hdev->pend_le_conns, action) {
5561 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5562 ¶ms->addr, params->addr_type))
5565 if (white_list_entries >= hdev->le_white_list_size) {
5566 /* Select filter policy to accept all advertising */
5570 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
5571 params->addr_type)) {
5572 /* White list can not be used with RPAs */
5576 white_list_entries++;
5577 add_to_white_list(req, params);
5580 /* After adding all new pending connections, walk through
5581 * the list of pending reports and also add these to the
5582 * white list if there is still space.
5584 list_for_each_entry(params, &hdev->pend_le_reports, action) {
5585 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5586 ¶ms->addr, params->addr_type))
5589 if (white_list_entries >= hdev->le_white_list_size) {
5590 /* Select filter policy to accept all advertising */
5594 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
5595 params->addr_type)) {
5596 /* White list can not be used with RPAs */
5600 white_list_entries++;
5601 add_to_white_list(req, params);
5604 /* Select filter policy to use white list */
5608 void hci_req_add_le_passive_scan(struct hci_request *req)
5610 struct hci_cp_le_set_scan_param param_cp;
5611 struct hci_cp_le_set_scan_enable enable_cp;
5612 struct hci_dev *hdev = req->hdev;
5616 /* Set require_privacy to false since no SCAN_REQ are send
5617 * during passive scanning. Not using an unresolvable address
5618 * here is important so that peer devices using direct
5619 * advertising with our address will be correctly reported
5620 * by the controller.
5622 if (hci_update_random_address(req, false, &own_addr_type))
5625 /* Adding or removing entries from the white list must
5626 * happen before enabling scanning. The controller does
5627 * not allow white list modification while scanning.
5629 filter_policy = update_white_list(req);
5631 memset(¶m_cp, 0, sizeof(param_cp));
5632 param_cp.type = LE_SCAN_PASSIVE;
5633 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5634 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5635 param_cp.own_address_type = own_addr_type;
5636 param_cp.filter_policy = filter_policy;
5637 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5640 memset(&enable_cp, 0, sizeof(enable_cp));
5641 enable_cp.enable = LE_SCAN_ENABLE;
5642 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
5643 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5647 static void update_background_scan_complete(struct hci_dev *hdev, u8 status)
5650 BT_DBG("HCI request failed to update background scanning: "
5651 "status 0x%2.2x", status);
5654 /* This function controls the background scanning based on hdev->pend_le_conns
5655 * list. If there are pending LE connection we start the background scanning,
5656 * otherwise we stop it.
5658 * This function requires the caller holds hdev->lock.
5660 void hci_update_background_scan(struct hci_dev *hdev)
5662 struct hci_request req;
5663 struct hci_conn *conn;
5666 if (!test_bit(HCI_UP, &hdev->flags) ||
5667 test_bit(HCI_INIT, &hdev->flags) ||
5668 test_bit(HCI_SETUP, &hdev->dev_flags) ||
5669 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5670 test_bit(HCI_AUTO_OFF, &hdev->dev_flags) ||
5671 test_bit(HCI_UNREGISTER, &hdev->dev_flags))
5674 /* No point in doing scanning if LE support hasn't been enabled */
5675 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5678 /* If discovery is active don't interfere with it */
5679 if (hdev->discovery.state != DISCOVERY_STOPPED)
5682 hci_req_init(&req, hdev);
5684 if (list_empty(&hdev->pend_le_conns) &&
5685 list_empty(&hdev->pend_le_reports)) {
5686 /* If there is no pending LE connections or devices
5687 * to be scanned for, we should stop the background
5691 /* If controller is not scanning we are done. */
5692 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5695 hci_req_add_le_scan_disable(&req);
5697 BT_DBG("%s stopping background scanning", hdev->name);
5699 /* If there is at least one pending LE connection, we should
5700 * keep the background scan running.
5703 /* If controller is connecting, we should not start scanning
5704 * since some controllers are not able to scan and connect at
5707 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
5711 /* If controller is currently scanning, we stop it to ensure we
5712 * don't miss any advertising (due to duplicates filter).
5714 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5715 hci_req_add_le_scan_disable(&req);
5717 hci_req_add_le_passive_scan(&req);
5719 BT_DBG("%s starting background scanning", hdev->name);
5722 err = hci_req_run(&req, update_background_scan_complete);
5724 BT_ERR("Failed to run HCI request: err %d", err);
5727 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
5729 struct bdaddr_list *b;
5731 list_for_each_entry(b, &hdev->whitelist, list) {
5732 struct hci_conn *conn;
5734 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
5738 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
5745 void hci_update_page_scan(struct hci_dev *hdev, struct hci_request *req)
5749 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5752 if (!hdev_is_powered(hdev))
5755 if (mgmt_powering_down(hdev))
5758 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) ||
5759 disconnected_whitelist_entries(hdev))
5762 scan = SCAN_DISABLED;
5764 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE))
5767 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
5768 scan |= SCAN_INQUIRY;
5771 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
5773 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
projects / firefly-linux-kernel-4.4.55.git / blob