2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
40 #include "hci_request.h"
41 #include "hci_debugfs.h"
44 static void hci_rx_work(struct work_struct *work);
45 static void hci_cmd_work(struct work_struct *work);
46 static void hci_tx_work(struct work_struct *work);
49 LIST_HEAD(hci_dev_list);
50 DEFINE_RWLOCK(hci_dev_list_lock);
52 /* HCI callback list */
53 LIST_HEAD(hci_cb_list);
54 DEFINE_MUTEX(hci_cb_list_lock);
56 /* HCI ID Numbering */
57 static DEFINE_IDA(hci_index_ida);
59 /* ----- HCI requests ----- */
61 #define HCI_REQ_DONE 0
62 #define HCI_REQ_PEND 1
63 #define HCI_REQ_CANCELED 2
65 #define hci_req_lock(d) mutex_lock(&d->req_lock)
66 #define hci_req_unlock(d) mutex_unlock(&d->req_lock)
68 /* ---- HCI notifications ---- */
70 static void hci_notify(struct hci_dev *hdev, int event)
72 hci_sock_dev_event(hdev, event);
75 /* ---- HCI debugfs entries ---- */
77 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
78 size_t count, loff_t *ppos)
80 struct hci_dev *hdev = file->private_data;
83 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y': 'N';
86 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
89 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
90 size_t count, loff_t *ppos)
92 struct hci_dev *hdev = file->private_data;
95 size_t buf_size = min(count, (sizeof(buf)-1));
98 if (!test_bit(HCI_UP, &hdev->flags))
101 if (copy_from_user(buf, user_buf, buf_size))
104 buf[buf_size] = '\0';
105 if (strtobool(buf, &enable))
108 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
113 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
116 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
118 hci_req_unlock(hdev);
125 hci_dev_change_flag(hdev, HCI_DUT_MODE);
130 static const struct file_operations dut_mode_fops = {
132 .read = dut_mode_read,
133 .write = dut_mode_write,
134 .llseek = default_llseek,
137 /* ---- HCI requests ---- */
139 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
142 BT_DBG("%s result 0x%2.2x", hdev->name, result);
144 if (hdev->req_status == HCI_REQ_PEND) {
145 hdev->req_result = result;
146 hdev->req_status = HCI_REQ_DONE;
148 hdev->req_skb = skb_get(skb);
149 wake_up_interruptible(&hdev->req_wait_q);
153 static void hci_req_cancel(struct hci_dev *hdev, int err)
155 BT_DBG("%s err 0x%2.2x", hdev->name, err);
157 if (hdev->req_status == HCI_REQ_PEND) {
158 hdev->req_result = err;
159 hdev->req_status = HCI_REQ_CANCELED;
160 wake_up_interruptible(&hdev->req_wait_q);
164 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
165 const void *param, u8 event, u32 timeout)
167 DECLARE_WAITQUEUE(wait, current);
168 struct hci_request req;
172 BT_DBG("%s", hdev->name);
174 hci_req_init(&req, hdev);
176 hci_req_add_ev(&req, opcode, plen, param, event);
178 hdev->req_status = HCI_REQ_PEND;
180 add_wait_queue(&hdev->req_wait_q, &wait);
181 set_current_state(TASK_INTERRUPTIBLE);
183 err = hci_req_run_skb(&req, hci_req_sync_complete);
185 remove_wait_queue(&hdev->req_wait_q, &wait);
186 set_current_state(TASK_RUNNING);
190 schedule_timeout(timeout);
192 remove_wait_queue(&hdev->req_wait_q, &wait);
194 if (signal_pending(current))
195 return ERR_PTR(-EINTR);
197 switch (hdev->req_status) {
199 err = -bt_to_errno(hdev->req_result);
202 case HCI_REQ_CANCELED:
203 err = -hdev->req_result;
211 hdev->req_status = hdev->req_result = 0;
213 hdev->req_skb = NULL;
215 BT_DBG("%s end: err %d", hdev->name, err);
223 return ERR_PTR(-ENODATA);
227 EXPORT_SYMBOL(__hci_cmd_sync_ev);
229 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
230 const void *param, u32 timeout)
232 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
234 EXPORT_SYMBOL(__hci_cmd_sync);
236 /* Execute request and wait for completion. */
237 static int __hci_req_sync(struct hci_dev *hdev,
238 void (*func)(struct hci_request *req,
240 unsigned long opt, __u32 timeout)
242 struct hci_request req;
243 DECLARE_WAITQUEUE(wait, current);
246 BT_DBG("%s start", hdev->name);
248 hci_req_init(&req, hdev);
250 hdev->req_status = HCI_REQ_PEND;
254 add_wait_queue(&hdev->req_wait_q, &wait);
255 set_current_state(TASK_INTERRUPTIBLE);
257 err = hci_req_run_skb(&req, hci_req_sync_complete);
259 hdev->req_status = 0;
261 remove_wait_queue(&hdev->req_wait_q, &wait);
262 set_current_state(TASK_RUNNING);
264 /* ENODATA means the HCI request command queue is empty.
265 * This can happen when a request with conditionals doesn't
266 * trigger any commands to be sent. This is normal behavior
267 * and should not trigger an error return.
275 schedule_timeout(timeout);
277 remove_wait_queue(&hdev->req_wait_q, &wait);
279 if (signal_pending(current))
282 switch (hdev->req_status) {
284 err = -bt_to_errno(hdev->req_result);
287 case HCI_REQ_CANCELED:
288 err = -hdev->req_result;
296 hdev->req_status = hdev->req_result = 0;
298 BT_DBG("%s end: err %d", hdev->name, err);
303 static int hci_req_sync(struct hci_dev *hdev,
304 void (*req)(struct hci_request *req,
306 unsigned long opt, __u32 timeout)
310 if (!test_bit(HCI_UP, &hdev->flags))
313 /* Serialize all requests */
315 ret = __hci_req_sync(hdev, req, opt, timeout);
316 hci_req_unlock(hdev);
321 static void hci_reset_req(struct hci_request *req, unsigned long opt)
323 BT_DBG("%s %ld", req->hdev->name, opt);
326 set_bit(HCI_RESET, &req->hdev->flags);
327 hci_req_add(req, HCI_OP_RESET, 0, NULL);
330 static void bredr_init(struct hci_request *req)
332 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
334 /* Read Local Supported Features */
335 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
337 /* Read Local Version */
338 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
340 /* Read BD Address */
341 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
344 static void amp_init1(struct hci_request *req)
346 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
348 /* Read Local Version */
349 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
351 /* Read Local Supported Commands */
352 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
354 /* Read Local AMP Info */
355 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
357 /* Read Data Blk size */
358 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
360 /* Read Flow Control Mode */
361 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
363 /* Read Location Data */
364 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
367 static void amp_init2(struct hci_request *req)
369 /* Read Local Supported Features. Not all AMP controllers
370 * support this so it's placed conditionally in the second
373 if (req->hdev->commands[14] & 0x20)
374 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
377 static void hci_init1_req(struct hci_request *req, unsigned long opt)
379 struct hci_dev *hdev = req->hdev;
381 BT_DBG("%s %ld", hdev->name, opt);
384 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
385 hci_reset_req(req, 0);
387 switch (hdev->dev_type) {
397 BT_ERR("Unknown device type %d", hdev->dev_type);
402 static void bredr_setup(struct hci_request *req)
407 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
408 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
410 /* Read Class of Device */
411 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
413 /* Read Local Name */
414 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
416 /* Read Voice Setting */
417 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
419 /* Read Number of Supported IAC */
420 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
422 /* Read Current IAC LAP */
423 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
425 /* Clear Event Filters */
426 flt_type = HCI_FLT_CLEAR_ALL;
427 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
429 /* Connection accept timeout ~20 secs */
430 param = cpu_to_le16(0x7d00);
431 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
434 static void le_setup(struct hci_request *req)
436 struct hci_dev *hdev = req->hdev;
438 /* Read LE Buffer Size */
439 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
441 /* Read LE Local Supported Features */
442 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
444 /* Read LE Supported States */
445 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
447 /* Read LE White List Size */
448 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
450 /* Clear LE White List */
451 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
453 /* LE-only controllers have LE implicitly enabled */
454 if (!lmp_bredr_capable(hdev))
455 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
458 static void hci_setup_event_mask(struct hci_request *req)
460 struct hci_dev *hdev = req->hdev;
462 /* The second byte is 0xff instead of 0x9f (two reserved bits
463 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
466 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
468 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
469 * any event mask for pre 1.2 devices.
471 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
474 if (lmp_bredr_capable(hdev)) {
475 events[4] |= 0x01; /* Flow Specification Complete */
476 events[4] |= 0x02; /* Inquiry Result with RSSI */
477 events[4] |= 0x04; /* Read Remote Extended Features Complete */
478 events[5] |= 0x08; /* Synchronous Connection Complete */
479 events[5] |= 0x10; /* Synchronous Connection Changed */
481 /* Use a different default for LE-only devices */
482 memset(events, 0, sizeof(events));
483 events[0] |= 0x10; /* Disconnection Complete */
484 events[1] |= 0x08; /* Read Remote Version Information Complete */
485 events[1] |= 0x20; /* Command Complete */
486 events[1] |= 0x40; /* Command Status */
487 events[1] |= 0x80; /* Hardware Error */
488 events[2] |= 0x04; /* Number of Completed Packets */
489 events[3] |= 0x02; /* Data Buffer Overflow */
491 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
492 events[0] |= 0x80; /* Encryption Change */
493 events[5] |= 0x80; /* Encryption Key Refresh Complete */
497 if (lmp_inq_rssi_capable(hdev))
498 events[4] |= 0x02; /* Inquiry Result with RSSI */
500 if (lmp_sniffsubr_capable(hdev))
501 events[5] |= 0x20; /* Sniff Subrating */
503 if (lmp_pause_enc_capable(hdev))
504 events[5] |= 0x80; /* Encryption Key Refresh Complete */
506 if (lmp_ext_inq_capable(hdev))
507 events[5] |= 0x40; /* Extended Inquiry Result */
509 if (lmp_no_flush_capable(hdev))
510 events[7] |= 0x01; /* Enhanced Flush Complete */
512 if (lmp_lsto_capable(hdev))
513 events[6] |= 0x80; /* Link Supervision Timeout Changed */
515 if (lmp_ssp_capable(hdev)) {
516 events[6] |= 0x01; /* IO Capability Request */
517 events[6] |= 0x02; /* IO Capability Response */
518 events[6] |= 0x04; /* User Confirmation Request */
519 events[6] |= 0x08; /* User Passkey Request */
520 events[6] |= 0x10; /* Remote OOB Data Request */
521 events[6] |= 0x20; /* Simple Pairing Complete */
522 events[7] |= 0x04; /* User Passkey Notification */
523 events[7] |= 0x08; /* Keypress Notification */
524 events[7] |= 0x10; /* Remote Host Supported
525 * Features Notification
529 if (lmp_le_capable(hdev))
530 events[7] |= 0x20; /* LE Meta-Event */
532 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
535 static void hci_init2_req(struct hci_request *req, unsigned long opt)
537 struct hci_dev *hdev = req->hdev;
539 if (hdev->dev_type == HCI_AMP)
540 return amp_init2(req);
542 if (lmp_bredr_capable(hdev))
545 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
547 if (lmp_le_capable(hdev))
550 /* All Bluetooth 1.2 and later controllers should support the
551 * HCI command for reading the local supported commands.
553 * Unfortunately some controllers indicate Bluetooth 1.2 support,
554 * but do not have support for this command. If that is the case,
555 * the driver can quirk the behavior and skip reading the local
556 * supported commands.
558 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
559 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
560 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
562 if (lmp_ssp_capable(hdev)) {
563 /* When SSP is available, then the host features page
564 * should also be available as well. However some
565 * controllers list the max_page as 0 as long as SSP
566 * has not been enabled. To achieve proper debugging
567 * output, force the minimum max_page to 1 at least.
569 hdev->max_page = 0x01;
571 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
574 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
575 sizeof(mode), &mode);
577 struct hci_cp_write_eir cp;
579 memset(hdev->eir, 0, sizeof(hdev->eir));
580 memset(&cp, 0, sizeof(cp));
582 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
586 if (lmp_inq_rssi_capable(hdev) ||
587 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
590 /* If Extended Inquiry Result events are supported, then
591 * they are clearly preferred over Inquiry Result with RSSI
594 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
596 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
599 if (lmp_inq_tx_pwr_capable(hdev))
600 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
602 if (lmp_ext_feat_capable(hdev)) {
603 struct hci_cp_read_local_ext_features cp;
606 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
610 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
612 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
617 static void hci_setup_link_policy(struct hci_request *req)
619 struct hci_dev *hdev = req->hdev;
620 struct hci_cp_write_def_link_policy cp;
623 if (lmp_rswitch_capable(hdev))
624 link_policy |= HCI_LP_RSWITCH;
625 if (lmp_hold_capable(hdev))
626 link_policy |= HCI_LP_HOLD;
627 if (lmp_sniff_capable(hdev))
628 link_policy |= HCI_LP_SNIFF;
629 if (lmp_park_capable(hdev))
630 link_policy |= HCI_LP_PARK;
632 cp.policy = cpu_to_le16(link_policy);
633 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
636 static void hci_set_le_support(struct hci_request *req)
638 struct hci_dev *hdev = req->hdev;
639 struct hci_cp_write_le_host_supported cp;
641 /* LE-only devices do not support explicit enablement */
642 if (!lmp_bredr_capable(hdev))
645 memset(&cp, 0, sizeof(cp));
647 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
652 if (cp.le != lmp_host_le_capable(hdev))
653 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
657 static void hci_set_event_mask_page_2(struct hci_request *req)
659 struct hci_dev *hdev = req->hdev;
660 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
662 /* If Connectionless Slave Broadcast master role is supported
663 * enable all necessary events for it.
665 if (lmp_csb_master_capable(hdev)) {
666 events[1] |= 0x40; /* Triggered Clock Capture */
667 events[1] |= 0x80; /* Synchronization Train Complete */
668 events[2] |= 0x10; /* Slave Page Response Timeout */
669 events[2] |= 0x20; /* CSB Channel Map Change */
672 /* If Connectionless Slave Broadcast slave role is supported
673 * enable all necessary events for it.
675 if (lmp_csb_slave_capable(hdev)) {
676 events[2] |= 0x01; /* Synchronization Train Received */
677 events[2] |= 0x02; /* CSB Receive */
678 events[2] |= 0x04; /* CSB Timeout */
679 events[2] |= 0x08; /* Truncated Page Complete */
682 /* Enable Authenticated Payload Timeout Expired event if supported */
683 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
686 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
689 static void hci_init3_req(struct hci_request *req, unsigned long opt)
691 struct hci_dev *hdev = req->hdev;
694 hci_setup_event_mask(req);
696 if (hdev->commands[6] & 0x20 &&
697 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
698 struct hci_cp_read_stored_link_key cp;
700 bacpy(&cp.bdaddr, BDADDR_ANY);
702 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
705 if (hdev->commands[5] & 0x10)
706 hci_setup_link_policy(req);
708 if (hdev->commands[8] & 0x01)
709 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
711 /* Some older Broadcom based Bluetooth 1.2 controllers do not
712 * support the Read Page Scan Type command. Check support for
713 * this command in the bit mask of supported commands.
715 if (hdev->commands[13] & 0x01)
716 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
718 if (lmp_le_capable(hdev)) {
721 memset(events, 0, sizeof(events));
724 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
725 events[0] |= 0x10; /* LE Long Term Key Request */
727 /* If controller supports the Connection Parameters Request
728 * Link Layer Procedure, enable the corresponding event.
730 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
731 events[0] |= 0x20; /* LE Remote Connection
735 /* If the controller supports the Data Length Extension
736 * feature, enable the corresponding event.
738 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
739 events[0] |= 0x40; /* LE Data Length Change */
741 /* If the controller supports Extended Scanner Filter
742 * Policies, enable the correspondig event.
744 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
745 events[1] |= 0x04; /* LE Direct Advertising
749 /* If the controller supports the LE Read Local P-256
750 * Public Key command, enable the corresponding event.
752 if (hdev->commands[34] & 0x02)
753 events[0] |= 0x80; /* LE Read Local P-256
754 * Public Key Complete
757 /* If the controller supports the LE Generate DHKey
758 * command, enable the corresponding event.
760 if (hdev->commands[34] & 0x04)
761 events[1] |= 0x01; /* LE Generate DHKey Complete */
763 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
766 if (hdev->commands[25] & 0x40) {
767 /* Read LE Advertising Channel TX Power */
768 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
771 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
772 /* Read LE Maximum Data Length */
773 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
775 /* Read LE Suggested Default Data Length */
776 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
779 hci_set_le_support(req);
782 /* Read features beyond page 1 if available */
783 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
784 struct hci_cp_read_local_ext_features cp;
787 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
792 static void hci_init4_req(struct hci_request *req, unsigned long opt)
794 struct hci_dev *hdev = req->hdev;
796 /* Some Broadcom based Bluetooth controllers do not support the
797 * Delete Stored Link Key command. They are clearly indicating its
798 * absence in the bit mask of supported commands.
800 * Check the supported commands and only if the the command is marked
801 * as supported send it. If not supported assume that the controller
802 * does not have actual support for stored link keys which makes this
803 * command redundant anyway.
805 * Some controllers indicate that they support handling deleting
806 * stored link keys, but they don't. The quirk lets a driver
807 * just disable this command.
809 if (hdev->commands[6] & 0x80 &&
810 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
811 struct hci_cp_delete_stored_link_key cp;
813 bacpy(&cp.bdaddr, BDADDR_ANY);
814 cp.delete_all = 0x01;
815 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
819 /* Set event mask page 2 if the HCI command for it is supported */
820 if (hdev->commands[22] & 0x04)
821 hci_set_event_mask_page_2(req);
823 /* Read local codec list if the HCI command is supported */
824 if (hdev->commands[29] & 0x20)
825 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
827 /* Get MWS transport configuration if the HCI command is supported */
828 if (hdev->commands[30] & 0x08)
829 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
831 /* Check for Synchronization Train support */
832 if (lmp_sync_train_capable(hdev))
833 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
835 /* Enable Secure Connections if supported and configured */
836 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
837 bredr_sc_enabled(hdev)) {
840 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
841 sizeof(support), &support);
845 static int __hci_init(struct hci_dev *hdev)
849 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
853 /* The Device Under Test (DUT) mode is special and available for
854 * all controller types. So just create it early on.
856 if (hci_dev_test_flag(hdev, HCI_SETUP)) {
857 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
861 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
865 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
866 * BR/EDR/LE type controllers. AMP controllers only need the
867 * first two stages of init.
869 if (hdev->dev_type != HCI_BREDR)
872 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
876 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
880 /* This function is only called when the controller is actually in
881 * configured state. When the controller is marked as unconfigured,
882 * this initialization procedure is not run.
884 * It means that it is possible that a controller runs through its
885 * setup phase and then discovers missing settings. If that is the
886 * case, then this function will not be called. It then will only
887 * be called during the config phase.
889 * So only when in setup phase or config phase, create the debugfs
890 * entries and register the SMP channels.
892 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
893 !hci_dev_test_flag(hdev, HCI_CONFIG))
896 hci_debugfs_create_common(hdev);
898 if (lmp_bredr_capable(hdev))
899 hci_debugfs_create_bredr(hdev);
901 if (lmp_le_capable(hdev))
902 hci_debugfs_create_le(hdev);
907 static void hci_init0_req(struct hci_request *req, unsigned long opt)
909 struct hci_dev *hdev = req->hdev;
911 BT_DBG("%s %ld", hdev->name, opt);
914 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
915 hci_reset_req(req, 0);
917 /* Read Local Version */
918 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
920 /* Read BD Address */
921 if (hdev->set_bdaddr)
922 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
925 static int __hci_unconf_init(struct hci_dev *hdev)
929 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
932 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT);
939 static void hci_scan_req(struct hci_request *req, unsigned long opt)
943 BT_DBG("%s %x", req->hdev->name, scan);
945 /* Inquiry and Page scans */
946 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
949 static void hci_auth_req(struct hci_request *req, unsigned long opt)
953 BT_DBG("%s %x", req->hdev->name, auth);
956 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
959 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
963 BT_DBG("%s %x", req->hdev->name, encrypt);
966 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
969 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
971 __le16 policy = cpu_to_le16(opt);
973 BT_DBG("%s %x", req->hdev->name, policy);
975 /* Default link policy */
976 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
979 /* Get HCI device by index.
980 * Device is held on return. */
981 struct hci_dev *hci_dev_get(int index)
983 struct hci_dev *hdev = NULL, *d;
990 read_lock(&hci_dev_list_lock);
991 list_for_each_entry(d, &hci_dev_list, list) {
992 if (d->id == index) {
993 hdev = hci_dev_hold(d);
997 read_unlock(&hci_dev_list_lock);
1001 /* ---- Inquiry support ---- */
1003 bool hci_discovery_active(struct hci_dev *hdev)
1005 struct discovery_state *discov = &hdev->discovery;
1007 switch (discov->state) {
1008 case DISCOVERY_FINDING:
1009 case DISCOVERY_RESOLVING:
1017 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1019 int old_state = hdev->discovery.state;
1021 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1023 if (old_state == state)
1026 hdev->discovery.state = state;
1029 case DISCOVERY_STOPPED:
1030 hci_update_background_scan(hdev);
1032 if (old_state != DISCOVERY_STARTING)
1033 mgmt_discovering(hdev, 0);
1035 case DISCOVERY_STARTING:
1037 case DISCOVERY_FINDING:
1038 mgmt_discovering(hdev, 1);
1040 case DISCOVERY_RESOLVING:
1042 case DISCOVERY_STOPPING:
1047 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1049 struct discovery_state *cache = &hdev->discovery;
1050 struct inquiry_entry *p, *n;
1052 list_for_each_entry_safe(p, n, &cache->all, all) {
1057 INIT_LIST_HEAD(&cache->unknown);
1058 INIT_LIST_HEAD(&cache->resolve);
1061 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1064 struct discovery_state *cache = &hdev->discovery;
1065 struct inquiry_entry *e;
1067 BT_DBG("cache %p, %pMR", cache, bdaddr);
1069 list_for_each_entry(e, &cache->all, all) {
1070 if (!bacmp(&e->data.bdaddr, bdaddr))
1077 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1080 struct discovery_state *cache = &hdev->discovery;
1081 struct inquiry_entry *e;
1083 BT_DBG("cache %p, %pMR", cache, bdaddr);
1085 list_for_each_entry(e, &cache->unknown, list) {
1086 if (!bacmp(&e->data.bdaddr, bdaddr))
1093 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1097 struct discovery_state *cache = &hdev->discovery;
1098 struct inquiry_entry *e;
1100 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1102 list_for_each_entry(e, &cache->resolve, list) {
1103 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1105 if (!bacmp(&e->data.bdaddr, bdaddr))
1112 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1113 struct inquiry_entry *ie)
1115 struct discovery_state *cache = &hdev->discovery;
1116 struct list_head *pos = &cache->resolve;
1117 struct inquiry_entry *p;
1119 list_del(&ie->list);
1121 list_for_each_entry(p, &cache->resolve, list) {
1122 if (p->name_state != NAME_PENDING &&
1123 abs(p->data.rssi) >= abs(ie->data.rssi))
1128 list_add(&ie->list, pos);
1131 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1134 struct discovery_state *cache = &hdev->discovery;
1135 struct inquiry_entry *ie;
1138 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1140 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1142 if (!data->ssp_mode)
1143 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1145 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1147 if (!ie->data.ssp_mode)
1148 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1150 if (ie->name_state == NAME_NEEDED &&
1151 data->rssi != ie->data.rssi) {
1152 ie->data.rssi = data->rssi;
1153 hci_inquiry_cache_update_resolve(hdev, ie);
1159 /* Entry not in the cache. Add new one. */
1160 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1162 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1166 list_add(&ie->all, &cache->all);
1169 ie->name_state = NAME_KNOWN;
1171 ie->name_state = NAME_NOT_KNOWN;
1172 list_add(&ie->list, &cache->unknown);
1176 if (name_known && ie->name_state != NAME_KNOWN &&
1177 ie->name_state != NAME_PENDING) {
1178 ie->name_state = NAME_KNOWN;
1179 list_del(&ie->list);
1182 memcpy(&ie->data, data, sizeof(*data));
1183 ie->timestamp = jiffies;
1184 cache->timestamp = jiffies;
1186 if (ie->name_state == NAME_NOT_KNOWN)
1187 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1193 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1195 struct discovery_state *cache = &hdev->discovery;
1196 struct inquiry_info *info = (struct inquiry_info *) buf;
1197 struct inquiry_entry *e;
1200 list_for_each_entry(e, &cache->all, all) {
1201 struct inquiry_data *data = &e->data;
1206 bacpy(&info->bdaddr, &data->bdaddr);
1207 info->pscan_rep_mode = data->pscan_rep_mode;
1208 info->pscan_period_mode = data->pscan_period_mode;
1209 info->pscan_mode = data->pscan_mode;
1210 memcpy(info->dev_class, data->dev_class, 3);
1211 info->clock_offset = data->clock_offset;
1217 BT_DBG("cache %p, copied %d", cache, copied);
1221 static void hci_inq_req(struct hci_request *req, unsigned long opt)
1223 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1224 struct hci_dev *hdev = req->hdev;
1225 struct hci_cp_inquiry cp;
1227 BT_DBG("%s", hdev->name);
1229 if (test_bit(HCI_INQUIRY, &hdev->flags))
1233 memcpy(&cp.lap, &ir->lap, 3);
1234 cp.length = ir->length;
1235 cp.num_rsp = ir->num_rsp;
1236 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1239 int hci_inquiry(void __user *arg)
1241 __u8 __user *ptr = arg;
1242 struct hci_inquiry_req ir;
1243 struct hci_dev *hdev;
1244 int err = 0, do_inquiry = 0, max_rsp;
1248 if (copy_from_user(&ir, ptr, sizeof(ir)))
1251 hdev = hci_dev_get(ir.dev_id);
1255 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1260 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1265 if (hdev->dev_type != HCI_BREDR) {
1270 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1276 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1277 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1278 hci_inquiry_cache_flush(hdev);
1281 hci_dev_unlock(hdev);
1283 timeo = ir.length * msecs_to_jiffies(2000);
1286 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1291 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1292 * cleared). If it is interrupted by a signal, return -EINTR.
1294 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1295 TASK_INTERRUPTIBLE))
1299 /* for unlimited number of responses we will use buffer with
1302 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1304 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1305 * copy it to the user space.
1307 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
1314 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1315 hci_dev_unlock(hdev);
1317 BT_DBG("num_rsp %d", ir.num_rsp);
1319 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1321 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1334 static int hci_dev_do_open(struct hci_dev *hdev)
1338 BT_DBG("%s %p", hdev->name, hdev);
1342 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1347 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1348 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1349 /* Check for rfkill but allow the HCI setup stage to
1350 * proceed (which in itself doesn't cause any RF activity).
1352 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1357 /* Check for valid public address or a configured static
1358 * random adddress, but let the HCI setup proceed to
1359 * be able to determine if there is a public address
1362 * In case of user channel usage, it is not important
1363 * if a public address or static random address is
1366 * This check is only valid for BR/EDR controllers
1367 * since AMP controllers do not have an address.
1369 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1370 hdev->dev_type == HCI_BREDR &&
1371 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1372 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1373 ret = -EADDRNOTAVAIL;
1378 if (test_bit(HCI_UP, &hdev->flags)) {
1383 if (hdev->open(hdev)) {
1388 hci_notify(hdev, HCI_DEV_OPEN);
1390 atomic_set(&hdev->cmd_cnt, 1);
1391 set_bit(HCI_INIT, &hdev->flags);
1393 if (hci_dev_test_flag(hdev, HCI_SETUP)) {
1395 ret = hdev->setup(hdev);
1397 /* The transport driver can set these quirks before
1398 * creating the HCI device or in its setup callback.
1400 * In case any of them is set, the controller has to
1401 * start up as unconfigured.
1403 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1404 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
1405 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1407 /* For an unconfigured controller it is required to
1408 * read at least the version information provided by
1409 * the Read Local Version Information command.
1411 * If the set_bdaddr driver callback is provided, then
1412 * also the original Bluetooth public device address
1413 * will be read using the Read BD Address command.
1415 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1416 ret = __hci_unconf_init(hdev);
1419 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1420 /* If public address change is configured, ensure that
1421 * the address gets programmed. If the driver does not
1422 * support changing the public address, fail the power
1425 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1427 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1429 ret = -EADDRNOTAVAIL;
1433 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1434 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
1435 ret = __hci_init(hdev);
1438 clear_bit(HCI_INIT, &hdev->flags);
1442 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1443 set_bit(HCI_UP, &hdev->flags);
1444 hci_notify(hdev, HCI_DEV_UP);
1445 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1446 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1447 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1448 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1449 hdev->dev_type == HCI_BREDR) {
1451 mgmt_powered(hdev, 1);
1452 hci_dev_unlock(hdev);
1455 /* Init failed, cleanup */
1456 flush_work(&hdev->tx_work);
1457 flush_work(&hdev->cmd_work);
1458 flush_work(&hdev->rx_work);
1460 skb_queue_purge(&hdev->cmd_q);
1461 skb_queue_purge(&hdev->rx_q);
1466 if (hdev->sent_cmd) {
1467 kfree_skb(hdev->sent_cmd);
1468 hdev->sent_cmd = NULL;
1471 hci_notify(hdev, HCI_DEV_CLOSE);
1474 hdev->flags &= BIT(HCI_RAW);
1478 hci_req_unlock(hdev);
1482 /* ---- HCI ioctl helpers ---- */
1484 int hci_dev_open(__u16 dev)
1486 struct hci_dev *hdev;
1489 hdev = hci_dev_get(dev);
1493 /* Devices that are marked as unconfigured can only be powered
1494 * up as user channel. Trying to bring them up as normal devices
1495 * will result into a failure. Only user channel operation is
1498 * When this function is called for a user channel, the flag
1499 * HCI_USER_CHANNEL will be set first before attempting to
1502 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1503 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1508 /* We need to ensure that no other power on/off work is pending
1509 * before proceeding to call hci_dev_do_open. This is
1510 * particularly important if the setup procedure has not yet
1513 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1514 cancel_delayed_work(&hdev->power_off);
1516 /* After this call it is guaranteed that the setup procedure
1517 * has finished. This means that error conditions like RFKILL
1518 * or no valid public or static random address apply.
1520 flush_workqueue(hdev->req_workqueue);
1522 /* For controllers not using the management interface and that
1523 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1524 * so that pairing works for them. Once the management interface
1525 * is in use this bit will be cleared again and userspace has
1526 * to explicitly enable it.
1528 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1529 !hci_dev_test_flag(hdev, HCI_MGMT))
1530 hci_dev_set_flag(hdev, HCI_BONDABLE);
1532 err = hci_dev_do_open(hdev);
1539 /* This function requires the caller holds hdev->lock */
1540 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1542 struct hci_conn_params *p;
1544 list_for_each_entry(p, &hdev->le_conn_params, list) {
1546 hci_conn_drop(p->conn);
1547 hci_conn_put(p->conn);
1550 list_del_init(&p->action);
1553 BT_DBG("All LE pending actions cleared");
1556 int hci_dev_do_close(struct hci_dev *hdev)
1558 BT_DBG("%s %p", hdev->name, hdev);
1560 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1561 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1562 test_bit(HCI_UP, &hdev->flags)) {
1563 /* Execute vendor specific shutdown routine */
1565 hdev->shutdown(hdev);
1568 cancel_delayed_work(&hdev->power_off);
1570 hci_req_cancel(hdev, ENODEV);
1573 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1574 cancel_delayed_work_sync(&hdev->cmd_timer);
1575 hci_req_unlock(hdev);
1579 /* Flush RX and TX works */
1580 flush_work(&hdev->tx_work);
1581 flush_work(&hdev->rx_work);
1583 if (hdev->discov_timeout > 0) {
1584 cancel_delayed_work(&hdev->discov_off);
1585 hdev->discov_timeout = 0;
1586 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1587 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1590 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1591 cancel_delayed_work(&hdev->service_cache);
1593 cancel_delayed_work_sync(&hdev->le_scan_disable);
1594 cancel_delayed_work_sync(&hdev->le_scan_restart);
1596 if (hci_dev_test_flag(hdev, HCI_MGMT))
1597 cancel_delayed_work_sync(&hdev->rpa_expired);
1599 if (hdev->adv_instance_timeout) {
1600 cancel_delayed_work_sync(&hdev->adv_instance_expire);
1601 hdev->adv_instance_timeout = 0;
1604 /* Avoid potential lockdep warnings from the *_flush() calls by
1605 * ensuring the workqueue is empty up front.
1607 drain_workqueue(hdev->workqueue);
1611 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1613 if (!hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1614 if (hdev->dev_type == HCI_BREDR)
1615 mgmt_powered(hdev, 0);
1618 hci_inquiry_cache_flush(hdev);
1619 hci_pend_le_actions_clear(hdev);
1620 hci_conn_hash_flush(hdev);
1621 hci_dev_unlock(hdev);
1623 smp_unregister(hdev);
1625 hci_notify(hdev, HCI_DEV_DOWN);
1631 skb_queue_purge(&hdev->cmd_q);
1632 atomic_set(&hdev->cmd_cnt, 1);
1633 if (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
1634 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1635 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
1636 set_bit(HCI_INIT, &hdev->flags);
1637 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
1638 clear_bit(HCI_INIT, &hdev->flags);
1641 /* flush cmd work */
1642 flush_work(&hdev->cmd_work);
1645 skb_queue_purge(&hdev->rx_q);
1646 skb_queue_purge(&hdev->cmd_q);
1647 skb_queue_purge(&hdev->raw_q);
1649 /* Drop last sent command */
1650 if (hdev->sent_cmd) {
1651 cancel_delayed_work_sync(&hdev->cmd_timer);
1652 kfree_skb(hdev->sent_cmd);
1653 hdev->sent_cmd = NULL;
1656 hci_notify(hdev, HCI_DEV_CLOSE);
1658 /* After this point our queues are empty
1659 * and no tasks are scheduled. */
1663 hdev->flags &= BIT(HCI_RAW);
1664 hci_dev_clear_volatile_flags(hdev);
1666 /* Controller radio is available but is currently powered down */
1667 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1669 memset(hdev->eir, 0, sizeof(hdev->eir));
1670 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1671 bacpy(&hdev->random_addr, BDADDR_ANY);
1673 hci_req_unlock(hdev);
1679 int hci_dev_close(__u16 dev)
1681 struct hci_dev *hdev;
1684 hdev = hci_dev_get(dev);
1688 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1693 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1694 cancel_delayed_work(&hdev->power_off);
1696 err = hci_dev_do_close(hdev);
1703 static int hci_dev_do_reset(struct hci_dev *hdev)
1707 BT_DBG("%s %p", hdev->name, hdev);
1712 skb_queue_purge(&hdev->rx_q);
1713 skb_queue_purge(&hdev->cmd_q);
1715 /* Avoid potential lockdep warnings from the *_flush() calls by
1716 * ensuring the workqueue is empty up front.
1718 drain_workqueue(hdev->workqueue);
1721 hci_inquiry_cache_flush(hdev);
1722 hci_conn_hash_flush(hdev);
1723 hci_dev_unlock(hdev);
1728 atomic_set(&hdev->cmd_cnt, 1);
1729 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1731 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
1733 hci_req_unlock(hdev);
1737 int hci_dev_reset(__u16 dev)
1739 struct hci_dev *hdev;
1742 hdev = hci_dev_get(dev);
1746 if (!test_bit(HCI_UP, &hdev->flags)) {
1751 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1756 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1761 err = hci_dev_do_reset(hdev);
1768 int hci_dev_reset_stat(__u16 dev)
1770 struct hci_dev *hdev;
1773 hdev = hci_dev_get(dev);
1777 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1782 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1787 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1794 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1796 bool conn_changed, discov_changed;
1798 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1800 if ((scan & SCAN_PAGE))
1801 conn_changed = !hci_dev_test_and_set_flag(hdev,
1804 conn_changed = hci_dev_test_and_clear_flag(hdev,
1807 if ((scan & SCAN_INQUIRY)) {
1808 discov_changed = !hci_dev_test_and_set_flag(hdev,
1811 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1812 discov_changed = hci_dev_test_and_clear_flag(hdev,
1816 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1819 if (conn_changed || discov_changed) {
1820 /* In case this was disabled through mgmt */
1821 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1823 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1824 mgmt_update_adv_data(hdev);
1826 mgmt_new_settings(hdev);
1830 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1832 struct hci_dev *hdev;
1833 struct hci_dev_req dr;
1836 if (copy_from_user(&dr, arg, sizeof(dr)))
1839 hdev = hci_dev_get(dr.dev_id);
1843 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1848 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1853 if (hdev->dev_type != HCI_BREDR) {
1858 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1865 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1870 if (!lmp_encrypt_capable(hdev)) {
1875 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1876 /* Auth must be enabled first */
1877 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1883 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1888 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1891 /* Ensure that the connectable and discoverable states
1892 * get correctly modified as this was a non-mgmt change.
1895 hci_update_scan_state(hdev, dr.dev_opt);
1899 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1903 case HCISETLINKMODE:
1904 hdev->link_mode = ((__u16) dr.dev_opt) &
1905 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1909 hdev->pkt_type = (__u16) dr.dev_opt;
1913 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1914 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1918 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1919 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1932 int hci_get_dev_list(void __user *arg)
1934 struct hci_dev *hdev;
1935 struct hci_dev_list_req *dl;
1936 struct hci_dev_req *dr;
1937 int n = 0, size, err;
1940 if (get_user(dev_num, (__u16 __user *) arg))
1943 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1946 size = sizeof(*dl) + dev_num * sizeof(*dr);
1948 dl = kzalloc(size, GFP_KERNEL);
1954 read_lock(&hci_dev_list_lock);
1955 list_for_each_entry(hdev, &hci_dev_list, list) {
1956 unsigned long flags = hdev->flags;
1958 /* When the auto-off is configured it means the transport
1959 * is running, but in that case still indicate that the
1960 * device is actually down.
1962 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
1963 flags &= ~BIT(HCI_UP);
1965 (dr + n)->dev_id = hdev->id;
1966 (dr + n)->dev_opt = flags;
1971 read_unlock(&hci_dev_list_lock);
1974 size = sizeof(*dl) + n * sizeof(*dr);
1976 err = copy_to_user(arg, dl, size);
1979 return err ? -EFAULT : 0;
1982 int hci_get_dev_info(void __user *arg)
1984 struct hci_dev *hdev;
1985 struct hci_dev_info di;
1986 unsigned long flags;
1989 if (copy_from_user(&di, arg, sizeof(di)))
1992 hdev = hci_dev_get(di.dev_id);
1996 /* When the auto-off is configured it means the transport
1997 * is running, but in that case still indicate that the
1998 * device is actually down.
2000 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2001 flags = hdev->flags & ~BIT(HCI_UP);
2003 flags = hdev->flags;
2005 strcpy(di.name, hdev->name);
2006 di.bdaddr = hdev->bdaddr;
2007 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2009 di.pkt_type = hdev->pkt_type;
2010 if (lmp_bredr_capable(hdev)) {
2011 di.acl_mtu = hdev->acl_mtu;
2012 di.acl_pkts = hdev->acl_pkts;
2013 di.sco_mtu = hdev->sco_mtu;
2014 di.sco_pkts = hdev->sco_pkts;
2016 di.acl_mtu = hdev->le_mtu;
2017 di.acl_pkts = hdev->le_pkts;
2021 di.link_policy = hdev->link_policy;
2022 di.link_mode = hdev->link_mode;
2024 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2025 memcpy(&di.features, &hdev->features, sizeof(di.features));
2027 if (copy_to_user(arg, &di, sizeof(di)))
2035 /* ---- Interface to HCI drivers ---- */
2037 static int hci_rfkill_set_block(void *data, bool blocked)
2039 struct hci_dev *hdev = data;
2041 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2043 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2047 hci_dev_set_flag(hdev, HCI_RFKILLED);
2048 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2049 !hci_dev_test_flag(hdev, HCI_CONFIG))
2050 hci_dev_do_close(hdev);
2052 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2058 static const struct rfkill_ops hci_rfkill_ops = {
2059 .set_block = hci_rfkill_set_block,
2062 static void hci_power_on(struct work_struct *work)
2064 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2067 BT_DBG("%s", hdev->name);
2069 err = hci_dev_do_open(hdev);
2072 mgmt_set_powered_failed(hdev, err);
2073 hci_dev_unlock(hdev);
2077 /* During the HCI setup phase, a few error conditions are
2078 * ignored and they need to be checked now. If they are still
2079 * valid, it is important to turn the device back off.
2081 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2082 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2083 (hdev->dev_type == HCI_BREDR &&
2084 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2085 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2086 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2087 hci_dev_do_close(hdev);
2088 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2089 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2090 HCI_AUTO_OFF_TIMEOUT);
2093 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2094 /* For unconfigured devices, set the HCI_RAW flag
2095 * so that userspace can easily identify them.
2097 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2098 set_bit(HCI_RAW, &hdev->flags);
2100 /* For fully configured devices, this will send
2101 * the Index Added event. For unconfigured devices,
2102 * it will send Unconfigued Index Added event.
2104 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2105 * and no event will be send.
2107 mgmt_index_added(hdev);
2108 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2109 /* When the controller is now configured, then it
2110 * is important to clear the HCI_RAW flag.
2112 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2113 clear_bit(HCI_RAW, &hdev->flags);
2115 /* Powering on the controller with HCI_CONFIG set only
2116 * happens with the transition from unconfigured to
2117 * configured. This will send the Index Added event.
2119 mgmt_index_added(hdev);
2123 static void hci_power_off(struct work_struct *work)
2125 struct hci_dev *hdev = container_of(work, struct hci_dev,
2128 BT_DBG("%s", hdev->name);
2130 hci_dev_do_close(hdev);
2133 static void hci_error_reset(struct work_struct *work)
2135 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2137 BT_DBG("%s", hdev->name);
2140 hdev->hw_error(hdev, hdev->hw_error_code);
2142 BT_ERR("%s hardware error 0x%2.2x", hdev->name,
2143 hdev->hw_error_code);
2145 if (hci_dev_do_close(hdev))
2148 hci_dev_do_open(hdev);
2151 static void hci_discov_off(struct work_struct *work)
2153 struct hci_dev *hdev;
2155 hdev = container_of(work, struct hci_dev, discov_off.work);
2157 BT_DBG("%s", hdev->name);
2159 mgmt_discoverable_timeout(hdev);
2162 static void hci_adv_timeout_expire(struct work_struct *work)
2164 struct hci_dev *hdev;
2166 hdev = container_of(work, struct hci_dev, adv_instance_expire.work);
2168 BT_DBG("%s", hdev->name);
2170 mgmt_adv_timeout_expired(hdev);
2173 void hci_uuids_clear(struct hci_dev *hdev)
2175 struct bt_uuid *uuid, *tmp;
2177 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2178 list_del(&uuid->list);
2183 void hci_link_keys_clear(struct hci_dev *hdev)
2185 struct link_key *key;
2187 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
2188 list_del_rcu(&key->list);
2189 kfree_rcu(key, rcu);
2193 void hci_smp_ltks_clear(struct hci_dev *hdev)
2197 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2198 list_del_rcu(&k->list);
2203 void hci_smp_irks_clear(struct hci_dev *hdev)
2207 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2208 list_del_rcu(&k->list);
2213 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2218 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2219 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2229 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2230 u8 key_type, u8 old_key_type)
2233 if (key_type < 0x03)
2236 /* Debug keys are insecure so don't store them persistently */
2237 if (key_type == HCI_LK_DEBUG_COMBINATION)
2240 /* Changed combination key and there's no previous one */
2241 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2244 /* Security mode 3 case */
2248 /* BR/EDR key derived using SC from an LE link */
2249 if (conn->type == LE_LINK)
2252 /* Neither local nor remote side had no-bonding as requirement */
2253 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2256 /* Local side had dedicated bonding as requirement */
2257 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2260 /* Remote side had dedicated bonding as requirement */
2261 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2264 /* If none of the above criteria match, then don't store the key
2269 static u8 ltk_role(u8 type)
2271 if (type == SMP_LTK)
2272 return HCI_ROLE_MASTER;
2274 return HCI_ROLE_SLAVE;
2277 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2278 u8 addr_type, u8 role)
2283 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2284 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2287 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2297 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2299 struct smp_irk *irk;
2302 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2303 if (!bacmp(&irk->rpa, rpa)) {
2309 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2310 if (smp_irk_matches(hdev, irk->val, rpa)) {
2311 bacpy(&irk->rpa, rpa);
2321 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2324 struct smp_irk *irk;
2326 /* Identity Address must be public or static random */
2327 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2331 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2332 if (addr_type == irk->addr_type &&
2333 bacmp(bdaddr, &irk->bdaddr) == 0) {
2343 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2344 bdaddr_t *bdaddr, u8 *val, u8 type,
2345 u8 pin_len, bool *persistent)
2347 struct link_key *key, *old_key;
2350 old_key = hci_find_link_key(hdev, bdaddr);
2352 old_key_type = old_key->type;
2355 old_key_type = conn ? conn->key_type : 0xff;
2356 key = kzalloc(sizeof(*key), GFP_KERNEL);
2359 list_add_rcu(&key->list, &hdev->link_keys);
2362 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2364 /* Some buggy controller combinations generate a changed
2365 * combination key for legacy pairing even when there's no
2367 if (type == HCI_LK_CHANGED_COMBINATION &&
2368 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2369 type = HCI_LK_COMBINATION;
2371 conn->key_type = type;
2374 bacpy(&key->bdaddr, bdaddr);
2375 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2376 key->pin_len = pin_len;
2378 if (type == HCI_LK_CHANGED_COMBINATION)
2379 key->type = old_key_type;
2384 *persistent = hci_persistent_key(hdev, conn, type,
2390 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2391 u8 addr_type, u8 type, u8 authenticated,
2392 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2394 struct smp_ltk *key, *old_key;
2395 u8 role = ltk_role(type);
2397 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2401 key = kzalloc(sizeof(*key), GFP_KERNEL);
2404 list_add_rcu(&key->list, &hdev->long_term_keys);
2407 bacpy(&key->bdaddr, bdaddr);
2408 key->bdaddr_type = addr_type;
2409 memcpy(key->val, tk, sizeof(key->val));
2410 key->authenticated = authenticated;
2413 key->enc_size = enc_size;
2419 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2420 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2422 struct smp_irk *irk;
2424 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2426 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2430 bacpy(&irk->bdaddr, bdaddr);
2431 irk->addr_type = addr_type;
2433 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2436 memcpy(irk->val, val, 16);
2437 bacpy(&irk->rpa, rpa);
2442 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2444 struct link_key *key;
2446 key = hci_find_link_key(hdev, bdaddr);
2450 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2452 list_del_rcu(&key->list);
2453 kfree_rcu(key, rcu);
2458 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2463 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2464 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2467 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2469 list_del_rcu(&k->list);
2474 return removed ? 0 : -ENOENT;
2477 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2481 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2482 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2485 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2487 list_del_rcu(&k->list);
2492 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2495 struct smp_irk *irk;
2498 if (type == BDADDR_BREDR) {
2499 if (hci_find_link_key(hdev, bdaddr))
2504 /* Convert to HCI addr type which struct smp_ltk uses */
2505 if (type == BDADDR_LE_PUBLIC)
2506 addr_type = ADDR_LE_DEV_PUBLIC;
2508 addr_type = ADDR_LE_DEV_RANDOM;
2510 irk = hci_get_irk(hdev, bdaddr, addr_type);
2512 bdaddr = &irk->bdaddr;
2513 addr_type = irk->addr_type;
2517 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2518 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2528 /* HCI command timer function */
2529 static void hci_cmd_timeout(struct work_struct *work)
2531 struct hci_dev *hdev = container_of(work, struct hci_dev,
2534 if (hdev->sent_cmd) {
2535 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2536 u16 opcode = __le16_to_cpu(sent->opcode);
2538 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
2540 BT_ERR("%s command tx timeout", hdev->name);
2543 atomic_set(&hdev->cmd_cnt, 1);
2544 queue_work(hdev->workqueue, &hdev->cmd_work);
2547 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2548 bdaddr_t *bdaddr, u8 bdaddr_type)
2550 struct oob_data *data;
2552 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2553 if (bacmp(bdaddr, &data->bdaddr) != 0)
2555 if (data->bdaddr_type != bdaddr_type)
2563 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2566 struct oob_data *data;
2568 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2572 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2574 list_del(&data->list);
2580 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2582 struct oob_data *data, *n;
2584 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2585 list_del(&data->list);
2590 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2591 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2592 u8 *hash256, u8 *rand256)
2594 struct oob_data *data;
2596 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2598 data = kmalloc(sizeof(*data), GFP_KERNEL);
2602 bacpy(&data->bdaddr, bdaddr);
2603 data->bdaddr_type = bdaddr_type;
2604 list_add(&data->list, &hdev->remote_oob_data);
2607 if (hash192 && rand192) {
2608 memcpy(data->hash192, hash192, sizeof(data->hash192));
2609 memcpy(data->rand192, rand192, sizeof(data->rand192));
2610 if (hash256 && rand256)
2611 data->present = 0x03;
2613 memset(data->hash192, 0, sizeof(data->hash192));
2614 memset(data->rand192, 0, sizeof(data->rand192));
2615 if (hash256 && rand256)
2616 data->present = 0x02;
2618 data->present = 0x00;
2621 if (hash256 && rand256) {
2622 memcpy(data->hash256, hash256, sizeof(data->hash256));
2623 memcpy(data->rand256, rand256, sizeof(data->rand256));
2625 memset(data->hash256, 0, sizeof(data->hash256));
2626 memset(data->rand256, 0, sizeof(data->rand256));
2627 if (hash192 && rand192)
2628 data->present = 0x01;
2631 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2636 /* This function requires the caller holds hdev->lock */
2637 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2639 struct adv_info *adv_instance;
2641 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2642 if (adv_instance->instance == instance)
2643 return adv_instance;
2649 /* This function requires the caller holds hdev->lock */
2650 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance) {
2651 struct adv_info *cur_instance;
2653 cur_instance = hci_find_adv_instance(hdev, instance);
2657 if (cur_instance == list_last_entry(&hdev->adv_instances,
2658 struct adv_info, list))
2659 return list_first_entry(&hdev->adv_instances,
2660 struct adv_info, list);
2662 return list_next_entry(cur_instance, list);
2665 /* This function requires the caller holds hdev->lock */
2666 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2668 struct adv_info *adv_instance;
2670 adv_instance = hci_find_adv_instance(hdev, instance);
2674 BT_DBG("%s removing %dMR", hdev->name, instance);
2676 if (hdev->cur_adv_instance == instance && hdev->adv_instance_timeout) {
2677 cancel_delayed_work(&hdev->adv_instance_expire);
2678 hdev->adv_instance_timeout = 0;
2681 list_del(&adv_instance->list);
2682 kfree(adv_instance);
2684 hdev->adv_instance_cnt--;
2689 /* This function requires the caller holds hdev->lock */
2690 void hci_adv_instances_clear(struct hci_dev *hdev)
2692 struct adv_info *adv_instance, *n;
2694 if (hdev->adv_instance_timeout) {
2695 cancel_delayed_work(&hdev->adv_instance_expire);
2696 hdev->adv_instance_timeout = 0;
2699 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2700 list_del(&adv_instance->list);
2701 kfree(adv_instance);
2704 hdev->adv_instance_cnt = 0;
2707 /* This function requires the caller holds hdev->lock */
2708 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2709 u16 adv_data_len, u8 *adv_data,
2710 u16 scan_rsp_len, u8 *scan_rsp_data,
2711 u16 timeout, u16 duration)
2713 struct adv_info *adv_instance;
2715 adv_instance = hci_find_adv_instance(hdev, instance);
2717 memset(adv_instance->adv_data, 0,
2718 sizeof(adv_instance->adv_data));
2719 memset(adv_instance->scan_rsp_data, 0,
2720 sizeof(adv_instance->scan_rsp_data));
2722 if (hdev->adv_instance_cnt >= HCI_MAX_ADV_INSTANCES ||
2723 instance < 1 || instance > HCI_MAX_ADV_INSTANCES)
2726 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2730 adv_instance->pending = true;
2731 adv_instance->instance = instance;
2732 list_add(&adv_instance->list, &hdev->adv_instances);
2733 hdev->adv_instance_cnt++;
2736 adv_instance->flags = flags;
2737 adv_instance->adv_data_len = adv_data_len;
2738 adv_instance->scan_rsp_len = scan_rsp_len;
2741 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
2744 memcpy(adv_instance->scan_rsp_data,
2745 scan_rsp_data, scan_rsp_len);
2747 adv_instance->timeout = timeout;
2748 adv_instance->remaining_time = timeout;
2751 adv_instance->duration = HCI_DEFAULT_ADV_DURATION;
2753 adv_instance->duration = duration;
2755 BT_DBG("%s for %dMR", hdev->name, instance);
2760 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
2761 bdaddr_t *bdaddr, u8 type)
2763 struct bdaddr_list *b;
2765 list_for_each_entry(b, bdaddr_list, list) {
2766 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2773 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
2775 struct list_head *p, *n;
2777 list_for_each_safe(p, n, bdaddr_list) {
2778 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
2785 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2787 struct bdaddr_list *entry;
2789 if (!bacmp(bdaddr, BDADDR_ANY))
2792 if (hci_bdaddr_list_lookup(list, bdaddr, type))
2795 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
2799 bacpy(&entry->bdaddr, bdaddr);
2800 entry->bdaddr_type = type;
2802 list_add(&entry->list, list);
2807 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2809 struct bdaddr_list *entry;
2811 if (!bacmp(bdaddr, BDADDR_ANY)) {
2812 hci_bdaddr_list_clear(list);
2816 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
2820 list_del(&entry->list);
2826 /* This function requires the caller holds hdev->lock */
2827 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
2828 bdaddr_t *addr, u8 addr_type)
2830 struct hci_conn_params *params;
2832 list_for_each_entry(params, &hdev->le_conn_params, list) {
2833 if (bacmp(¶ms->addr, addr) == 0 &&
2834 params->addr_type == addr_type) {
2842 /* This function requires the caller holds hdev->lock */
2843 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
2844 bdaddr_t *addr, u8 addr_type)
2846 struct hci_conn_params *param;
2848 list_for_each_entry(param, list, action) {
2849 if (bacmp(¶m->addr, addr) == 0 &&
2850 param->addr_type == addr_type)
2857 /* This function requires the caller holds hdev->lock */
2858 struct hci_conn_params *hci_explicit_connect_lookup(struct hci_dev *hdev,
2862 struct hci_conn_params *param;
2864 list_for_each_entry(param, &hdev->pend_le_conns, action) {
2865 if (bacmp(¶m->addr, addr) == 0 &&
2866 param->addr_type == addr_type &&
2867 param->explicit_connect)
2871 list_for_each_entry(param, &hdev->pend_le_reports, action) {
2872 if (bacmp(¶m->addr, addr) == 0 &&
2873 param->addr_type == addr_type &&
2874 param->explicit_connect)
2881 /* This function requires the caller holds hdev->lock */
2882 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
2883 bdaddr_t *addr, u8 addr_type)
2885 struct hci_conn_params *params;
2887 params = hci_conn_params_lookup(hdev, addr, addr_type);
2891 params = kzalloc(sizeof(*params), GFP_KERNEL);
2893 BT_ERR("Out of memory");
2897 bacpy(¶ms->addr, addr);
2898 params->addr_type = addr_type;
2900 list_add(¶ms->list, &hdev->le_conn_params);
2901 INIT_LIST_HEAD(¶ms->action);
2903 params->conn_min_interval = hdev->le_conn_min_interval;
2904 params->conn_max_interval = hdev->le_conn_max_interval;
2905 params->conn_latency = hdev->le_conn_latency;
2906 params->supervision_timeout = hdev->le_supv_timeout;
2907 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2909 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2914 static void hci_conn_params_free(struct hci_conn_params *params)
2917 hci_conn_drop(params->conn);
2918 hci_conn_put(params->conn);
2921 list_del(¶ms->action);
2922 list_del(¶ms->list);
2926 /* This function requires the caller holds hdev->lock */
2927 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
2929 struct hci_conn_params *params;
2931 params = hci_conn_params_lookup(hdev, addr, addr_type);
2935 hci_conn_params_free(params);
2937 hci_update_background_scan(hdev);
2939 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2942 /* This function requires the caller holds hdev->lock */
2943 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
2945 struct hci_conn_params *params, *tmp;
2947 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
2948 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
2951 /* If trying to estabilish one time connection to disabled
2952 * device, leave the params, but mark them as just once.
2954 if (params->explicit_connect) {
2955 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2959 list_del(¶ms->list);
2963 BT_DBG("All LE disabled connection parameters were removed");
2966 /* This function requires the caller holds hdev->lock */
2967 void hci_conn_params_clear_all(struct hci_dev *hdev)
2969 struct hci_conn_params *params, *tmp;
2971 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
2972 hci_conn_params_free(params);
2974 hci_update_background_scan(hdev);
2976 BT_DBG("All LE connection parameters were removed");
2979 static void inquiry_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2982 BT_ERR("Failed to start inquiry: status %d", status);
2985 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2986 hci_dev_unlock(hdev);
2991 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status,
2994 /* General inquiry access code (GIAC) */
2995 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2996 struct hci_cp_inquiry cp;
3000 BT_ERR("Failed to disable LE scanning: status %d", status);
3004 hdev->discovery.scan_start = 0;
3006 switch (hdev->discovery.type) {
3007 case DISCOV_TYPE_LE:
3009 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3010 hci_dev_unlock(hdev);
3013 case DISCOV_TYPE_INTERLEAVED:
3016 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
3018 /* If we were running LE only scan, change discovery
3019 * state. If we were running both LE and BR/EDR inquiry
3020 * simultaneously, and BR/EDR inquiry is already
3021 * finished, stop discovery, otherwise BR/EDR inquiry
3022 * will stop discovery when finished. If we will resolve
3023 * remote device name, do not change discovery state.
3025 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
3026 hdev->discovery.state != DISCOVERY_RESOLVING)
3027 hci_discovery_set_state(hdev,
3030 struct hci_request req;
3032 hci_inquiry_cache_flush(hdev);
3034 hci_req_init(&req, hdev);
3036 memset(&cp, 0, sizeof(cp));
3037 memcpy(&cp.lap, lap, sizeof(cp.lap));
3038 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
3039 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3041 err = hci_req_run(&req, inquiry_complete);
3043 BT_ERR("Inquiry request failed: err %d", err);
3044 hci_discovery_set_state(hdev,
3049 hci_dev_unlock(hdev);
3054 static void le_scan_disable_work(struct work_struct *work)
3056 struct hci_dev *hdev = container_of(work, struct hci_dev,
3057 le_scan_disable.work);
3058 struct hci_request req;
3061 BT_DBG("%s", hdev->name);
3063 cancel_delayed_work_sync(&hdev->le_scan_restart);
3065 hci_req_init(&req, hdev);
3067 hci_req_add_le_scan_disable(&req);
3069 err = hci_req_run(&req, le_scan_disable_work_complete);
3071 BT_ERR("Disable LE scanning request failed: err %d", err);
3074 static void le_scan_restart_work_complete(struct hci_dev *hdev, u8 status,
3077 unsigned long timeout, duration, scan_start, now;
3079 BT_DBG("%s", hdev->name);
3082 BT_ERR("Failed to restart LE scan: status %d", status);
3086 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
3087 !hdev->discovery.scan_start)
3090 /* When the scan was started, hdev->le_scan_disable has been queued
3091 * after duration from scan_start. During scan restart this job
3092 * has been canceled, and we need to queue it again after proper
3093 * timeout, to make sure that scan does not run indefinitely.
3095 duration = hdev->discovery.scan_duration;
3096 scan_start = hdev->discovery.scan_start;
3098 if (now - scan_start <= duration) {
3101 if (now >= scan_start)
3102 elapsed = now - scan_start;
3104 elapsed = ULONG_MAX - scan_start + now;
3106 timeout = duration - elapsed;
3110 queue_delayed_work(hdev->workqueue,
3111 &hdev->le_scan_disable, timeout);
3114 static void le_scan_restart_work(struct work_struct *work)
3116 struct hci_dev *hdev = container_of(work, struct hci_dev,
3117 le_scan_restart.work);
3118 struct hci_request req;
3119 struct hci_cp_le_set_scan_enable cp;
3122 BT_DBG("%s", hdev->name);
3124 /* If controller is not scanning we are done. */
3125 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
3128 hci_req_init(&req, hdev);
3130 hci_req_add_le_scan_disable(&req);
3132 memset(&cp, 0, sizeof(cp));
3133 cp.enable = LE_SCAN_ENABLE;
3134 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3135 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
3137 err = hci_req_run(&req, le_scan_restart_work_complete);
3139 BT_ERR("Restart LE scan request failed: err %d", err);
3142 /* Copy the Identity Address of the controller.
3144 * If the controller has a public BD_ADDR, then by default use that one.
3145 * If this is a LE only controller without a public address, default to
3146 * the static random address.
3148 * For debugging purposes it is possible to force controllers with a
3149 * public address to use the static random address instead.
3151 * In case BR/EDR has been disabled on a dual-mode controller and
3152 * userspace has configured a static address, then that address
3153 * becomes the identity address instead of the public BR/EDR address.
3155 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3158 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
3159 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
3160 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3161 bacmp(&hdev->static_addr, BDADDR_ANY))) {
3162 bacpy(bdaddr, &hdev->static_addr);
3163 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3165 bacpy(bdaddr, &hdev->bdaddr);
3166 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3170 /* Alloc HCI device */
3171 struct hci_dev *hci_alloc_dev(void)
3173 struct hci_dev *hdev;
3175 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3179 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3180 hdev->esco_type = (ESCO_HV1);
3181 hdev->link_mode = (HCI_LM_ACCEPT);
3182 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3183 hdev->io_capability = 0x03; /* No Input No Output */
3184 hdev->manufacturer = 0xffff; /* Default to internal use */
3185 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3186 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3187 hdev->adv_instance_cnt = 0;
3188 hdev->cur_adv_instance = 0x00;
3189 hdev->adv_instance_timeout = 0;
3191 hdev->sniff_max_interval = 800;
3192 hdev->sniff_min_interval = 80;
3194 hdev->le_adv_channel_map = 0x07;
3195 hdev->le_adv_min_interval = 0x0800;
3196 hdev->le_adv_max_interval = 0x0800;
3197 hdev->le_scan_interval = 0x0060;
3198 hdev->le_scan_window = 0x0030;
3199 hdev->le_conn_min_interval = 0x0028;
3200 hdev->le_conn_max_interval = 0x0038;
3201 hdev->le_conn_latency = 0x0000;
3202 hdev->le_supv_timeout = 0x002a;
3203 hdev->le_def_tx_len = 0x001b;
3204 hdev->le_def_tx_time = 0x0148;
3205 hdev->le_max_tx_len = 0x001b;
3206 hdev->le_max_tx_time = 0x0148;
3207 hdev->le_max_rx_len = 0x001b;
3208 hdev->le_max_rx_time = 0x0148;
3210 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3211 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3212 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3213 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3215 mutex_init(&hdev->lock);
3216 mutex_init(&hdev->req_lock);
3218 INIT_LIST_HEAD(&hdev->mgmt_pending);
3219 INIT_LIST_HEAD(&hdev->blacklist);
3220 INIT_LIST_HEAD(&hdev->whitelist);
3221 INIT_LIST_HEAD(&hdev->uuids);
3222 INIT_LIST_HEAD(&hdev->link_keys);
3223 INIT_LIST_HEAD(&hdev->long_term_keys);
3224 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3225 INIT_LIST_HEAD(&hdev->remote_oob_data);
3226 INIT_LIST_HEAD(&hdev->le_white_list);
3227 INIT_LIST_HEAD(&hdev->le_conn_params);
3228 INIT_LIST_HEAD(&hdev->pend_le_conns);
3229 INIT_LIST_HEAD(&hdev->pend_le_reports);
3230 INIT_LIST_HEAD(&hdev->conn_hash.list);
3231 INIT_LIST_HEAD(&hdev->adv_instances);
3233 INIT_WORK(&hdev->rx_work, hci_rx_work);
3234 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3235 INIT_WORK(&hdev->tx_work, hci_tx_work);
3236 INIT_WORK(&hdev->power_on, hci_power_on);
3237 INIT_WORK(&hdev->error_reset, hci_error_reset);
3239 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3240 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
3241 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
3242 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
3243 INIT_DELAYED_WORK(&hdev->adv_instance_expire, hci_adv_timeout_expire);
3245 skb_queue_head_init(&hdev->rx_q);
3246 skb_queue_head_init(&hdev->cmd_q);
3247 skb_queue_head_init(&hdev->raw_q);
3249 init_waitqueue_head(&hdev->req_wait_q);
3251 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3253 hci_init_sysfs(hdev);
3254 discovery_init(hdev);
3258 EXPORT_SYMBOL(hci_alloc_dev);
3260 /* Free HCI device */
3261 void hci_free_dev(struct hci_dev *hdev)
3263 /* will free via device release */
3264 put_device(&hdev->dev);
3266 EXPORT_SYMBOL(hci_free_dev);
3268 /* Register HCI device */
3269 int hci_register_dev(struct hci_dev *hdev)
3273 if (!hdev->open || !hdev->close || !hdev->send)
3276 /* Do not allow HCI_AMP devices to register at index 0,
3277 * so the index can be used as the AMP controller ID.
3279 switch (hdev->dev_type) {
3281 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
3284 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
3293 sprintf(hdev->name, "hci%d", id);
3296 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3298 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3299 WQ_MEM_RECLAIM, 1, hdev->name);
3300 if (!hdev->workqueue) {
3305 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3306 WQ_MEM_RECLAIM, 1, hdev->name);
3307 if (!hdev->req_workqueue) {
3308 destroy_workqueue(hdev->workqueue);
3313 if (!IS_ERR_OR_NULL(bt_debugfs))
3314 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3316 dev_set_name(&hdev->dev, "%s", hdev->name);
3318 error = device_add(&hdev->dev);
3322 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3323 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3326 if (rfkill_register(hdev->rfkill) < 0) {
3327 rfkill_destroy(hdev->rfkill);
3328 hdev->rfkill = NULL;
3332 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3333 hci_dev_set_flag(hdev, HCI_RFKILLED);
3335 hci_dev_set_flag(hdev, HCI_SETUP);
3336 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3338 if (hdev->dev_type == HCI_BREDR) {
3339 /* Assume BR/EDR support until proven otherwise (such as
3340 * through reading supported features during init.
3342 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3345 write_lock(&hci_dev_list_lock);
3346 list_add(&hdev->list, &hci_dev_list);
3347 write_unlock(&hci_dev_list_lock);
3349 /* Devices that are marked for raw-only usage are unconfigured
3350 * and should not be included in normal operation.
3352 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3353 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3355 hci_notify(hdev, HCI_DEV_REG);
3358 queue_work(hdev->req_workqueue, &hdev->power_on);
3363 destroy_workqueue(hdev->workqueue);
3364 destroy_workqueue(hdev->req_workqueue);
3366 ida_simple_remove(&hci_index_ida, hdev->id);
3370 EXPORT_SYMBOL(hci_register_dev);
3372 /* Unregister HCI device */
3373 void hci_unregister_dev(struct hci_dev *hdev)
3377 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3379 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3383 write_lock(&hci_dev_list_lock);
3384 list_del(&hdev->list);
3385 write_unlock(&hci_dev_list_lock);
3387 hci_dev_do_close(hdev);
3389 cancel_work_sync(&hdev->power_on);
3391 if (!test_bit(HCI_INIT, &hdev->flags) &&
3392 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3393 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
3395 mgmt_index_removed(hdev);
3396 hci_dev_unlock(hdev);
3399 /* mgmt_index_removed should take care of emptying the
3401 BUG_ON(!list_empty(&hdev->mgmt_pending));
3403 hci_notify(hdev, HCI_DEV_UNREG);
3406 rfkill_unregister(hdev->rfkill);
3407 rfkill_destroy(hdev->rfkill);
3410 device_del(&hdev->dev);
3412 debugfs_remove_recursive(hdev->debugfs);
3414 destroy_workqueue(hdev->workqueue);
3415 destroy_workqueue(hdev->req_workqueue);
3418 hci_bdaddr_list_clear(&hdev->blacklist);
3419 hci_bdaddr_list_clear(&hdev->whitelist);
3420 hci_uuids_clear(hdev);
3421 hci_link_keys_clear(hdev);
3422 hci_smp_ltks_clear(hdev);
3423 hci_smp_irks_clear(hdev);
3424 hci_remote_oob_data_clear(hdev);
3425 hci_adv_instances_clear(hdev);
3426 hci_bdaddr_list_clear(&hdev->le_white_list);
3427 hci_conn_params_clear_all(hdev);
3428 hci_discovery_filter_clear(hdev);
3429 hci_dev_unlock(hdev);
3433 ida_simple_remove(&hci_index_ida, id);
3435 EXPORT_SYMBOL(hci_unregister_dev);
3437 /* Suspend HCI device */
3438 int hci_suspend_dev(struct hci_dev *hdev)
3440 hci_notify(hdev, HCI_DEV_SUSPEND);
3443 EXPORT_SYMBOL(hci_suspend_dev);
3445 /* Resume HCI device */
3446 int hci_resume_dev(struct hci_dev *hdev)
3448 hci_notify(hdev, HCI_DEV_RESUME);
3451 EXPORT_SYMBOL(hci_resume_dev);
3453 /* Reset HCI device */
3454 int hci_reset_dev(struct hci_dev *hdev)
3456 const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
3457 struct sk_buff *skb;
3459 skb = bt_skb_alloc(3, GFP_ATOMIC);
3463 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3464 memcpy(skb_put(skb, 3), hw_err, 3);
3466 /* Send Hardware Error to upper stack */
3467 return hci_recv_frame(hdev, skb);
3469 EXPORT_SYMBOL(hci_reset_dev);
3471 /* Receive frame from HCI drivers */
3472 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3474 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3475 && !test_bit(HCI_INIT, &hdev->flags))) {
3481 bt_cb(skb)->incoming = 1;
3484 __net_timestamp(skb);
3486 skb_queue_tail(&hdev->rx_q, skb);
3487 queue_work(hdev->workqueue, &hdev->rx_work);
3491 EXPORT_SYMBOL(hci_recv_frame);
3493 /* ---- Interface to upper protocols ---- */
3495 int hci_register_cb(struct hci_cb *cb)
3497 BT_DBG("%p name %s", cb, cb->name);
3499 mutex_lock(&hci_cb_list_lock);
3500 list_add_tail(&cb->list, &hci_cb_list);
3501 mutex_unlock(&hci_cb_list_lock);
3505 EXPORT_SYMBOL(hci_register_cb);
3507 int hci_unregister_cb(struct hci_cb *cb)
3509 BT_DBG("%p name %s", cb, cb->name);
3511 mutex_lock(&hci_cb_list_lock);
3512 list_del(&cb->list);
3513 mutex_unlock(&hci_cb_list_lock);
3517 EXPORT_SYMBOL(hci_unregister_cb);
3519 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
3523 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
3526 __net_timestamp(skb);
3528 /* Send copy to monitor */
3529 hci_send_to_monitor(hdev, skb);
3531 if (atomic_read(&hdev->promisc)) {
3532 /* Send copy to the sockets */
3533 hci_send_to_sock(hdev, skb);
3536 /* Get rid of skb owner, prior to sending to the driver. */
3539 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3544 err = hdev->send(hdev, skb);
3546 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
3551 /* Send HCI command */
3552 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3555 struct sk_buff *skb;
3557 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3559 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3561 BT_ERR("%s no memory for command", hdev->name);
3565 /* Stand-alone HCI commands must be flagged as
3566 * single-command requests.
3568 bt_cb(skb)->req.start = true;
3570 skb_queue_tail(&hdev->cmd_q, skb);
3571 queue_work(hdev->workqueue, &hdev->cmd_work);
3576 /* Get data from the previously sent command */
3577 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
3579 struct hci_command_hdr *hdr;
3581 if (!hdev->sent_cmd)
3584 hdr = (void *) hdev->sent_cmd->data;
3586 if (hdr->opcode != cpu_to_le16(opcode))
3589 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3591 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3594 /* Send HCI command and wait for command commplete event */
3595 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
3596 const void *param, u32 timeout)
3598 struct sk_buff *skb;
3600 if (!test_bit(HCI_UP, &hdev->flags))
3601 return ERR_PTR(-ENETDOWN);
3603 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
3606 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
3607 hci_req_unlock(hdev);
3611 EXPORT_SYMBOL(hci_cmd_sync);
3614 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3616 struct hci_acl_hdr *hdr;
3619 skb_push(skb, HCI_ACL_HDR_SIZE);
3620 skb_reset_transport_header(skb);
3621 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
3622 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3623 hdr->dlen = cpu_to_le16(len);
3626 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
3627 struct sk_buff *skb, __u16 flags)
3629 struct hci_conn *conn = chan->conn;
3630 struct hci_dev *hdev = conn->hdev;
3631 struct sk_buff *list;
3633 skb->len = skb_headlen(skb);
3636 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
3638 switch (hdev->dev_type) {
3640 hci_add_acl_hdr(skb, conn->handle, flags);
3643 hci_add_acl_hdr(skb, chan->handle, flags);
3646 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3650 list = skb_shinfo(skb)->frag_list;
3652 /* Non fragmented */
3653 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3655 skb_queue_tail(queue, skb);
3658 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3660 skb_shinfo(skb)->frag_list = NULL;
3662 /* Queue all fragments atomically. We need to use spin_lock_bh
3663 * here because of 6LoWPAN links, as there this function is
3664 * called from softirq and using normal spin lock could cause
3667 spin_lock_bh(&queue->lock);
3669 __skb_queue_tail(queue, skb);
3671 flags &= ~ACL_START;
3674 skb = list; list = list->next;
3676 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
3677 hci_add_acl_hdr(skb, conn->handle, flags);
3679 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3681 __skb_queue_tail(queue, skb);
3684 spin_unlock_bh(&queue->lock);
3688 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3690 struct hci_dev *hdev = chan->conn->hdev;
3692 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
3694 hci_queue_acl(chan, &chan->data_q, skb, flags);
3696 queue_work(hdev->workqueue, &hdev->tx_work);
3700 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
3702 struct hci_dev *hdev = conn->hdev;
3703 struct hci_sco_hdr hdr;
3705 BT_DBG("%s len %d", hdev->name, skb->len);
3707 hdr.handle = cpu_to_le16(conn->handle);
3708 hdr.dlen = skb->len;
3710 skb_push(skb, HCI_SCO_HDR_SIZE);
3711 skb_reset_transport_header(skb);
3712 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
3714 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
3716 skb_queue_tail(&conn->data_q, skb);
3717 queue_work(hdev->workqueue, &hdev->tx_work);
3720 /* ---- HCI TX task (outgoing data) ---- */
3722 /* HCI Connection scheduler */
3723 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3726 struct hci_conn_hash *h = &hdev->conn_hash;
3727 struct hci_conn *conn = NULL, *c;
3728 unsigned int num = 0, min = ~0;
3730 /* We don't have to lock device here. Connections are always
3731 * added and removed with TX task disabled. */
3735 list_for_each_entry_rcu(c, &h->list, list) {
3736 if (c->type != type || skb_queue_empty(&c->data_q))
3739 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3744 if (c->sent < min) {
3749 if (hci_conn_num(hdev, type) == num)
3758 switch (conn->type) {
3760 cnt = hdev->acl_cnt;
3764 cnt = hdev->sco_cnt;
3767 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3771 BT_ERR("Unknown link type");
3779 BT_DBG("conn %p quote %d", conn, *quote);
3783 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
3785 struct hci_conn_hash *h = &hdev->conn_hash;
3788 BT_ERR("%s link tx timeout", hdev->name);
3792 /* Kill stalled connections */
3793 list_for_each_entry_rcu(c, &h->list, list) {
3794 if (c->type == type && c->sent) {
3795 BT_ERR("%s killing stalled connection %pMR",
3796 hdev->name, &c->dst);
3797 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
3804 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3807 struct hci_conn_hash *h = &hdev->conn_hash;
3808 struct hci_chan *chan = NULL;
3809 unsigned int num = 0, min = ~0, cur_prio = 0;
3810 struct hci_conn *conn;
3811 int cnt, q, conn_num = 0;
3813 BT_DBG("%s", hdev->name);
3817 list_for_each_entry_rcu(conn, &h->list, list) {
3818 struct hci_chan *tmp;
3820 if (conn->type != type)
3823 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3828 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
3829 struct sk_buff *skb;
3831 if (skb_queue_empty(&tmp->data_q))
3834 skb = skb_peek(&tmp->data_q);
3835 if (skb->priority < cur_prio)
3838 if (skb->priority > cur_prio) {
3841 cur_prio = skb->priority;
3846 if (conn->sent < min) {
3852 if (hci_conn_num(hdev, type) == conn_num)
3861 switch (chan->conn->type) {
3863 cnt = hdev->acl_cnt;
3866 cnt = hdev->block_cnt;
3870 cnt = hdev->sco_cnt;
3873 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3877 BT_ERR("Unknown link type");
3882 BT_DBG("chan %p quote %d", chan, *quote);
3886 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3888 struct hci_conn_hash *h = &hdev->conn_hash;
3889 struct hci_conn *conn;
3892 BT_DBG("%s", hdev->name);
3896 list_for_each_entry_rcu(conn, &h->list, list) {
3897 struct hci_chan *chan;
3899 if (conn->type != type)
3902 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3907 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3908 struct sk_buff *skb;
3915 if (skb_queue_empty(&chan->data_q))
3918 skb = skb_peek(&chan->data_q);
3919 if (skb->priority >= HCI_PRIO_MAX - 1)
3922 skb->priority = HCI_PRIO_MAX - 1;
3924 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3928 if (hci_conn_num(hdev, type) == num)
3936 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3938 /* Calculate count of blocks used by this packet */
3939 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3942 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3944 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
3945 /* ACL tx timeout must be longer than maximum
3946 * link supervision timeout (40.9 seconds) */
3947 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3948 HCI_ACL_TX_TIMEOUT))
3949 hci_link_tx_to(hdev, ACL_LINK);
3953 static void hci_sched_acl_pkt(struct hci_dev *hdev)
3955 unsigned int cnt = hdev->acl_cnt;
3956 struct hci_chan *chan;
3957 struct sk_buff *skb;
3960 __check_timeout(hdev, cnt);
3962 while (hdev->acl_cnt &&
3963 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
3964 u32 priority = (skb_peek(&chan->data_q))->priority;
3965 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3966 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3967 skb->len, skb->priority);
3969 /* Stop if priority has changed */
3970 if (skb->priority < priority)
3973 skb = skb_dequeue(&chan->data_q);
3975 hci_conn_enter_active_mode(chan->conn,
3976 bt_cb(skb)->force_active);
3978 hci_send_frame(hdev, skb);
3979 hdev->acl_last_tx = jiffies;
3987 if (cnt != hdev->acl_cnt)
3988 hci_prio_recalculate(hdev, ACL_LINK);
3991 static void hci_sched_acl_blk(struct hci_dev *hdev)
3993 unsigned int cnt = hdev->block_cnt;
3994 struct hci_chan *chan;
3995 struct sk_buff *skb;
3999 __check_timeout(hdev, cnt);
4001 BT_DBG("%s", hdev->name);
4003 if (hdev->dev_type == HCI_AMP)
4008 while (hdev->block_cnt > 0 &&
4009 (chan = hci_chan_sent(hdev, type, "e))) {
4010 u32 priority = (skb_peek(&chan->data_q))->priority;
4011 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
4014 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4015 skb->len, skb->priority);
4017 /* Stop if priority has changed */
4018 if (skb->priority < priority)
4021 skb = skb_dequeue(&chan->data_q);
4023 blocks = __get_blocks(hdev, skb);
4024 if (blocks > hdev->block_cnt)
4027 hci_conn_enter_active_mode(chan->conn,
4028 bt_cb(skb)->force_active);
4030 hci_send_frame(hdev, skb);
4031 hdev->acl_last_tx = jiffies;
4033 hdev->block_cnt -= blocks;
4036 chan->sent += blocks;
4037 chan->conn->sent += blocks;
4041 if (cnt != hdev->block_cnt)
4042 hci_prio_recalculate(hdev, type);
4045 static void hci_sched_acl(struct hci_dev *hdev)
4047 BT_DBG("%s", hdev->name);
4049 /* No ACL link over BR/EDR controller */
4050 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
4053 /* No AMP link over AMP controller */
4054 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
4057 switch (hdev->flow_ctl_mode) {
4058 case HCI_FLOW_CTL_MODE_PACKET_BASED:
4059 hci_sched_acl_pkt(hdev);
4062 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
4063 hci_sched_acl_blk(hdev);
4069 static void hci_sched_sco(struct hci_dev *hdev)
4071 struct hci_conn *conn;
4072 struct sk_buff *skb;
4075 BT_DBG("%s", hdev->name);
4077 if (!hci_conn_num(hdev, SCO_LINK))
4080 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
4081 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4082 BT_DBG("skb %p len %d", skb, skb->len);
4083 hci_send_frame(hdev, skb);
4086 if (conn->sent == ~0)
4092 static void hci_sched_esco(struct hci_dev *hdev)
4094 struct hci_conn *conn;
4095 struct sk_buff *skb;
4098 BT_DBG("%s", hdev->name);
4100 if (!hci_conn_num(hdev, ESCO_LINK))
4103 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
4105 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4106 BT_DBG("skb %p len %d", skb, skb->len);
4107 hci_send_frame(hdev, skb);
4110 if (conn->sent == ~0)
4116 static void hci_sched_le(struct hci_dev *hdev)
4118 struct hci_chan *chan;
4119 struct sk_buff *skb;
4120 int quote, cnt, tmp;
4122 BT_DBG("%s", hdev->name);
4124 if (!hci_conn_num(hdev, LE_LINK))
4127 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
4128 /* LE tx timeout must be longer than maximum
4129 * link supervision timeout (40.9 seconds) */
4130 if (!hdev->le_cnt && hdev->le_pkts &&
4131 time_after(jiffies, hdev->le_last_tx + HZ * 45))
4132 hci_link_tx_to(hdev, LE_LINK);
4135 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
4137 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
4138 u32 priority = (skb_peek(&chan->data_q))->priority;
4139 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4140 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4141 skb->len, skb->priority);
4143 /* Stop if priority has changed */
4144 if (skb->priority < priority)
4147 skb = skb_dequeue(&chan->data_q);
4149 hci_send_frame(hdev, skb);
4150 hdev->le_last_tx = jiffies;
4161 hdev->acl_cnt = cnt;
4164 hci_prio_recalculate(hdev, LE_LINK);
4167 static void hci_tx_work(struct work_struct *work)
4169 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4170 struct sk_buff *skb;
4172 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4173 hdev->sco_cnt, hdev->le_cnt);
4175 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4176 /* Schedule queues and send stuff to HCI driver */
4177 hci_sched_acl(hdev);
4178 hci_sched_sco(hdev);
4179 hci_sched_esco(hdev);
4183 /* Send next queued raw (unknown type) packet */
4184 while ((skb = skb_dequeue(&hdev->raw_q)))
4185 hci_send_frame(hdev, skb);
4188 /* ----- HCI RX task (incoming data processing) ----- */
4190 /* ACL data packet */
4191 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4193 struct hci_acl_hdr *hdr = (void *) skb->data;
4194 struct hci_conn *conn;
4195 __u16 handle, flags;
4197 skb_pull(skb, HCI_ACL_HDR_SIZE);
4199 handle = __le16_to_cpu(hdr->handle);
4200 flags = hci_flags(handle);
4201 handle = hci_handle(handle);
4203 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4206 hdev->stat.acl_rx++;
4209 conn = hci_conn_hash_lookup_handle(hdev, handle);
4210 hci_dev_unlock(hdev);
4213 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4215 /* Send to upper protocol */
4216 l2cap_recv_acldata(conn, skb, flags);
4219 BT_ERR("%s ACL packet for unknown connection handle %d",
4220 hdev->name, handle);
4226 /* SCO data packet */
4227 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4229 struct hci_sco_hdr *hdr = (void *) skb->data;
4230 struct hci_conn *conn;
4233 skb_pull(skb, HCI_SCO_HDR_SIZE);
4235 handle = __le16_to_cpu(hdr->handle);
4237 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
4239 hdev->stat.sco_rx++;
4242 conn = hci_conn_hash_lookup_handle(hdev, handle);
4243 hci_dev_unlock(hdev);
4246 /* Send to upper protocol */
4247 sco_recv_scodata(conn, skb);
4250 BT_ERR("%s SCO packet for unknown connection handle %d",
4251 hdev->name, handle);
4257 static bool hci_req_is_complete(struct hci_dev *hdev)
4259 struct sk_buff *skb;
4261 skb = skb_peek(&hdev->cmd_q);
4265 return bt_cb(skb)->req.start;
4268 static void hci_resend_last(struct hci_dev *hdev)
4270 struct hci_command_hdr *sent;
4271 struct sk_buff *skb;
4274 if (!hdev->sent_cmd)
4277 sent = (void *) hdev->sent_cmd->data;
4278 opcode = __le16_to_cpu(sent->opcode);
4279 if (opcode == HCI_OP_RESET)
4282 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4286 skb_queue_head(&hdev->cmd_q, skb);
4287 queue_work(hdev->workqueue, &hdev->cmd_work);
4290 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4291 hci_req_complete_t *req_complete,
4292 hci_req_complete_skb_t *req_complete_skb)
4294 struct sk_buff *skb;
4295 unsigned long flags;
4297 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4299 /* If the completed command doesn't match the last one that was
4300 * sent we need to do special handling of it.
4302 if (!hci_sent_cmd_data(hdev, opcode)) {
4303 /* Some CSR based controllers generate a spontaneous
4304 * reset complete event during init and any pending
4305 * command will never be completed. In such a case we
4306 * need to resend whatever was the last sent
4309 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4310 hci_resend_last(hdev);
4315 /* If the command succeeded and there's still more commands in
4316 * this request the request is not yet complete.
4318 if (!status && !hci_req_is_complete(hdev))
4321 /* If this was the last command in a request the complete
4322 * callback would be found in hdev->sent_cmd instead of the
4323 * command queue (hdev->cmd_q).
4325 if (bt_cb(hdev->sent_cmd)->req.complete) {
4326 *req_complete = bt_cb(hdev->sent_cmd)->req.complete;
4330 if (bt_cb(hdev->sent_cmd)->req.complete_skb) {
4331 *req_complete_skb = bt_cb(hdev->sent_cmd)->req.complete_skb;
4335 /* Remove all pending commands belonging to this request */
4336 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4337 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4338 if (bt_cb(skb)->req.start) {
4339 __skb_queue_head(&hdev->cmd_q, skb);
4343 *req_complete = bt_cb(skb)->req.complete;
4344 *req_complete_skb = bt_cb(skb)->req.complete_skb;
4347 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4350 static void hci_rx_work(struct work_struct *work)
4352 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4353 struct sk_buff *skb;
4355 BT_DBG("%s", hdev->name);
4357 while ((skb = skb_dequeue(&hdev->rx_q))) {
4358 /* Send copy to monitor */
4359 hci_send_to_monitor(hdev, skb);
4361 if (atomic_read(&hdev->promisc)) {
4362 /* Send copy to the sockets */
4363 hci_send_to_sock(hdev, skb);
4366 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4371 if (test_bit(HCI_INIT, &hdev->flags)) {
4372 /* Don't process data packets in this states. */
4373 switch (bt_cb(skb)->pkt_type) {
4374 case HCI_ACLDATA_PKT:
4375 case HCI_SCODATA_PKT:
4382 switch (bt_cb(skb)->pkt_type) {
4384 BT_DBG("%s Event packet", hdev->name);
4385 hci_event_packet(hdev, skb);
4388 case HCI_ACLDATA_PKT:
4389 BT_DBG("%s ACL data packet", hdev->name);
4390 hci_acldata_packet(hdev, skb);
4393 case HCI_SCODATA_PKT:
4394 BT_DBG("%s SCO data packet", hdev->name);
4395 hci_scodata_packet(hdev, skb);
4405 static void hci_cmd_work(struct work_struct *work)
4407 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4408 struct sk_buff *skb;
4410 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4411 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4413 /* Send queued commands */
4414 if (atomic_read(&hdev->cmd_cnt)) {
4415 skb = skb_dequeue(&hdev->cmd_q);
4419 kfree_skb(hdev->sent_cmd);
4421 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4422 if (hdev->sent_cmd) {
4423 atomic_dec(&hdev->cmd_cnt);
4424 hci_send_frame(hdev, skb);
4425 if (test_bit(HCI_RESET, &hdev->flags))
4426 cancel_delayed_work(&hdev->cmd_timer);
4428 schedule_delayed_work(&hdev->cmd_timer,
4431 skb_queue_head(&hdev->cmd_q, skb);
4432 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / firefly-linux-kernel-4.4.55.git / blob