2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
31 #include <linux/rfkill.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
36 static void hci_rx_work(struct work_struct *work);
37 static void hci_cmd_work(struct work_struct *work);
38 static void hci_tx_work(struct work_struct *work);
41 LIST_HEAD(hci_dev_list);
42 DEFINE_RWLOCK(hci_dev_list_lock);
44 /* HCI callback list */
45 LIST_HEAD(hci_cb_list);
46 DEFINE_RWLOCK(hci_cb_list_lock);
48 /* HCI ID Numbering */
49 static DEFINE_IDA(hci_index_ida);
51 /* ---- HCI notifications ---- */
53 static void hci_notify(struct hci_dev *hdev, int event)
55 hci_sock_dev_event(hdev, event);
58 /* ---- HCI requests ---- */
60 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
62 BT_DBG("%s result 0x%2.2x", hdev->name, result);
64 if (hdev->req_status == HCI_REQ_PEND) {
65 hdev->req_result = result;
66 hdev->req_status = HCI_REQ_DONE;
67 wake_up_interruptible(&hdev->req_wait_q);
71 static void hci_req_cancel(struct hci_dev *hdev, int err)
73 BT_DBG("%s err 0x%2.2x", hdev->name, err);
75 if (hdev->req_status == HCI_REQ_PEND) {
76 hdev->req_result = err;
77 hdev->req_status = HCI_REQ_CANCELED;
78 wake_up_interruptible(&hdev->req_wait_q);
82 /* Execute request and wait for completion. */
83 static int __hci_req_sync(struct hci_dev *hdev,
84 void (*func)(struct hci_request *req,
86 unsigned long opt, __u32 timeout)
88 struct hci_request req;
89 DECLARE_WAITQUEUE(wait, current);
92 BT_DBG("%s start", hdev->name);
94 hci_req_init(&req, hdev);
96 hdev->req_status = HCI_REQ_PEND;
100 err = hci_req_run(&req, hci_req_sync_complete);
102 hdev->req_status = 0;
104 /* ENODATA means the HCI request command queue is empty.
105 * This can happen when a request with conditionals doesn't
106 * trigger any commands to be sent. This is normal behavior
107 * and should not trigger an error return.
115 add_wait_queue(&hdev->req_wait_q, &wait);
116 set_current_state(TASK_INTERRUPTIBLE);
118 schedule_timeout(timeout);
120 remove_wait_queue(&hdev->req_wait_q, &wait);
122 if (signal_pending(current))
125 switch (hdev->req_status) {
127 err = -bt_to_errno(hdev->req_result);
130 case HCI_REQ_CANCELED:
131 err = -hdev->req_result;
139 hdev->req_status = hdev->req_result = 0;
141 BT_DBG("%s end: err %d", hdev->name, err);
146 static int hci_req_sync(struct hci_dev *hdev,
147 void (*req)(struct hci_request *req,
149 unsigned long opt, __u32 timeout)
153 if (!test_bit(HCI_UP, &hdev->flags))
156 /* Serialize all requests */
158 ret = __hci_req_sync(hdev, req, opt, timeout);
159 hci_req_unlock(hdev);
164 static void hci_reset_req(struct hci_request *req, unsigned long opt)
166 BT_DBG("%s %ld", req->hdev->name, opt);
169 set_bit(HCI_RESET, &req->hdev->flags);
170 hci_req_add(req, HCI_OP_RESET, 0, NULL);
173 static void bredr_init(struct hci_request *req)
175 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
177 /* Read Local Supported Features */
178 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
180 /* Read Local Version */
181 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
183 /* Read BD Address */
184 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
187 static void amp_init(struct hci_request *req)
189 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
191 /* Read Local Version */
192 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
194 /* Read Local AMP Info */
195 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
197 /* Read Data Blk size */
198 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
201 static void hci_init1_req(struct hci_request *req, unsigned long opt)
203 struct hci_dev *hdev = req->hdev;
204 struct hci_request init_req;
207 BT_DBG("%s %ld", hdev->name, opt);
209 /* Driver initialization */
211 hci_req_init(&init_req, hdev);
213 /* Special commands */
214 while ((skb = skb_dequeue(&hdev->driver_init))) {
215 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
216 skb->dev = (void *) hdev;
218 if (skb_queue_empty(&init_req.cmd_q))
219 bt_cb(skb)->req.start = true;
221 skb_queue_tail(&init_req.cmd_q, skb);
223 skb_queue_purge(&hdev->driver_init);
225 hci_req_run(&init_req, NULL);
228 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
229 hci_reset_req(req, 0);
231 switch (hdev->dev_type) {
241 BT_ERR("Unknown device type %d", hdev->dev_type);
246 static void bredr_setup(struct hci_request *req)
248 struct hci_cp_delete_stored_link_key cp;
252 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
253 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
255 /* Read Class of Device */
256 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
258 /* Read Local Name */
259 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
261 /* Read Voice Setting */
262 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
264 /* Clear Event Filters */
265 flt_type = HCI_FLT_CLEAR_ALL;
266 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
268 /* Connection accept timeout ~20 secs */
269 param = __constant_cpu_to_le16(0x7d00);
270 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
272 bacpy(&cp.bdaddr, BDADDR_ANY);
273 cp.delete_all = 0x01;
274 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
277 static void le_setup(struct hci_request *req)
279 /* Read LE Buffer Size */
280 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
282 /* Read LE Local Supported Features */
283 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
285 /* Read LE Advertising Channel TX Power */
286 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
288 /* Read LE White List Size */
289 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
291 /* Read LE Supported States */
292 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
295 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
297 if (lmp_ext_inq_capable(hdev))
300 if (lmp_inq_rssi_capable(hdev))
303 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
304 hdev->lmp_subver == 0x0757)
307 if (hdev->manufacturer == 15) {
308 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
310 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
312 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
316 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
317 hdev->lmp_subver == 0x1805)
323 static void hci_setup_inquiry_mode(struct hci_request *req)
327 mode = hci_get_inquiry_mode(req->hdev);
329 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
332 static void hci_setup_event_mask(struct hci_request *req)
334 struct hci_dev *hdev = req->hdev;
336 /* The second byte is 0xff instead of 0x9f (two reserved bits
337 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
340 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
342 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
343 * any event mask for pre 1.2 devices.
345 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
348 if (lmp_bredr_capable(hdev)) {
349 events[4] |= 0x01; /* Flow Specification Complete */
350 events[4] |= 0x02; /* Inquiry Result with RSSI */
351 events[4] |= 0x04; /* Read Remote Extended Features Complete */
352 events[5] |= 0x08; /* Synchronous Connection Complete */
353 events[5] |= 0x10; /* Synchronous Connection Changed */
356 if (lmp_inq_rssi_capable(hdev))
357 events[4] |= 0x02; /* Inquiry Result with RSSI */
359 if (lmp_sniffsubr_capable(hdev))
360 events[5] |= 0x20; /* Sniff Subrating */
362 if (lmp_pause_enc_capable(hdev))
363 events[5] |= 0x80; /* Encryption Key Refresh Complete */
365 if (lmp_ext_inq_capable(hdev))
366 events[5] |= 0x40; /* Extended Inquiry Result */
368 if (lmp_no_flush_capable(hdev))
369 events[7] |= 0x01; /* Enhanced Flush Complete */
371 if (lmp_lsto_capable(hdev))
372 events[6] |= 0x80; /* Link Supervision Timeout Changed */
374 if (lmp_ssp_capable(hdev)) {
375 events[6] |= 0x01; /* IO Capability Request */
376 events[6] |= 0x02; /* IO Capability Response */
377 events[6] |= 0x04; /* User Confirmation Request */
378 events[6] |= 0x08; /* User Passkey Request */
379 events[6] |= 0x10; /* Remote OOB Data Request */
380 events[6] |= 0x20; /* Simple Pairing Complete */
381 events[7] |= 0x04; /* User Passkey Notification */
382 events[7] |= 0x08; /* Keypress Notification */
383 events[7] |= 0x10; /* Remote Host Supported
384 * Features Notification
388 if (lmp_le_capable(hdev))
389 events[7] |= 0x20; /* LE Meta-Event */
391 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
393 if (lmp_le_capable(hdev)) {
394 memset(events, 0, sizeof(events));
396 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK,
397 sizeof(events), events);
401 static void hci_init2_req(struct hci_request *req, unsigned long opt)
403 struct hci_dev *hdev = req->hdev;
405 if (lmp_bredr_capable(hdev))
408 if (lmp_le_capable(hdev))
411 hci_setup_event_mask(req);
413 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
414 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
416 if (lmp_ssp_capable(hdev)) {
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
419 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
420 sizeof(mode), &mode);
422 struct hci_cp_write_eir cp;
424 memset(hdev->eir, 0, sizeof(hdev->eir));
425 memset(&cp, 0, sizeof(cp));
427 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
431 if (lmp_inq_rssi_capable(hdev))
432 hci_setup_inquiry_mode(req);
434 if (lmp_inq_tx_pwr_capable(hdev))
435 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
437 if (lmp_ext_feat_capable(hdev)) {
438 struct hci_cp_read_local_ext_features cp;
441 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
445 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
447 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
452 static void hci_setup_link_policy(struct hci_request *req)
454 struct hci_dev *hdev = req->hdev;
455 struct hci_cp_write_def_link_policy cp;
458 if (lmp_rswitch_capable(hdev))
459 link_policy |= HCI_LP_RSWITCH;
460 if (lmp_hold_capable(hdev))
461 link_policy |= HCI_LP_HOLD;
462 if (lmp_sniff_capable(hdev))
463 link_policy |= HCI_LP_SNIFF;
464 if (lmp_park_capable(hdev))
465 link_policy |= HCI_LP_PARK;
467 cp.policy = cpu_to_le16(link_policy);
468 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
471 static void hci_set_le_support(struct hci_request *req)
473 struct hci_dev *hdev = req->hdev;
474 struct hci_cp_write_le_host_supported cp;
476 memset(&cp, 0, sizeof(cp));
478 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
480 cp.simul = lmp_le_br_capable(hdev);
483 if (cp.le != lmp_host_le_capable(hdev))
484 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
488 static void hci_init3_req(struct hci_request *req, unsigned long opt)
490 struct hci_dev *hdev = req->hdev;
492 if (hdev->commands[5] & 0x10)
493 hci_setup_link_policy(req);
495 if (lmp_le_capable(hdev))
496 hci_set_le_support(req);
499 static int __hci_init(struct hci_dev *hdev)
503 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
507 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
508 * BR/EDR/LE type controllers. AMP controllers only need the
511 if (hdev->dev_type != HCI_BREDR)
514 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
518 return __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
521 static void hci_scan_req(struct hci_request *req, unsigned long opt)
525 BT_DBG("%s %x", req->hdev->name, scan);
527 /* Inquiry and Page scans */
528 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
531 static void hci_auth_req(struct hci_request *req, unsigned long opt)
535 BT_DBG("%s %x", req->hdev->name, auth);
538 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
541 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
545 BT_DBG("%s %x", req->hdev->name, encrypt);
548 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
551 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
553 __le16 policy = cpu_to_le16(opt);
555 BT_DBG("%s %x", req->hdev->name, policy);
557 /* Default link policy */
558 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
561 /* Get HCI device by index.
562 * Device is held on return. */
563 struct hci_dev *hci_dev_get(int index)
565 struct hci_dev *hdev = NULL, *d;
572 read_lock(&hci_dev_list_lock);
573 list_for_each_entry(d, &hci_dev_list, list) {
574 if (d->id == index) {
575 hdev = hci_dev_hold(d);
579 read_unlock(&hci_dev_list_lock);
583 /* ---- Inquiry support ---- */
585 bool hci_discovery_active(struct hci_dev *hdev)
587 struct discovery_state *discov = &hdev->discovery;
589 switch (discov->state) {
590 case DISCOVERY_FINDING:
591 case DISCOVERY_RESOLVING:
599 void hci_discovery_set_state(struct hci_dev *hdev, int state)
601 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
603 if (hdev->discovery.state == state)
607 case DISCOVERY_STOPPED:
608 if (hdev->discovery.state != DISCOVERY_STARTING)
609 mgmt_discovering(hdev, 0);
611 case DISCOVERY_STARTING:
613 case DISCOVERY_FINDING:
614 mgmt_discovering(hdev, 1);
616 case DISCOVERY_RESOLVING:
618 case DISCOVERY_STOPPING:
622 hdev->discovery.state = state;
625 static void inquiry_cache_flush(struct hci_dev *hdev)
627 struct discovery_state *cache = &hdev->discovery;
628 struct inquiry_entry *p, *n;
630 list_for_each_entry_safe(p, n, &cache->all, all) {
635 INIT_LIST_HEAD(&cache->unknown);
636 INIT_LIST_HEAD(&cache->resolve);
639 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
642 struct discovery_state *cache = &hdev->discovery;
643 struct inquiry_entry *e;
645 BT_DBG("cache %p, %pMR", cache, bdaddr);
647 list_for_each_entry(e, &cache->all, all) {
648 if (!bacmp(&e->data.bdaddr, bdaddr))
655 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
658 struct discovery_state *cache = &hdev->discovery;
659 struct inquiry_entry *e;
661 BT_DBG("cache %p, %pMR", cache, bdaddr);
663 list_for_each_entry(e, &cache->unknown, list) {
664 if (!bacmp(&e->data.bdaddr, bdaddr))
671 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
675 struct discovery_state *cache = &hdev->discovery;
676 struct inquiry_entry *e;
678 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
680 list_for_each_entry(e, &cache->resolve, list) {
681 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
683 if (!bacmp(&e->data.bdaddr, bdaddr))
690 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
691 struct inquiry_entry *ie)
693 struct discovery_state *cache = &hdev->discovery;
694 struct list_head *pos = &cache->resolve;
695 struct inquiry_entry *p;
699 list_for_each_entry(p, &cache->resolve, list) {
700 if (p->name_state != NAME_PENDING &&
701 abs(p->data.rssi) >= abs(ie->data.rssi))
706 list_add(&ie->list, pos);
709 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
710 bool name_known, bool *ssp)
712 struct discovery_state *cache = &hdev->discovery;
713 struct inquiry_entry *ie;
715 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
717 hci_remove_remote_oob_data(hdev, &data->bdaddr);
720 *ssp = data->ssp_mode;
722 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
724 if (ie->data.ssp_mode && ssp)
727 if (ie->name_state == NAME_NEEDED &&
728 data->rssi != ie->data.rssi) {
729 ie->data.rssi = data->rssi;
730 hci_inquiry_cache_update_resolve(hdev, ie);
736 /* Entry not in the cache. Add new one. */
737 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
741 list_add(&ie->all, &cache->all);
744 ie->name_state = NAME_KNOWN;
746 ie->name_state = NAME_NOT_KNOWN;
747 list_add(&ie->list, &cache->unknown);
751 if (name_known && ie->name_state != NAME_KNOWN &&
752 ie->name_state != NAME_PENDING) {
753 ie->name_state = NAME_KNOWN;
757 memcpy(&ie->data, data, sizeof(*data));
758 ie->timestamp = jiffies;
759 cache->timestamp = jiffies;
761 if (ie->name_state == NAME_NOT_KNOWN)
767 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
769 struct discovery_state *cache = &hdev->discovery;
770 struct inquiry_info *info = (struct inquiry_info *) buf;
771 struct inquiry_entry *e;
774 list_for_each_entry(e, &cache->all, all) {
775 struct inquiry_data *data = &e->data;
780 bacpy(&info->bdaddr, &data->bdaddr);
781 info->pscan_rep_mode = data->pscan_rep_mode;
782 info->pscan_period_mode = data->pscan_period_mode;
783 info->pscan_mode = data->pscan_mode;
784 memcpy(info->dev_class, data->dev_class, 3);
785 info->clock_offset = data->clock_offset;
791 BT_DBG("cache %p, copied %d", cache, copied);
795 static void hci_inq_req(struct hci_request *req, unsigned long opt)
797 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
798 struct hci_dev *hdev = req->hdev;
799 struct hci_cp_inquiry cp;
801 BT_DBG("%s", hdev->name);
803 if (test_bit(HCI_INQUIRY, &hdev->flags))
807 memcpy(&cp.lap, &ir->lap, 3);
808 cp.length = ir->length;
809 cp.num_rsp = ir->num_rsp;
810 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
813 int hci_inquiry(void __user *arg)
815 __u8 __user *ptr = arg;
816 struct hci_inquiry_req ir;
817 struct hci_dev *hdev;
818 int err = 0, do_inquiry = 0, max_rsp;
822 if (copy_from_user(&ir, ptr, sizeof(ir)))
825 hdev = hci_dev_get(ir.dev_id);
830 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
831 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
832 inquiry_cache_flush(hdev);
835 hci_dev_unlock(hdev);
837 timeo = ir.length * msecs_to_jiffies(2000);
840 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
846 /* for unlimited number of responses we will use buffer with
849 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
851 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
852 * copy it to the user space.
854 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
861 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
862 hci_dev_unlock(hdev);
864 BT_DBG("num_rsp %d", ir.num_rsp);
866 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
868 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
881 static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
883 u8 ad_len = 0, flags = 0;
886 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
887 flags |= LE_AD_GENERAL;
889 if (!lmp_bredr_capable(hdev))
890 flags |= LE_AD_NO_BREDR;
892 if (lmp_le_br_capable(hdev))
893 flags |= LE_AD_SIM_LE_BREDR_CTRL;
895 if (lmp_host_le_br_capable(hdev))
896 flags |= LE_AD_SIM_LE_BREDR_HOST;
899 BT_DBG("adv flags 0x%02x", flags);
909 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
911 ptr[1] = EIR_TX_POWER;
912 ptr[2] = (u8) hdev->adv_tx_power;
918 name_len = strlen(hdev->dev_name);
920 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
922 if (name_len > max_len) {
924 ptr[1] = EIR_NAME_SHORT;
926 ptr[1] = EIR_NAME_COMPLETE;
928 ptr[0] = name_len + 1;
930 memcpy(ptr + 2, hdev->dev_name, name_len);
932 ad_len += (name_len + 2);
933 ptr += (name_len + 2);
939 int hci_update_ad(struct hci_dev *hdev)
941 struct hci_cp_le_set_adv_data cp;
947 if (!lmp_le_capable(hdev)) {
952 memset(&cp, 0, sizeof(cp));
954 len = create_ad(hdev, cp.data);
956 if (hdev->adv_data_len == len &&
957 memcmp(cp.data, hdev->adv_data, len) == 0) {
962 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
963 hdev->adv_data_len = len;
966 err = hci_send_cmd(hdev, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
969 hci_dev_unlock(hdev);
974 /* ---- HCI ioctl helpers ---- */
976 int hci_dev_open(__u16 dev)
978 struct hci_dev *hdev;
981 hdev = hci_dev_get(dev);
985 BT_DBG("%s %p", hdev->name, hdev);
989 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
994 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
999 if (test_bit(HCI_UP, &hdev->flags)) {
1004 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1005 set_bit(HCI_RAW, &hdev->flags);
1007 /* Treat all non BR/EDR controllers as raw devices if
1008 enable_hs is not set */
1009 if (hdev->dev_type != HCI_BREDR && !enable_hs)
1010 set_bit(HCI_RAW, &hdev->flags);
1012 if (hdev->open(hdev)) {
1017 if (!test_bit(HCI_RAW, &hdev->flags)) {
1018 atomic_set(&hdev->cmd_cnt, 1);
1019 set_bit(HCI_INIT, &hdev->flags);
1020 ret = __hci_init(hdev);
1021 clear_bit(HCI_INIT, &hdev->flags);
1026 set_bit(HCI_UP, &hdev->flags);
1027 hci_notify(hdev, HCI_DEV_UP);
1028 hci_update_ad(hdev);
1029 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
1030 mgmt_valid_hdev(hdev)) {
1032 mgmt_powered(hdev, 1);
1033 hci_dev_unlock(hdev);
1036 /* Init failed, cleanup */
1037 flush_work(&hdev->tx_work);
1038 flush_work(&hdev->cmd_work);
1039 flush_work(&hdev->rx_work);
1041 skb_queue_purge(&hdev->cmd_q);
1042 skb_queue_purge(&hdev->rx_q);
1047 if (hdev->sent_cmd) {
1048 kfree_skb(hdev->sent_cmd);
1049 hdev->sent_cmd = NULL;
1057 hci_req_unlock(hdev);
1062 static int hci_dev_do_close(struct hci_dev *hdev)
1064 BT_DBG("%s %p", hdev->name, hdev);
1066 cancel_work_sync(&hdev->le_scan);
1068 cancel_delayed_work(&hdev->power_off);
1070 hci_req_cancel(hdev, ENODEV);
1073 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1074 del_timer_sync(&hdev->cmd_timer);
1075 hci_req_unlock(hdev);
1079 /* Flush RX and TX works */
1080 flush_work(&hdev->tx_work);
1081 flush_work(&hdev->rx_work);
1083 if (hdev->discov_timeout > 0) {
1084 cancel_delayed_work(&hdev->discov_off);
1085 hdev->discov_timeout = 0;
1086 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1089 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1090 cancel_delayed_work(&hdev->service_cache);
1092 cancel_delayed_work_sync(&hdev->le_scan_disable);
1095 inquiry_cache_flush(hdev);
1096 hci_conn_hash_flush(hdev);
1097 hci_dev_unlock(hdev);
1099 hci_notify(hdev, HCI_DEV_DOWN);
1105 skb_queue_purge(&hdev->cmd_q);
1106 atomic_set(&hdev->cmd_cnt, 1);
1107 if (!test_bit(HCI_RAW, &hdev->flags) &&
1108 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
1109 set_bit(HCI_INIT, &hdev->flags);
1110 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
1111 clear_bit(HCI_INIT, &hdev->flags);
1114 /* flush cmd work */
1115 flush_work(&hdev->cmd_work);
1118 skb_queue_purge(&hdev->rx_q);
1119 skb_queue_purge(&hdev->cmd_q);
1120 skb_queue_purge(&hdev->raw_q);
1122 /* Drop last sent command */
1123 if (hdev->sent_cmd) {
1124 del_timer_sync(&hdev->cmd_timer);
1125 kfree_skb(hdev->sent_cmd);
1126 hdev->sent_cmd = NULL;
1129 /* After this point our queues are empty
1130 * and no tasks are scheduled. */
1133 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
1134 mgmt_valid_hdev(hdev)) {
1136 mgmt_powered(hdev, 0);
1137 hci_dev_unlock(hdev);
1143 /* Controller radio is available but is currently powered down */
1144 hdev->amp_status = 0;
1146 memset(hdev->eir, 0, sizeof(hdev->eir));
1147 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1149 hci_req_unlock(hdev);
1155 int hci_dev_close(__u16 dev)
1157 struct hci_dev *hdev;
1160 hdev = hci_dev_get(dev);
1164 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1165 cancel_delayed_work(&hdev->power_off);
1167 err = hci_dev_do_close(hdev);
1173 int hci_dev_reset(__u16 dev)
1175 struct hci_dev *hdev;
1178 hdev = hci_dev_get(dev);
1184 if (!test_bit(HCI_UP, &hdev->flags))
1188 skb_queue_purge(&hdev->rx_q);
1189 skb_queue_purge(&hdev->cmd_q);
1192 inquiry_cache_flush(hdev);
1193 hci_conn_hash_flush(hdev);
1194 hci_dev_unlock(hdev);
1199 atomic_set(&hdev->cmd_cnt, 1);
1200 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1202 if (!test_bit(HCI_RAW, &hdev->flags))
1203 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
1206 hci_req_unlock(hdev);
1211 int hci_dev_reset_stat(__u16 dev)
1213 struct hci_dev *hdev;
1216 hdev = hci_dev_get(dev);
1220 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1227 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1229 struct hci_dev *hdev;
1230 struct hci_dev_req dr;
1233 if (copy_from_user(&dr, arg, sizeof(dr)))
1236 hdev = hci_dev_get(dr.dev_id);
1242 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1247 if (!lmp_encrypt_capable(hdev)) {
1252 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1253 /* Auth must be enabled first */
1254 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1260 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1265 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1270 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1274 case HCISETLINKMODE:
1275 hdev->link_mode = ((__u16) dr.dev_opt) &
1276 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1280 hdev->pkt_type = (__u16) dr.dev_opt;
1284 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1285 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1289 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1290 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1302 int hci_get_dev_list(void __user *arg)
1304 struct hci_dev *hdev;
1305 struct hci_dev_list_req *dl;
1306 struct hci_dev_req *dr;
1307 int n = 0, size, err;
1310 if (get_user(dev_num, (__u16 __user *) arg))
1313 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1316 size = sizeof(*dl) + dev_num * sizeof(*dr);
1318 dl = kzalloc(size, GFP_KERNEL);
1324 read_lock(&hci_dev_list_lock);
1325 list_for_each_entry(hdev, &hci_dev_list, list) {
1326 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1327 cancel_delayed_work(&hdev->power_off);
1329 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1330 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1332 (dr + n)->dev_id = hdev->id;
1333 (dr + n)->dev_opt = hdev->flags;
1338 read_unlock(&hci_dev_list_lock);
1341 size = sizeof(*dl) + n * sizeof(*dr);
1343 err = copy_to_user(arg, dl, size);
1346 return err ? -EFAULT : 0;
1349 int hci_get_dev_info(void __user *arg)
1351 struct hci_dev *hdev;
1352 struct hci_dev_info di;
1355 if (copy_from_user(&di, arg, sizeof(di)))
1358 hdev = hci_dev_get(di.dev_id);
1362 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1363 cancel_delayed_work_sync(&hdev->power_off);
1365 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1366 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1368 strcpy(di.name, hdev->name);
1369 di.bdaddr = hdev->bdaddr;
1370 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1371 di.flags = hdev->flags;
1372 di.pkt_type = hdev->pkt_type;
1373 if (lmp_bredr_capable(hdev)) {
1374 di.acl_mtu = hdev->acl_mtu;
1375 di.acl_pkts = hdev->acl_pkts;
1376 di.sco_mtu = hdev->sco_mtu;
1377 di.sco_pkts = hdev->sco_pkts;
1379 di.acl_mtu = hdev->le_mtu;
1380 di.acl_pkts = hdev->le_pkts;
1384 di.link_policy = hdev->link_policy;
1385 di.link_mode = hdev->link_mode;
1387 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1388 memcpy(&di.features, &hdev->features, sizeof(di.features));
1390 if (copy_to_user(arg, &di, sizeof(di)))
1398 /* ---- Interface to HCI drivers ---- */
1400 static int hci_rfkill_set_block(void *data, bool blocked)
1402 struct hci_dev *hdev = data;
1404 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1409 hci_dev_do_close(hdev);
1414 static const struct rfkill_ops hci_rfkill_ops = {
1415 .set_block = hci_rfkill_set_block,
1418 static void hci_power_on(struct work_struct *work)
1420 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1422 BT_DBG("%s", hdev->name);
1424 if (hci_dev_open(hdev->id) < 0)
1427 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1428 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1429 HCI_AUTO_OFF_TIMEOUT);
1431 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1432 mgmt_index_added(hdev);
1435 static void hci_power_off(struct work_struct *work)
1437 struct hci_dev *hdev = container_of(work, struct hci_dev,
1440 BT_DBG("%s", hdev->name);
1442 hci_dev_do_close(hdev);
1445 static void hci_discov_off(struct work_struct *work)
1447 struct hci_dev *hdev;
1448 u8 scan = SCAN_PAGE;
1450 hdev = container_of(work, struct hci_dev, discov_off.work);
1452 BT_DBG("%s", hdev->name);
1456 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1458 hdev->discov_timeout = 0;
1460 hci_dev_unlock(hdev);
1463 int hci_uuids_clear(struct hci_dev *hdev)
1465 struct bt_uuid *uuid, *tmp;
1467 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
1468 list_del(&uuid->list);
1475 int hci_link_keys_clear(struct hci_dev *hdev)
1477 struct list_head *p, *n;
1479 list_for_each_safe(p, n, &hdev->link_keys) {
1480 struct link_key *key;
1482 key = list_entry(p, struct link_key, list);
1491 int hci_smp_ltks_clear(struct hci_dev *hdev)
1493 struct smp_ltk *k, *tmp;
1495 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1503 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1507 list_for_each_entry(k, &hdev->link_keys, list)
1508 if (bacmp(bdaddr, &k->bdaddr) == 0)
1514 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1515 u8 key_type, u8 old_key_type)
1518 if (key_type < 0x03)
1521 /* Debug keys are insecure so don't store them persistently */
1522 if (key_type == HCI_LK_DEBUG_COMBINATION)
1525 /* Changed combination key and there's no previous one */
1526 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1529 /* Security mode 3 case */
1533 /* Neither local nor remote side had no-bonding as requirement */
1534 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1537 /* Local side had dedicated bonding as requirement */
1538 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1541 /* Remote side had dedicated bonding as requirement */
1542 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1545 /* If none of the above criteria match, then don't store the key
1550 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1554 list_for_each_entry(k, &hdev->long_term_keys, list) {
1555 if (k->ediv != ediv ||
1556 memcmp(rand, k->rand, sizeof(k->rand)))
1565 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1570 list_for_each_entry(k, &hdev->long_term_keys, list)
1571 if (addr_type == k->bdaddr_type &&
1572 bacmp(bdaddr, &k->bdaddr) == 0)
1578 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1579 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1581 struct link_key *key, *old_key;
1585 old_key = hci_find_link_key(hdev, bdaddr);
1587 old_key_type = old_key->type;
1590 old_key_type = conn ? conn->key_type : 0xff;
1591 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1594 list_add(&key->list, &hdev->link_keys);
1597 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
1599 /* Some buggy controller combinations generate a changed
1600 * combination key for legacy pairing even when there's no
1602 if (type == HCI_LK_CHANGED_COMBINATION &&
1603 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
1604 type = HCI_LK_COMBINATION;
1606 conn->key_type = type;
1609 bacpy(&key->bdaddr, bdaddr);
1610 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
1611 key->pin_len = pin_len;
1613 if (type == HCI_LK_CHANGED_COMBINATION)
1614 key->type = old_key_type;
1621 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1623 mgmt_new_link_key(hdev, key, persistent);
1626 conn->flush_key = !persistent;
1631 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1632 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
1635 struct smp_ltk *key, *old_key;
1637 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1640 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1644 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1647 list_add(&key->list, &hdev->long_term_keys);
1650 bacpy(&key->bdaddr, bdaddr);
1651 key->bdaddr_type = addr_type;
1652 memcpy(key->val, tk, sizeof(key->val));
1653 key->authenticated = authenticated;
1655 key->enc_size = enc_size;
1657 memcpy(key->rand, rand, sizeof(key->rand));
1662 if (type & HCI_SMP_LTK)
1663 mgmt_new_ltk(hdev, key, 1);
1668 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1670 struct link_key *key;
1672 key = hci_find_link_key(hdev, bdaddr);
1676 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1678 list_del(&key->list);
1684 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1686 struct smp_ltk *k, *tmp;
1688 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1689 if (bacmp(bdaddr, &k->bdaddr))
1692 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1701 /* HCI command timer function */
1702 static void hci_cmd_timeout(unsigned long arg)
1704 struct hci_dev *hdev = (void *) arg;
1706 if (hdev->sent_cmd) {
1707 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1708 u16 opcode = __le16_to_cpu(sent->opcode);
1710 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1712 BT_ERR("%s command tx timeout", hdev->name);
1715 atomic_set(&hdev->cmd_cnt, 1);
1716 queue_work(hdev->workqueue, &hdev->cmd_work);
1719 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1722 struct oob_data *data;
1724 list_for_each_entry(data, &hdev->remote_oob_data, list)
1725 if (bacmp(bdaddr, &data->bdaddr) == 0)
1731 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1733 struct oob_data *data;
1735 data = hci_find_remote_oob_data(hdev, bdaddr);
1739 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1741 list_del(&data->list);
1747 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1749 struct oob_data *data, *n;
1751 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1752 list_del(&data->list);
1759 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1762 struct oob_data *data;
1764 data = hci_find_remote_oob_data(hdev, bdaddr);
1767 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1771 bacpy(&data->bdaddr, bdaddr);
1772 list_add(&data->list, &hdev->remote_oob_data);
1775 memcpy(data->hash, hash, sizeof(data->hash));
1776 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1778 BT_DBG("%s for %pMR", hdev->name, bdaddr);
1783 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1785 struct bdaddr_list *b;
1787 list_for_each_entry(b, &hdev->blacklist, list)
1788 if (bacmp(bdaddr, &b->bdaddr) == 0)
1794 int hci_blacklist_clear(struct hci_dev *hdev)
1796 struct list_head *p, *n;
1798 list_for_each_safe(p, n, &hdev->blacklist) {
1799 struct bdaddr_list *b;
1801 b = list_entry(p, struct bdaddr_list, list);
1810 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1812 struct bdaddr_list *entry;
1814 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1817 if (hci_blacklist_lookup(hdev, bdaddr))
1820 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1824 bacpy(&entry->bdaddr, bdaddr);
1826 list_add(&entry->list, &hdev->blacklist);
1828 return mgmt_device_blocked(hdev, bdaddr, type);
1831 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1833 struct bdaddr_list *entry;
1835 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1836 return hci_blacklist_clear(hdev);
1838 entry = hci_blacklist_lookup(hdev, bdaddr);
1842 list_del(&entry->list);
1845 return mgmt_device_unblocked(hdev, bdaddr, type);
1848 static void le_scan_param_req(struct hci_request *req, unsigned long opt)
1850 struct le_scan_params *param = (struct le_scan_params *) opt;
1851 struct hci_cp_le_set_scan_param cp;
1853 memset(&cp, 0, sizeof(cp));
1854 cp.type = param->type;
1855 cp.interval = cpu_to_le16(param->interval);
1856 cp.window = cpu_to_le16(param->window);
1858 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1861 static void le_scan_enable_req(struct hci_request *req, unsigned long opt)
1863 struct hci_cp_le_set_scan_enable cp;
1865 memset(&cp, 0, sizeof(cp));
1869 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1872 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1873 u16 window, int timeout)
1875 long timeo = msecs_to_jiffies(3000);
1876 struct le_scan_params param;
1879 BT_DBG("%s", hdev->name);
1881 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1882 return -EINPROGRESS;
1885 param.interval = interval;
1886 param.window = window;
1890 err = __hci_req_sync(hdev, le_scan_param_req, (unsigned long) ¶m,
1893 err = __hci_req_sync(hdev, le_scan_enable_req, 0, timeo);
1895 hci_req_unlock(hdev);
1900 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
1901 msecs_to_jiffies(timeout));
1906 int hci_cancel_le_scan(struct hci_dev *hdev)
1908 BT_DBG("%s", hdev->name);
1910 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1913 if (cancel_delayed_work(&hdev->le_scan_disable)) {
1914 struct hci_cp_le_set_scan_enable cp;
1916 /* Send HCI command to disable LE Scan */
1917 memset(&cp, 0, sizeof(cp));
1918 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1924 static void le_scan_disable_work(struct work_struct *work)
1926 struct hci_dev *hdev = container_of(work, struct hci_dev,
1927 le_scan_disable.work);
1928 struct hci_cp_le_set_scan_enable cp;
1930 BT_DBG("%s", hdev->name);
1932 memset(&cp, 0, sizeof(cp));
1934 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1937 static void le_scan_work(struct work_struct *work)
1939 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1940 struct le_scan_params *param = &hdev->le_scan_params;
1942 BT_DBG("%s", hdev->name);
1944 hci_do_le_scan(hdev, param->type, param->interval, param->window,
1948 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1951 struct le_scan_params *param = &hdev->le_scan_params;
1953 BT_DBG("%s", hdev->name);
1955 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
1958 if (work_busy(&hdev->le_scan))
1959 return -EINPROGRESS;
1962 param->interval = interval;
1963 param->window = window;
1964 param->timeout = timeout;
1966 queue_work(system_long_wq, &hdev->le_scan);
1971 /* Alloc HCI device */
1972 struct hci_dev *hci_alloc_dev(void)
1974 struct hci_dev *hdev;
1976 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1980 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1981 hdev->esco_type = (ESCO_HV1);
1982 hdev->link_mode = (HCI_LM_ACCEPT);
1983 hdev->io_capability = 0x03; /* No Input No Output */
1984 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
1985 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
1987 hdev->sniff_max_interval = 800;
1988 hdev->sniff_min_interval = 80;
1990 mutex_init(&hdev->lock);
1991 mutex_init(&hdev->req_lock);
1993 INIT_LIST_HEAD(&hdev->mgmt_pending);
1994 INIT_LIST_HEAD(&hdev->blacklist);
1995 INIT_LIST_HEAD(&hdev->uuids);
1996 INIT_LIST_HEAD(&hdev->link_keys);
1997 INIT_LIST_HEAD(&hdev->long_term_keys);
1998 INIT_LIST_HEAD(&hdev->remote_oob_data);
1999 INIT_LIST_HEAD(&hdev->conn_hash.list);
2001 INIT_WORK(&hdev->rx_work, hci_rx_work);
2002 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
2003 INIT_WORK(&hdev->tx_work, hci_tx_work);
2004 INIT_WORK(&hdev->power_on, hci_power_on);
2005 INIT_WORK(&hdev->le_scan, le_scan_work);
2007 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
2008 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
2009 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2011 skb_queue_head_init(&hdev->driver_init);
2012 skb_queue_head_init(&hdev->rx_q);
2013 skb_queue_head_init(&hdev->cmd_q);
2014 skb_queue_head_init(&hdev->raw_q);
2016 init_waitqueue_head(&hdev->req_wait_q);
2018 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
2020 hci_init_sysfs(hdev);
2021 discovery_init(hdev);
2025 EXPORT_SYMBOL(hci_alloc_dev);
2027 /* Free HCI device */
2028 void hci_free_dev(struct hci_dev *hdev)
2030 skb_queue_purge(&hdev->driver_init);
2032 /* will free via device release */
2033 put_device(&hdev->dev);
2035 EXPORT_SYMBOL(hci_free_dev);
2037 /* Register HCI device */
2038 int hci_register_dev(struct hci_dev *hdev)
2042 if (!hdev->open || !hdev->close)
2045 /* Do not allow HCI_AMP devices to register at index 0,
2046 * so the index can be used as the AMP controller ID.
2048 switch (hdev->dev_type) {
2050 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
2053 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
2062 sprintf(hdev->name, "hci%d", id);
2065 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2067 write_lock(&hci_dev_list_lock);
2068 list_add(&hdev->list, &hci_dev_list);
2069 write_unlock(&hci_dev_list_lock);
2071 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
2073 if (!hdev->workqueue) {
2078 hdev->req_workqueue = alloc_workqueue(hdev->name,
2079 WQ_HIGHPRI | WQ_UNBOUND |
2081 if (!hdev->req_workqueue) {
2082 destroy_workqueue(hdev->workqueue);
2087 error = hci_add_sysfs(hdev);
2091 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
2092 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
2095 if (rfkill_register(hdev->rfkill) < 0) {
2096 rfkill_destroy(hdev->rfkill);
2097 hdev->rfkill = NULL;
2101 set_bit(HCI_SETUP, &hdev->dev_flags);
2103 if (hdev->dev_type != HCI_AMP)
2104 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2106 hci_notify(hdev, HCI_DEV_REG);
2109 queue_work(hdev->req_workqueue, &hdev->power_on);
2114 destroy_workqueue(hdev->workqueue);
2115 destroy_workqueue(hdev->req_workqueue);
2117 ida_simple_remove(&hci_index_ida, hdev->id);
2118 write_lock(&hci_dev_list_lock);
2119 list_del(&hdev->list);
2120 write_unlock(&hci_dev_list_lock);
2124 EXPORT_SYMBOL(hci_register_dev);
2126 /* Unregister HCI device */
2127 void hci_unregister_dev(struct hci_dev *hdev)
2131 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2133 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
2137 write_lock(&hci_dev_list_lock);
2138 list_del(&hdev->list);
2139 write_unlock(&hci_dev_list_lock);
2141 hci_dev_do_close(hdev);
2143 for (i = 0; i < NUM_REASSEMBLY; i++)
2144 kfree_skb(hdev->reassembly[i]);
2146 cancel_work_sync(&hdev->power_on);
2148 if (!test_bit(HCI_INIT, &hdev->flags) &&
2149 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
2151 mgmt_index_removed(hdev);
2152 hci_dev_unlock(hdev);
2155 /* mgmt_index_removed should take care of emptying the
2157 BUG_ON(!list_empty(&hdev->mgmt_pending));
2159 hci_notify(hdev, HCI_DEV_UNREG);
2162 rfkill_unregister(hdev->rfkill);
2163 rfkill_destroy(hdev->rfkill);
2166 hci_del_sysfs(hdev);
2168 destroy_workqueue(hdev->workqueue);
2169 destroy_workqueue(hdev->req_workqueue);
2172 hci_blacklist_clear(hdev);
2173 hci_uuids_clear(hdev);
2174 hci_link_keys_clear(hdev);
2175 hci_smp_ltks_clear(hdev);
2176 hci_remote_oob_data_clear(hdev);
2177 hci_dev_unlock(hdev);
2181 ida_simple_remove(&hci_index_ida, id);
2183 EXPORT_SYMBOL(hci_unregister_dev);
2185 /* Suspend HCI device */
2186 int hci_suspend_dev(struct hci_dev *hdev)
2188 hci_notify(hdev, HCI_DEV_SUSPEND);
2191 EXPORT_SYMBOL(hci_suspend_dev);
2193 /* Resume HCI device */
2194 int hci_resume_dev(struct hci_dev *hdev)
2196 hci_notify(hdev, HCI_DEV_RESUME);
2199 EXPORT_SYMBOL(hci_resume_dev);
2201 /* Receive frame from HCI drivers */
2202 int hci_recv_frame(struct sk_buff *skb)
2204 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2205 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
2206 && !test_bit(HCI_INIT, &hdev->flags))) {
2212 bt_cb(skb)->incoming = 1;
2215 __net_timestamp(skb);
2217 skb_queue_tail(&hdev->rx_q, skb);
2218 queue_work(hdev->workqueue, &hdev->rx_work);
2222 EXPORT_SYMBOL(hci_recv_frame);
2224 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
2225 int count, __u8 index)
2230 struct sk_buff *skb;
2231 struct bt_skb_cb *scb;
2233 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
2234 index >= NUM_REASSEMBLY)
2237 skb = hdev->reassembly[index];
2241 case HCI_ACLDATA_PKT:
2242 len = HCI_MAX_FRAME_SIZE;
2243 hlen = HCI_ACL_HDR_SIZE;
2246 len = HCI_MAX_EVENT_SIZE;
2247 hlen = HCI_EVENT_HDR_SIZE;
2249 case HCI_SCODATA_PKT:
2250 len = HCI_MAX_SCO_SIZE;
2251 hlen = HCI_SCO_HDR_SIZE;
2255 skb = bt_skb_alloc(len, GFP_ATOMIC);
2259 scb = (void *) skb->cb;
2261 scb->pkt_type = type;
2263 skb->dev = (void *) hdev;
2264 hdev->reassembly[index] = skb;
2268 scb = (void *) skb->cb;
2269 len = min_t(uint, scb->expect, count);
2271 memcpy(skb_put(skb, len), data, len);
2280 if (skb->len == HCI_EVENT_HDR_SIZE) {
2281 struct hci_event_hdr *h = hci_event_hdr(skb);
2282 scb->expect = h->plen;
2284 if (skb_tailroom(skb) < scb->expect) {
2286 hdev->reassembly[index] = NULL;
2292 case HCI_ACLDATA_PKT:
2293 if (skb->len == HCI_ACL_HDR_SIZE) {
2294 struct hci_acl_hdr *h = hci_acl_hdr(skb);
2295 scb->expect = __le16_to_cpu(h->dlen);
2297 if (skb_tailroom(skb) < scb->expect) {
2299 hdev->reassembly[index] = NULL;
2305 case HCI_SCODATA_PKT:
2306 if (skb->len == HCI_SCO_HDR_SIZE) {
2307 struct hci_sco_hdr *h = hci_sco_hdr(skb);
2308 scb->expect = h->dlen;
2310 if (skb_tailroom(skb) < scb->expect) {
2312 hdev->reassembly[index] = NULL;
2319 if (scb->expect == 0) {
2320 /* Complete frame */
2322 bt_cb(skb)->pkt_type = type;
2323 hci_recv_frame(skb);
2325 hdev->reassembly[index] = NULL;
2333 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
2337 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
2341 rem = hci_reassembly(hdev, type, data, count, type - 1);
2345 data += (count - rem);
2351 EXPORT_SYMBOL(hci_recv_fragment);
2353 #define STREAM_REASSEMBLY 0
2355 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
2361 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2364 struct { char type; } *pkt;
2366 /* Start of the frame */
2373 type = bt_cb(skb)->pkt_type;
2375 rem = hci_reassembly(hdev, type, data, count,
2380 data += (count - rem);
2386 EXPORT_SYMBOL(hci_recv_stream_fragment);
2388 /* ---- Interface to upper protocols ---- */
2390 int hci_register_cb(struct hci_cb *cb)
2392 BT_DBG("%p name %s", cb, cb->name);
2394 write_lock(&hci_cb_list_lock);
2395 list_add(&cb->list, &hci_cb_list);
2396 write_unlock(&hci_cb_list_lock);
2400 EXPORT_SYMBOL(hci_register_cb);
2402 int hci_unregister_cb(struct hci_cb *cb)
2404 BT_DBG("%p name %s", cb, cb->name);
2406 write_lock(&hci_cb_list_lock);
2407 list_del(&cb->list);
2408 write_unlock(&hci_cb_list_lock);
2412 EXPORT_SYMBOL(hci_unregister_cb);
2414 static int hci_send_frame(struct sk_buff *skb)
2416 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2423 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2426 __net_timestamp(skb);
2428 /* Send copy to monitor */
2429 hci_send_to_monitor(hdev, skb);
2431 if (atomic_read(&hdev->promisc)) {
2432 /* Send copy to the sockets */
2433 hci_send_to_sock(hdev, skb);
2436 /* Get rid of skb owner, prior to sending to the driver. */
2439 return hdev->send(skb);
2442 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
2444 skb_queue_head_init(&req->cmd_q);
2449 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
2451 struct hci_dev *hdev = req->hdev;
2452 struct sk_buff *skb;
2453 unsigned long flags;
2455 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
2457 /* If an error occured during request building, remove all HCI
2458 * commands queued on the HCI request queue.
2461 skb_queue_purge(&req->cmd_q);
2465 /* Do not allow empty requests */
2466 if (skb_queue_empty(&req->cmd_q))
2469 skb = skb_peek_tail(&req->cmd_q);
2470 bt_cb(skb)->req.complete = complete;
2472 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
2473 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
2474 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
2476 queue_work(hdev->workqueue, &hdev->cmd_work);
2481 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
2482 u32 plen, void *param)
2484 int len = HCI_COMMAND_HDR_SIZE + plen;
2485 struct hci_command_hdr *hdr;
2486 struct sk_buff *skb;
2488 skb = bt_skb_alloc(len, GFP_ATOMIC);
2492 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2493 hdr->opcode = cpu_to_le16(opcode);
2497 memcpy(skb_put(skb, plen), param, plen);
2499 BT_DBG("skb len %d", skb->len);
2501 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2502 skb->dev = (void *) hdev;
2507 /* Send HCI command */
2508 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2510 struct sk_buff *skb;
2512 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2514 skb = hci_prepare_cmd(hdev, opcode, plen, param);
2516 BT_ERR("%s no memory for command", hdev->name);
2520 /* Stand-alone HCI commands must be flaged as
2521 * single-command requests.
2523 bt_cb(skb)->req.start = true;
2525 skb_queue_tail(&hdev->cmd_q, skb);
2526 queue_work(hdev->workqueue, &hdev->cmd_work);
2531 /* Queue a command to an asynchronous HCI request */
2532 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param)
2534 struct hci_dev *hdev = req->hdev;
2535 struct sk_buff *skb;
2537 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2539 skb = hci_prepare_cmd(hdev, opcode, plen, param);
2541 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
2542 hdev->name, opcode);
2547 if (skb_queue_empty(&req->cmd_q))
2548 bt_cb(skb)->req.start = true;
2550 skb_queue_tail(&req->cmd_q, skb);
2553 /* Get data from the previously sent command */
2554 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2556 struct hci_command_hdr *hdr;
2558 if (!hdev->sent_cmd)
2561 hdr = (void *) hdev->sent_cmd->data;
2563 if (hdr->opcode != cpu_to_le16(opcode))
2566 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2568 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2572 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2574 struct hci_acl_hdr *hdr;
2577 skb_push(skb, HCI_ACL_HDR_SIZE);
2578 skb_reset_transport_header(skb);
2579 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2580 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2581 hdr->dlen = cpu_to_le16(len);
2584 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
2585 struct sk_buff *skb, __u16 flags)
2587 struct hci_conn *conn = chan->conn;
2588 struct hci_dev *hdev = conn->hdev;
2589 struct sk_buff *list;
2591 skb->len = skb_headlen(skb);
2594 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2596 switch (hdev->dev_type) {
2598 hci_add_acl_hdr(skb, conn->handle, flags);
2601 hci_add_acl_hdr(skb, chan->handle, flags);
2604 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2608 list = skb_shinfo(skb)->frag_list;
2610 /* Non fragmented */
2611 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2613 skb_queue_tail(queue, skb);
2616 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2618 skb_shinfo(skb)->frag_list = NULL;
2620 /* Queue all fragments atomically */
2621 spin_lock(&queue->lock);
2623 __skb_queue_tail(queue, skb);
2625 flags &= ~ACL_START;
2628 skb = list; list = list->next;
2630 skb->dev = (void *) hdev;
2631 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2632 hci_add_acl_hdr(skb, conn->handle, flags);
2634 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2636 __skb_queue_tail(queue, skb);
2639 spin_unlock(&queue->lock);
2643 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2645 struct hci_dev *hdev = chan->conn->hdev;
2647 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2649 skb->dev = (void *) hdev;
2651 hci_queue_acl(chan, &chan->data_q, skb, flags);
2653 queue_work(hdev->workqueue, &hdev->tx_work);
2657 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2659 struct hci_dev *hdev = conn->hdev;
2660 struct hci_sco_hdr hdr;
2662 BT_DBG("%s len %d", hdev->name, skb->len);
2664 hdr.handle = cpu_to_le16(conn->handle);
2665 hdr.dlen = skb->len;
2667 skb_push(skb, HCI_SCO_HDR_SIZE);
2668 skb_reset_transport_header(skb);
2669 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2671 skb->dev = (void *) hdev;
2672 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2674 skb_queue_tail(&conn->data_q, skb);
2675 queue_work(hdev->workqueue, &hdev->tx_work);
2678 /* ---- HCI TX task (outgoing data) ---- */
2680 /* HCI Connection scheduler */
2681 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
2684 struct hci_conn_hash *h = &hdev->conn_hash;
2685 struct hci_conn *conn = NULL, *c;
2686 unsigned int num = 0, min = ~0;
2688 /* We don't have to lock device here. Connections are always
2689 * added and removed with TX task disabled. */
2693 list_for_each_entry_rcu(c, &h->list, list) {
2694 if (c->type != type || skb_queue_empty(&c->data_q))
2697 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2702 if (c->sent < min) {
2707 if (hci_conn_num(hdev, type) == num)
2716 switch (conn->type) {
2718 cnt = hdev->acl_cnt;
2722 cnt = hdev->sco_cnt;
2725 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2729 BT_ERR("Unknown link type");
2737 BT_DBG("conn %p quote %d", conn, *quote);
2741 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2743 struct hci_conn_hash *h = &hdev->conn_hash;
2746 BT_ERR("%s link tx timeout", hdev->name);
2750 /* Kill stalled connections */
2751 list_for_each_entry_rcu(c, &h->list, list) {
2752 if (c->type == type && c->sent) {
2753 BT_ERR("%s killing stalled connection %pMR",
2754 hdev->name, &c->dst);
2755 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
2762 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2765 struct hci_conn_hash *h = &hdev->conn_hash;
2766 struct hci_chan *chan = NULL;
2767 unsigned int num = 0, min = ~0, cur_prio = 0;
2768 struct hci_conn *conn;
2769 int cnt, q, conn_num = 0;
2771 BT_DBG("%s", hdev->name);
2775 list_for_each_entry_rcu(conn, &h->list, list) {
2776 struct hci_chan *tmp;
2778 if (conn->type != type)
2781 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2786 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2787 struct sk_buff *skb;
2789 if (skb_queue_empty(&tmp->data_q))
2792 skb = skb_peek(&tmp->data_q);
2793 if (skb->priority < cur_prio)
2796 if (skb->priority > cur_prio) {
2799 cur_prio = skb->priority;
2804 if (conn->sent < min) {
2810 if (hci_conn_num(hdev, type) == conn_num)
2819 switch (chan->conn->type) {
2821 cnt = hdev->acl_cnt;
2824 cnt = hdev->block_cnt;
2828 cnt = hdev->sco_cnt;
2831 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2835 BT_ERR("Unknown link type");
2840 BT_DBG("chan %p quote %d", chan, *quote);
2844 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2846 struct hci_conn_hash *h = &hdev->conn_hash;
2847 struct hci_conn *conn;
2850 BT_DBG("%s", hdev->name);
2854 list_for_each_entry_rcu(conn, &h->list, list) {
2855 struct hci_chan *chan;
2857 if (conn->type != type)
2860 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2865 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2866 struct sk_buff *skb;
2873 if (skb_queue_empty(&chan->data_q))
2876 skb = skb_peek(&chan->data_q);
2877 if (skb->priority >= HCI_PRIO_MAX - 1)
2880 skb->priority = HCI_PRIO_MAX - 1;
2882 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2886 if (hci_conn_num(hdev, type) == num)
2894 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2896 /* Calculate count of blocks used by this packet */
2897 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2900 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2902 if (!test_bit(HCI_RAW, &hdev->flags)) {
2903 /* ACL tx timeout must be longer than maximum
2904 * link supervision timeout (40.9 seconds) */
2905 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2906 HCI_ACL_TX_TIMEOUT))
2907 hci_link_tx_to(hdev, ACL_LINK);
2911 static void hci_sched_acl_pkt(struct hci_dev *hdev)
2913 unsigned int cnt = hdev->acl_cnt;
2914 struct hci_chan *chan;
2915 struct sk_buff *skb;
2918 __check_timeout(hdev, cnt);
2920 while (hdev->acl_cnt &&
2921 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2922 u32 priority = (skb_peek(&chan->data_q))->priority;
2923 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2924 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2925 skb->len, skb->priority);
2927 /* Stop if priority has changed */
2928 if (skb->priority < priority)
2931 skb = skb_dequeue(&chan->data_q);
2933 hci_conn_enter_active_mode(chan->conn,
2934 bt_cb(skb)->force_active);
2936 hci_send_frame(skb);
2937 hdev->acl_last_tx = jiffies;
2945 if (cnt != hdev->acl_cnt)
2946 hci_prio_recalculate(hdev, ACL_LINK);
2949 static void hci_sched_acl_blk(struct hci_dev *hdev)
2951 unsigned int cnt = hdev->block_cnt;
2952 struct hci_chan *chan;
2953 struct sk_buff *skb;
2957 __check_timeout(hdev, cnt);
2959 BT_DBG("%s", hdev->name);
2961 if (hdev->dev_type == HCI_AMP)
2966 while (hdev->block_cnt > 0 &&
2967 (chan = hci_chan_sent(hdev, type, "e))) {
2968 u32 priority = (skb_peek(&chan->data_q))->priority;
2969 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2972 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2973 skb->len, skb->priority);
2975 /* Stop if priority has changed */
2976 if (skb->priority < priority)
2979 skb = skb_dequeue(&chan->data_q);
2981 blocks = __get_blocks(hdev, skb);
2982 if (blocks > hdev->block_cnt)
2985 hci_conn_enter_active_mode(chan->conn,
2986 bt_cb(skb)->force_active);
2988 hci_send_frame(skb);
2989 hdev->acl_last_tx = jiffies;
2991 hdev->block_cnt -= blocks;
2994 chan->sent += blocks;
2995 chan->conn->sent += blocks;
2999 if (cnt != hdev->block_cnt)
3000 hci_prio_recalculate(hdev, type);
3003 static void hci_sched_acl(struct hci_dev *hdev)
3005 BT_DBG("%s", hdev->name);
3007 /* No ACL link over BR/EDR controller */
3008 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
3011 /* No AMP link over AMP controller */
3012 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
3015 switch (hdev->flow_ctl_mode) {
3016 case HCI_FLOW_CTL_MODE_PACKET_BASED:
3017 hci_sched_acl_pkt(hdev);
3020 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
3021 hci_sched_acl_blk(hdev);
3027 static void hci_sched_sco(struct hci_dev *hdev)
3029 struct hci_conn *conn;
3030 struct sk_buff *skb;
3033 BT_DBG("%s", hdev->name);
3035 if (!hci_conn_num(hdev, SCO_LINK))
3038 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
3039 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3040 BT_DBG("skb %p len %d", skb, skb->len);
3041 hci_send_frame(skb);
3044 if (conn->sent == ~0)
3050 static void hci_sched_esco(struct hci_dev *hdev)
3052 struct hci_conn *conn;
3053 struct sk_buff *skb;
3056 BT_DBG("%s", hdev->name);
3058 if (!hci_conn_num(hdev, ESCO_LINK))
3061 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
3063 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3064 BT_DBG("skb %p len %d", skb, skb->len);
3065 hci_send_frame(skb);
3068 if (conn->sent == ~0)
3074 static void hci_sched_le(struct hci_dev *hdev)
3076 struct hci_chan *chan;
3077 struct sk_buff *skb;
3078 int quote, cnt, tmp;
3080 BT_DBG("%s", hdev->name);
3082 if (!hci_conn_num(hdev, LE_LINK))
3085 if (!test_bit(HCI_RAW, &hdev->flags)) {
3086 /* LE tx timeout must be longer than maximum
3087 * link supervision timeout (40.9 seconds) */
3088 if (!hdev->le_cnt && hdev->le_pkts &&
3089 time_after(jiffies, hdev->le_last_tx + HZ * 45))
3090 hci_link_tx_to(hdev, LE_LINK);
3093 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
3095 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
3096 u32 priority = (skb_peek(&chan->data_q))->priority;
3097 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3098 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3099 skb->len, skb->priority);
3101 /* Stop if priority has changed */
3102 if (skb->priority < priority)
3105 skb = skb_dequeue(&chan->data_q);
3107 hci_send_frame(skb);
3108 hdev->le_last_tx = jiffies;
3119 hdev->acl_cnt = cnt;
3122 hci_prio_recalculate(hdev, LE_LINK);
3125 static void hci_tx_work(struct work_struct *work)
3127 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
3128 struct sk_buff *skb;
3130 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
3131 hdev->sco_cnt, hdev->le_cnt);
3133 /* Schedule queues and send stuff to HCI driver */
3135 hci_sched_acl(hdev);
3137 hci_sched_sco(hdev);
3139 hci_sched_esco(hdev);
3143 /* Send next queued raw (unknown type) packet */
3144 while ((skb = skb_dequeue(&hdev->raw_q)))
3145 hci_send_frame(skb);
3148 /* ----- HCI RX task (incoming data processing) ----- */
3150 /* ACL data packet */
3151 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3153 struct hci_acl_hdr *hdr = (void *) skb->data;
3154 struct hci_conn *conn;
3155 __u16 handle, flags;
3157 skb_pull(skb, HCI_ACL_HDR_SIZE);
3159 handle = __le16_to_cpu(hdr->handle);
3160 flags = hci_flags(handle);
3161 handle = hci_handle(handle);
3163 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
3166 hdev->stat.acl_rx++;
3169 conn = hci_conn_hash_lookup_handle(hdev, handle);
3170 hci_dev_unlock(hdev);
3173 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
3175 /* Send to upper protocol */
3176 l2cap_recv_acldata(conn, skb, flags);
3179 BT_ERR("%s ACL packet for unknown connection handle %d",
3180 hdev->name, handle);
3186 /* SCO data packet */
3187 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3189 struct hci_sco_hdr *hdr = (void *) skb->data;
3190 struct hci_conn *conn;
3193 skb_pull(skb, HCI_SCO_HDR_SIZE);
3195 handle = __le16_to_cpu(hdr->handle);
3197 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
3199 hdev->stat.sco_rx++;
3202 conn = hci_conn_hash_lookup_handle(hdev, handle);
3203 hci_dev_unlock(hdev);
3206 /* Send to upper protocol */
3207 sco_recv_scodata(conn, skb);
3210 BT_ERR("%s SCO packet for unknown connection handle %d",
3211 hdev->name, handle);
3217 static bool hci_req_is_complete(struct hci_dev *hdev)
3219 struct sk_buff *skb;
3221 skb = skb_peek(&hdev->cmd_q);
3225 return bt_cb(skb)->req.start;
3228 static void hci_resend_last(struct hci_dev *hdev)
3230 struct hci_command_hdr *sent;
3231 struct sk_buff *skb;
3234 if (!hdev->sent_cmd)
3237 sent = (void *) hdev->sent_cmd->data;
3238 opcode = __le16_to_cpu(sent->opcode);
3239 if (opcode == HCI_OP_RESET)
3242 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
3246 skb_queue_head(&hdev->cmd_q, skb);
3247 queue_work(hdev->workqueue, &hdev->cmd_work);
3250 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
3252 hci_req_complete_t req_complete = NULL;
3253 struct sk_buff *skb;
3254 unsigned long flags;
3256 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
3258 /* If the completed command doesn't match the last one that was
3259 * sent we need to do special handling of it.
3261 if (!hci_sent_cmd_data(hdev, opcode)) {
3262 /* Some CSR based controllers generate a spontaneous
3263 * reset complete event during init and any pending
3264 * command will never be completed. In such a case we
3265 * need to resend whatever was the last sent
3268 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
3269 hci_resend_last(hdev);
3274 /* If the command succeeded and there's still more commands in
3275 * this request the request is not yet complete.
3277 if (!status && !hci_req_is_complete(hdev))
3280 /* If this was the last command in a request the complete
3281 * callback would be found in hdev->sent_cmd instead of the
3282 * command queue (hdev->cmd_q).
3284 if (hdev->sent_cmd) {
3285 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
3290 /* Remove all pending commands belonging to this request */
3291 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
3292 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
3293 if (bt_cb(skb)->req.start) {
3294 __skb_queue_head(&hdev->cmd_q, skb);
3298 req_complete = bt_cb(skb)->req.complete;
3301 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
3305 req_complete(hdev, status);
3308 void hci_req_cmd_status(struct hci_dev *hdev, u16 opcode, u8 status)
3310 hci_req_complete_t req_complete = NULL;
3312 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
3315 hci_req_cmd_complete(hdev, opcode, status);
3319 /* No need to handle success status if there are more commands */
3320 if (!hci_req_is_complete(hdev))
3324 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
3326 /* If the request doesn't have a complete callback or there
3327 * are other commands/requests in the hdev queue we consider
3328 * this request as completed.
3330 if (!req_complete || !skb_queue_empty(&hdev->cmd_q))
3331 hci_req_cmd_complete(hdev, opcode, status);
3334 static void hci_rx_work(struct work_struct *work)
3336 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
3337 struct sk_buff *skb;
3339 BT_DBG("%s", hdev->name);
3341 while ((skb = skb_dequeue(&hdev->rx_q))) {
3342 /* Send copy to monitor */
3343 hci_send_to_monitor(hdev, skb);
3345 if (atomic_read(&hdev->promisc)) {
3346 /* Send copy to the sockets */
3347 hci_send_to_sock(hdev, skb);
3350 if (test_bit(HCI_RAW, &hdev->flags)) {
3355 if (test_bit(HCI_INIT, &hdev->flags)) {
3356 /* Don't process data packets in this states. */
3357 switch (bt_cb(skb)->pkt_type) {
3358 case HCI_ACLDATA_PKT:
3359 case HCI_SCODATA_PKT:
3366 switch (bt_cb(skb)->pkt_type) {
3368 BT_DBG("%s Event packet", hdev->name);
3369 hci_event_packet(hdev, skb);
3372 case HCI_ACLDATA_PKT:
3373 BT_DBG("%s ACL data packet", hdev->name);
3374 hci_acldata_packet(hdev, skb);
3377 case HCI_SCODATA_PKT:
3378 BT_DBG("%s SCO data packet", hdev->name);
3379 hci_scodata_packet(hdev, skb);
3389 static void hci_cmd_work(struct work_struct *work)
3391 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
3392 struct sk_buff *skb;
3394 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
3395 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
3397 /* Send queued commands */
3398 if (atomic_read(&hdev->cmd_cnt)) {
3399 skb = skb_dequeue(&hdev->cmd_q);
3403 kfree_skb(hdev->sent_cmd);
3405 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
3406 if (hdev->sent_cmd) {
3407 atomic_dec(&hdev->cmd_cnt);
3408 hci_send_frame(skb);
3409 if (test_bit(HCI_RESET, &hdev->flags))
3410 del_timer(&hdev->cmd_timer);
3412 mod_timer(&hdev->cmd_timer,
3413 jiffies + HCI_CMD_TIMEOUT);
3415 skb_queue_head(&hdev->cmd_q, skb);
3416 queue_work(hdev->workqueue, &hdev->cmd_work);
3421 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
3423 /* General inquiry access code (GIAC) */
3424 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3425 struct hci_cp_inquiry cp;
3427 BT_DBG("%s", hdev->name);
3429 if (test_bit(HCI_INQUIRY, &hdev->flags))
3430 return -EINPROGRESS;
3432 inquiry_cache_flush(hdev);
3434 memset(&cp, 0, sizeof(cp));
3435 memcpy(&cp.lap, lap, sizeof(cp.lap));
3438 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
3441 int hci_cancel_inquiry(struct hci_dev *hdev)
3443 BT_DBG("%s", hdev->name);
3445 if (!test_bit(HCI_INQUIRY, &hdev->flags))
3448 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3451 u8 bdaddr_to_le(u8 bdaddr_type)
3453 switch (bdaddr_type) {
3454 case BDADDR_LE_PUBLIC:
3455 return ADDR_LE_DEV_PUBLIC;
3458 /* Fallback to LE Random address type */
3459 return ADDR_LE_DEV_RANDOM;
projects / firefly-linux-kernel-4.4.55.git / blob