2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/jiffies.h>
29 #include <linux/module.h>
30 #include <linux/kmod.h>
32 #include <linux/types.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/skbuff.h>
41 #include <linux/workqueue.h>
42 #include <linux/interrupt.h>
43 #include <linux/notifier.h>
44 #include <linux/rfkill.h>
45 #include <linux/timer.h>
46 #include <linux/crypto.h>
49 #include <asm/system.h>
50 #include <linux/uaccess.h>
51 #include <asm/unaligned.h>
53 #include <net/bluetooth/bluetooth.h>
54 #include <net/bluetooth/hci_core.h>
56 #define AUTO_OFF_TIMEOUT 2000
60 static void hci_rx_work(struct work_struct *work);
61 static void hci_cmd_work(struct work_struct *work);
62 static void hci_tx_work(struct work_struct *work);
64 static DEFINE_MUTEX(hci_task_lock);
67 LIST_HEAD(hci_dev_list);
68 DEFINE_RWLOCK(hci_dev_list_lock);
70 /* HCI callback list */
71 LIST_HEAD(hci_cb_list);
72 DEFINE_RWLOCK(hci_cb_list_lock);
75 #define HCI_MAX_PROTO 2
76 struct hci_proto *hci_proto[HCI_MAX_PROTO];
78 /* HCI notifiers list */
79 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
81 /* ---- HCI notifications ---- */
83 int hci_register_notifier(struct notifier_block *nb)
85 return atomic_notifier_chain_register(&hci_notifier, nb);
88 int hci_unregister_notifier(struct notifier_block *nb)
90 return atomic_notifier_chain_unregister(&hci_notifier, nb);
93 static void hci_notify(struct hci_dev *hdev, int event)
95 atomic_notifier_call_chain(&hci_notifier, event, hdev);
98 /* ---- HCI requests ---- */
100 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
102 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
104 /* If this is the init phase check if the completed command matches
105 * the last init command, and if not just return.
107 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
110 if (hdev->req_status == HCI_REQ_PEND) {
111 hdev->req_result = result;
112 hdev->req_status = HCI_REQ_DONE;
113 wake_up_interruptible(&hdev->req_wait_q);
117 static void hci_req_cancel(struct hci_dev *hdev, int err)
119 BT_DBG("%s err 0x%2.2x", hdev->name, err);
121 if (hdev->req_status == HCI_REQ_PEND) {
122 hdev->req_result = err;
123 hdev->req_status = HCI_REQ_CANCELED;
124 wake_up_interruptible(&hdev->req_wait_q);
128 /* Execute request and wait for completion. */
129 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
130 unsigned long opt, __u32 timeout)
132 DECLARE_WAITQUEUE(wait, current);
135 BT_DBG("%s start", hdev->name);
137 hdev->req_status = HCI_REQ_PEND;
139 add_wait_queue(&hdev->req_wait_q, &wait);
140 set_current_state(TASK_INTERRUPTIBLE);
143 schedule_timeout(timeout);
145 remove_wait_queue(&hdev->req_wait_q, &wait);
147 if (signal_pending(current))
150 switch (hdev->req_status) {
152 err = -bt_to_errno(hdev->req_result);
155 case HCI_REQ_CANCELED:
156 err = -hdev->req_result;
164 hdev->req_status = hdev->req_result = 0;
166 BT_DBG("%s end: err %d", hdev->name, err);
171 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
172 unsigned long opt, __u32 timeout)
176 if (!test_bit(HCI_UP, &hdev->flags))
179 /* Serialize all requests */
181 ret = __hci_request(hdev, req, opt, timeout);
182 hci_req_unlock(hdev);
187 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
189 BT_DBG("%s %ld", hdev->name, opt);
192 set_bit(HCI_RESET, &hdev->flags);
193 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
196 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
198 struct hci_cp_delete_stored_link_key cp;
203 BT_DBG("%s %ld", hdev->name, opt);
205 /* Driver initialization */
207 /* Special commands */
208 while ((skb = skb_dequeue(&hdev->driver_init))) {
209 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
210 skb->dev = (void *) hdev;
212 skb_queue_tail(&hdev->cmd_q, skb);
213 queue_work(hdev->workqueue, &hdev->cmd_work);
215 skb_queue_purge(&hdev->driver_init);
217 /* Mandatory initialization */
220 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
221 set_bit(HCI_RESET, &hdev->flags);
222 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
225 /* Read Local Supported Features */
226 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
228 /* Read Local Version */
229 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
231 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
232 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
234 /* Read BD Address */
235 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
237 /* Read Class of Device */
238 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
240 /* Read Local Name */
241 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
243 /* Read Voice Setting */
244 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
246 /* Optional initialization */
248 /* Clear Event Filters */
249 flt_type = HCI_FLT_CLEAR_ALL;
250 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
252 /* Connection accept timeout ~20 secs */
253 param = cpu_to_le16(0x7d00);
254 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
256 bacpy(&cp.bdaddr, BDADDR_ANY);
258 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
261 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
263 BT_DBG("%s", hdev->name);
265 /* Read LE buffer size */
266 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
269 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
273 BT_DBG("%s %x", hdev->name, scan);
275 /* Inquiry and Page scans */
276 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
279 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
283 BT_DBG("%s %x", hdev->name, auth);
286 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
289 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
293 BT_DBG("%s %x", hdev->name, encrypt);
296 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
299 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
301 __le16 policy = cpu_to_le16(opt);
303 BT_DBG("%s %x", hdev->name, policy);
305 /* Default link policy */
306 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
309 /* Get HCI device by index.
310 * Device is held on return. */
311 struct hci_dev *hci_dev_get(int index)
313 struct hci_dev *hdev = NULL, *d;
320 read_lock(&hci_dev_list_lock);
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->id == index) {
323 hdev = hci_dev_hold(d);
327 read_unlock(&hci_dev_list_lock);
331 /* ---- Inquiry support ---- */
332 static void inquiry_cache_flush(struct hci_dev *hdev)
334 struct inquiry_cache *cache = &hdev->inq_cache;
335 struct inquiry_entry *next = cache->list, *e;
337 BT_DBG("cache %p", cache);
346 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
348 struct inquiry_cache *cache = &hdev->inq_cache;
349 struct inquiry_entry *e;
351 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
353 for (e = cache->list; e; e = e->next)
354 if (!bacmp(&e->data.bdaddr, bdaddr))
359 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
361 struct inquiry_cache *cache = &hdev->inq_cache;
362 struct inquiry_entry *ie;
364 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
366 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
368 /* Entry not in the cache. Add new one. */
369 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
373 ie->next = cache->list;
377 memcpy(&ie->data, data, sizeof(*data));
378 ie->timestamp = jiffies;
379 cache->timestamp = jiffies;
382 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
384 struct inquiry_cache *cache = &hdev->inq_cache;
385 struct inquiry_info *info = (struct inquiry_info *) buf;
386 struct inquiry_entry *e;
389 for (e = cache->list; e && copied < num; e = e->next, copied++) {
390 struct inquiry_data *data = &e->data;
391 bacpy(&info->bdaddr, &data->bdaddr);
392 info->pscan_rep_mode = data->pscan_rep_mode;
393 info->pscan_period_mode = data->pscan_period_mode;
394 info->pscan_mode = data->pscan_mode;
395 memcpy(info->dev_class, data->dev_class, 3);
396 info->clock_offset = data->clock_offset;
400 BT_DBG("cache %p, copied %d", cache, copied);
404 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
406 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
407 struct hci_cp_inquiry cp;
409 BT_DBG("%s", hdev->name);
411 if (test_bit(HCI_INQUIRY, &hdev->flags))
415 memcpy(&cp.lap, &ir->lap, 3);
416 cp.length = ir->length;
417 cp.num_rsp = ir->num_rsp;
418 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
421 int hci_inquiry(void __user *arg)
423 __u8 __user *ptr = arg;
424 struct hci_inquiry_req ir;
425 struct hci_dev *hdev;
426 int err = 0, do_inquiry = 0, max_rsp;
430 if (copy_from_user(&ir, ptr, sizeof(ir)))
433 hdev = hci_dev_get(ir.dev_id);
438 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
439 inquiry_cache_empty(hdev) ||
440 ir.flags & IREQ_CACHE_FLUSH) {
441 inquiry_cache_flush(hdev);
444 hci_dev_unlock(hdev);
446 timeo = ir.length * msecs_to_jiffies(2000);
449 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
454 /* for unlimited number of responses we will use buffer with 255 entries */
455 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
457 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
458 * copy it to the user space.
460 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
467 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
468 hci_dev_unlock(hdev);
470 BT_DBG("num_rsp %d", ir.num_rsp);
472 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
474 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
487 /* ---- HCI ioctl helpers ---- */
489 int hci_dev_open(__u16 dev)
491 struct hci_dev *hdev;
494 hdev = hci_dev_get(dev);
498 BT_DBG("%s %p", hdev->name, hdev);
502 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
507 if (test_bit(HCI_UP, &hdev->flags)) {
512 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
513 set_bit(HCI_RAW, &hdev->flags);
515 /* Treat all non BR/EDR controllers as raw devices if
516 enable_hs is not set */
517 if (hdev->dev_type != HCI_BREDR && !enable_hs)
518 set_bit(HCI_RAW, &hdev->flags);
520 if (hdev->open(hdev)) {
525 if (!test_bit(HCI_RAW, &hdev->flags)) {
526 atomic_set(&hdev->cmd_cnt, 1);
527 set_bit(HCI_INIT, &hdev->flags);
528 hdev->init_last_cmd = 0;
530 ret = __hci_request(hdev, hci_init_req, 0,
531 msecs_to_jiffies(HCI_INIT_TIMEOUT));
533 if (lmp_host_le_capable(hdev))
534 ret = __hci_request(hdev, hci_le_init_req, 0,
535 msecs_to_jiffies(HCI_INIT_TIMEOUT));
537 clear_bit(HCI_INIT, &hdev->flags);
542 set_bit(HCI_UP, &hdev->flags);
543 hci_notify(hdev, HCI_DEV_UP);
544 if (!test_bit(HCI_SETUP, &hdev->flags)) {
546 mgmt_powered(hdev, 1);
547 hci_dev_unlock(hdev);
550 /* Init failed, cleanup */
551 flush_work(&hdev->tx_work);
552 flush_work(&hdev->cmd_work);
553 flush_work(&hdev->rx_work);
555 skb_queue_purge(&hdev->cmd_q);
556 skb_queue_purge(&hdev->rx_q);
561 if (hdev->sent_cmd) {
562 kfree_skb(hdev->sent_cmd);
563 hdev->sent_cmd = NULL;
571 hci_req_unlock(hdev);
576 static int hci_dev_do_close(struct hci_dev *hdev)
578 BT_DBG("%s %p", hdev->name, hdev);
580 hci_req_cancel(hdev, ENODEV);
583 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
584 del_timer_sync(&hdev->cmd_timer);
585 hci_req_unlock(hdev);
589 /* Flush RX and TX works */
590 flush_work(&hdev->tx_work);
591 flush_work(&hdev->rx_work);
593 if (hdev->discov_timeout > 0) {
594 cancel_delayed_work(&hdev->discov_off);
595 hdev->discov_timeout = 0;
598 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
599 cancel_delayed_work(&hdev->power_off);
602 inquiry_cache_flush(hdev);
603 hci_conn_hash_flush(hdev);
604 hci_dev_unlock(hdev);
606 hci_notify(hdev, HCI_DEV_DOWN);
612 skb_queue_purge(&hdev->cmd_q);
613 atomic_set(&hdev->cmd_cnt, 1);
614 if (!test_bit(HCI_RAW, &hdev->flags)) {
615 set_bit(HCI_INIT, &hdev->flags);
616 __hci_request(hdev, hci_reset_req, 0,
617 msecs_to_jiffies(HCI_INIT_TIMEOUT));
618 clear_bit(HCI_INIT, &hdev->flags);
622 flush_work(&hdev->cmd_work);
625 skb_queue_purge(&hdev->rx_q);
626 skb_queue_purge(&hdev->cmd_q);
627 skb_queue_purge(&hdev->raw_q);
629 /* Drop last sent command */
630 if (hdev->sent_cmd) {
631 del_timer_sync(&hdev->cmd_timer);
632 kfree_skb(hdev->sent_cmd);
633 hdev->sent_cmd = NULL;
636 /* After this point our queues are empty
637 * and no tasks are scheduled. */
641 mgmt_powered(hdev, 0);
642 hci_dev_unlock(hdev);
647 hci_req_unlock(hdev);
653 int hci_dev_close(__u16 dev)
655 struct hci_dev *hdev;
658 hdev = hci_dev_get(dev);
661 err = hci_dev_do_close(hdev);
666 int hci_dev_reset(__u16 dev)
668 struct hci_dev *hdev;
671 hdev = hci_dev_get(dev);
677 if (!test_bit(HCI_UP, &hdev->flags))
681 skb_queue_purge(&hdev->rx_q);
682 skb_queue_purge(&hdev->cmd_q);
685 inquiry_cache_flush(hdev);
686 hci_conn_hash_flush(hdev);
687 hci_dev_unlock(hdev);
692 atomic_set(&hdev->cmd_cnt, 1);
693 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
695 if (!test_bit(HCI_RAW, &hdev->flags))
696 ret = __hci_request(hdev, hci_reset_req, 0,
697 msecs_to_jiffies(HCI_INIT_TIMEOUT));
700 hci_req_unlock(hdev);
705 int hci_dev_reset_stat(__u16 dev)
707 struct hci_dev *hdev;
710 hdev = hci_dev_get(dev);
714 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
721 int hci_dev_cmd(unsigned int cmd, void __user *arg)
723 struct hci_dev *hdev;
724 struct hci_dev_req dr;
727 if (copy_from_user(&dr, arg, sizeof(dr)))
730 hdev = hci_dev_get(dr.dev_id);
736 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
737 msecs_to_jiffies(HCI_INIT_TIMEOUT));
741 if (!lmp_encrypt_capable(hdev)) {
746 if (!test_bit(HCI_AUTH, &hdev->flags)) {
747 /* Auth must be enabled first */
748 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
749 msecs_to_jiffies(HCI_INIT_TIMEOUT));
754 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
755 msecs_to_jiffies(HCI_INIT_TIMEOUT));
759 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
760 msecs_to_jiffies(HCI_INIT_TIMEOUT));
764 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
765 msecs_to_jiffies(HCI_INIT_TIMEOUT));
769 hdev->link_mode = ((__u16) dr.dev_opt) &
770 (HCI_LM_MASTER | HCI_LM_ACCEPT);
774 hdev->pkt_type = (__u16) dr.dev_opt;
778 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
779 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
783 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
784 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
796 int hci_get_dev_list(void __user *arg)
798 struct hci_dev *hdev;
799 struct hci_dev_list_req *dl;
800 struct hci_dev_req *dr;
801 int n = 0, size, err;
804 if (get_user(dev_num, (__u16 __user *) arg))
807 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
810 size = sizeof(*dl) + dev_num * sizeof(*dr);
812 dl = kzalloc(size, GFP_KERNEL);
818 read_lock_bh(&hci_dev_list_lock);
819 list_for_each_entry(hdev, &hci_dev_list, list) {
820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
821 cancel_delayed_work(&hdev->power_off);
823 if (!test_bit(HCI_MGMT, &hdev->flags))
824 set_bit(HCI_PAIRABLE, &hdev->flags);
826 (dr + n)->dev_id = hdev->id;
827 (dr + n)->dev_opt = hdev->flags;
832 read_unlock_bh(&hci_dev_list_lock);
835 size = sizeof(*dl) + n * sizeof(*dr);
837 err = copy_to_user(arg, dl, size);
840 return err ? -EFAULT : 0;
843 int hci_get_dev_info(void __user *arg)
845 struct hci_dev *hdev;
846 struct hci_dev_info di;
849 if (copy_from_user(&di, arg, sizeof(di)))
852 hdev = hci_dev_get(di.dev_id);
856 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
857 cancel_delayed_work_sync(&hdev->power_off);
859 if (!test_bit(HCI_MGMT, &hdev->flags))
860 set_bit(HCI_PAIRABLE, &hdev->flags);
862 strcpy(di.name, hdev->name);
863 di.bdaddr = hdev->bdaddr;
864 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
865 di.flags = hdev->flags;
866 di.pkt_type = hdev->pkt_type;
867 di.acl_mtu = hdev->acl_mtu;
868 di.acl_pkts = hdev->acl_pkts;
869 di.sco_mtu = hdev->sco_mtu;
870 di.sco_pkts = hdev->sco_pkts;
871 di.link_policy = hdev->link_policy;
872 di.link_mode = hdev->link_mode;
874 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
875 memcpy(&di.features, &hdev->features, sizeof(di.features));
877 if (copy_to_user(arg, &di, sizeof(di)))
885 /* ---- Interface to HCI drivers ---- */
887 static int hci_rfkill_set_block(void *data, bool blocked)
889 struct hci_dev *hdev = data;
891 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
896 hci_dev_do_close(hdev);
901 static const struct rfkill_ops hci_rfkill_ops = {
902 .set_block = hci_rfkill_set_block,
905 /* Alloc HCI device */
906 struct hci_dev *hci_alloc_dev(void)
908 struct hci_dev *hdev;
910 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
914 hci_init_sysfs(hdev);
915 skb_queue_head_init(&hdev->driver_init);
919 EXPORT_SYMBOL(hci_alloc_dev);
921 /* Free HCI device */
922 void hci_free_dev(struct hci_dev *hdev)
924 skb_queue_purge(&hdev->driver_init);
926 /* will free via device release */
927 put_device(&hdev->dev);
929 EXPORT_SYMBOL(hci_free_dev);
931 static void hci_power_on(struct work_struct *work)
933 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
935 BT_DBG("%s", hdev->name);
937 if (hci_dev_open(hdev->id) < 0)
940 if (test_bit(HCI_AUTO_OFF, &hdev->flags))
941 schedule_delayed_work(&hdev->power_off,
942 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
944 if (test_and_clear_bit(HCI_SETUP, &hdev->flags))
945 mgmt_index_added(hdev);
948 static void hci_power_off(struct work_struct *work)
950 struct hci_dev *hdev = container_of(work, struct hci_dev,
953 BT_DBG("%s", hdev->name);
955 clear_bit(HCI_AUTO_OFF, &hdev->flags);
957 hci_dev_close(hdev->id);
960 static void hci_discov_off(struct work_struct *work)
962 struct hci_dev *hdev;
965 hdev = container_of(work, struct hci_dev, discov_off.work);
967 BT_DBG("%s", hdev->name);
971 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
973 hdev->discov_timeout = 0;
975 hci_dev_unlock(hdev);
978 int hci_uuids_clear(struct hci_dev *hdev)
980 struct list_head *p, *n;
982 list_for_each_safe(p, n, &hdev->uuids) {
983 struct bt_uuid *uuid;
985 uuid = list_entry(p, struct bt_uuid, list);
994 int hci_link_keys_clear(struct hci_dev *hdev)
996 struct list_head *p, *n;
998 list_for_each_safe(p, n, &hdev->link_keys) {
999 struct link_key *key;
1001 key = list_entry(p, struct link_key, list);
1010 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1014 list_for_each_entry(k, &hdev->link_keys, list)
1015 if (bacmp(bdaddr, &k->bdaddr) == 0)
1021 static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1022 u8 key_type, u8 old_key_type)
1025 if (key_type < 0x03)
1028 /* Debug keys are insecure so don't store them persistently */
1029 if (key_type == HCI_LK_DEBUG_COMBINATION)
1032 /* Changed combination key and there's no previous one */
1033 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1036 /* Security mode 3 case */
1040 /* Neither local nor remote side had no-bonding as requirement */
1041 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1044 /* Local side had dedicated bonding as requirement */
1045 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1048 /* Remote side had dedicated bonding as requirement */
1049 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1052 /* If none of the above criteria match, then don't store the key
1057 struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1061 list_for_each_entry(k, &hdev->link_keys, list) {
1062 struct key_master_id *id;
1064 if (k->type != HCI_LK_SMP_LTK)
1067 if (k->dlen != sizeof(*id))
1070 id = (void *) &k->data;
1071 if (id->ediv == ediv &&
1072 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1078 EXPORT_SYMBOL(hci_find_ltk);
1080 struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
1081 bdaddr_t *bdaddr, u8 type)
1085 list_for_each_entry(k, &hdev->link_keys, list)
1086 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0)
1091 EXPORT_SYMBOL(hci_find_link_key_type);
1093 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1094 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1096 struct link_key *key, *old_key;
1097 u8 old_key_type, persistent;
1099 old_key = hci_find_link_key(hdev, bdaddr);
1101 old_key_type = old_key->type;
1104 old_key_type = conn ? conn->key_type : 0xff;
1105 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1108 list_add(&key->list, &hdev->link_keys);
1111 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1113 /* Some buggy controller combinations generate a changed
1114 * combination key for legacy pairing even when there's no
1116 if (type == HCI_LK_CHANGED_COMBINATION &&
1117 (!conn || conn->remote_auth == 0xff) &&
1118 old_key_type == 0xff) {
1119 type = HCI_LK_COMBINATION;
1121 conn->key_type = type;
1124 bacpy(&key->bdaddr, bdaddr);
1125 memcpy(key->val, val, 16);
1126 key->pin_len = pin_len;
1128 if (type == HCI_LK_CHANGED_COMBINATION)
1129 key->type = old_key_type;
1136 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1138 mgmt_new_link_key(hdev, key, persistent);
1141 list_del(&key->list);
1148 int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
1149 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
1151 struct link_key *key, *old_key;
1152 struct key_master_id *id;
1155 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
1157 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK);
1160 old_key_type = old_key->type;
1162 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1165 list_add(&key->list, &hdev->link_keys);
1166 old_key_type = 0xff;
1169 key->dlen = sizeof(*id);
1171 bacpy(&key->bdaddr, bdaddr);
1172 memcpy(key->val, ltk, sizeof(key->val));
1173 key->type = HCI_LK_SMP_LTK;
1174 key->pin_len = key_size;
1176 id = (void *) &key->data;
1178 memcpy(id->rand, rand, sizeof(id->rand));
1181 mgmt_new_link_key(hdev, key, old_key_type);
1186 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1188 struct link_key *key;
1190 key = hci_find_link_key(hdev, bdaddr);
1194 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1196 list_del(&key->list);
1202 /* HCI command timer function */
1203 static void hci_cmd_timer(unsigned long arg)
1205 struct hci_dev *hdev = (void *) arg;
1207 BT_ERR("%s command tx timeout", hdev->name);
1208 atomic_set(&hdev->cmd_cnt, 1);
1209 queue_work(hdev->workqueue, &hdev->cmd_work);
1212 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1215 struct oob_data *data;
1217 list_for_each_entry(data, &hdev->remote_oob_data, list)
1218 if (bacmp(bdaddr, &data->bdaddr) == 0)
1224 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1226 struct oob_data *data;
1228 data = hci_find_remote_oob_data(hdev, bdaddr);
1232 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1234 list_del(&data->list);
1240 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1242 struct oob_data *data, *n;
1244 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1245 list_del(&data->list);
1252 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1255 struct oob_data *data;
1257 data = hci_find_remote_oob_data(hdev, bdaddr);
1260 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1264 bacpy(&data->bdaddr, bdaddr);
1265 list_add(&data->list, &hdev->remote_oob_data);
1268 memcpy(data->hash, hash, sizeof(data->hash));
1269 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1271 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1276 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
1279 struct bdaddr_list *b;
1281 list_for_each_entry(b, &hdev->blacklist, list)
1282 if (bacmp(bdaddr, &b->bdaddr) == 0)
1288 int hci_blacklist_clear(struct hci_dev *hdev)
1290 struct list_head *p, *n;
1292 list_for_each_safe(p, n, &hdev->blacklist) {
1293 struct bdaddr_list *b;
1295 b = list_entry(p, struct bdaddr_list, list);
1304 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1306 struct bdaddr_list *entry;
1308 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1311 if (hci_blacklist_lookup(hdev, bdaddr))
1314 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1318 bacpy(&entry->bdaddr, bdaddr);
1320 list_add(&entry->list, &hdev->blacklist);
1322 return mgmt_device_blocked(hdev, bdaddr);
1325 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1327 struct bdaddr_list *entry;
1329 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1330 return hci_blacklist_clear(hdev);
1332 entry = hci_blacklist_lookup(hdev, bdaddr);
1336 list_del(&entry->list);
1339 return mgmt_device_unblocked(hdev, bdaddr);
1342 static void hci_clear_adv_cache(struct work_struct *work)
1344 struct hci_dev *hdev = container_of(work, struct hci_dev,
1349 hci_adv_entries_clear(hdev);
1351 hci_dev_unlock(hdev);
1354 int hci_adv_entries_clear(struct hci_dev *hdev)
1356 struct adv_entry *entry, *tmp;
1358 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1359 list_del(&entry->list);
1363 BT_DBG("%s adv cache cleared", hdev->name);
1368 struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1370 struct adv_entry *entry;
1372 list_for_each_entry(entry, &hdev->adv_entries, list)
1373 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1379 static inline int is_connectable_adv(u8 evt_type)
1381 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1387 int hci_add_adv_entry(struct hci_dev *hdev,
1388 struct hci_ev_le_advertising_info *ev)
1390 struct adv_entry *entry;
1392 if (!is_connectable_adv(ev->evt_type))
1395 /* Only new entries should be added to adv_entries. So, if
1396 * bdaddr was found, don't add it. */
1397 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1400 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
1404 bacpy(&entry->bdaddr, &ev->bdaddr);
1405 entry->bdaddr_type = ev->bdaddr_type;
1407 list_add(&entry->list, &hdev->adv_entries);
1409 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1410 batostr(&entry->bdaddr), entry->bdaddr_type);
1415 /* Register HCI device */
1416 int hci_register_dev(struct hci_dev *hdev)
1418 struct list_head *head = &hci_dev_list, *p;
1421 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
1422 hdev->bus, hdev->owner);
1424 if (!hdev->open || !hdev->close || !hdev->destruct)
1427 /* Do not allow HCI_AMP devices to register at index 0,
1428 * so the index can be used as the AMP controller ID.
1430 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1432 write_lock_bh(&hci_dev_list_lock);
1434 /* Find first available device id */
1435 list_for_each(p, &hci_dev_list) {
1436 if (list_entry(p, struct hci_dev, list)->id != id)
1441 sprintf(hdev->name, "hci%d", id);
1443 list_add_tail(&hdev->list, head);
1445 atomic_set(&hdev->refcnt, 1);
1446 mutex_init(&hdev->lock);
1449 hdev->dev_flags = 0;
1450 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1451 hdev->esco_type = (ESCO_HV1);
1452 hdev->link_mode = (HCI_LM_ACCEPT);
1453 hdev->io_capability = 0x03; /* No Input No Output */
1455 hdev->idle_timeout = 0;
1456 hdev->sniff_max_interval = 800;
1457 hdev->sniff_min_interval = 80;
1459 INIT_WORK(&hdev->rx_work, hci_rx_work);
1460 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1461 INIT_WORK(&hdev->tx_work, hci_tx_work);
1464 skb_queue_head_init(&hdev->rx_q);
1465 skb_queue_head_init(&hdev->cmd_q);
1466 skb_queue_head_init(&hdev->raw_q);
1468 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1470 for (i = 0; i < NUM_REASSEMBLY; i++)
1471 hdev->reassembly[i] = NULL;
1473 init_waitqueue_head(&hdev->req_wait_q);
1474 mutex_init(&hdev->req_lock);
1476 inquiry_cache_init(hdev);
1478 hci_conn_hash_init(hdev);
1480 INIT_LIST_HEAD(&hdev->mgmt_pending);
1482 INIT_LIST_HEAD(&hdev->blacklist);
1484 INIT_LIST_HEAD(&hdev->uuids);
1486 INIT_LIST_HEAD(&hdev->link_keys);
1488 INIT_LIST_HEAD(&hdev->remote_oob_data);
1490 INIT_LIST_HEAD(&hdev->adv_entries);
1492 INIT_DELAYED_WORK(&hdev->adv_work, hci_clear_adv_cache);
1493 INIT_WORK(&hdev->power_on, hci_power_on);
1494 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1496 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1498 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1500 atomic_set(&hdev->promisc, 0);
1502 write_unlock_bh(&hci_dev_list_lock);
1504 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1506 if (!hdev->workqueue) {
1511 error = hci_add_sysfs(hdev);
1515 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1516 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1518 if (rfkill_register(hdev->rfkill) < 0) {
1519 rfkill_destroy(hdev->rfkill);
1520 hdev->rfkill = NULL;
1524 set_bit(HCI_AUTO_OFF, &hdev->flags);
1525 set_bit(HCI_SETUP, &hdev->flags);
1526 schedule_work(&hdev->power_on);
1528 hci_notify(hdev, HCI_DEV_REG);
1533 destroy_workqueue(hdev->workqueue);
1535 write_lock_bh(&hci_dev_list_lock);
1536 list_del(&hdev->list);
1537 write_unlock_bh(&hci_dev_list_lock);
1541 EXPORT_SYMBOL(hci_register_dev);
1543 /* Unregister HCI device */
1544 void hci_unregister_dev(struct hci_dev *hdev)
1548 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1550 write_lock_bh(&hci_dev_list_lock);
1551 list_del(&hdev->list);
1552 write_unlock_bh(&hci_dev_list_lock);
1554 hci_dev_do_close(hdev);
1556 for (i = 0; i < NUM_REASSEMBLY; i++)
1557 kfree_skb(hdev->reassembly[i]);
1559 if (!test_bit(HCI_INIT, &hdev->flags) &&
1560 !test_bit(HCI_SETUP, &hdev->flags)) {
1562 mgmt_index_removed(hdev);
1563 hci_dev_unlock(hdev);
1566 /* mgmt_index_removed should take care of emptying the
1568 BUG_ON(!list_empty(&hdev->mgmt_pending));
1570 hci_notify(hdev, HCI_DEV_UNREG);
1573 rfkill_unregister(hdev->rfkill);
1574 rfkill_destroy(hdev->rfkill);
1577 hci_del_sysfs(hdev);
1579 cancel_delayed_work_sync(&hdev->adv_work);
1581 destroy_workqueue(hdev->workqueue);
1584 hci_blacklist_clear(hdev);
1585 hci_uuids_clear(hdev);
1586 hci_link_keys_clear(hdev);
1587 hci_remote_oob_data_clear(hdev);
1588 hci_adv_entries_clear(hdev);
1589 hci_dev_unlock(hdev);
1591 __hci_dev_put(hdev);
1593 EXPORT_SYMBOL(hci_unregister_dev);
1595 /* Suspend HCI device */
1596 int hci_suspend_dev(struct hci_dev *hdev)
1598 hci_notify(hdev, HCI_DEV_SUSPEND);
1601 EXPORT_SYMBOL(hci_suspend_dev);
1603 /* Resume HCI device */
1604 int hci_resume_dev(struct hci_dev *hdev)
1606 hci_notify(hdev, HCI_DEV_RESUME);
1609 EXPORT_SYMBOL(hci_resume_dev);
1611 /* Receive frame from HCI drivers */
1612 int hci_recv_frame(struct sk_buff *skb)
1614 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1615 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1616 && !test_bit(HCI_INIT, &hdev->flags))) {
1622 bt_cb(skb)->incoming = 1;
1625 __net_timestamp(skb);
1627 skb_queue_tail(&hdev->rx_q, skb);
1628 queue_work(hdev->workqueue, &hdev->rx_work);
1632 EXPORT_SYMBOL(hci_recv_frame);
1634 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1635 int count, __u8 index)
1640 struct sk_buff *skb;
1641 struct bt_skb_cb *scb;
1643 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1644 index >= NUM_REASSEMBLY)
1647 skb = hdev->reassembly[index];
1651 case HCI_ACLDATA_PKT:
1652 len = HCI_MAX_FRAME_SIZE;
1653 hlen = HCI_ACL_HDR_SIZE;
1656 len = HCI_MAX_EVENT_SIZE;
1657 hlen = HCI_EVENT_HDR_SIZE;
1659 case HCI_SCODATA_PKT:
1660 len = HCI_MAX_SCO_SIZE;
1661 hlen = HCI_SCO_HDR_SIZE;
1665 skb = bt_skb_alloc(len, GFP_ATOMIC);
1669 scb = (void *) skb->cb;
1671 scb->pkt_type = type;
1673 skb->dev = (void *) hdev;
1674 hdev->reassembly[index] = skb;
1678 scb = (void *) skb->cb;
1679 len = min(scb->expect, (__u16)count);
1681 memcpy(skb_put(skb, len), data, len);
1690 if (skb->len == HCI_EVENT_HDR_SIZE) {
1691 struct hci_event_hdr *h = hci_event_hdr(skb);
1692 scb->expect = h->plen;
1694 if (skb_tailroom(skb) < scb->expect) {
1696 hdev->reassembly[index] = NULL;
1702 case HCI_ACLDATA_PKT:
1703 if (skb->len == HCI_ACL_HDR_SIZE) {
1704 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1705 scb->expect = __le16_to_cpu(h->dlen);
1707 if (skb_tailroom(skb) < scb->expect) {
1709 hdev->reassembly[index] = NULL;
1715 case HCI_SCODATA_PKT:
1716 if (skb->len == HCI_SCO_HDR_SIZE) {
1717 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1718 scb->expect = h->dlen;
1720 if (skb_tailroom(skb) < scb->expect) {
1722 hdev->reassembly[index] = NULL;
1729 if (scb->expect == 0) {
1730 /* Complete frame */
1732 bt_cb(skb)->pkt_type = type;
1733 hci_recv_frame(skb);
1735 hdev->reassembly[index] = NULL;
1743 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1747 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1751 rem = hci_reassembly(hdev, type, data, count, type - 1);
1755 data += (count - rem);
1761 EXPORT_SYMBOL(hci_recv_fragment);
1763 #define STREAM_REASSEMBLY 0
1765 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1771 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1774 struct { char type; } *pkt;
1776 /* Start of the frame */
1783 type = bt_cb(skb)->pkt_type;
1785 rem = hci_reassembly(hdev, type, data, count,
1790 data += (count - rem);
1796 EXPORT_SYMBOL(hci_recv_stream_fragment);
1798 /* ---- Interface to upper protocols ---- */
1800 /* Register/Unregister protocols.
1801 * hci_task_lock is used to ensure that no tasks are running. */
1802 int hci_register_proto(struct hci_proto *hp)
1806 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1808 if (hp->id >= HCI_MAX_PROTO)
1811 mutex_lock(&hci_task_lock);
1813 if (!hci_proto[hp->id])
1814 hci_proto[hp->id] = hp;
1818 mutex_unlock(&hci_task_lock);
1822 EXPORT_SYMBOL(hci_register_proto);
1824 int hci_unregister_proto(struct hci_proto *hp)
1828 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1830 if (hp->id >= HCI_MAX_PROTO)
1833 mutex_lock(&hci_task_lock);
1835 if (hci_proto[hp->id])
1836 hci_proto[hp->id] = NULL;
1840 mutex_unlock(&hci_task_lock);
1844 EXPORT_SYMBOL(hci_unregister_proto);
1846 int hci_register_cb(struct hci_cb *cb)
1848 BT_DBG("%p name %s", cb, cb->name);
1850 write_lock_bh(&hci_cb_list_lock);
1851 list_add(&cb->list, &hci_cb_list);
1852 write_unlock_bh(&hci_cb_list_lock);
1856 EXPORT_SYMBOL(hci_register_cb);
1858 int hci_unregister_cb(struct hci_cb *cb)
1860 BT_DBG("%p name %s", cb, cb->name);
1862 write_lock_bh(&hci_cb_list_lock);
1863 list_del(&cb->list);
1864 write_unlock_bh(&hci_cb_list_lock);
1868 EXPORT_SYMBOL(hci_unregister_cb);
1870 static int hci_send_frame(struct sk_buff *skb)
1872 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1879 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1881 if (atomic_read(&hdev->promisc)) {
1883 __net_timestamp(skb);
1885 hci_send_to_sock(hdev, skb, NULL);
1888 /* Get rid of skb owner, prior to sending to the driver. */
1891 return hdev->send(skb);
1894 /* Send HCI command */
1895 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1897 int len = HCI_COMMAND_HDR_SIZE + plen;
1898 struct hci_command_hdr *hdr;
1899 struct sk_buff *skb;
1901 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1903 skb = bt_skb_alloc(len, GFP_ATOMIC);
1905 BT_ERR("%s no memory for command", hdev->name);
1909 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1910 hdr->opcode = cpu_to_le16(opcode);
1914 memcpy(skb_put(skb, plen), param, plen);
1916 BT_DBG("skb len %d", skb->len);
1918 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1919 skb->dev = (void *) hdev;
1921 if (test_bit(HCI_INIT, &hdev->flags))
1922 hdev->init_last_cmd = opcode;
1924 skb_queue_tail(&hdev->cmd_q, skb);
1925 queue_work(hdev->workqueue, &hdev->cmd_work);
1930 /* Get data from the previously sent command */
1931 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1933 struct hci_command_hdr *hdr;
1935 if (!hdev->sent_cmd)
1938 hdr = (void *) hdev->sent_cmd->data;
1940 if (hdr->opcode != cpu_to_le16(opcode))
1943 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1945 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1949 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1951 struct hci_acl_hdr *hdr;
1954 skb_push(skb, HCI_ACL_HDR_SIZE);
1955 skb_reset_transport_header(skb);
1956 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1957 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1958 hdr->dlen = cpu_to_le16(len);
1961 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
1962 struct sk_buff *skb, __u16 flags)
1964 struct hci_dev *hdev = conn->hdev;
1965 struct sk_buff *list;
1967 list = skb_shinfo(skb)->frag_list;
1969 /* Non fragmented */
1970 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1972 skb_queue_tail(queue, skb);
1975 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1977 skb_shinfo(skb)->frag_list = NULL;
1979 /* Queue all fragments atomically */
1980 spin_lock_bh(&queue->lock);
1982 __skb_queue_tail(queue, skb);
1984 flags &= ~ACL_START;
1987 skb = list; list = list->next;
1989 skb->dev = (void *) hdev;
1990 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1991 hci_add_acl_hdr(skb, conn->handle, flags);
1993 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1995 __skb_queue_tail(queue, skb);
1998 spin_unlock_bh(&queue->lock);
2002 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2004 struct hci_conn *conn = chan->conn;
2005 struct hci_dev *hdev = conn->hdev;
2007 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
2009 skb->dev = (void *) hdev;
2010 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2011 hci_add_acl_hdr(skb, conn->handle, flags);
2013 hci_queue_acl(conn, &chan->data_q, skb, flags);
2015 queue_work(hdev->workqueue, &hdev->tx_work);
2017 EXPORT_SYMBOL(hci_send_acl);
2020 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2022 struct hci_dev *hdev = conn->hdev;
2023 struct hci_sco_hdr hdr;
2025 BT_DBG("%s len %d", hdev->name, skb->len);
2027 hdr.handle = cpu_to_le16(conn->handle);
2028 hdr.dlen = skb->len;
2030 skb_push(skb, HCI_SCO_HDR_SIZE);
2031 skb_reset_transport_header(skb);
2032 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2034 skb->dev = (void *) hdev;
2035 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2037 skb_queue_tail(&conn->data_q, skb);
2038 queue_work(hdev->workqueue, &hdev->tx_work);
2040 EXPORT_SYMBOL(hci_send_sco);
2042 /* ---- HCI TX task (outgoing data) ---- */
2044 /* HCI Connection scheduler */
2045 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2047 struct hci_conn_hash *h = &hdev->conn_hash;
2048 struct hci_conn *conn = NULL, *c;
2049 int num = 0, min = ~0;
2051 /* We don't have to lock device here. Connections are always
2052 * added and removed with TX task disabled. */
2056 list_for_each_entry_rcu(c, &h->list, list) {
2057 if (c->type != type || skb_queue_empty(&c->data_q))
2060 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2065 if (c->sent < min) {
2070 if (hci_conn_num(hdev, type) == num)
2079 switch (conn->type) {
2081 cnt = hdev->acl_cnt;
2085 cnt = hdev->sco_cnt;
2088 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2092 BT_ERR("Unknown link type");
2100 BT_DBG("conn %p quote %d", conn, *quote);
2104 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2106 struct hci_conn_hash *h = &hdev->conn_hash;
2109 BT_ERR("%s link tx timeout", hdev->name);
2113 /* Kill stalled connections */
2114 list_for_each_entry_rcu(c, &h->list, list) {
2115 if (c->type == type && c->sent) {
2116 BT_ERR("%s killing stalled connection %s",
2117 hdev->name, batostr(&c->dst));
2118 hci_acl_disconn(c, 0x13);
2125 static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2128 struct hci_conn_hash *h = &hdev->conn_hash;
2129 struct hci_chan *chan = NULL;
2130 int num = 0, min = ~0, cur_prio = 0;
2131 struct hci_conn *conn;
2132 int cnt, q, conn_num = 0;
2134 BT_DBG("%s", hdev->name);
2138 list_for_each_entry_rcu(conn, &h->list, list) {
2139 struct hci_chan *tmp;
2141 if (conn->type != type)
2144 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2149 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2150 struct sk_buff *skb;
2152 if (skb_queue_empty(&tmp->data_q))
2155 skb = skb_peek(&tmp->data_q);
2156 if (skb->priority < cur_prio)
2159 if (skb->priority > cur_prio) {
2162 cur_prio = skb->priority;
2167 if (conn->sent < min) {
2173 if (hci_conn_num(hdev, type) == conn_num)
2182 switch (chan->conn->type) {
2184 cnt = hdev->acl_cnt;
2188 cnt = hdev->sco_cnt;
2191 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2195 BT_ERR("Unknown link type");
2200 BT_DBG("chan %p quote %d", chan, *quote);
2204 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2206 struct hci_conn_hash *h = &hdev->conn_hash;
2207 struct hci_conn *conn;
2210 BT_DBG("%s", hdev->name);
2214 list_for_each_entry_rcu(conn, &h->list, list) {
2215 struct hci_chan *chan;
2217 if (conn->type != type)
2220 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2225 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2226 struct sk_buff *skb;
2233 if (skb_queue_empty(&chan->data_q))
2236 skb = skb_peek(&chan->data_q);
2237 if (skb->priority >= HCI_PRIO_MAX - 1)
2240 skb->priority = HCI_PRIO_MAX - 1;
2242 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2246 if (hci_conn_num(hdev, type) == num)
2254 static inline void hci_sched_acl(struct hci_dev *hdev)
2256 struct hci_chan *chan;
2257 struct sk_buff *skb;
2261 BT_DBG("%s", hdev->name);
2263 if (!hci_conn_num(hdev, ACL_LINK))
2266 if (!test_bit(HCI_RAW, &hdev->flags)) {
2267 /* ACL tx timeout must be longer than maximum
2268 * link supervision timeout (40.9 seconds) */
2269 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
2270 hci_link_tx_to(hdev, ACL_LINK);
2273 cnt = hdev->acl_cnt;
2275 while (hdev->acl_cnt &&
2276 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2277 u32 priority = (skb_peek(&chan->data_q))->priority;
2278 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2279 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2280 skb->len, skb->priority);
2282 /* Stop if priority has changed */
2283 if (skb->priority < priority)
2286 skb = skb_dequeue(&chan->data_q);
2288 hci_conn_enter_active_mode(chan->conn,
2289 bt_cb(skb)->force_active);
2291 hci_send_frame(skb);
2292 hdev->acl_last_tx = jiffies;
2300 if (cnt != hdev->acl_cnt)
2301 hci_prio_recalculate(hdev, ACL_LINK);
2305 static inline void hci_sched_sco(struct hci_dev *hdev)
2307 struct hci_conn *conn;
2308 struct sk_buff *skb;
2311 BT_DBG("%s", hdev->name);
2313 if (!hci_conn_num(hdev, SCO_LINK))
2316 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
2317 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2318 BT_DBG("skb %p len %d", skb, skb->len);
2319 hci_send_frame(skb);
2322 if (conn->sent == ~0)
2328 static inline void hci_sched_esco(struct hci_dev *hdev)
2330 struct hci_conn *conn;
2331 struct sk_buff *skb;
2334 BT_DBG("%s", hdev->name);
2336 if (!hci_conn_num(hdev, ESCO_LINK))
2339 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
2340 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2341 BT_DBG("skb %p len %d", skb, skb->len);
2342 hci_send_frame(skb);
2345 if (conn->sent == ~0)
2351 static inline void hci_sched_le(struct hci_dev *hdev)
2353 struct hci_chan *chan;
2354 struct sk_buff *skb;
2355 int quote, cnt, tmp;
2357 BT_DBG("%s", hdev->name);
2359 if (!hci_conn_num(hdev, LE_LINK))
2362 if (!test_bit(HCI_RAW, &hdev->flags)) {
2363 /* LE tx timeout must be longer than maximum
2364 * link supervision timeout (40.9 seconds) */
2365 if (!hdev->le_cnt && hdev->le_pkts &&
2366 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2367 hci_link_tx_to(hdev, LE_LINK);
2370 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2372 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
2373 u32 priority = (skb_peek(&chan->data_q))->priority;
2374 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2375 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2376 skb->len, skb->priority);
2378 /* Stop if priority has changed */
2379 if (skb->priority < priority)
2382 skb = skb_dequeue(&chan->data_q);
2384 hci_send_frame(skb);
2385 hdev->le_last_tx = jiffies;
2396 hdev->acl_cnt = cnt;
2399 hci_prio_recalculate(hdev, LE_LINK);
2402 static void hci_tx_work(struct work_struct *work)
2404 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2405 struct sk_buff *skb;
2407 mutex_lock(&hci_task_lock);
2409 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2410 hdev->sco_cnt, hdev->le_cnt);
2412 /* Schedule queues and send stuff to HCI driver */
2414 hci_sched_acl(hdev);
2416 hci_sched_sco(hdev);
2418 hci_sched_esco(hdev);
2422 /* Send next queued raw (unknown type) packet */
2423 while ((skb = skb_dequeue(&hdev->raw_q)))
2424 hci_send_frame(skb);
2426 mutex_unlock(&hci_task_lock);
2429 /* ----- HCI RX task (incoming data processing) ----- */
2431 /* ACL data packet */
2432 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2434 struct hci_acl_hdr *hdr = (void *) skb->data;
2435 struct hci_conn *conn;
2436 __u16 handle, flags;
2438 skb_pull(skb, HCI_ACL_HDR_SIZE);
2440 handle = __le16_to_cpu(hdr->handle);
2441 flags = hci_flags(handle);
2442 handle = hci_handle(handle);
2444 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2446 hdev->stat.acl_rx++;
2449 conn = hci_conn_hash_lookup_handle(hdev, handle);
2450 hci_dev_unlock(hdev);
2453 register struct hci_proto *hp;
2455 hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active);
2457 /* Send to upper protocol */
2458 hp = hci_proto[HCI_PROTO_L2CAP];
2459 if (hp && hp->recv_acldata) {
2460 hp->recv_acldata(conn, skb, flags);
2464 BT_ERR("%s ACL packet for unknown connection handle %d",
2465 hdev->name, handle);
2471 /* SCO data packet */
2472 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2474 struct hci_sco_hdr *hdr = (void *) skb->data;
2475 struct hci_conn *conn;
2478 skb_pull(skb, HCI_SCO_HDR_SIZE);
2480 handle = __le16_to_cpu(hdr->handle);
2482 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2484 hdev->stat.sco_rx++;
2487 conn = hci_conn_hash_lookup_handle(hdev, handle);
2488 hci_dev_unlock(hdev);
2491 register struct hci_proto *hp;
2493 /* Send to upper protocol */
2494 hp = hci_proto[HCI_PROTO_SCO];
2495 if (hp && hp->recv_scodata) {
2496 hp->recv_scodata(conn, skb);
2500 BT_ERR("%s SCO packet for unknown connection handle %d",
2501 hdev->name, handle);
2507 static void hci_rx_work(struct work_struct *work)
2509 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2510 struct sk_buff *skb;
2512 BT_DBG("%s", hdev->name);
2514 mutex_lock(&hci_task_lock);
2516 while ((skb = skb_dequeue(&hdev->rx_q))) {
2517 if (atomic_read(&hdev->promisc)) {
2518 /* Send copy to the sockets */
2519 hci_send_to_sock(hdev, skb, NULL);
2522 if (test_bit(HCI_RAW, &hdev->flags)) {
2527 if (test_bit(HCI_INIT, &hdev->flags)) {
2528 /* Don't process data packets in this states. */
2529 switch (bt_cb(skb)->pkt_type) {
2530 case HCI_ACLDATA_PKT:
2531 case HCI_SCODATA_PKT:
2538 switch (bt_cb(skb)->pkt_type) {
2540 BT_DBG("%s Event packet", hdev->name);
2541 hci_event_packet(hdev, skb);
2544 case HCI_ACLDATA_PKT:
2545 BT_DBG("%s ACL data packet", hdev->name);
2546 hci_acldata_packet(hdev, skb);
2549 case HCI_SCODATA_PKT:
2550 BT_DBG("%s SCO data packet", hdev->name);
2551 hci_scodata_packet(hdev, skb);
2560 mutex_unlock(&hci_task_lock);
2563 static void hci_cmd_work(struct work_struct *work)
2565 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2566 struct sk_buff *skb;
2568 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2570 /* Send queued commands */
2571 if (atomic_read(&hdev->cmd_cnt)) {
2572 skb = skb_dequeue(&hdev->cmd_q);
2576 kfree_skb(hdev->sent_cmd);
2578 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2579 if (hdev->sent_cmd) {
2580 atomic_dec(&hdev->cmd_cnt);
2581 hci_send_frame(skb);
2582 if (test_bit(HCI_RESET, &hdev->flags))
2583 del_timer(&hdev->cmd_timer);
2585 mod_timer(&hdev->cmd_timer,
2586 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2588 skb_queue_head(&hdev->cmd_q, skb);
2589 queue_work(hdev->workqueue, &hdev->cmd_work);
2594 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2596 /* General inquiry access code (GIAC) */
2597 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2598 struct hci_cp_inquiry cp;
2600 BT_DBG("%s", hdev->name);
2602 if (test_bit(HCI_INQUIRY, &hdev->flags))
2603 return -EINPROGRESS;
2605 memset(&cp, 0, sizeof(cp));
2606 memcpy(&cp.lap, lap, sizeof(cp.lap));
2609 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2612 int hci_cancel_inquiry(struct hci_dev *hdev)
2614 BT_DBG("%s", hdev->name);
2616 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2619 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2622 module_param(enable_hs, bool, 0644);
2623 MODULE_PARM_DESC(enable_hs, "Enable High Speed");
projects / linux-flexiantxendom0-3.2.10.git / blob