2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/jiffies.h>
29 #include <linux/module.h>
30 #include <linux/kmod.h>
32 #include <linux/types.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/skbuff.h>
41 #include <linux/workqueue.h>
42 #include <linux/interrupt.h>
43 #include <linux/rfkill.h>
44 #include <linux/timer.h>
45 #include <linux/crypto.h>
48 #include <asm/system.h>
49 #include <linux/uaccess.h>
50 #include <asm/unaligned.h>
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
55 #define AUTO_OFF_TIMEOUT 2000
57 static void hci_rx_work(struct work_struct *work);
58 static void hci_cmd_work(struct work_struct *work);
59 static void hci_tx_work(struct work_struct *work);
62 LIST_HEAD(hci_dev_list);
63 DEFINE_RWLOCK(hci_dev_list_lock);
65 /* HCI callback list */
66 LIST_HEAD(hci_cb_list);
67 DEFINE_RWLOCK(hci_cb_list_lock);
69 /* ---- HCI notifications ---- */
71 static void hci_notify(struct hci_dev *hdev, int event)
73 hci_sock_dev_event(hdev, event);
76 /* ---- HCI requests ---- */
78 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
80 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
82 /* If this is the init phase check if the completed command matches
83 * the last init command, and if not just return.
85 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
86 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
89 /* Some CSR based controllers generate a spontaneous
90 * reset complete event during init and any pending
91 * command will never be completed. In such a case we
92 * need to resend whatever was the last sent
96 if (cmd != HCI_OP_RESET || sent->opcode == HCI_OP_RESET)
99 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
101 skb_queue_head(&hdev->cmd_q, skb);
102 queue_work(hdev->workqueue, &hdev->cmd_work);
108 if (hdev->req_status == HCI_REQ_PEND) {
109 hdev->req_result = result;
110 hdev->req_status = HCI_REQ_DONE;
111 wake_up_interruptible(&hdev->req_wait_q);
115 static void hci_req_cancel(struct hci_dev *hdev, int err)
117 BT_DBG("%s err 0x%2.2x", hdev->name, err);
119 if (hdev->req_status == HCI_REQ_PEND) {
120 hdev->req_result = err;
121 hdev->req_status = HCI_REQ_CANCELED;
122 wake_up_interruptible(&hdev->req_wait_q);
126 /* Execute request and wait for completion. */
127 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
128 unsigned long opt, __u32 timeout)
130 DECLARE_WAITQUEUE(wait, current);
133 BT_DBG("%s start", hdev->name);
135 hdev->req_status = HCI_REQ_PEND;
137 add_wait_queue(&hdev->req_wait_q, &wait);
138 set_current_state(TASK_INTERRUPTIBLE);
141 schedule_timeout(timeout);
143 remove_wait_queue(&hdev->req_wait_q, &wait);
145 if (signal_pending(current))
148 switch (hdev->req_status) {
150 err = -bt_to_errno(hdev->req_result);
153 case HCI_REQ_CANCELED:
154 err = -hdev->req_result;
162 hdev->req_status = hdev->req_result = 0;
164 BT_DBG("%s end: err %d", hdev->name, err);
169 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
170 unsigned long opt, __u32 timeout)
174 if (!test_bit(HCI_UP, &hdev->flags))
177 /* Serialize all requests */
179 ret = __hci_request(hdev, req, opt, timeout);
180 hci_req_unlock(hdev);
185 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
187 BT_DBG("%s %ld", hdev->name, opt);
190 set_bit(HCI_RESET, &hdev->flags);
191 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
194 static void bredr_init(struct hci_dev *hdev)
196 struct hci_cp_delete_stored_link_key cp;
200 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
202 /* Mandatory initialization */
205 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
206 set_bit(HCI_RESET, &hdev->flags);
207 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
210 /* Read Local Supported Features */
211 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
213 /* Read Local Version */
214 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
216 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
217 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
219 /* Read BD Address */
220 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
222 /* Read Class of Device */
223 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
225 /* Read Local Name */
226 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
228 /* Read Voice Setting */
229 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
231 /* Optional initialization */
233 /* Clear Event Filters */
234 flt_type = HCI_FLT_CLEAR_ALL;
235 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
237 /* Connection accept timeout ~20 secs */
238 param = cpu_to_le16(0x7d00);
239 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
241 bacpy(&cp.bdaddr, BDADDR_ANY);
243 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
246 static void amp_init(struct hci_dev *hdev)
248 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
251 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
253 /* Read Local Version */
254 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
257 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
261 BT_DBG("%s %ld", hdev->name, opt);
263 /* Driver initialization */
265 /* Special commands */
266 while ((skb = skb_dequeue(&hdev->driver_init))) {
267 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
268 skb->dev = (void *) hdev;
270 skb_queue_tail(&hdev->cmd_q, skb);
271 queue_work(hdev->workqueue, &hdev->cmd_work);
273 skb_queue_purge(&hdev->driver_init);
275 switch (hdev->dev_type) {
285 BT_ERR("Unknown device type %d", hdev->dev_type);
291 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
293 BT_DBG("%s", hdev->name);
295 /* Read LE buffer size */
296 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
299 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
303 BT_DBG("%s %x", hdev->name, scan);
305 /* Inquiry and Page scans */
306 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
309 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
313 BT_DBG("%s %x", hdev->name, auth);
316 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
319 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
323 BT_DBG("%s %x", hdev->name, encrypt);
326 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
329 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
331 __le16 policy = cpu_to_le16(opt);
333 BT_DBG("%s %x", hdev->name, policy);
335 /* Default link policy */
336 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
339 /* Get HCI device by index.
340 * Device is held on return. */
341 struct hci_dev *hci_dev_get(int index)
343 struct hci_dev *hdev = NULL, *d;
350 read_lock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (d->id == index) {
353 hdev = hci_dev_hold(d);
357 read_unlock(&hci_dev_list_lock);
361 /* ---- Inquiry support ---- */
363 bool hci_discovery_active(struct hci_dev *hdev)
365 struct discovery_state *discov = &hdev->discovery;
367 switch (discov->state) {
368 case DISCOVERY_FINDING:
369 case DISCOVERY_RESOLVING:
377 void hci_discovery_set_state(struct hci_dev *hdev, int state)
379 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
381 if (hdev->discovery.state == state)
385 case DISCOVERY_STOPPED:
386 if (hdev->discovery.state != DISCOVERY_STARTING)
387 mgmt_discovering(hdev, 0);
388 hdev->discovery.type = 0;
390 case DISCOVERY_STARTING:
392 case DISCOVERY_FINDING:
393 mgmt_discovering(hdev, 1);
395 case DISCOVERY_RESOLVING:
397 case DISCOVERY_STOPPING:
401 hdev->discovery.state = state;
404 static void inquiry_cache_flush(struct hci_dev *hdev)
406 struct discovery_state *cache = &hdev->discovery;
407 struct inquiry_entry *p, *n;
409 list_for_each_entry_safe(p, n, &cache->all, all) {
414 INIT_LIST_HEAD(&cache->unknown);
415 INIT_LIST_HEAD(&cache->resolve);
418 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
420 struct discovery_state *cache = &hdev->discovery;
421 struct inquiry_entry *e;
423 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
425 list_for_each_entry(e, &cache->all, all) {
426 if (!bacmp(&e->data.bdaddr, bdaddr))
433 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
436 struct discovery_state *cache = &hdev->discovery;
437 struct inquiry_entry *e;
439 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
441 list_for_each_entry(e, &cache->unknown, list) {
442 if (!bacmp(&e->data.bdaddr, bdaddr))
449 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
453 struct discovery_state *cache = &hdev->discovery;
454 struct inquiry_entry *e;
456 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
458 list_for_each_entry(e, &cache->resolve, list) {
459 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
461 if (!bacmp(&e->data.bdaddr, bdaddr))
468 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
469 struct inquiry_entry *ie)
471 struct discovery_state *cache = &hdev->discovery;
472 struct list_head *pos = &cache->resolve;
473 struct inquiry_entry *p;
477 list_for_each_entry(p, &cache->resolve, list) {
478 if (p->name_state != NAME_PENDING &&
479 abs(p->data.rssi) >= abs(ie->data.rssi))
484 list_add(&ie->list, pos);
487 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
488 bool name_known, bool *ssp)
490 struct discovery_state *cache = &hdev->discovery;
491 struct inquiry_entry *ie;
493 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
496 *ssp = data->ssp_mode;
498 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
500 if (ie->data.ssp_mode && ssp)
503 if (ie->name_state == NAME_NEEDED &&
504 data->rssi != ie->data.rssi) {
505 ie->data.rssi = data->rssi;
506 hci_inquiry_cache_update_resolve(hdev, ie);
512 /* Entry not in the cache. Add new one. */
513 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
517 list_add(&ie->all, &cache->all);
520 ie->name_state = NAME_KNOWN;
522 ie->name_state = NAME_NOT_KNOWN;
523 list_add(&ie->list, &cache->unknown);
527 if (name_known && ie->name_state != NAME_KNOWN &&
528 ie->name_state != NAME_PENDING) {
529 ie->name_state = NAME_KNOWN;
533 memcpy(&ie->data, data, sizeof(*data));
534 ie->timestamp = jiffies;
535 cache->timestamp = jiffies;
537 if (ie->name_state == NAME_NOT_KNOWN)
543 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
545 struct discovery_state *cache = &hdev->discovery;
546 struct inquiry_info *info = (struct inquiry_info *) buf;
547 struct inquiry_entry *e;
550 list_for_each_entry(e, &cache->all, all) {
551 struct inquiry_data *data = &e->data;
556 bacpy(&info->bdaddr, &data->bdaddr);
557 info->pscan_rep_mode = data->pscan_rep_mode;
558 info->pscan_period_mode = data->pscan_period_mode;
559 info->pscan_mode = data->pscan_mode;
560 memcpy(info->dev_class, data->dev_class, 3);
561 info->clock_offset = data->clock_offset;
567 BT_DBG("cache %p, copied %d", cache, copied);
571 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
573 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
574 struct hci_cp_inquiry cp;
576 BT_DBG("%s", hdev->name);
578 if (test_bit(HCI_INQUIRY, &hdev->flags))
582 memcpy(&cp.lap, &ir->lap, 3);
583 cp.length = ir->length;
584 cp.num_rsp = ir->num_rsp;
585 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
588 int hci_inquiry(void __user *arg)
590 __u8 __user *ptr = arg;
591 struct hci_inquiry_req ir;
592 struct hci_dev *hdev;
593 int err = 0, do_inquiry = 0, max_rsp;
597 if (copy_from_user(&ir, ptr, sizeof(ir)))
600 hdev = hci_dev_get(ir.dev_id);
605 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
606 inquiry_cache_empty(hdev) ||
607 ir.flags & IREQ_CACHE_FLUSH) {
608 inquiry_cache_flush(hdev);
611 hci_dev_unlock(hdev);
613 timeo = ir.length * msecs_to_jiffies(2000);
616 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
621 /* for unlimited number of responses we will use buffer with 255 entries */
622 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
624 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
625 * copy it to the user space.
627 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
634 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
635 hci_dev_unlock(hdev);
637 BT_DBG("num_rsp %d", ir.num_rsp);
639 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
641 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
654 /* ---- HCI ioctl helpers ---- */
656 int hci_dev_open(__u16 dev)
658 struct hci_dev *hdev;
661 hdev = hci_dev_get(dev);
665 BT_DBG("%s %p", hdev->name, hdev);
669 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
674 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
679 if (test_bit(HCI_UP, &hdev->flags)) {
684 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
685 set_bit(HCI_RAW, &hdev->flags);
687 /* Treat all non BR/EDR controllers as raw devices if
688 enable_hs is not set */
689 if (hdev->dev_type != HCI_BREDR && !enable_hs)
690 set_bit(HCI_RAW, &hdev->flags);
692 if (hdev->open(hdev)) {
697 if (!test_bit(HCI_RAW, &hdev->flags)) {
698 atomic_set(&hdev->cmd_cnt, 1);
699 set_bit(HCI_INIT, &hdev->flags);
700 hdev->init_last_cmd = 0;
702 ret = __hci_request(hdev, hci_init_req, 0,
703 msecs_to_jiffies(HCI_INIT_TIMEOUT));
705 if (lmp_host_le_capable(hdev))
706 ret = __hci_request(hdev, hci_le_init_req, 0,
707 msecs_to_jiffies(HCI_INIT_TIMEOUT));
709 clear_bit(HCI_INIT, &hdev->flags);
714 set_bit(HCI_UP, &hdev->flags);
715 hci_notify(hdev, HCI_DEV_UP);
716 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
718 mgmt_powered(hdev, 1);
719 hci_dev_unlock(hdev);
722 /* Init failed, cleanup */
723 flush_work(&hdev->tx_work);
724 flush_work(&hdev->cmd_work);
725 flush_work(&hdev->rx_work);
727 skb_queue_purge(&hdev->cmd_q);
728 skb_queue_purge(&hdev->rx_q);
733 if (hdev->sent_cmd) {
734 kfree_skb(hdev->sent_cmd);
735 hdev->sent_cmd = NULL;
743 hci_req_unlock(hdev);
748 static int hci_dev_do_close(struct hci_dev *hdev)
750 BT_DBG("%s %p", hdev->name, hdev);
752 cancel_work_sync(&hdev->le_scan);
754 hci_req_cancel(hdev, ENODEV);
757 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
758 del_timer_sync(&hdev->cmd_timer);
759 hci_req_unlock(hdev);
763 /* Flush RX and TX works */
764 flush_work(&hdev->tx_work);
765 flush_work(&hdev->rx_work);
767 if (hdev->discov_timeout > 0) {
768 cancel_delayed_work(&hdev->discov_off);
769 hdev->discov_timeout = 0;
770 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
773 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
774 cancel_delayed_work(&hdev->service_cache);
776 cancel_delayed_work_sync(&hdev->le_scan_disable);
779 inquiry_cache_flush(hdev);
780 hci_conn_hash_flush(hdev);
781 hci_dev_unlock(hdev);
783 hci_notify(hdev, HCI_DEV_DOWN);
789 skb_queue_purge(&hdev->cmd_q);
790 atomic_set(&hdev->cmd_cnt, 1);
791 if (!test_bit(HCI_RAW, &hdev->flags) &&
792 test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
793 set_bit(HCI_INIT, &hdev->flags);
794 __hci_request(hdev, hci_reset_req, 0,
795 msecs_to_jiffies(250));
796 clear_bit(HCI_INIT, &hdev->flags);
800 flush_work(&hdev->cmd_work);
803 skb_queue_purge(&hdev->rx_q);
804 skb_queue_purge(&hdev->cmd_q);
805 skb_queue_purge(&hdev->raw_q);
807 /* Drop last sent command */
808 if (hdev->sent_cmd) {
809 del_timer_sync(&hdev->cmd_timer);
810 kfree_skb(hdev->sent_cmd);
811 hdev->sent_cmd = NULL;
814 /* After this point our queues are empty
815 * and no tasks are scheduled. */
818 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
820 mgmt_powered(hdev, 0);
821 hci_dev_unlock(hdev);
827 memset(hdev->eir, 0, sizeof(hdev->eir));
828 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
830 hci_req_unlock(hdev);
836 int hci_dev_close(__u16 dev)
838 struct hci_dev *hdev;
841 hdev = hci_dev_get(dev);
845 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
846 cancel_delayed_work(&hdev->power_off);
848 err = hci_dev_do_close(hdev);
854 int hci_dev_reset(__u16 dev)
856 struct hci_dev *hdev;
859 hdev = hci_dev_get(dev);
865 if (!test_bit(HCI_UP, &hdev->flags))
869 skb_queue_purge(&hdev->rx_q);
870 skb_queue_purge(&hdev->cmd_q);
873 inquiry_cache_flush(hdev);
874 hci_conn_hash_flush(hdev);
875 hci_dev_unlock(hdev);
880 atomic_set(&hdev->cmd_cnt, 1);
881 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
883 if (!test_bit(HCI_RAW, &hdev->flags))
884 ret = __hci_request(hdev, hci_reset_req, 0,
885 msecs_to_jiffies(HCI_INIT_TIMEOUT));
888 hci_req_unlock(hdev);
893 int hci_dev_reset_stat(__u16 dev)
895 struct hci_dev *hdev;
898 hdev = hci_dev_get(dev);
902 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
909 int hci_dev_cmd(unsigned int cmd, void __user *arg)
911 struct hci_dev *hdev;
912 struct hci_dev_req dr;
915 if (copy_from_user(&dr, arg, sizeof(dr)))
918 hdev = hci_dev_get(dr.dev_id);
924 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
925 msecs_to_jiffies(HCI_INIT_TIMEOUT));
929 if (!lmp_encrypt_capable(hdev)) {
934 if (!test_bit(HCI_AUTH, &hdev->flags)) {
935 /* Auth must be enabled first */
936 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
937 msecs_to_jiffies(HCI_INIT_TIMEOUT));
942 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
943 msecs_to_jiffies(HCI_INIT_TIMEOUT));
947 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
948 msecs_to_jiffies(HCI_INIT_TIMEOUT));
952 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
953 msecs_to_jiffies(HCI_INIT_TIMEOUT));
957 hdev->link_mode = ((__u16) dr.dev_opt) &
958 (HCI_LM_MASTER | HCI_LM_ACCEPT);
962 hdev->pkt_type = (__u16) dr.dev_opt;
966 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
967 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
971 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
972 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
984 int hci_get_dev_list(void __user *arg)
986 struct hci_dev *hdev;
987 struct hci_dev_list_req *dl;
988 struct hci_dev_req *dr;
989 int n = 0, size, err;
992 if (get_user(dev_num, (__u16 __user *) arg))
995 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
998 size = sizeof(*dl) + dev_num * sizeof(*dr);
1000 dl = kzalloc(size, GFP_KERNEL);
1006 read_lock(&hci_dev_list_lock);
1007 list_for_each_entry(hdev, &hci_dev_list, list) {
1008 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1009 cancel_delayed_work(&hdev->power_off);
1011 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1012 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1014 (dr + n)->dev_id = hdev->id;
1015 (dr + n)->dev_opt = hdev->flags;
1020 read_unlock(&hci_dev_list_lock);
1023 size = sizeof(*dl) + n * sizeof(*dr);
1025 err = copy_to_user(arg, dl, size);
1028 return err ? -EFAULT : 0;
1031 int hci_get_dev_info(void __user *arg)
1033 struct hci_dev *hdev;
1034 struct hci_dev_info di;
1037 if (copy_from_user(&di, arg, sizeof(di)))
1040 hdev = hci_dev_get(di.dev_id);
1044 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1045 cancel_delayed_work_sync(&hdev->power_off);
1047 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1048 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1050 strcpy(di.name, hdev->name);
1051 di.bdaddr = hdev->bdaddr;
1052 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1053 di.flags = hdev->flags;
1054 di.pkt_type = hdev->pkt_type;
1055 di.acl_mtu = hdev->acl_mtu;
1056 di.acl_pkts = hdev->acl_pkts;
1057 di.sco_mtu = hdev->sco_mtu;
1058 di.sco_pkts = hdev->sco_pkts;
1059 di.link_policy = hdev->link_policy;
1060 di.link_mode = hdev->link_mode;
1062 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1063 memcpy(&di.features, &hdev->features, sizeof(di.features));
1065 if (copy_to_user(arg, &di, sizeof(di)))
1073 /* ---- Interface to HCI drivers ---- */
1075 static int hci_rfkill_set_block(void *data, bool blocked)
1077 struct hci_dev *hdev = data;
1079 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1084 hci_dev_do_close(hdev);
1089 static const struct rfkill_ops hci_rfkill_ops = {
1090 .set_block = hci_rfkill_set_block,
1093 /* Alloc HCI device */
1094 struct hci_dev *hci_alloc_dev(void)
1096 struct hci_dev *hdev;
1098 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1102 hci_init_sysfs(hdev);
1103 skb_queue_head_init(&hdev->driver_init);
1107 EXPORT_SYMBOL(hci_alloc_dev);
1109 /* Free HCI device */
1110 void hci_free_dev(struct hci_dev *hdev)
1112 skb_queue_purge(&hdev->driver_init);
1114 /* will free via device release */
1115 put_device(&hdev->dev);
1117 EXPORT_SYMBOL(hci_free_dev);
1119 static void hci_power_on(struct work_struct *work)
1121 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1123 BT_DBG("%s", hdev->name);
1125 if (hci_dev_open(hdev->id) < 0)
1128 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1129 schedule_delayed_work(&hdev->power_off,
1130 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
1132 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1133 mgmt_index_added(hdev);
1136 static void hci_power_off(struct work_struct *work)
1138 struct hci_dev *hdev = container_of(work, struct hci_dev,
1141 BT_DBG("%s", hdev->name);
1143 hci_dev_do_close(hdev);
1146 static void hci_discov_off(struct work_struct *work)
1148 struct hci_dev *hdev;
1149 u8 scan = SCAN_PAGE;
1151 hdev = container_of(work, struct hci_dev, discov_off.work);
1153 BT_DBG("%s", hdev->name);
1157 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1159 hdev->discov_timeout = 0;
1161 hci_dev_unlock(hdev);
1164 int hci_uuids_clear(struct hci_dev *hdev)
1166 struct list_head *p, *n;
1168 list_for_each_safe(p, n, &hdev->uuids) {
1169 struct bt_uuid *uuid;
1171 uuid = list_entry(p, struct bt_uuid, list);
1180 int hci_link_keys_clear(struct hci_dev *hdev)
1182 struct list_head *p, *n;
1184 list_for_each_safe(p, n, &hdev->link_keys) {
1185 struct link_key *key;
1187 key = list_entry(p, struct link_key, list);
1196 int hci_smp_ltks_clear(struct hci_dev *hdev)
1198 struct smp_ltk *k, *tmp;
1200 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1208 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1212 list_for_each_entry(k, &hdev->link_keys, list)
1213 if (bacmp(bdaddr, &k->bdaddr) == 0)
1219 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1220 u8 key_type, u8 old_key_type)
1223 if (key_type < 0x03)
1226 /* Debug keys are insecure so don't store them persistently */
1227 if (key_type == HCI_LK_DEBUG_COMBINATION)
1230 /* Changed combination key and there's no previous one */
1231 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1234 /* Security mode 3 case */
1238 /* Neither local nor remote side had no-bonding as requirement */
1239 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1242 /* Local side had dedicated bonding as requirement */
1243 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1246 /* Remote side had dedicated bonding as requirement */
1247 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1250 /* If none of the above criteria match, then don't store the key
1255 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1259 list_for_each_entry(k, &hdev->long_term_keys, list) {
1260 if (k->ediv != ediv ||
1261 memcmp(rand, k->rand, sizeof(k->rand)))
1269 EXPORT_SYMBOL(hci_find_ltk);
1271 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1276 list_for_each_entry(k, &hdev->long_term_keys, list)
1277 if (addr_type == k->bdaddr_type &&
1278 bacmp(bdaddr, &k->bdaddr) == 0)
1283 EXPORT_SYMBOL(hci_find_ltk_by_addr);
1285 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1286 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1288 struct link_key *key, *old_key;
1292 old_key = hci_find_link_key(hdev, bdaddr);
1294 old_key_type = old_key->type;
1297 old_key_type = conn ? conn->key_type : 0xff;
1298 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1301 list_add(&key->list, &hdev->link_keys);
1304 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1306 /* Some buggy controller combinations generate a changed
1307 * combination key for legacy pairing even when there's no
1309 if (type == HCI_LK_CHANGED_COMBINATION &&
1310 (!conn || conn->remote_auth == 0xff) &&
1311 old_key_type == 0xff) {
1312 type = HCI_LK_COMBINATION;
1314 conn->key_type = type;
1317 bacpy(&key->bdaddr, bdaddr);
1318 memcpy(key->val, val, 16);
1319 key->pin_len = pin_len;
1321 if (type == HCI_LK_CHANGED_COMBINATION)
1322 key->type = old_key_type;
1329 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1331 mgmt_new_link_key(hdev, key, persistent);
1334 list_del(&key->list);
1341 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1342 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, u16
1345 struct smp_ltk *key, *old_key;
1347 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1350 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1354 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1357 list_add(&key->list, &hdev->long_term_keys);
1360 bacpy(&key->bdaddr, bdaddr);
1361 key->bdaddr_type = addr_type;
1362 memcpy(key->val, tk, sizeof(key->val));
1363 key->authenticated = authenticated;
1365 key->enc_size = enc_size;
1367 memcpy(key->rand, rand, sizeof(key->rand));
1372 if (type & HCI_SMP_LTK)
1373 mgmt_new_ltk(hdev, key, 1);
1378 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1380 struct link_key *key;
1382 key = hci_find_link_key(hdev, bdaddr);
1386 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1388 list_del(&key->list);
1394 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1396 struct smp_ltk *k, *tmp;
1398 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1399 if (bacmp(bdaddr, &k->bdaddr))
1402 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1411 /* HCI command timer function */
1412 static void hci_cmd_timer(unsigned long arg)
1414 struct hci_dev *hdev = (void *) arg;
1416 BT_ERR("%s command tx timeout", hdev->name);
1417 atomic_set(&hdev->cmd_cnt, 1);
1418 queue_work(hdev->workqueue, &hdev->cmd_work);
1421 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1424 struct oob_data *data;
1426 list_for_each_entry(data, &hdev->remote_oob_data, list)
1427 if (bacmp(bdaddr, &data->bdaddr) == 0)
1433 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1435 struct oob_data *data;
1437 data = hci_find_remote_oob_data(hdev, bdaddr);
1441 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1443 list_del(&data->list);
1449 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1451 struct oob_data *data, *n;
1453 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1454 list_del(&data->list);
1461 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1464 struct oob_data *data;
1466 data = hci_find_remote_oob_data(hdev, bdaddr);
1469 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1473 bacpy(&data->bdaddr, bdaddr);
1474 list_add(&data->list, &hdev->remote_oob_data);
1477 memcpy(data->hash, hash, sizeof(data->hash));
1478 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1480 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1485 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1487 struct bdaddr_list *b;
1489 list_for_each_entry(b, &hdev->blacklist, list)
1490 if (bacmp(bdaddr, &b->bdaddr) == 0)
1496 int hci_blacklist_clear(struct hci_dev *hdev)
1498 struct list_head *p, *n;
1500 list_for_each_safe(p, n, &hdev->blacklist) {
1501 struct bdaddr_list *b;
1503 b = list_entry(p, struct bdaddr_list, list);
1512 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1514 struct bdaddr_list *entry;
1516 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1519 if (hci_blacklist_lookup(hdev, bdaddr))
1522 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1526 bacpy(&entry->bdaddr, bdaddr);
1528 list_add(&entry->list, &hdev->blacklist);
1530 return mgmt_device_blocked(hdev, bdaddr, type);
1533 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1535 struct bdaddr_list *entry;
1537 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1538 return hci_blacklist_clear(hdev);
1540 entry = hci_blacklist_lookup(hdev, bdaddr);
1544 list_del(&entry->list);
1547 return mgmt_device_unblocked(hdev, bdaddr, type);
1550 static void hci_clear_adv_cache(struct work_struct *work)
1552 struct hci_dev *hdev = container_of(work, struct hci_dev,
1557 hci_adv_entries_clear(hdev);
1559 hci_dev_unlock(hdev);
1562 int hci_adv_entries_clear(struct hci_dev *hdev)
1564 struct adv_entry *entry, *tmp;
1566 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1567 list_del(&entry->list);
1571 BT_DBG("%s adv cache cleared", hdev->name);
1576 struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1578 struct adv_entry *entry;
1580 list_for_each_entry(entry, &hdev->adv_entries, list)
1581 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1587 static inline int is_connectable_adv(u8 evt_type)
1589 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1595 int hci_add_adv_entry(struct hci_dev *hdev,
1596 struct hci_ev_le_advertising_info *ev) { struct adv_entry *entry; if (!is_connectable_adv(ev->evt_type))
1599 /* Only new entries should be added to adv_entries. So, if
1600 * bdaddr was found, don't add it. */
1601 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1604 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1608 bacpy(&entry->bdaddr, &ev->bdaddr);
1609 entry->bdaddr_type = ev->bdaddr_type;
1611 list_add(&entry->list, &hdev->adv_entries);
1613 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1614 batostr(&entry->bdaddr), entry->bdaddr_type);
1619 static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1621 struct le_scan_params *param = (struct le_scan_params *) opt;
1622 struct hci_cp_le_set_scan_param cp;
1624 memset(&cp, 0, sizeof(cp));
1625 cp.type = param->type;
1626 cp.interval = cpu_to_le16(param->interval);
1627 cp.window = cpu_to_le16(param->window);
1629 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1632 static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1634 struct hci_cp_le_set_scan_enable cp;
1636 memset(&cp, 0, sizeof(cp));
1639 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1642 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1643 u16 window, int timeout)
1645 long timeo = msecs_to_jiffies(3000);
1646 struct le_scan_params param;
1649 BT_DBG("%s", hdev->name);
1651 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1652 return -EINPROGRESS;
1655 param.interval = interval;
1656 param.window = window;
1660 err = __hci_request(hdev, le_scan_param_req, (unsigned long) ¶m,
1663 err = __hci_request(hdev, le_scan_enable_req, 0, timeo);
1665 hci_req_unlock(hdev);
1670 schedule_delayed_work(&hdev->le_scan_disable,
1671 msecs_to_jiffies(timeout));
1676 static void le_scan_disable_work(struct work_struct *work)
1678 struct hci_dev *hdev = container_of(work, struct hci_dev,
1679 le_scan_disable.work);
1680 struct hci_cp_le_set_scan_enable cp;
1682 BT_DBG("%s", hdev->name);
1684 memset(&cp, 0, sizeof(cp));
1686 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1689 static void le_scan_work(struct work_struct *work)
1691 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1692 struct le_scan_params *param = &hdev->le_scan_params;
1694 BT_DBG("%s", hdev->name);
1696 hci_do_le_scan(hdev, param->type, param->interval, param->window,
1700 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1703 struct le_scan_params *param = &hdev->le_scan_params;
1705 BT_DBG("%s", hdev->name);
1707 if (work_busy(&hdev->le_scan))
1708 return -EINPROGRESS;
1711 param->interval = interval;
1712 param->window = window;
1713 param->timeout = timeout;
1715 queue_work(system_long_wq, &hdev->le_scan);
1720 /* Register HCI device */
1721 int hci_register_dev(struct hci_dev *hdev)
1723 struct list_head *head = &hci_dev_list, *p;
1726 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1728 if (!hdev->open || !hdev->close)
1731 /* Do not allow HCI_AMP devices to register at index 0,
1732 * so the index can be used as the AMP controller ID.
1734 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1736 write_lock(&hci_dev_list_lock);
1738 /* Find first available device id */
1739 list_for_each(p, &hci_dev_list) {
1740 if (list_entry(p, struct hci_dev, list)->id != id)
1745 sprintf(hdev->name, "hci%d", id);
1747 list_add_tail(&hdev->list, head);
1749 mutex_init(&hdev->lock);
1752 hdev->dev_flags = 0;
1753 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1754 hdev->esco_type = (ESCO_HV1);
1755 hdev->link_mode = (HCI_LM_ACCEPT);
1756 hdev->io_capability = 0x03; /* No Input No Output */
1758 hdev->idle_timeout = 0;
1759 hdev->sniff_max_interval = 800;
1760 hdev->sniff_min_interval = 80;
1762 INIT_WORK(&hdev->rx_work, hci_rx_work);
1763 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1764 INIT_WORK(&hdev->tx_work, hci_tx_work);
1767 skb_queue_head_init(&hdev->rx_q);
1768 skb_queue_head_init(&hdev->cmd_q);
1769 skb_queue_head_init(&hdev->raw_q);
1771 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1773 for (i = 0; i < NUM_REASSEMBLY; i++)
1774 hdev->reassembly[i] = NULL;
1776 init_waitqueue_head(&hdev->req_wait_q);
1777 mutex_init(&hdev->req_lock);
1779 discovery_init(hdev);
1781 hci_conn_hash_init(hdev);
1783 INIT_LIST_HEAD(&hdev->mgmt_pending);
1785 INIT_LIST_HEAD(&hdev->blacklist);
1787 INIT_LIST_HEAD(&hdev->uuids);
1789 INIT_LIST_HEAD(&hdev->link_keys);
1790 INIT_LIST_HEAD(&hdev->long_term_keys);
1792 INIT_LIST_HEAD(&hdev->remote_oob_data);
1794 INIT_LIST_HEAD(&hdev->adv_entries);
1796 INIT_DELAYED_WORK(&hdev->adv_work, hci_clear_adv_cache);
1797 INIT_WORK(&hdev->power_on, hci_power_on);
1798 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1800 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1802 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1804 atomic_set(&hdev->promisc, 0);
1806 INIT_WORK(&hdev->le_scan, le_scan_work);
1808 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
1810 write_unlock(&hci_dev_list_lock);
1812 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1814 if (!hdev->workqueue) {
1819 error = hci_add_sysfs(hdev);
1823 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1824 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1826 if (rfkill_register(hdev->rfkill) < 0) {
1827 rfkill_destroy(hdev->rfkill);
1828 hdev->rfkill = NULL;
1832 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1833 set_bit(HCI_SETUP, &hdev->dev_flags);
1834 schedule_work(&hdev->power_on);
1836 hci_notify(hdev, HCI_DEV_REG);
1842 destroy_workqueue(hdev->workqueue);
1844 write_lock(&hci_dev_list_lock);
1845 list_del(&hdev->list);
1846 write_unlock(&hci_dev_list_lock);
1850 EXPORT_SYMBOL(hci_register_dev);
1852 /* Unregister HCI device */
1853 void hci_unregister_dev(struct hci_dev *hdev)
1857 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1859 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1861 write_lock(&hci_dev_list_lock);
1862 list_del(&hdev->list);
1863 write_unlock(&hci_dev_list_lock);
1865 hci_dev_do_close(hdev);
1867 for (i = 0; i < NUM_REASSEMBLY; i++)
1868 kfree_skb(hdev->reassembly[i]);
1870 if (!test_bit(HCI_INIT, &hdev->flags) &&
1871 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
1873 mgmt_index_removed(hdev);
1874 hci_dev_unlock(hdev);
1877 /* mgmt_index_removed should take care of emptying the
1879 BUG_ON(!list_empty(&hdev->mgmt_pending));
1881 hci_notify(hdev, HCI_DEV_UNREG);
1884 rfkill_unregister(hdev->rfkill);
1885 rfkill_destroy(hdev->rfkill);
1888 hci_del_sysfs(hdev);
1890 cancel_delayed_work_sync(&hdev->adv_work);
1892 destroy_workqueue(hdev->workqueue);
1895 hci_blacklist_clear(hdev);
1896 hci_uuids_clear(hdev);
1897 hci_link_keys_clear(hdev);
1898 hci_smp_ltks_clear(hdev);
1899 hci_remote_oob_data_clear(hdev);
1900 hci_adv_entries_clear(hdev);
1901 hci_dev_unlock(hdev);
1905 EXPORT_SYMBOL(hci_unregister_dev);
1907 /* Suspend HCI device */
1908 int hci_suspend_dev(struct hci_dev *hdev)
1910 hci_notify(hdev, HCI_DEV_SUSPEND);
1913 EXPORT_SYMBOL(hci_suspend_dev);
1915 /* Resume HCI device */
1916 int hci_resume_dev(struct hci_dev *hdev)
1918 hci_notify(hdev, HCI_DEV_RESUME);
1921 EXPORT_SYMBOL(hci_resume_dev);
1923 /* Receive frame from HCI drivers */
1924 int hci_recv_frame(struct sk_buff *skb)
1926 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1927 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1928 && !test_bit(HCI_INIT, &hdev->flags))) {
1934 bt_cb(skb)->incoming = 1;
1937 __net_timestamp(skb);
1939 skb_queue_tail(&hdev->rx_q, skb);
1940 queue_work(hdev->workqueue, &hdev->rx_work);
1944 EXPORT_SYMBOL(hci_recv_frame);
1946 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1947 int count, __u8 index)
1952 struct sk_buff *skb;
1953 struct bt_skb_cb *scb;
1955 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1956 index >= NUM_REASSEMBLY)
1959 skb = hdev->reassembly[index];
1963 case HCI_ACLDATA_PKT:
1964 len = HCI_MAX_FRAME_SIZE;
1965 hlen = HCI_ACL_HDR_SIZE;
1968 len = HCI_MAX_EVENT_SIZE;
1969 hlen = HCI_EVENT_HDR_SIZE;
1971 case HCI_SCODATA_PKT:
1972 len = HCI_MAX_SCO_SIZE;
1973 hlen = HCI_SCO_HDR_SIZE;
1977 skb = bt_skb_alloc(len, GFP_ATOMIC);
1981 scb = (void *) skb->cb;
1983 scb->pkt_type = type;
1985 skb->dev = (void *) hdev;
1986 hdev->reassembly[index] = skb;
1990 scb = (void *) skb->cb;
1991 len = min_t(uint, scb->expect, count);
1993 memcpy(skb_put(skb, len), data, len);
2002 if (skb->len == HCI_EVENT_HDR_SIZE) {
2003 struct hci_event_hdr *h = hci_event_hdr(skb);
2004 scb->expect = h->plen;
2006 if (skb_tailroom(skb) < scb->expect) {
2008 hdev->reassembly[index] = NULL;
2014 case HCI_ACLDATA_PKT:
2015 if (skb->len == HCI_ACL_HDR_SIZE) {
2016 struct hci_acl_hdr *h = hci_acl_hdr(skb);
2017 scb->expect = __le16_to_cpu(h->dlen);
2019 if (skb_tailroom(skb) < scb->expect) {
2021 hdev->reassembly[index] = NULL;
2027 case HCI_SCODATA_PKT:
2028 if (skb->len == HCI_SCO_HDR_SIZE) {
2029 struct hci_sco_hdr *h = hci_sco_hdr(skb);
2030 scb->expect = h->dlen;
2032 if (skb_tailroom(skb) < scb->expect) {
2034 hdev->reassembly[index] = NULL;
2041 if (scb->expect == 0) {
2042 /* Complete frame */
2044 bt_cb(skb)->pkt_type = type;
2045 hci_recv_frame(skb);
2047 hdev->reassembly[index] = NULL;
2055 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
2059 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
2063 rem = hci_reassembly(hdev, type, data, count, type - 1);
2067 data += (count - rem);
2073 EXPORT_SYMBOL(hci_recv_fragment);
2075 #define STREAM_REASSEMBLY 0
2077 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
2083 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2086 struct { char type; } *pkt;
2088 /* Start of the frame */
2095 type = bt_cb(skb)->pkt_type;
2097 rem = hci_reassembly(hdev, type, data, count,
2102 data += (count - rem);
2108 EXPORT_SYMBOL(hci_recv_stream_fragment);
2110 /* ---- Interface to upper protocols ---- */
2112 int hci_register_cb(struct hci_cb *cb)
2114 BT_DBG("%p name %s", cb, cb->name);
2116 write_lock(&hci_cb_list_lock);
2117 list_add(&cb->list, &hci_cb_list);
2118 write_unlock(&hci_cb_list_lock);
2122 EXPORT_SYMBOL(hci_register_cb);
2124 int hci_unregister_cb(struct hci_cb *cb)
2126 BT_DBG("%p name %s", cb, cb->name);
2128 write_lock(&hci_cb_list_lock);
2129 list_del(&cb->list);
2130 write_unlock(&hci_cb_list_lock);
2134 EXPORT_SYMBOL(hci_unregister_cb);
2136 static int hci_send_frame(struct sk_buff *skb)
2138 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2145 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2148 __net_timestamp(skb);
2150 /* Send copy to monitor */
2151 hci_send_to_monitor(hdev, skb);
2153 if (atomic_read(&hdev->promisc)) {
2154 /* Send copy to the sockets */
2155 hci_send_to_sock(hdev, skb);
2158 /* Get rid of skb owner, prior to sending to the driver. */
2161 return hdev->send(skb);
2164 /* Send HCI command */
2165 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2167 int len = HCI_COMMAND_HDR_SIZE + plen;
2168 struct hci_command_hdr *hdr;
2169 struct sk_buff *skb;
2171 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
2173 skb = bt_skb_alloc(len, GFP_ATOMIC);
2175 BT_ERR("%s no memory for command", hdev->name);
2179 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2180 hdr->opcode = cpu_to_le16(opcode);
2184 memcpy(skb_put(skb, plen), param, plen);
2186 BT_DBG("skb len %d", skb->len);
2188 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2189 skb->dev = (void *) hdev;
2191 if (test_bit(HCI_INIT, &hdev->flags))
2192 hdev->init_last_cmd = opcode;
2194 skb_queue_tail(&hdev->cmd_q, skb);
2195 queue_work(hdev->workqueue, &hdev->cmd_work);
2200 /* Get data from the previously sent command */
2201 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2203 struct hci_command_hdr *hdr;
2205 if (!hdev->sent_cmd)
2208 hdr = (void *) hdev->sent_cmd->data;
2210 if (hdr->opcode != cpu_to_le16(opcode))
2213 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2215 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2219 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2221 struct hci_acl_hdr *hdr;
2224 skb_push(skb, HCI_ACL_HDR_SIZE);
2225 skb_reset_transport_header(skb);
2226 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2227 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2228 hdr->dlen = cpu_to_le16(len);
2231 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2232 struct sk_buff *skb, __u16 flags)
2234 struct hci_dev *hdev = conn->hdev;
2235 struct sk_buff *list;
2237 list = skb_shinfo(skb)->frag_list;
2239 /* Non fragmented */
2240 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2242 skb_queue_tail(queue, skb);
2245 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2247 skb_shinfo(skb)->frag_list = NULL;
2249 /* Queue all fragments atomically */
2250 spin_lock(&queue->lock);
2252 __skb_queue_tail(queue, skb);
2254 flags &= ~ACL_START;
2257 skb = list; list = list->next;
2259 skb->dev = (void *) hdev;
2260 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2261 hci_add_acl_hdr(skb, conn->handle, flags);
2263 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2265 __skb_queue_tail(queue, skb);
2268 spin_unlock(&queue->lock);
2272 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2274 struct hci_conn *conn = chan->conn;
2275 struct hci_dev *hdev = conn->hdev;
2277 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
2279 skb->dev = (void *) hdev;
2280 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2281 hci_add_acl_hdr(skb, conn->handle, flags);
2283 hci_queue_acl(conn, &chan->data_q, skb, flags);
2285 queue_work(hdev->workqueue, &hdev->tx_work);
2287 EXPORT_SYMBOL(hci_send_acl);
2290 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2292 struct hci_dev *hdev = conn->hdev;
2293 struct hci_sco_hdr hdr;
2295 BT_DBG("%s len %d", hdev->name, skb->len);
2297 hdr.handle = cpu_to_le16(conn->handle);
2298 hdr.dlen = skb->len;
2300 skb_push(skb, HCI_SCO_HDR_SIZE);
2301 skb_reset_transport_header(skb);
2302 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2304 skb->dev = (void *) hdev;
2305 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2307 skb_queue_tail(&conn->data_q, skb);
2308 queue_work(hdev->workqueue, &hdev->tx_work);
2310 EXPORT_SYMBOL(hci_send_sco);
2312 /* ---- HCI TX task (outgoing data) ---- */
2314 /* HCI Connection scheduler */
2315 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2317 struct hci_conn_hash *h = &hdev->conn_hash;
2318 struct hci_conn *conn = NULL, *c;
2319 int num = 0, min = ~0;
2321 /* We don't have to lock device here. Connections are always
2322 * added and removed with TX task disabled. */
2326 list_for_each_entry_rcu(c, &h->list, list) {
2327 if (c->type != type || skb_queue_empty(&c->data_q))
2330 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2335 if (c->sent < min) {
2340 if (hci_conn_num(hdev, type) == num)
2349 switch (conn->type) {
2351 cnt = hdev->acl_cnt;
2355 cnt = hdev->sco_cnt;
2358 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2362 BT_ERR("Unknown link type");
2370 BT_DBG("conn %p quote %d", conn, *quote);
2374 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2376 struct hci_conn_hash *h = &hdev->conn_hash;
2379 BT_ERR("%s link tx timeout", hdev->name);
2383 /* Kill stalled connections */
2384 list_for_each_entry_rcu(c, &h->list, list) {
2385 if (c->type == type && c->sent) {
2386 BT_ERR("%s killing stalled connection %s",
2387 hdev->name, batostr(&c->dst));
2388 hci_acl_disconn(c, 0x13);
2395 static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2398 struct hci_conn_hash *h = &hdev->conn_hash;
2399 struct hci_chan *chan = NULL;
2400 int num = 0, min = ~0, cur_prio = 0;
2401 struct hci_conn *conn;
2402 int cnt, q, conn_num = 0;
2404 BT_DBG("%s", hdev->name);
2408 list_for_each_entry_rcu(conn, &h->list, list) {
2409 struct hci_chan *tmp;
2411 if (conn->type != type)
2414 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2419 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2420 struct sk_buff *skb;
2422 if (skb_queue_empty(&tmp->data_q))
2425 skb = skb_peek(&tmp->data_q);
2426 if (skb->priority < cur_prio)
2429 if (skb->priority > cur_prio) {
2432 cur_prio = skb->priority;
2437 if (conn->sent < min) {
2443 if (hci_conn_num(hdev, type) == conn_num)
2452 switch (chan->conn->type) {
2454 cnt = hdev->acl_cnt;
2458 cnt = hdev->sco_cnt;
2461 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2465 BT_ERR("Unknown link type");
2470 BT_DBG("chan %p quote %d", chan, *quote);
2474 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2476 struct hci_conn_hash *h = &hdev->conn_hash;
2477 struct hci_conn *conn;
2480 BT_DBG("%s", hdev->name);
2484 list_for_each_entry_rcu(conn, &h->list, list) {
2485 struct hci_chan *chan;
2487 if (conn->type != type)
2490 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2495 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2496 struct sk_buff *skb;
2503 if (skb_queue_empty(&chan->data_q))
2506 skb = skb_peek(&chan->data_q);
2507 if (skb->priority >= HCI_PRIO_MAX - 1)
2510 skb->priority = HCI_PRIO_MAX - 1;
2512 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2516 if (hci_conn_num(hdev, type) == num)
2524 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2526 /* Calculate count of blocks used by this packet */
2527 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2530 static inline void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2532 if (!test_bit(HCI_RAW, &hdev->flags)) {
2533 /* ACL tx timeout must be longer than maximum
2534 * link supervision timeout (40.9 seconds) */
2535 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2536 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT)))
2537 hci_link_tx_to(hdev, ACL_LINK);
2541 static inline void hci_sched_acl_pkt(struct hci_dev *hdev)
2543 unsigned int cnt = hdev->acl_cnt;
2544 struct hci_chan *chan;
2545 struct sk_buff *skb;
2548 __check_timeout(hdev, cnt);
2550 while (hdev->acl_cnt &&
2551 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2552 u32 priority = (skb_peek(&chan->data_q))->priority;
2553 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2554 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2555 skb->len, skb->priority);
2557 /* Stop if priority has changed */
2558 if (skb->priority < priority)
2561 skb = skb_dequeue(&chan->data_q);
2563 hci_conn_enter_active_mode(chan->conn,
2564 bt_cb(skb)->force_active);
2566 hci_send_frame(skb);
2567 hdev->acl_last_tx = jiffies;
2575 if (cnt != hdev->acl_cnt)
2576 hci_prio_recalculate(hdev, ACL_LINK);
2579 static inline void hci_sched_acl_blk(struct hci_dev *hdev)
2581 unsigned int cnt = hdev->block_cnt;
2582 struct hci_chan *chan;
2583 struct sk_buff *skb;
2586 __check_timeout(hdev, cnt);
2588 while (hdev->block_cnt > 0 &&
2589 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2590 u32 priority = (skb_peek(&chan->data_q))->priority;
2591 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2594 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2595 skb->len, skb->priority);
2597 /* Stop if priority has changed */
2598 if (skb->priority < priority)
2601 skb = skb_dequeue(&chan->data_q);
2603 blocks = __get_blocks(hdev, skb);
2604 if (blocks > hdev->block_cnt)
2607 hci_conn_enter_active_mode(chan->conn,
2608 bt_cb(skb)->force_active);
2610 hci_send_frame(skb);
2611 hdev->acl_last_tx = jiffies;
2613 hdev->block_cnt -= blocks;
2616 chan->sent += blocks;
2617 chan->conn->sent += blocks;
2621 if (cnt != hdev->block_cnt)
2622 hci_prio_recalculate(hdev, ACL_LINK);
2625 static inline void hci_sched_acl(struct hci_dev *hdev)
2627 BT_DBG("%s", hdev->name);
2629 if (!hci_conn_num(hdev, ACL_LINK))
2632 switch (hdev->flow_ctl_mode) {
2633 case HCI_FLOW_CTL_MODE_PACKET_BASED:
2634 hci_sched_acl_pkt(hdev);
2637 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
2638 hci_sched_acl_blk(hdev);
2644 static inline void hci_sched_sco(struct hci_dev *hdev)
2646 struct hci_conn *conn;
2647 struct sk_buff *skb;
2650 BT_DBG("%s", hdev->name);
2652 if (!hci_conn_num(hdev, SCO_LINK))
2655 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
2656 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2657 BT_DBG("skb %p len %d", skb, skb->len);
2658 hci_send_frame(skb);
2661 if (conn->sent == ~0)
2667 static inline void hci_sched_esco(struct hci_dev *hdev)
2669 struct hci_conn *conn;
2670 struct sk_buff *skb;
2673 BT_DBG("%s", hdev->name);
2675 if (!hci_conn_num(hdev, ESCO_LINK))
2678 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
2679 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2680 BT_DBG("skb %p len %d", skb, skb->len);
2681 hci_send_frame(skb);
2684 if (conn->sent == ~0)
2690 static inline void hci_sched_le(struct hci_dev *hdev)
2692 struct hci_chan *chan;
2693 struct sk_buff *skb;
2694 int quote, cnt, tmp;
2696 BT_DBG("%s", hdev->name);
2698 if (!hci_conn_num(hdev, LE_LINK))
2701 if (!test_bit(HCI_RAW, &hdev->flags)) {
2702 /* LE tx timeout must be longer than maximum
2703 * link supervision timeout (40.9 seconds) */
2704 if (!hdev->le_cnt && hdev->le_pkts &&
2705 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2706 hci_link_tx_to(hdev, LE_LINK);
2709 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2711 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
2712 u32 priority = (skb_peek(&chan->data_q))->priority;
2713 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2714 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2715 skb->len, skb->priority);
2717 /* Stop if priority has changed */
2718 if (skb->priority < priority)
2721 skb = skb_dequeue(&chan->data_q);
2723 hci_send_frame(skb);
2724 hdev->le_last_tx = jiffies;
2735 hdev->acl_cnt = cnt;
2738 hci_prio_recalculate(hdev, LE_LINK);
2741 static void hci_tx_work(struct work_struct *work)
2743 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2744 struct sk_buff *skb;
2746 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2747 hdev->sco_cnt, hdev->le_cnt);
2749 /* Schedule queues and send stuff to HCI driver */
2751 hci_sched_acl(hdev);
2753 hci_sched_sco(hdev);
2755 hci_sched_esco(hdev);
2759 /* Send next queued raw (unknown type) packet */
2760 while ((skb = skb_dequeue(&hdev->raw_q)))
2761 hci_send_frame(skb);
2764 /* ----- HCI RX task (incoming data processing) ----- */
2766 /* ACL data packet */
2767 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2769 struct hci_acl_hdr *hdr = (void *) skb->data;
2770 struct hci_conn *conn;
2771 __u16 handle, flags;
2773 skb_pull(skb, HCI_ACL_HDR_SIZE);
2775 handle = __le16_to_cpu(hdr->handle);
2776 flags = hci_flags(handle);
2777 handle = hci_handle(handle);
2779 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2781 hdev->stat.acl_rx++;
2784 conn = hci_conn_hash_lookup_handle(hdev, handle);
2785 hci_dev_unlock(hdev);
2788 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2790 /* Send to upper protocol */
2791 l2cap_recv_acldata(conn, skb, flags);
2794 BT_ERR("%s ACL packet for unknown connection handle %d",
2795 hdev->name, handle);
2801 /* SCO data packet */
2802 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2804 struct hci_sco_hdr *hdr = (void *) skb->data;
2805 struct hci_conn *conn;
2808 skb_pull(skb, HCI_SCO_HDR_SIZE);
2810 handle = __le16_to_cpu(hdr->handle);
2812 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2814 hdev->stat.sco_rx++;
2817 conn = hci_conn_hash_lookup_handle(hdev, handle);
2818 hci_dev_unlock(hdev);
2821 /* Send to upper protocol */
2822 sco_recv_scodata(conn, skb);
2825 BT_ERR("%s SCO packet for unknown connection handle %d",
2826 hdev->name, handle);
2832 static void hci_rx_work(struct work_struct *work)
2834 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2835 struct sk_buff *skb;
2837 BT_DBG("%s", hdev->name);
2839 while ((skb = skb_dequeue(&hdev->rx_q))) {
2840 /* Send copy to monitor */
2841 hci_send_to_monitor(hdev, skb);
2843 if (atomic_read(&hdev->promisc)) {
2844 /* Send copy to the sockets */
2845 hci_send_to_sock(hdev, skb);
2848 if (test_bit(HCI_RAW, &hdev->flags)) {
2853 if (test_bit(HCI_INIT, &hdev->flags)) {
2854 /* Don't process data packets in this states. */
2855 switch (bt_cb(skb)->pkt_type) {
2856 case HCI_ACLDATA_PKT:
2857 case HCI_SCODATA_PKT:
2864 switch (bt_cb(skb)->pkt_type) {
2866 BT_DBG("%s Event packet", hdev->name);
2867 hci_event_packet(hdev, skb);
2870 case HCI_ACLDATA_PKT:
2871 BT_DBG("%s ACL data packet", hdev->name);
2872 hci_acldata_packet(hdev, skb);
2875 case HCI_SCODATA_PKT:
2876 BT_DBG("%s SCO data packet", hdev->name);
2877 hci_scodata_packet(hdev, skb);
2887 static void hci_cmd_work(struct work_struct *work)
2889 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2890 struct sk_buff *skb;
2892 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2894 /* Send queued commands */
2895 if (atomic_read(&hdev->cmd_cnt)) {
2896 skb = skb_dequeue(&hdev->cmd_q);
2900 kfree_skb(hdev->sent_cmd);
2902 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2903 if (hdev->sent_cmd) {
2904 atomic_dec(&hdev->cmd_cnt);
2905 hci_send_frame(skb);
2906 if (test_bit(HCI_RESET, &hdev->flags))
2907 del_timer(&hdev->cmd_timer);
2909 mod_timer(&hdev->cmd_timer,
2910 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2912 skb_queue_head(&hdev->cmd_q, skb);
2913 queue_work(hdev->workqueue, &hdev->cmd_work);
2918 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2920 /* General inquiry access code (GIAC) */
2921 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2922 struct hci_cp_inquiry cp;
2924 BT_DBG("%s", hdev->name);
2926 if (test_bit(HCI_INQUIRY, &hdev->flags))
2927 return -EINPROGRESS;
2929 inquiry_cache_flush(hdev);
2931 memset(&cp, 0, sizeof(cp));
2932 memcpy(&cp.lap, lap, sizeof(cp.lap));
2935 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2938 int hci_cancel_inquiry(struct hci_dev *hdev)
2940 BT_DBG("%s", hdev->name);
2942 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2945 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
projects / linux-flexiantxendom0-3.2.10.git / blob