2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/jiffies.h>
29 #include <linux/module.h>
30 #include <linux/kmod.h>
32 #include <linux/types.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/skbuff.h>
41 #include <linux/workqueue.h>
42 #include <linux/interrupt.h>
43 #include <linux/rfkill.h>
44 #include <linux/timer.h>
45 #include <linux/crypto.h>
48 #include <asm/system.h>
49 #include <linux/uaccess.h>
50 #include <asm/unaligned.h>
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
55 #define AUTO_OFF_TIMEOUT 2000
57 static void hci_rx_work(struct work_struct *work);
58 static void hci_cmd_work(struct work_struct *work);
59 static void hci_tx_work(struct work_struct *work);
62 LIST_HEAD(hci_dev_list);
63 DEFINE_RWLOCK(hci_dev_list_lock);
65 /* HCI callback list */
66 LIST_HEAD(hci_cb_list);
67 DEFINE_RWLOCK(hci_cb_list_lock);
69 /* ---- HCI notifications ---- */
71 static void hci_notify(struct hci_dev *hdev, int event)
73 hci_sock_dev_event(hdev, event);
76 /* ---- HCI requests ---- */
78 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
80 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
82 /* If this is the init phase check if the completed command matches
83 * the last init command, and if not just return.
85 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
86 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
89 /* Some CSR based controllers generate a spontaneous
90 * reset complete event during init and any pending
91 * command will never be completed. In such a case we
92 * need to resend whatever was the last sent
96 if (cmd != HCI_OP_RESET || sent->opcode == HCI_OP_RESET)
99 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
101 skb_queue_head(&hdev->cmd_q, skb);
102 queue_work(hdev->workqueue, &hdev->cmd_work);
108 if (hdev->req_status == HCI_REQ_PEND) {
109 hdev->req_result = result;
110 hdev->req_status = HCI_REQ_DONE;
111 wake_up_interruptible(&hdev->req_wait_q);
115 static void hci_req_cancel(struct hci_dev *hdev, int err)
117 BT_DBG("%s err 0x%2.2x", hdev->name, err);
119 if (hdev->req_status == HCI_REQ_PEND) {
120 hdev->req_result = err;
121 hdev->req_status = HCI_REQ_CANCELED;
122 wake_up_interruptible(&hdev->req_wait_q);
126 /* Execute request and wait for completion. */
127 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
128 unsigned long opt, __u32 timeout)
130 DECLARE_WAITQUEUE(wait, current);
133 BT_DBG("%s start", hdev->name);
135 hdev->req_status = HCI_REQ_PEND;
137 add_wait_queue(&hdev->req_wait_q, &wait);
138 set_current_state(TASK_INTERRUPTIBLE);
141 schedule_timeout(timeout);
143 remove_wait_queue(&hdev->req_wait_q, &wait);
145 if (signal_pending(current))
148 switch (hdev->req_status) {
150 err = -bt_to_errno(hdev->req_result);
153 case HCI_REQ_CANCELED:
154 err = -hdev->req_result;
162 hdev->req_status = hdev->req_result = 0;
164 BT_DBG("%s end: err %d", hdev->name, err);
169 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
170 unsigned long opt, __u32 timeout)
174 if (!test_bit(HCI_UP, &hdev->flags))
177 /* Serialize all requests */
179 ret = __hci_request(hdev, req, opt, timeout);
180 hci_req_unlock(hdev);
185 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
187 BT_DBG("%s %ld", hdev->name, opt);
190 set_bit(HCI_RESET, &hdev->flags);
191 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
194 static void bredr_init(struct hci_dev *hdev)
196 struct hci_cp_delete_stored_link_key cp;
200 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
202 /* Mandatory initialization */
205 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
206 set_bit(HCI_RESET, &hdev->flags);
207 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
210 /* Read Local Supported Features */
211 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
213 /* Read Local Version */
214 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
216 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
217 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
219 /* Read BD Address */
220 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
222 /* Read Class of Device */
223 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
225 /* Read Local Name */
226 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
228 /* Read Voice Setting */
229 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
231 /* Optional initialization */
233 /* Clear Event Filters */
234 flt_type = HCI_FLT_CLEAR_ALL;
235 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
237 /* Connection accept timeout ~20 secs */
238 param = cpu_to_le16(0x7d00);
239 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
241 bacpy(&cp.bdaddr, BDADDR_ANY);
243 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
246 static void amp_init(struct hci_dev *hdev)
248 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
251 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
253 /* Read Local Version */
254 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
257 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
261 BT_DBG("%s %ld", hdev->name, opt);
263 /* Driver initialization */
265 /* Special commands */
266 while ((skb = skb_dequeue(&hdev->driver_init))) {
267 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
268 skb->dev = (void *) hdev;
270 skb_queue_tail(&hdev->cmd_q, skb);
271 queue_work(hdev->workqueue, &hdev->cmd_work);
273 skb_queue_purge(&hdev->driver_init);
275 switch (hdev->dev_type) {
285 BT_ERR("Unknown device type %d", hdev->dev_type);
291 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
293 BT_DBG("%s", hdev->name);
295 /* Read LE buffer size */
296 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
299 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
303 BT_DBG("%s %x", hdev->name, scan);
305 /* Inquiry and Page scans */
306 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
309 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
313 BT_DBG("%s %x", hdev->name, auth);
316 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
319 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
323 BT_DBG("%s %x", hdev->name, encrypt);
326 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
329 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
331 __le16 policy = cpu_to_le16(opt);
333 BT_DBG("%s %x", hdev->name, policy);
335 /* Default link policy */
336 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
339 /* Get HCI device by index.
340 * Device is held on return. */
341 struct hci_dev *hci_dev_get(int index)
343 struct hci_dev *hdev = NULL, *d;
350 read_lock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (d->id == index) {
353 hdev = hci_dev_hold(d);
357 read_unlock(&hci_dev_list_lock);
361 /* ---- Inquiry support ---- */
363 bool hci_discovery_active(struct hci_dev *hdev)
365 struct discovery_state *discov = &hdev->discovery;
367 switch (discov->state) {
368 case DISCOVERY_FINDING:
369 case DISCOVERY_RESOLVING:
377 void hci_discovery_set_state(struct hci_dev *hdev, int state)
379 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
381 if (hdev->discovery.state == state)
385 case DISCOVERY_STOPPED:
386 if (hdev->discovery.state != DISCOVERY_STARTING)
387 mgmt_discovering(hdev, 0);
388 hdev->discovery.type = 0;
390 case DISCOVERY_STARTING:
392 case DISCOVERY_FINDING:
393 mgmt_discovering(hdev, 1);
395 case DISCOVERY_RESOLVING:
397 case DISCOVERY_STOPPING:
401 hdev->discovery.state = state;
404 static void inquiry_cache_flush(struct hci_dev *hdev)
406 struct discovery_state *cache = &hdev->discovery;
407 struct inquiry_entry *p, *n;
409 list_for_each_entry_safe(p, n, &cache->all, all) {
414 INIT_LIST_HEAD(&cache->unknown);
415 INIT_LIST_HEAD(&cache->resolve);
418 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
420 struct discovery_state *cache = &hdev->discovery;
421 struct inquiry_entry *e;
423 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
425 list_for_each_entry(e, &cache->all, all) {
426 if (!bacmp(&e->data.bdaddr, bdaddr))
433 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
436 struct discovery_state *cache = &hdev->discovery;
437 struct inquiry_entry *e;
439 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
441 list_for_each_entry(e, &cache->unknown, list) {
442 if (!bacmp(&e->data.bdaddr, bdaddr))
449 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
453 struct discovery_state *cache = &hdev->discovery;
454 struct inquiry_entry *e;
456 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
458 list_for_each_entry(e, &cache->resolve, list) {
459 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
461 if (!bacmp(&e->data.bdaddr, bdaddr))
468 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
469 struct inquiry_entry *ie)
471 struct discovery_state *cache = &hdev->discovery;
472 struct list_head *pos = &cache->resolve;
473 struct inquiry_entry *p;
477 list_for_each_entry(p, &cache->resolve, list) {
478 if (p->name_state != NAME_PENDING &&
479 abs(p->data.rssi) >= abs(ie->data.rssi))
484 list_add(&ie->list, pos);
487 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
488 bool name_known, bool *ssp)
490 struct discovery_state *cache = &hdev->discovery;
491 struct inquiry_entry *ie;
493 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
496 *ssp = data->ssp_mode;
498 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
500 if (ie->data.ssp_mode && ssp)
503 if (ie->name_state == NAME_NEEDED &&
504 data->rssi != ie->data.rssi) {
505 ie->data.rssi = data->rssi;
506 hci_inquiry_cache_update_resolve(hdev, ie);
512 /* Entry not in the cache. Add new one. */
513 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
517 list_add(&ie->all, &cache->all);
520 ie->name_state = NAME_KNOWN;
522 ie->name_state = NAME_NOT_KNOWN;
523 list_add(&ie->list, &cache->unknown);
527 if (name_known && ie->name_state != NAME_KNOWN &&
528 ie->name_state != NAME_PENDING) {
529 ie->name_state = NAME_KNOWN;
533 memcpy(&ie->data, data, sizeof(*data));
534 ie->timestamp = jiffies;
535 cache->timestamp = jiffies;
537 if (ie->name_state == NAME_NOT_KNOWN)
543 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
545 struct discovery_state *cache = &hdev->discovery;
546 struct inquiry_info *info = (struct inquiry_info *) buf;
547 struct inquiry_entry *e;
550 list_for_each_entry(e, &cache->all, all) {
551 struct inquiry_data *data = &e->data;
556 bacpy(&info->bdaddr, &data->bdaddr);
557 info->pscan_rep_mode = data->pscan_rep_mode;
558 info->pscan_period_mode = data->pscan_period_mode;
559 info->pscan_mode = data->pscan_mode;
560 memcpy(info->dev_class, data->dev_class, 3);
561 info->clock_offset = data->clock_offset;
567 BT_DBG("cache %p, copied %d", cache, copied);
571 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
573 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
574 struct hci_cp_inquiry cp;
576 BT_DBG("%s", hdev->name);
578 if (test_bit(HCI_INQUIRY, &hdev->flags))
582 memcpy(&cp.lap, &ir->lap, 3);
583 cp.length = ir->length;
584 cp.num_rsp = ir->num_rsp;
585 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
588 int hci_inquiry(void __user *arg)
590 __u8 __user *ptr = arg;
591 struct hci_inquiry_req ir;
592 struct hci_dev *hdev;
593 int err = 0, do_inquiry = 0, max_rsp;
597 if (copy_from_user(&ir, ptr, sizeof(ir)))
600 hdev = hci_dev_get(ir.dev_id);
605 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
606 inquiry_cache_empty(hdev) ||
607 ir.flags & IREQ_CACHE_FLUSH) {
608 inquiry_cache_flush(hdev);
611 hci_dev_unlock(hdev);
613 timeo = ir.length * msecs_to_jiffies(2000);
616 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
621 /* for unlimited number of responses we will use buffer with 255 entries */
622 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
624 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
625 * copy it to the user space.
627 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
634 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
635 hci_dev_unlock(hdev);
637 BT_DBG("num_rsp %d", ir.num_rsp);
639 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
641 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
654 /* ---- HCI ioctl helpers ---- */
656 int hci_dev_open(__u16 dev)
658 struct hci_dev *hdev;
661 hdev = hci_dev_get(dev);
665 BT_DBG("%s %p", hdev->name, hdev);
669 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
674 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
679 if (test_bit(HCI_UP, &hdev->flags)) {
684 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
685 set_bit(HCI_RAW, &hdev->flags);
687 /* Treat all non BR/EDR controllers as raw devices if
688 enable_hs is not set */
689 if (hdev->dev_type != HCI_BREDR && !enable_hs)
690 set_bit(HCI_RAW, &hdev->flags);
692 if (hdev->open(hdev)) {
697 if (!test_bit(HCI_RAW, &hdev->flags)) {
698 atomic_set(&hdev->cmd_cnt, 1);
699 set_bit(HCI_INIT, &hdev->flags);
700 hdev->init_last_cmd = 0;
702 ret = __hci_request(hdev, hci_init_req, 0,
703 msecs_to_jiffies(HCI_INIT_TIMEOUT));
705 if (lmp_host_le_capable(hdev))
706 ret = __hci_request(hdev, hci_le_init_req, 0,
707 msecs_to_jiffies(HCI_INIT_TIMEOUT));
709 clear_bit(HCI_INIT, &hdev->flags);
714 set_bit(HCI_UP, &hdev->flags);
715 hci_notify(hdev, HCI_DEV_UP);
716 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
718 mgmt_powered(hdev, 1);
719 hci_dev_unlock(hdev);
722 /* Init failed, cleanup */
723 flush_work(&hdev->tx_work);
724 flush_work(&hdev->cmd_work);
725 flush_work(&hdev->rx_work);
727 skb_queue_purge(&hdev->cmd_q);
728 skb_queue_purge(&hdev->rx_q);
733 if (hdev->sent_cmd) {
734 kfree_skb(hdev->sent_cmd);
735 hdev->sent_cmd = NULL;
743 hci_req_unlock(hdev);
748 static int hci_dev_do_close(struct hci_dev *hdev)
750 BT_DBG("%s %p", hdev->name, hdev);
752 cancel_work_sync(&hdev->le_scan);
754 hci_req_cancel(hdev, ENODEV);
757 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
758 del_timer_sync(&hdev->cmd_timer);
759 hci_req_unlock(hdev);
763 /* Flush RX and TX works */
764 flush_work(&hdev->tx_work);
765 flush_work(&hdev->rx_work);
767 if (hdev->discov_timeout > 0) {
768 cancel_delayed_work(&hdev->discov_off);
769 hdev->discov_timeout = 0;
770 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
773 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
774 cancel_delayed_work(&hdev->service_cache);
776 cancel_delayed_work_sync(&hdev->le_scan_disable);
779 inquiry_cache_flush(hdev);
780 hci_conn_hash_flush(hdev);
781 hci_dev_unlock(hdev);
783 hci_notify(hdev, HCI_DEV_DOWN);
789 skb_queue_purge(&hdev->cmd_q);
790 atomic_set(&hdev->cmd_cnt, 1);
791 if (!test_bit(HCI_RAW, &hdev->flags) &&
792 test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
793 set_bit(HCI_INIT, &hdev->flags);
794 __hci_request(hdev, hci_reset_req, 0,
795 msecs_to_jiffies(250));
796 clear_bit(HCI_INIT, &hdev->flags);
800 flush_work(&hdev->cmd_work);
803 skb_queue_purge(&hdev->rx_q);
804 skb_queue_purge(&hdev->cmd_q);
805 skb_queue_purge(&hdev->raw_q);
807 /* Drop last sent command */
808 if (hdev->sent_cmd) {
809 del_timer_sync(&hdev->cmd_timer);
810 kfree_skb(hdev->sent_cmd);
811 hdev->sent_cmd = NULL;
814 /* After this point our queues are empty
815 * and no tasks are scheduled. */
818 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
820 mgmt_powered(hdev, 0);
821 hci_dev_unlock(hdev);
827 memset(hdev->eir, 0, sizeof(hdev->eir));
828 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
830 hci_req_unlock(hdev);
836 int hci_dev_close(__u16 dev)
838 struct hci_dev *hdev;
841 hdev = hci_dev_get(dev);
845 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
846 cancel_delayed_work(&hdev->power_off);
848 err = hci_dev_do_close(hdev);
854 int hci_dev_reset(__u16 dev)
856 struct hci_dev *hdev;
859 hdev = hci_dev_get(dev);
865 if (!test_bit(HCI_UP, &hdev->flags))
869 skb_queue_purge(&hdev->rx_q);
870 skb_queue_purge(&hdev->cmd_q);
873 inquiry_cache_flush(hdev);
874 hci_conn_hash_flush(hdev);
875 hci_dev_unlock(hdev);
880 atomic_set(&hdev->cmd_cnt, 1);
881 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
883 if (!test_bit(HCI_RAW, &hdev->flags))
884 ret = __hci_request(hdev, hci_reset_req, 0,
885 msecs_to_jiffies(HCI_INIT_TIMEOUT));
888 hci_req_unlock(hdev);
893 int hci_dev_reset_stat(__u16 dev)
895 struct hci_dev *hdev;
898 hdev = hci_dev_get(dev);
902 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
909 int hci_dev_cmd(unsigned int cmd, void __user *arg)
911 struct hci_dev *hdev;
912 struct hci_dev_req dr;
915 if (copy_from_user(&dr, arg, sizeof(dr)))
918 hdev = hci_dev_get(dr.dev_id);
924 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
925 msecs_to_jiffies(HCI_INIT_TIMEOUT));
929 if (!lmp_encrypt_capable(hdev)) {
934 if (!test_bit(HCI_AUTH, &hdev->flags)) {
935 /* Auth must be enabled first */
936 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
937 msecs_to_jiffies(HCI_INIT_TIMEOUT));
942 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
943 msecs_to_jiffies(HCI_INIT_TIMEOUT));
947 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
948 msecs_to_jiffies(HCI_INIT_TIMEOUT));
952 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
953 msecs_to_jiffies(HCI_INIT_TIMEOUT));
957 hdev->link_mode = ((__u16) dr.dev_opt) &
958 (HCI_LM_MASTER | HCI_LM_ACCEPT);
962 hdev->pkt_type = (__u16) dr.dev_opt;
966 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
967 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
971 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
972 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
984 int hci_get_dev_list(void __user *arg)
986 struct hci_dev *hdev;
987 struct hci_dev_list_req *dl;
988 struct hci_dev_req *dr;
989 int n = 0, size, err;
992 if (get_user(dev_num, (__u16 __user *) arg))
995 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
998 size = sizeof(*dl) + dev_num * sizeof(*dr);
1000 dl = kzalloc(size, GFP_KERNEL);
1006 read_lock(&hci_dev_list_lock);
1007 list_for_each_entry(hdev, &hci_dev_list, list) {
1008 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1009 cancel_delayed_work(&hdev->power_off);
1011 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1012 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1014 (dr + n)->dev_id = hdev->id;
1015 (dr + n)->dev_opt = hdev->flags;
1020 read_unlock(&hci_dev_list_lock);
1023 size = sizeof(*dl) + n * sizeof(*dr);
1025 err = copy_to_user(arg, dl, size);
1028 return err ? -EFAULT : 0;
1031 int hci_get_dev_info(void __user *arg)
1033 struct hci_dev *hdev;
1034 struct hci_dev_info di;
1037 if (copy_from_user(&di, arg, sizeof(di)))
1040 hdev = hci_dev_get(di.dev_id);
1044 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1045 cancel_delayed_work_sync(&hdev->power_off);
1047 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1048 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1050 strcpy(di.name, hdev->name);
1051 di.bdaddr = hdev->bdaddr;
1052 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1053 di.flags = hdev->flags;
1054 di.pkt_type = hdev->pkt_type;
1055 di.acl_mtu = hdev->acl_mtu;
1056 di.acl_pkts = hdev->acl_pkts;
1057 di.sco_mtu = hdev->sco_mtu;
1058 di.sco_pkts = hdev->sco_pkts;
1059 di.link_policy = hdev->link_policy;
1060 di.link_mode = hdev->link_mode;
1062 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1063 memcpy(&di.features, &hdev->features, sizeof(di.features));
1065 if (copy_to_user(arg, &di, sizeof(di)))
1073 /* ---- Interface to HCI drivers ---- */
1075 static int hci_rfkill_set_block(void *data, bool blocked)
1077 struct hci_dev *hdev = data;
1079 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1084 hci_dev_do_close(hdev);
1089 static const struct rfkill_ops hci_rfkill_ops = {
1090 .set_block = hci_rfkill_set_block,
1093 /* Alloc HCI device */
1094 struct hci_dev *hci_alloc_dev(void)
1096 struct hci_dev *hdev;
1098 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1102 hci_init_sysfs(hdev);
1103 skb_queue_head_init(&hdev->driver_init);
1107 EXPORT_SYMBOL(hci_alloc_dev);
1109 /* Free HCI device */
1110 void hci_free_dev(struct hci_dev *hdev)
1112 skb_queue_purge(&hdev->driver_init);
1114 /* will free via device release */
1115 put_device(&hdev->dev);
1117 EXPORT_SYMBOL(hci_free_dev);
1119 static void hci_power_on(struct work_struct *work)
1121 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1123 BT_DBG("%s", hdev->name);
1125 if (hci_dev_open(hdev->id) < 0)
1128 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1129 schedule_delayed_work(&hdev->power_off,
1130 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
1132 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1133 mgmt_index_added(hdev);
1136 static void hci_power_off(struct work_struct *work)
1138 struct hci_dev *hdev = container_of(work, struct hci_dev,
1141 BT_DBG("%s", hdev->name);
1143 hci_dev_do_close(hdev);
1146 static void hci_discov_off(struct work_struct *work)
1148 struct hci_dev *hdev;
1149 u8 scan = SCAN_PAGE;
1151 hdev = container_of(work, struct hci_dev, discov_off.work);
1153 BT_DBG("%s", hdev->name);
1157 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1159 hdev->discov_timeout = 0;
1161 hci_dev_unlock(hdev);
1164 int hci_uuids_clear(struct hci_dev *hdev)
1166 struct list_head *p, *n;
1168 list_for_each_safe(p, n, &hdev->uuids) {
1169 struct bt_uuid *uuid;
1171 uuid = list_entry(p, struct bt_uuid, list);
1180 int hci_link_keys_clear(struct hci_dev *hdev)
1182 struct list_head *p, *n;
1184 list_for_each_safe(p, n, &hdev->link_keys) {
1185 struct link_key *key;
1187 key = list_entry(p, struct link_key, list);
1196 int hci_smp_ltks_clear(struct hci_dev *hdev)
1198 struct smp_ltk *k, *tmp;
1200 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1208 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1212 list_for_each_entry(k, &hdev->link_keys, list)
1213 if (bacmp(bdaddr, &k->bdaddr) == 0)
1219 static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1220 u8 key_type, u8 old_key_type)
1223 if (key_type < 0x03)
1226 /* Debug keys are insecure so don't store them persistently */
1227 if (key_type == HCI_LK_DEBUG_COMBINATION)
1230 /* Changed combination key and there's no previous one */
1231 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1234 /* Security mode 3 case */
1238 /* Neither local nor remote side had no-bonding as requirement */
1239 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1242 /* Local side had dedicated bonding as requirement */
1243 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1246 /* Remote side had dedicated bonding as requirement */
1247 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1250 /* If none of the above criteria match, then don't store the key
1255 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1259 list_for_each_entry(k, &hdev->long_term_keys, list) {
1260 if (k->ediv != ediv ||
1261 memcmp(rand, k->rand, sizeof(k->rand)))
1269 EXPORT_SYMBOL(hci_find_ltk);
1271 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1276 list_for_each_entry(k, &hdev->long_term_keys, list)
1277 if (addr_type == k->bdaddr_type &&
1278 bacmp(bdaddr, &k->bdaddr) == 0)
1283 EXPORT_SYMBOL(hci_find_ltk_by_addr);
1285 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1286 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1288 struct link_key *key, *old_key;
1289 u8 old_key_type, persistent;
1291 old_key = hci_find_link_key(hdev, bdaddr);
1293 old_key_type = old_key->type;
1296 old_key_type = conn ? conn->key_type : 0xff;
1297 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1300 list_add(&key->list, &hdev->link_keys);
1303 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1305 /* Some buggy controller combinations generate a changed
1306 * combination key for legacy pairing even when there's no
1308 if (type == HCI_LK_CHANGED_COMBINATION &&
1309 (!conn || conn->remote_auth == 0xff) &&
1310 old_key_type == 0xff) {
1311 type = HCI_LK_COMBINATION;
1313 conn->key_type = type;
1316 bacpy(&key->bdaddr, bdaddr);
1317 memcpy(key->val, val, 16);
1318 key->pin_len = pin_len;
1320 if (type == HCI_LK_CHANGED_COMBINATION)
1321 key->type = old_key_type;
1328 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1330 mgmt_new_link_key(hdev, key, persistent);
1333 list_del(&key->list);
1340 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1341 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, u16
1344 struct smp_ltk *key, *old_key;
1346 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1349 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1353 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1356 list_add(&key->list, &hdev->long_term_keys);
1359 bacpy(&key->bdaddr, bdaddr);
1360 key->bdaddr_type = addr_type;
1361 memcpy(key->val, tk, sizeof(key->val));
1362 key->authenticated = authenticated;
1364 key->enc_size = enc_size;
1366 memcpy(key->rand, rand, sizeof(key->rand));
1371 if (type & HCI_SMP_LTK)
1372 mgmt_new_ltk(hdev, key, 1);
1377 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1379 struct link_key *key;
1381 key = hci_find_link_key(hdev, bdaddr);
1385 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1387 list_del(&key->list);
1393 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1395 struct smp_ltk *k, *tmp;
1397 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1398 if (bacmp(bdaddr, &k->bdaddr))
1401 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1410 /* HCI command timer function */
1411 static void hci_cmd_timer(unsigned long arg)
1413 struct hci_dev *hdev = (void *) arg;
1415 BT_ERR("%s command tx timeout", hdev->name);
1416 atomic_set(&hdev->cmd_cnt, 1);
1417 queue_work(hdev->workqueue, &hdev->cmd_work);
1420 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1423 struct oob_data *data;
1425 list_for_each_entry(data, &hdev->remote_oob_data, list)
1426 if (bacmp(bdaddr, &data->bdaddr) == 0)
1432 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1434 struct oob_data *data;
1436 data = hci_find_remote_oob_data(hdev, bdaddr);
1440 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1442 list_del(&data->list);
1448 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1450 struct oob_data *data, *n;
1452 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1453 list_del(&data->list);
1460 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1463 struct oob_data *data;
1465 data = hci_find_remote_oob_data(hdev, bdaddr);
1468 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1472 bacpy(&data->bdaddr, bdaddr);
1473 list_add(&data->list, &hdev->remote_oob_data);
1476 memcpy(data->hash, hash, sizeof(data->hash));
1477 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1479 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1484 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1486 struct bdaddr_list *b;
1488 list_for_each_entry(b, &hdev->blacklist, list)
1489 if (bacmp(bdaddr, &b->bdaddr) == 0)
1495 int hci_blacklist_clear(struct hci_dev *hdev)
1497 struct list_head *p, *n;
1499 list_for_each_safe(p, n, &hdev->blacklist) {
1500 struct bdaddr_list *b;
1502 b = list_entry(p, struct bdaddr_list, list);
1511 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1513 struct bdaddr_list *entry;
1515 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1518 if (hci_blacklist_lookup(hdev, bdaddr))
1521 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1525 bacpy(&entry->bdaddr, bdaddr);
1527 list_add(&entry->list, &hdev->blacklist);
1529 return mgmt_device_blocked(hdev, bdaddr, type);
1532 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1534 struct bdaddr_list *entry;
1536 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1537 return hci_blacklist_clear(hdev);
1539 entry = hci_blacklist_lookup(hdev, bdaddr);
1543 list_del(&entry->list);
1546 return mgmt_device_unblocked(hdev, bdaddr, type);
1549 static void hci_clear_adv_cache(struct work_struct *work)
1551 struct hci_dev *hdev = container_of(work, struct hci_dev,
1556 hci_adv_entries_clear(hdev);
1558 hci_dev_unlock(hdev);
1561 int hci_adv_entries_clear(struct hci_dev *hdev)
1563 struct adv_entry *entry, *tmp;
1565 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1566 list_del(&entry->list);
1570 BT_DBG("%s adv cache cleared", hdev->name);
1575 struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1577 struct adv_entry *entry;
1579 list_for_each_entry(entry, &hdev->adv_entries, list)
1580 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1586 static inline int is_connectable_adv(u8 evt_type)
1588 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1594 int hci_add_adv_entry(struct hci_dev *hdev,
1595 struct hci_ev_le_advertising_info *ev) { struct adv_entry *entry; if (!is_connectable_adv(ev->evt_type))
1598 /* Only new entries should be added to adv_entries. So, if
1599 * bdaddr was found, don't add it. */
1600 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1603 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1607 bacpy(&entry->bdaddr, &ev->bdaddr);
1608 entry->bdaddr_type = ev->bdaddr_type;
1610 list_add(&entry->list, &hdev->adv_entries);
1612 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1613 batostr(&entry->bdaddr), entry->bdaddr_type);
1618 static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1620 struct le_scan_params *param = (struct le_scan_params *) opt;
1621 struct hci_cp_le_set_scan_param cp;
1623 memset(&cp, 0, sizeof(cp));
1624 cp.type = param->type;
1625 cp.interval = cpu_to_le16(param->interval);
1626 cp.window = cpu_to_le16(param->window);
1628 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1631 static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1633 struct hci_cp_le_set_scan_enable cp;
1635 memset(&cp, 0, sizeof(cp));
1638 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1641 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1642 u16 window, int timeout)
1644 long timeo = msecs_to_jiffies(3000);
1645 struct le_scan_params param;
1648 BT_DBG("%s", hdev->name);
1650 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1651 return -EINPROGRESS;
1654 param.interval = interval;
1655 param.window = window;
1659 err = __hci_request(hdev, le_scan_param_req, (unsigned long) ¶m,
1662 err = __hci_request(hdev, le_scan_enable_req, 0, timeo);
1664 hci_req_unlock(hdev);
1669 schedule_delayed_work(&hdev->le_scan_disable,
1670 msecs_to_jiffies(timeout));
1675 static void le_scan_disable_work(struct work_struct *work)
1677 struct hci_dev *hdev = container_of(work, struct hci_dev,
1678 le_scan_disable.work);
1679 struct hci_cp_le_set_scan_enable cp;
1681 BT_DBG("%s", hdev->name);
1683 memset(&cp, 0, sizeof(cp));
1685 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1688 static void le_scan_work(struct work_struct *work)
1690 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1691 struct le_scan_params *param = &hdev->le_scan_params;
1693 BT_DBG("%s", hdev->name);
1695 hci_do_le_scan(hdev, param->type, param->interval, param->window,
1699 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1702 struct le_scan_params *param = &hdev->le_scan_params;
1704 BT_DBG("%s", hdev->name);
1706 if (work_busy(&hdev->le_scan))
1707 return -EINPROGRESS;
1710 param->interval = interval;
1711 param->window = window;
1712 param->timeout = timeout;
1714 queue_work(system_long_wq, &hdev->le_scan);
1719 /* Register HCI device */
1720 int hci_register_dev(struct hci_dev *hdev)
1722 struct list_head *head = &hci_dev_list, *p;
1725 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1727 if (!hdev->open || !hdev->close)
1730 /* Do not allow HCI_AMP devices to register at index 0,
1731 * so the index can be used as the AMP controller ID.
1733 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1735 write_lock(&hci_dev_list_lock);
1737 /* Find first available device id */
1738 list_for_each(p, &hci_dev_list) {
1739 if (list_entry(p, struct hci_dev, list)->id != id)
1744 sprintf(hdev->name, "hci%d", id);
1746 list_add_tail(&hdev->list, head);
1748 mutex_init(&hdev->lock);
1751 hdev->dev_flags = 0;
1752 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1753 hdev->esco_type = (ESCO_HV1);
1754 hdev->link_mode = (HCI_LM_ACCEPT);
1755 hdev->io_capability = 0x03; /* No Input No Output */
1757 hdev->idle_timeout = 0;
1758 hdev->sniff_max_interval = 800;
1759 hdev->sniff_min_interval = 80;
1761 INIT_WORK(&hdev->rx_work, hci_rx_work);
1762 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1763 INIT_WORK(&hdev->tx_work, hci_tx_work);
1766 skb_queue_head_init(&hdev->rx_q);
1767 skb_queue_head_init(&hdev->cmd_q);
1768 skb_queue_head_init(&hdev->raw_q);
1770 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1772 for (i = 0; i < NUM_REASSEMBLY; i++)
1773 hdev->reassembly[i] = NULL;
1775 init_waitqueue_head(&hdev->req_wait_q);
1776 mutex_init(&hdev->req_lock);
1778 discovery_init(hdev);
1780 hci_conn_hash_init(hdev);
1782 INIT_LIST_HEAD(&hdev->mgmt_pending);
1784 INIT_LIST_HEAD(&hdev->blacklist);
1786 INIT_LIST_HEAD(&hdev->uuids);
1788 INIT_LIST_HEAD(&hdev->link_keys);
1789 INIT_LIST_HEAD(&hdev->long_term_keys);
1791 INIT_LIST_HEAD(&hdev->remote_oob_data);
1793 INIT_LIST_HEAD(&hdev->adv_entries);
1795 INIT_DELAYED_WORK(&hdev->adv_work, hci_clear_adv_cache);
1796 INIT_WORK(&hdev->power_on, hci_power_on);
1797 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1799 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1801 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1803 atomic_set(&hdev->promisc, 0);
1805 INIT_WORK(&hdev->le_scan, le_scan_work);
1807 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
1809 write_unlock(&hci_dev_list_lock);
1811 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1813 if (!hdev->workqueue) {
1818 error = hci_add_sysfs(hdev);
1822 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1823 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1825 if (rfkill_register(hdev->rfkill) < 0) {
1826 rfkill_destroy(hdev->rfkill);
1827 hdev->rfkill = NULL;
1831 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1832 set_bit(HCI_SETUP, &hdev->dev_flags);
1833 schedule_work(&hdev->power_on);
1835 hci_notify(hdev, HCI_DEV_REG);
1841 destroy_workqueue(hdev->workqueue);
1843 write_lock(&hci_dev_list_lock);
1844 list_del(&hdev->list);
1845 write_unlock(&hci_dev_list_lock);
1849 EXPORT_SYMBOL(hci_register_dev);
1851 /* Unregister HCI device */
1852 void hci_unregister_dev(struct hci_dev *hdev)
1856 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1858 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1860 write_lock(&hci_dev_list_lock);
1861 list_del(&hdev->list);
1862 write_unlock(&hci_dev_list_lock);
1864 hci_dev_do_close(hdev);
1866 for (i = 0; i < NUM_REASSEMBLY; i++)
1867 kfree_skb(hdev->reassembly[i]);
1869 if (!test_bit(HCI_INIT, &hdev->flags) &&
1870 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
1872 mgmt_index_removed(hdev);
1873 hci_dev_unlock(hdev);
1876 /* mgmt_index_removed should take care of emptying the
1878 BUG_ON(!list_empty(&hdev->mgmt_pending));
1880 hci_notify(hdev, HCI_DEV_UNREG);
1883 rfkill_unregister(hdev->rfkill);
1884 rfkill_destroy(hdev->rfkill);
1887 hci_del_sysfs(hdev);
1889 cancel_delayed_work_sync(&hdev->adv_work);
1891 destroy_workqueue(hdev->workqueue);
1894 hci_blacklist_clear(hdev);
1895 hci_uuids_clear(hdev);
1896 hci_link_keys_clear(hdev);
1897 hci_smp_ltks_clear(hdev);
1898 hci_remote_oob_data_clear(hdev);
1899 hci_adv_entries_clear(hdev);
1900 hci_dev_unlock(hdev);
1904 EXPORT_SYMBOL(hci_unregister_dev);
1906 /* Suspend HCI device */
1907 int hci_suspend_dev(struct hci_dev *hdev)
1909 hci_notify(hdev, HCI_DEV_SUSPEND);
1912 EXPORT_SYMBOL(hci_suspend_dev);
1914 /* Resume HCI device */
1915 int hci_resume_dev(struct hci_dev *hdev)
1917 hci_notify(hdev, HCI_DEV_RESUME);
1920 EXPORT_SYMBOL(hci_resume_dev);
1922 /* Receive frame from HCI drivers */
1923 int hci_recv_frame(struct sk_buff *skb)
1925 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1926 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1927 && !test_bit(HCI_INIT, &hdev->flags))) {
1933 bt_cb(skb)->incoming = 1;
1936 __net_timestamp(skb);
1938 skb_queue_tail(&hdev->rx_q, skb);
1939 queue_work(hdev->workqueue, &hdev->rx_work);
1943 EXPORT_SYMBOL(hci_recv_frame);
1945 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1946 int count, __u8 index)
1951 struct sk_buff *skb;
1952 struct bt_skb_cb *scb;
1954 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1955 index >= NUM_REASSEMBLY)
1958 skb = hdev->reassembly[index];
1962 case HCI_ACLDATA_PKT:
1963 len = HCI_MAX_FRAME_SIZE;
1964 hlen = HCI_ACL_HDR_SIZE;
1967 len = HCI_MAX_EVENT_SIZE;
1968 hlen = HCI_EVENT_HDR_SIZE;
1970 case HCI_SCODATA_PKT:
1971 len = HCI_MAX_SCO_SIZE;
1972 hlen = HCI_SCO_HDR_SIZE;
1976 skb = bt_skb_alloc(len, GFP_ATOMIC);
1980 scb = (void *) skb->cb;
1982 scb->pkt_type = type;
1984 skb->dev = (void *) hdev;
1985 hdev->reassembly[index] = skb;
1989 scb = (void *) skb->cb;
1990 len = min_t(uint, scb->expect, count);
1992 memcpy(skb_put(skb, len), data, len);
2001 if (skb->len == HCI_EVENT_HDR_SIZE) {
2002 struct hci_event_hdr *h = hci_event_hdr(skb);
2003 scb->expect = h->plen;
2005 if (skb_tailroom(skb) < scb->expect) {
2007 hdev->reassembly[index] = NULL;
2013 case HCI_ACLDATA_PKT:
2014 if (skb->len == HCI_ACL_HDR_SIZE) {
2015 struct hci_acl_hdr *h = hci_acl_hdr(skb);
2016 scb->expect = __le16_to_cpu(h->dlen);
2018 if (skb_tailroom(skb) < scb->expect) {
2020 hdev->reassembly[index] = NULL;
2026 case HCI_SCODATA_PKT:
2027 if (skb->len == HCI_SCO_HDR_SIZE) {
2028 struct hci_sco_hdr *h = hci_sco_hdr(skb);
2029 scb->expect = h->dlen;
2031 if (skb_tailroom(skb) < scb->expect) {
2033 hdev->reassembly[index] = NULL;
2040 if (scb->expect == 0) {
2041 /* Complete frame */
2043 bt_cb(skb)->pkt_type = type;
2044 hci_recv_frame(skb);
2046 hdev->reassembly[index] = NULL;
2054 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
2058 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
2062 rem = hci_reassembly(hdev, type, data, count, type - 1);
2066 data += (count - rem);
2072 EXPORT_SYMBOL(hci_recv_fragment);
2074 #define STREAM_REASSEMBLY 0
2076 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
2082 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2085 struct { char type; } *pkt;
2087 /* Start of the frame */
2094 type = bt_cb(skb)->pkt_type;
2096 rem = hci_reassembly(hdev, type, data, count,
2101 data += (count - rem);
2107 EXPORT_SYMBOL(hci_recv_stream_fragment);
2109 /* ---- Interface to upper protocols ---- */
2111 int hci_register_cb(struct hci_cb *cb)
2113 BT_DBG("%p name %s", cb, cb->name);
2115 write_lock(&hci_cb_list_lock);
2116 list_add(&cb->list, &hci_cb_list);
2117 write_unlock(&hci_cb_list_lock);
2121 EXPORT_SYMBOL(hci_register_cb);
2123 int hci_unregister_cb(struct hci_cb *cb)
2125 BT_DBG("%p name %s", cb, cb->name);
2127 write_lock(&hci_cb_list_lock);
2128 list_del(&cb->list);
2129 write_unlock(&hci_cb_list_lock);
2133 EXPORT_SYMBOL(hci_unregister_cb);
2135 static int hci_send_frame(struct sk_buff *skb)
2137 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2144 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2147 __net_timestamp(skb);
2149 /* Send copy to monitor */
2150 hci_send_to_monitor(hdev, skb);
2152 if (atomic_read(&hdev->promisc)) {
2153 /* Send copy to the sockets */
2154 hci_send_to_sock(hdev, skb);
2157 /* Get rid of skb owner, prior to sending to the driver. */
2160 return hdev->send(skb);
2163 /* Send HCI command */
2164 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2166 int len = HCI_COMMAND_HDR_SIZE + plen;
2167 struct hci_command_hdr *hdr;
2168 struct sk_buff *skb;
2170 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
2172 skb = bt_skb_alloc(len, GFP_ATOMIC);
2174 BT_ERR("%s no memory for command", hdev->name);
2178 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2179 hdr->opcode = cpu_to_le16(opcode);
2183 memcpy(skb_put(skb, plen), param, plen);
2185 BT_DBG("skb len %d", skb->len);
2187 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2188 skb->dev = (void *) hdev;
2190 if (test_bit(HCI_INIT, &hdev->flags))
2191 hdev->init_last_cmd = opcode;
2193 skb_queue_tail(&hdev->cmd_q, skb);
2194 queue_work(hdev->workqueue, &hdev->cmd_work);
2199 /* Get data from the previously sent command */
2200 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2202 struct hci_command_hdr *hdr;
2204 if (!hdev->sent_cmd)
2207 hdr = (void *) hdev->sent_cmd->data;
2209 if (hdr->opcode != cpu_to_le16(opcode))
2212 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2214 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2218 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2220 struct hci_acl_hdr *hdr;
2223 skb_push(skb, HCI_ACL_HDR_SIZE);
2224 skb_reset_transport_header(skb);
2225 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2226 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2227 hdr->dlen = cpu_to_le16(len);
2230 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2231 struct sk_buff *skb, __u16 flags)
2233 struct hci_dev *hdev = conn->hdev;
2234 struct sk_buff *list;
2236 list = skb_shinfo(skb)->frag_list;
2238 /* Non fragmented */
2239 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2241 skb_queue_tail(queue, skb);
2244 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2246 skb_shinfo(skb)->frag_list = NULL;
2248 /* Queue all fragments atomically */
2249 spin_lock(&queue->lock);
2251 __skb_queue_tail(queue, skb);
2253 flags &= ~ACL_START;
2256 skb = list; list = list->next;
2258 skb->dev = (void *) hdev;
2259 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2260 hci_add_acl_hdr(skb, conn->handle, flags);
2262 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2264 __skb_queue_tail(queue, skb);
2267 spin_unlock(&queue->lock);
2271 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2273 struct hci_conn *conn = chan->conn;
2274 struct hci_dev *hdev = conn->hdev;
2276 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
2278 skb->dev = (void *) hdev;
2279 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2280 hci_add_acl_hdr(skb, conn->handle, flags);
2282 hci_queue_acl(conn, &chan->data_q, skb, flags);
2284 queue_work(hdev->workqueue, &hdev->tx_work);
2286 EXPORT_SYMBOL(hci_send_acl);
2289 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2291 struct hci_dev *hdev = conn->hdev;
2292 struct hci_sco_hdr hdr;
2294 BT_DBG("%s len %d", hdev->name, skb->len);
2296 hdr.handle = cpu_to_le16(conn->handle);
2297 hdr.dlen = skb->len;
2299 skb_push(skb, HCI_SCO_HDR_SIZE);
2300 skb_reset_transport_header(skb);
2301 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2303 skb->dev = (void *) hdev;
2304 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2306 skb_queue_tail(&conn->data_q, skb);
2307 queue_work(hdev->workqueue, &hdev->tx_work);
2309 EXPORT_SYMBOL(hci_send_sco);
2311 /* ---- HCI TX task (outgoing data) ---- */
2313 /* HCI Connection scheduler */
2314 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2316 struct hci_conn_hash *h = &hdev->conn_hash;
2317 struct hci_conn *conn = NULL, *c;
2318 int num = 0, min = ~0;
2320 /* We don't have to lock device here. Connections are always
2321 * added and removed with TX task disabled. */
2325 list_for_each_entry_rcu(c, &h->list, list) {
2326 if (c->type != type || skb_queue_empty(&c->data_q))
2329 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2334 if (c->sent < min) {
2339 if (hci_conn_num(hdev, type) == num)
2348 switch (conn->type) {
2350 cnt = hdev->acl_cnt;
2354 cnt = hdev->sco_cnt;
2357 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2361 BT_ERR("Unknown link type");
2369 BT_DBG("conn %p quote %d", conn, *quote);
2373 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2375 struct hci_conn_hash *h = &hdev->conn_hash;
2378 BT_ERR("%s link tx timeout", hdev->name);
2382 /* Kill stalled connections */
2383 list_for_each_entry_rcu(c, &h->list, list) {
2384 if (c->type == type && c->sent) {
2385 BT_ERR("%s killing stalled connection %s",
2386 hdev->name, batostr(&c->dst));
2387 hci_acl_disconn(c, 0x13);
2394 static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2397 struct hci_conn_hash *h = &hdev->conn_hash;
2398 struct hci_chan *chan = NULL;
2399 int num = 0, min = ~0, cur_prio = 0;
2400 struct hci_conn *conn;
2401 int cnt, q, conn_num = 0;
2403 BT_DBG("%s", hdev->name);
2407 list_for_each_entry_rcu(conn, &h->list, list) {
2408 struct hci_chan *tmp;
2410 if (conn->type != type)
2413 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2418 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2419 struct sk_buff *skb;
2421 if (skb_queue_empty(&tmp->data_q))
2424 skb = skb_peek(&tmp->data_q);
2425 if (skb->priority < cur_prio)
2428 if (skb->priority > cur_prio) {
2431 cur_prio = skb->priority;
2436 if (conn->sent < min) {
2442 if (hci_conn_num(hdev, type) == conn_num)
2451 switch (chan->conn->type) {
2453 cnt = hdev->acl_cnt;
2457 cnt = hdev->sco_cnt;
2460 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2464 BT_ERR("Unknown link type");
2469 BT_DBG("chan %p quote %d", chan, *quote);
2473 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2475 struct hci_conn_hash *h = &hdev->conn_hash;
2476 struct hci_conn *conn;
2479 BT_DBG("%s", hdev->name);
2483 list_for_each_entry_rcu(conn, &h->list, list) {
2484 struct hci_chan *chan;
2486 if (conn->type != type)
2489 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2494 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2495 struct sk_buff *skb;
2502 if (skb_queue_empty(&chan->data_q))
2505 skb = skb_peek(&chan->data_q);
2506 if (skb->priority >= HCI_PRIO_MAX - 1)
2509 skb->priority = HCI_PRIO_MAX - 1;
2511 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2515 if (hci_conn_num(hdev, type) == num)
2523 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2525 /* Calculate count of blocks used by this packet */
2526 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2529 static inline void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2531 if (!test_bit(HCI_RAW, &hdev->flags)) {
2532 /* ACL tx timeout must be longer than maximum
2533 * link supervision timeout (40.9 seconds) */
2534 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2535 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT)))
2536 hci_link_tx_to(hdev, ACL_LINK);
2540 static inline void hci_sched_acl_pkt(struct hci_dev *hdev)
2542 unsigned int cnt = hdev->acl_cnt;
2543 struct hci_chan *chan;
2544 struct sk_buff *skb;
2547 __check_timeout(hdev, cnt);
2549 while (hdev->acl_cnt &&
2550 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2551 u32 priority = (skb_peek(&chan->data_q))->priority;
2552 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2553 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2554 skb->len, skb->priority);
2556 /* Stop if priority has changed */
2557 if (skb->priority < priority)
2560 skb = skb_dequeue(&chan->data_q);
2562 hci_conn_enter_active_mode(chan->conn,
2563 bt_cb(skb)->force_active);
2565 hci_send_frame(skb);
2566 hdev->acl_last_tx = jiffies;
2574 if (cnt != hdev->acl_cnt)
2575 hci_prio_recalculate(hdev, ACL_LINK);
2578 static inline void hci_sched_acl_blk(struct hci_dev *hdev)
2580 unsigned int cnt = hdev->block_cnt;
2581 struct hci_chan *chan;
2582 struct sk_buff *skb;
2585 __check_timeout(hdev, cnt);
2587 while (hdev->block_cnt > 0 &&
2588 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2589 u32 priority = (skb_peek(&chan->data_q))->priority;
2590 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2593 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2594 skb->len, skb->priority);
2596 /* Stop if priority has changed */
2597 if (skb->priority < priority)
2600 skb = skb_dequeue(&chan->data_q);
2602 blocks = __get_blocks(hdev, skb);
2603 if (blocks > hdev->block_cnt)
2606 hci_conn_enter_active_mode(chan->conn,
2607 bt_cb(skb)->force_active);
2609 hci_send_frame(skb);
2610 hdev->acl_last_tx = jiffies;
2612 hdev->block_cnt -= blocks;
2615 chan->sent += blocks;
2616 chan->conn->sent += blocks;
2620 if (cnt != hdev->block_cnt)
2621 hci_prio_recalculate(hdev, ACL_LINK);
2624 static inline void hci_sched_acl(struct hci_dev *hdev)
2626 BT_DBG("%s", hdev->name);
2628 if (!hci_conn_num(hdev, ACL_LINK))
2631 switch (hdev->flow_ctl_mode) {
2632 case HCI_FLOW_CTL_MODE_PACKET_BASED:
2633 hci_sched_acl_pkt(hdev);
2636 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
2637 hci_sched_acl_blk(hdev);
2643 static inline void hci_sched_sco(struct hci_dev *hdev)
2645 struct hci_conn *conn;
2646 struct sk_buff *skb;
2649 BT_DBG("%s", hdev->name);
2651 if (!hci_conn_num(hdev, SCO_LINK))
2654 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
2655 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2656 BT_DBG("skb %p len %d", skb, skb->len);
2657 hci_send_frame(skb);
2660 if (conn->sent == ~0)
2666 static inline void hci_sched_esco(struct hci_dev *hdev)
2668 struct hci_conn *conn;
2669 struct sk_buff *skb;
2672 BT_DBG("%s", hdev->name);
2674 if (!hci_conn_num(hdev, ESCO_LINK))
2677 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
2678 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2679 BT_DBG("skb %p len %d", skb, skb->len);
2680 hci_send_frame(skb);
2683 if (conn->sent == ~0)
2689 static inline void hci_sched_le(struct hci_dev *hdev)
2691 struct hci_chan *chan;
2692 struct sk_buff *skb;
2693 int quote, cnt, tmp;
2695 BT_DBG("%s", hdev->name);
2697 if (!hci_conn_num(hdev, LE_LINK))
2700 if (!test_bit(HCI_RAW, &hdev->flags)) {
2701 /* LE tx timeout must be longer than maximum
2702 * link supervision timeout (40.9 seconds) */
2703 if (!hdev->le_cnt && hdev->le_pkts &&
2704 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2705 hci_link_tx_to(hdev, LE_LINK);
2708 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2710 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
2711 u32 priority = (skb_peek(&chan->data_q))->priority;
2712 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2713 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2714 skb->len, skb->priority);
2716 /* Stop if priority has changed */
2717 if (skb->priority < priority)
2720 skb = skb_dequeue(&chan->data_q);
2722 hci_send_frame(skb);
2723 hdev->le_last_tx = jiffies;
2734 hdev->acl_cnt = cnt;
2737 hci_prio_recalculate(hdev, LE_LINK);
2740 static void hci_tx_work(struct work_struct *work)
2742 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2743 struct sk_buff *skb;
2745 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2746 hdev->sco_cnt, hdev->le_cnt);
2748 /* Schedule queues and send stuff to HCI driver */
2750 hci_sched_acl(hdev);
2752 hci_sched_sco(hdev);
2754 hci_sched_esco(hdev);
2758 /* Send next queued raw (unknown type) packet */
2759 while ((skb = skb_dequeue(&hdev->raw_q)))
2760 hci_send_frame(skb);
2763 /* ----- HCI RX task (incoming data processing) ----- */
2765 /* ACL data packet */
2766 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2768 struct hci_acl_hdr *hdr = (void *) skb->data;
2769 struct hci_conn *conn;
2770 __u16 handle, flags;
2772 skb_pull(skb, HCI_ACL_HDR_SIZE);
2774 handle = __le16_to_cpu(hdr->handle);
2775 flags = hci_flags(handle);
2776 handle = hci_handle(handle);
2778 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2780 hdev->stat.acl_rx++;
2783 conn = hci_conn_hash_lookup_handle(hdev, handle);
2784 hci_dev_unlock(hdev);
2787 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2789 /* Send to upper protocol */
2790 l2cap_recv_acldata(conn, skb, flags);
2793 BT_ERR("%s ACL packet for unknown connection handle %d",
2794 hdev->name, handle);
2800 /* SCO data packet */
2801 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2803 struct hci_sco_hdr *hdr = (void *) skb->data;
2804 struct hci_conn *conn;
2807 skb_pull(skb, HCI_SCO_HDR_SIZE);
2809 handle = __le16_to_cpu(hdr->handle);
2811 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2813 hdev->stat.sco_rx++;
2816 conn = hci_conn_hash_lookup_handle(hdev, handle);
2817 hci_dev_unlock(hdev);
2820 /* Send to upper protocol */
2821 sco_recv_scodata(conn, skb);
2824 BT_ERR("%s SCO packet for unknown connection handle %d",
2825 hdev->name, handle);
2831 static void hci_rx_work(struct work_struct *work)
2833 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2834 struct sk_buff *skb;
2836 BT_DBG("%s", hdev->name);
2838 while ((skb = skb_dequeue(&hdev->rx_q))) {
2839 /* Send copy to monitor */
2840 hci_send_to_monitor(hdev, skb);
2842 if (atomic_read(&hdev->promisc)) {
2843 /* Send copy to the sockets */
2844 hci_send_to_sock(hdev, skb);
2847 if (test_bit(HCI_RAW, &hdev->flags)) {
2852 if (test_bit(HCI_INIT, &hdev->flags)) {
2853 /* Don't process data packets in this states. */
2854 switch (bt_cb(skb)->pkt_type) {
2855 case HCI_ACLDATA_PKT:
2856 case HCI_SCODATA_PKT:
2863 switch (bt_cb(skb)->pkt_type) {
2865 BT_DBG("%s Event packet", hdev->name);
2866 hci_event_packet(hdev, skb);
2869 case HCI_ACLDATA_PKT:
2870 BT_DBG("%s ACL data packet", hdev->name);
2871 hci_acldata_packet(hdev, skb);
2874 case HCI_SCODATA_PKT:
2875 BT_DBG("%s SCO data packet", hdev->name);
2876 hci_scodata_packet(hdev, skb);
2886 static void hci_cmd_work(struct work_struct *work)
2888 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2889 struct sk_buff *skb;
2891 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2893 /* Send queued commands */
2894 if (atomic_read(&hdev->cmd_cnt)) {
2895 skb = skb_dequeue(&hdev->cmd_q);
2899 kfree_skb(hdev->sent_cmd);
2901 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2902 if (hdev->sent_cmd) {
2903 atomic_dec(&hdev->cmd_cnt);
2904 hci_send_frame(skb);
2905 if (test_bit(HCI_RESET, &hdev->flags))
2906 del_timer(&hdev->cmd_timer);
2908 mod_timer(&hdev->cmd_timer,
2909 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2911 skb_queue_head(&hdev->cmd_q, skb);
2912 queue_work(hdev->workqueue, &hdev->cmd_work);
2917 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2919 /* General inquiry access code (GIAC) */
2920 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2921 struct hci_cp_inquiry cp;
2923 BT_DBG("%s", hdev->name);
2925 if (test_bit(HCI_INQUIRY, &hdev->flags))
2926 return -EINPROGRESS;
2928 inquiry_cache_flush(hdev);
2930 memset(&cp, 0, sizeof(cp));
2931 memcpy(&cp.lap, lap, sizeof(cp.lap));
2934 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2937 int hci_cancel_inquiry(struct hci_dev *hdev)
2939 BT_DBG("%s", hdev->name);
2941 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2944 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
projects / linux-flexiantxendom0-3.2.10.git / blob