2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI core. */
27 #include <linux/jiffies.h>
28 #include <linux/module.h>
29 #include <linux/kmod.h>
31 #include <linux/types.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/slab.h>
36 #include <linux/poll.h>
37 #include <linux/fcntl.h>
38 #include <linux/init.h>
39 #include <linux/skbuff.h>
40 #include <linux/workqueue.h>
41 #include <linux/interrupt.h>
42 #include <linux/notifier.h>
43 #include <linux/rfkill.h>
44 #include <linux/timer.h>
45 #include <linux/crypto.h>
48 #include <asm/system.h>
49 #include <linux/uaccess.h>
50 #include <asm/unaligned.h>
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
55 #define AUTO_OFF_TIMEOUT 2000
59 static void hci_rx_work(struct work_struct *work);
60 static void hci_cmd_work(struct work_struct *work);
61 static void hci_tx_task(unsigned long arg);
63 static DEFINE_MUTEX(hci_task_lock);
66 LIST_HEAD(hci_dev_list);
67 DEFINE_RWLOCK(hci_dev_list_lock);
69 /* HCI callback list */
70 LIST_HEAD(hci_cb_list);
71 DEFINE_RWLOCK(hci_cb_list_lock);
74 #define HCI_MAX_PROTO 2
75 struct hci_proto *hci_proto[HCI_MAX_PROTO];
77 /* HCI notifiers list */
78 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
80 /* ---- HCI notifications ---- */
82 int hci_register_notifier(struct notifier_block *nb)
84 return atomic_notifier_chain_register(&hci_notifier, nb);
87 int hci_unregister_notifier(struct notifier_block *nb)
89 return atomic_notifier_chain_unregister(&hci_notifier, nb);
92 static void hci_notify(struct hci_dev *hdev, int event)
94 atomic_notifier_call_chain(&hci_notifier, event, hdev);
97 /* ---- HCI requests ---- */
99 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
101 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
103 /* If this is the init phase check if the completed command matches
104 * the last init command, and if not just return.
106 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
109 if (hdev->req_status == HCI_REQ_PEND) {
110 hdev->req_result = result;
111 hdev->req_status = HCI_REQ_DONE;
112 wake_up_interruptible(&hdev->req_wait_q);
116 static void hci_req_cancel(struct hci_dev *hdev, int err)
118 BT_DBG("%s err 0x%2.2x", hdev->name, err);
120 if (hdev->req_status == HCI_REQ_PEND) {
121 hdev->req_result = err;
122 hdev->req_status = HCI_REQ_CANCELED;
123 wake_up_interruptible(&hdev->req_wait_q);
127 /* Execute request and wait for completion. */
128 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
129 unsigned long opt, __u32 timeout)
131 DECLARE_WAITQUEUE(wait, current);
134 BT_DBG("%s start", hdev->name);
136 hdev->req_status = HCI_REQ_PEND;
138 add_wait_queue(&hdev->req_wait_q, &wait);
139 set_current_state(TASK_INTERRUPTIBLE);
142 schedule_timeout(timeout);
144 remove_wait_queue(&hdev->req_wait_q, &wait);
146 if (signal_pending(current))
149 switch (hdev->req_status) {
151 err = -bt_to_errno(hdev->req_result);
154 case HCI_REQ_CANCELED:
155 err = -hdev->req_result;
163 hdev->req_status = hdev->req_result = 0;
165 BT_DBG("%s end: err %d", hdev->name, err);
170 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
171 unsigned long opt, __u32 timeout)
175 if (!test_bit(HCI_UP, &hdev->flags))
178 /* Serialize all requests */
180 ret = __hci_request(hdev, req, opt, timeout);
181 hci_req_unlock(hdev);
186 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
188 BT_DBG("%s %ld", hdev->name, opt);
191 set_bit(HCI_RESET, &hdev->flags);
192 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
195 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
197 struct hci_cp_delete_stored_link_key cp;
202 BT_DBG("%s %ld", hdev->name, opt);
204 /* Driver initialization */
206 /* Special commands */
207 while ((skb = skb_dequeue(&hdev->driver_init))) {
208 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
209 skb->dev = (void *) hdev;
211 skb_queue_tail(&hdev->cmd_q, skb);
212 queue_work(hdev->workqueue, &hdev->cmd_work);
214 skb_queue_purge(&hdev->driver_init);
216 /* Mandatory initialization */
219 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
220 set_bit(HCI_RESET, &hdev->flags);
221 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
224 /* Read Local Supported Features */
225 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
227 /* Read Local Version */
228 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
230 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
231 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
233 /* Read BD Address */
234 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
236 /* Read Class of Device */
237 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
239 /* Read Local Name */
240 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
242 /* Read Voice Setting */
243 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
245 /* Optional initialization */
247 /* Clear Event Filters */
248 flt_type = HCI_FLT_CLEAR_ALL;
249 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
251 /* Connection accept timeout ~20 secs */
252 param = cpu_to_le16(0x7d00);
253 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
255 bacpy(&cp.bdaddr, BDADDR_ANY);
257 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
260 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
262 BT_DBG("%s", hdev->name);
264 /* Read LE buffer size */
265 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
268 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
272 BT_DBG("%s %x", hdev->name, scan);
274 /* Inquiry and Page scans */
275 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
278 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
282 BT_DBG("%s %x", hdev->name, auth);
285 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
288 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
292 BT_DBG("%s %x", hdev->name, encrypt);
295 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
298 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
300 __le16 policy = cpu_to_le16(opt);
302 BT_DBG("%s %x", hdev->name, policy);
304 /* Default link policy */
305 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
308 /* Get HCI device by index.
309 * Device is held on return. */
310 struct hci_dev *hci_dev_get(int index)
312 struct hci_dev *hdev = NULL, *d;
319 read_lock(&hci_dev_list_lock);
320 list_for_each_entry(d, &hci_dev_list, list) {
321 if (d->id == index) {
322 hdev = hci_dev_hold(d);
326 read_unlock(&hci_dev_list_lock);
330 /* ---- Inquiry support ---- */
331 static void inquiry_cache_flush(struct hci_dev *hdev)
333 struct inquiry_cache *cache = &hdev->inq_cache;
334 struct inquiry_entry *next = cache->list, *e;
336 BT_DBG("cache %p", cache);
345 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
347 struct inquiry_cache *cache = &hdev->inq_cache;
348 struct inquiry_entry *e;
350 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
352 for (e = cache->list; e; e = e->next)
353 if (!bacmp(&e->data.bdaddr, bdaddr))
358 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
360 struct inquiry_cache *cache = &hdev->inq_cache;
361 struct inquiry_entry *ie;
363 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
365 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
367 /* Entry not in the cache. Add new one. */
368 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
372 ie->next = cache->list;
376 memcpy(&ie->data, data, sizeof(*data));
377 ie->timestamp = jiffies;
378 cache->timestamp = jiffies;
381 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
383 struct inquiry_cache *cache = &hdev->inq_cache;
384 struct inquiry_info *info = (struct inquiry_info *) buf;
385 struct inquiry_entry *e;
388 for (e = cache->list; e && copied < num; e = e->next, copied++) {
389 struct inquiry_data *data = &e->data;
390 bacpy(&info->bdaddr, &data->bdaddr);
391 info->pscan_rep_mode = data->pscan_rep_mode;
392 info->pscan_period_mode = data->pscan_period_mode;
393 info->pscan_mode = data->pscan_mode;
394 memcpy(info->dev_class, data->dev_class, 3);
395 info->clock_offset = data->clock_offset;
399 BT_DBG("cache %p, copied %d", cache, copied);
403 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
405 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
406 struct hci_cp_inquiry cp;
408 BT_DBG("%s", hdev->name);
410 if (test_bit(HCI_INQUIRY, &hdev->flags))
414 memcpy(&cp.lap, &ir->lap, 3);
415 cp.length = ir->length;
416 cp.num_rsp = ir->num_rsp;
417 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
420 int hci_inquiry(void __user *arg)
422 __u8 __user *ptr = arg;
423 struct hci_inquiry_req ir;
424 struct hci_dev *hdev;
425 int err = 0, do_inquiry = 0, max_rsp;
429 if (copy_from_user(&ir, ptr, sizeof(ir)))
432 hdev = hci_dev_get(ir.dev_id);
437 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
438 inquiry_cache_empty(hdev) ||
439 ir.flags & IREQ_CACHE_FLUSH) {
440 inquiry_cache_flush(hdev);
443 hci_dev_unlock(hdev);
445 timeo = ir.length * msecs_to_jiffies(2000);
448 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
453 /* for unlimited number of responses we will use buffer with 255 entries */
454 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
456 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
457 * copy it to the user space.
459 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
466 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
467 hci_dev_unlock(hdev);
469 BT_DBG("num_rsp %d", ir.num_rsp);
471 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
473 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
486 /* ---- HCI ioctl helpers ---- */
488 int hci_dev_open(__u16 dev)
490 struct hci_dev *hdev;
493 hdev = hci_dev_get(dev);
497 BT_DBG("%s %p", hdev->name, hdev);
501 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
506 if (test_bit(HCI_UP, &hdev->flags)) {
511 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
512 set_bit(HCI_RAW, &hdev->flags);
514 /* Treat all non BR/EDR controllers as raw devices if
515 enable_hs is not set */
516 if (hdev->dev_type != HCI_BREDR && !enable_hs)
517 set_bit(HCI_RAW, &hdev->flags);
519 if (hdev->open(hdev)) {
524 if (!test_bit(HCI_RAW, &hdev->flags)) {
525 atomic_set(&hdev->cmd_cnt, 1);
526 set_bit(HCI_INIT, &hdev->flags);
527 hdev->init_last_cmd = 0;
529 ret = __hci_request(hdev, hci_init_req, 0,
530 msecs_to_jiffies(HCI_INIT_TIMEOUT));
532 if (lmp_host_le_capable(hdev))
533 ret = __hci_request(hdev, hci_le_init_req, 0,
534 msecs_to_jiffies(HCI_INIT_TIMEOUT));
536 clear_bit(HCI_INIT, &hdev->flags);
541 set_bit(HCI_UP, &hdev->flags);
542 hci_notify(hdev, HCI_DEV_UP);
543 if (!test_bit(HCI_SETUP, &hdev->flags)) {
545 mgmt_powered(hdev, 1);
546 hci_dev_unlock(hdev);
549 /* Init failed, cleanup */
550 tasklet_kill(&hdev->tx_task);
551 flush_work(&hdev->cmd_work);
552 flush_work(&hdev->rx_work);
554 skb_queue_purge(&hdev->cmd_q);
555 skb_queue_purge(&hdev->rx_q);
560 if (hdev->sent_cmd) {
561 kfree_skb(hdev->sent_cmd);
562 hdev->sent_cmd = NULL;
570 hci_req_unlock(hdev);
575 static int hci_dev_do_close(struct hci_dev *hdev)
577 BT_DBG("%s %p", hdev->name, hdev);
579 hci_req_cancel(hdev, ENODEV);
582 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
583 del_timer_sync(&hdev->cmd_timer);
584 hci_req_unlock(hdev);
588 /* Kill RX and TX tasks */
589 tasklet_kill(&hdev->tx_task);
590 flush_work(&hdev->rx_work);
592 if (hdev->discov_timeout > 0) {
593 cancel_delayed_work(&hdev->discov_off);
594 hdev->discov_timeout = 0;
597 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
598 cancel_delayed_work(&hdev->power_off);
601 inquiry_cache_flush(hdev);
602 hci_conn_hash_flush(hdev);
603 hci_dev_unlock(hdev);
605 hci_notify(hdev, HCI_DEV_DOWN);
611 skb_queue_purge(&hdev->cmd_q);
612 atomic_set(&hdev->cmd_cnt, 1);
613 if (!test_bit(HCI_RAW, &hdev->flags)) {
614 set_bit(HCI_INIT, &hdev->flags);
615 __hci_request(hdev, hci_reset_req, 0,
616 msecs_to_jiffies(HCI_INIT_TIMEOUT));
617 clear_bit(HCI_INIT, &hdev->flags);
621 flush_work(&hdev->cmd_work);
624 skb_queue_purge(&hdev->rx_q);
625 skb_queue_purge(&hdev->cmd_q);
626 skb_queue_purge(&hdev->raw_q);
628 /* Drop last sent command */
629 if (hdev->sent_cmd) {
630 del_timer_sync(&hdev->cmd_timer);
631 kfree_skb(hdev->sent_cmd);
632 hdev->sent_cmd = NULL;
635 /* After this point our queues are empty
636 * and no tasks are scheduled. */
640 mgmt_powered(hdev, 0);
641 hci_dev_unlock(hdev);
646 hci_req_unlock(hdev);
652 int hci_dev_close(__u16 dev)
654 struct hci_dev *hdev;
657 hdev = hci_dev_get(dev);
660 err = hci_dev_do_close(hdev);
665 int hci_dev_reset(__u16 dev)
667 struct hci_dev *hdev;
670 hdev = hci_dev_get(dev);
675 tasklet_disable(&hdev->tx_task);
677 if (!test_bit(HCI_UP, &hdev->flags))
681 skb_queue_purge(&hdev->rx_q);
682 skb_queue_purge(&hdev->cmd_q);
685 inquiry_cache_flush(hdev);
686 hci_conn_hash_flush(hdev);
687 hci_dev_unlock(hdev);
692 atomic_set(&hdev->cmd_cnt, 1);
693 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
695 if (!test_bit(HCI_RAW, &hdev->flags))
696 ret = __hci_request(hdev, hci_reset_req, 0,
697 msecs_to_jiffies(HCI_INIT_TIMEOUT));
700 tasklet_enable(&hdev->tx_task);
701 hci_req_unlock(hdev);
706 int hci_dev_reset_stat(__u16 dev)
708 struct hci_dev *hdev;
711 hdev = hci_dev_get(dev);
715 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
722 int hci_dev_cmd(unsigned int cmd, void __user *arg)
724 struct hci_dev *hdev;
725 struct hci_dev_req dr;
728 if (copy_from_user(&dr, arg, sizeof(dr)))
731 hdev = hci_dev_get(dr.dev_id);
737 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
738 msecs_to_jiffies(HCI_INIT_TIMEOUT));
742 if (!lmp_encrypt_capable(hdev)) {
747 if (!test_bit(HCI_AUTH, &hdev->flags)) {
748 /* Auth must be enabled first */
749 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
750 msecs_to_jiffies(HCI_INIT_TIMEOUT));
755 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
756 msecs_to_jiffies(HCI_INIT_TIMEOUT));
760 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
761 msecs_to_jiffies(HCI_INIT_TIMEOUT));
765 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
766 msecs_to_jiffies(HCI_INIT_TIMEOUT));
770 hdev->link_mode = ((__u16) dr.dev_opt) &
771 (HCI_LM_MASTER | HCI_LM_ACCEPT);
775 hdev->pkt_type = (__u16) dr.dev_opt;
779 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
780 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
784 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
785 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
797 int hci_get_dev_list(void __user *arg)
799 struct hci_dev *hdev;
800 struct hci_dev_list_req *dl;
801 struct hci_dev_req *dr;
802 int n = 0, size, err;
805 if (get_user(dev_num, (__u16 __user *) arg))
808 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
811 size = sizeof(*dl) + dev_num * sizeof(*dr);
813 dl = kzalloc(size, GFP_KERNEL);
819 read_lock_bh(&hci_dev_list_lock);
820 list_for_each_entry(hdev, &hci_dev_list, list) {
821 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
822 cancel_delayed_work(&hdev->power_off);
824 if (!test_bit(HCI_MGMT, &hdev->flags))
825 set_bit(HCI_PAIRABLE, &hdev->flags);
827 (dr + n)->dev_id = hdev->id;
828 (dr + n)->dev_opt = hdev->flags;
833 read_unlock_bh(&hci_dev_list_lock);
836 size = sizeof(*dl) + n * sizeof(*dr);
838 err = copy_to_user(arg, dl, size);
841 return err ? -EFAULT : 0;
844 int hci_get_dev_info(void __user *arg)
846 struct hci_dev *hdev;
847 struct hci_dev_info di;
850 if (copy_from_user(&di, arg, sizeof(di)))
853 hdev = hci_dev_get(di.dev_id);
857 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
858 cancel_delayed_work_sync(&hdev->power_off);
860 if (!test_bit(HCI_MGMT, &hdev->flags))
861 set_bit(HCI_PAIRABLE, &hdev->flags);
863 strcpy(di.name, hdev->name);
864 di.bdaddr = hdev->bdaddr;
865 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
866 di.flags = hdev->flags;
867 di.pkt_type = hdev->pkt_type;
868 di.acl_mtu = hdev->acl_mtu;
869 di.acl_pkts = hdev->acl_pkts;
870 di.sco_mtu = hdev->sco_mtu;
871 di.sco_pkts = hdev->sco_pkts;
872 di.link_policy = hdev->link_policy;
873 di.link_mode = hdev->link_mode;
875 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
876 memcpy(&di.features, &hdev->features, sizeof(di.features));
878 if (copy_to_user(arg, &di, sizeof(di)))
886 /* ---- Interface to HCI drivers ---- */
888 static int hci_rfkill_set_block(void *data, bool blocked)
890 struct hci_dev *hdev = data;
892 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
897 hci_dev_do_close(hdev);
902 static const struct rfkill_ops hci_rfkill_ops = {
903 .set_block = hci_rfkill_set_block,
906 /* Alloc HCI device */
907 struct hci_dev *hci_alloc_dev(void)
909 struct hci_dev *hdev;
911 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
915 hci_init_sysfs(hdev);
916 skb_queue_head_init(&hdev->driver_init);
920 EXPORT_SYMBOL(hci_alloc_dev);
922 /* Free HCI device */
923 void hci_free_dev(struct hci_dev *hdev)
925 skb_queue_purge(&hdev->driver_init);
927 /* will free via device release */
928 put_device(&hdev->dev);
930 EXPORT_SYMBOL(hci_free_dev);
932 static void hci_power_on(struct work_struct *work)
934 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
936 BT_DBG("%s", hdev->name);
938 if (hci_dev_open(hdev->id) < 0)
941 if (test_bit(HCI_AUTO_OFF, &hdev->flags))
942 queue_delayed_work(hdev->workqueue, &hdev->power_off,
943 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
945 if (test_and_clear_bit(HCI_SETUP, &hdev->flags))
946 mgmt_index_added(hdev);
949 static void hci_power_off(struct work_struct *work)
951 struct hci_dev *hdev = container_of(work, struct hci_dev,
954 BT_DBG("%s", hdev->name);
956 clear_bit(HCI_AUTO_OFF, &hdev->flags);
958 hci_dev_close(hdev->id);
961 static void hci_discov_off(struct work_struct *work)
963 struct hci_dev *hdev;
966 hdev = container_of(work, struct hci_dev, discov_off.work);
968 BT_DBG("%s", hdev->name);
972 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
974 hdev->discov_timeout = 0;
976 hci_dev_unlock(hdev);
979 int hci_uuids_clear(struct hci_dev *hdev)
981 struct list_head *p, *n;
983 list_for_each_safe(p, n, &hdev->uuids) {
984 struct bt_uuid *uuid;
986 uuid = list_entry(p, struct bt_uuid, list);
995 int hci_link_keys_clear(struct hci_dev *hdev)
997 struct list_head *p, *n;
999 list_for_each_safe(p, n, &hdev->link_keys) {
1000 struct link_key *key;
1002 key = list_entry(p, struct link_key, list);
1011 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1015 list_for_each_entry(k, &hdev->link_keys, list)
1016 if (bacmp(bdaddr, &k->bdaddr) == 0)
1022 static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1023 u8 key_type, u8 old_key_type)
1026 if (key_type < 0x03)
1029 /* Debug keys are insecure so don't store them persistently */
1030 if (key_type == HCI_LK_DEBUG_COMBINATION)
1033 /* Changed combination key and there's no previous one */
1034 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1037 /* Security mode 3 case */
1041 /* Neither local nor remote side had no-bonding as requirement */
1042 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1045 /* Local side had dedicated bonding as requirement */
1046 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1049 /* Remote side had dedicated bonding as requirement */
1050 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1053 /* If none of the above criteria match, then don't store the key
1058 struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1062 list_for_each_entry(k, &hdev->link_keys, list) {
1063 struct key_master_id *id;
1065 if (k->type != HCI_LK_SMP_LTK)
1068 if (k->dlen != sizeof(*id))
1071 id = (void *) &k->data;
1072 if (id->ediv == ediv &&
1073 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1079 EXPORT_SYMBOL(hci_find_ltk);
1081 struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
1082 bdaddr_t *bdaddr, u8 type)
1086 list_for_each_entry(k, &hdev->link_keys, list)
1087 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0)
1092 EXPORT_SYMBOL(hci_find_link_key_type);
1094 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1095 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1097 struct link_key *key, *old_key;
1098 u8 old_key_type, persistent;
1100 old_key = hci_find_link_key(hdev, bdaddr);
1102 old_key_type = old_key->type;
1105 old_key_type = conn ? conn->key_type : 0xff;
1106 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1109 list_add(&key->list, &hdev->link_keys);
1112 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1114 /* Some buggy controller combinations generate a changed
1115 * combination key for legacy pairing even when there's no
1117 if (type == HCI_LK_CHANGED_COMBINATION &&
1118 (!conn || conn->remote_auth == 0xff) &&
1119 old_key_type == 0xff) {
1120 type = HCI_LK_COMBINATION;
1122 conn->key_type = type;
1125 bacpy(&key->bdaddr, bdaddr);
1126 memcpy(key->val, val, 16);
1127 key->pin_len = pin_len;
1129 if (type == HCI_LK_CHANGED_COMBINATION)
1130 key->type = old_key_type;
1137 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1139 mgmt_new_link_key(hdev, key, persistent);
1142 list_del(&key->list);
1149 int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
1150 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
1152 struct link_key *key, *old_key;
1153 struct key_master_id *id;
1156 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
1158 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK);
1161 old_key_type = old_key->type;
1163 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1166 list_add(&key->list, &hdev->link_keys);
1167 old_key_type = 0xff;
1170 key->dlen = sizeof(*id);
1172 bacpy(&key->bdaddr, bdaddr);
1173 memcpy(key->val, ltk, sizeof(key->val));
1174 key->type = HCI_LK_SMP_LTK;
1175 key->pin_len = key_size;
1177 id = (void *) &key->data;
1179 memcpy(id->rand, rand, sizeof(id->rand));
1182 mgmt_new_link_key(hdev, key, old_key_type);
1187 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1189 struct link_key *key;
1191 key = hci_find_link_key(hdev, bdaddr);
1195 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1197 list_del(&key->list);
1203 /* HCI command timer function */
1204 static void hci_cmd_timer(unsigned long arg)
1206 struct hci_dev *hdev = (void *) arg;
1208 BT_ERR("%s command tx timeout", hdev->name);
1209 atomic_set(&hdev->cmd_cnt, 1);
1210 queue_work(hdev->workqueue, &hdev->cmd_work);
1213 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1216 struct oob_data *data;
1218 list_for_each_entry(data, &hdev->remote_oob_data, list)
1219 if (bacmp(bdaddr, &data->bdaddr) == 0)
1225 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1227 struct oob_data *data;
1229 data = hci_find_remote_oob_data(hdev, bdaddr);
1233 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1235 list_del(&data->list);
1241 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1243 struct oob_data *data, *n;
1245 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1246 list_del(&data->list);
1253 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1256 struct oob_data *data;
1258 data = hci_find_remote_oob_data(hdev, bdaddr);
1261 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1265 bacpy(&data->bdaddr, bdaddr);
1266 list_add(&data->list, &hdev->remote_oob_data);
1269 memcpy(data->hash, hash, sizeof(data->hash));
1270 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1272 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1277 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
1280 struct bdaddr_list *b;
1282 list_for_each_entry(b, &hdev->blacklist, list)
1283 if (bacmp(bdaddr, &b->bdaddr) == 0)
1289 int hci_blacklist_clear(struct hci_dev *hdev)
1291 struct list_head *p, *n;
1293 list_for_each_safe(p, n, &hdev->blacklist) {
1294 struct bdaddr_list *b;
1296 b = list_entry(p, struct bdaddr_list, list);
1305 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1307 struct bdaddr_list *entry;
1309 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1312 if (hci_blacklist_lookup(hdev, bdaddr))
1315 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1319 bacpy(&entry->bdaddr, bdaddr);
1321 list_add(&entry->list, &hdev->blacklist);
1323 return mgmt_device_blocked(hdev, bdaddr);
1326 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1328 struct bdaddr_list *entry;
1330 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1331 return hci_blacklist_clear(hdev);
1333 entry = hci_blacklist_lookup(hdev, bdaddr);
1337 list_del(&entry->list);
1340 return mgmt_device_unblocked(hdev, bdaddr);
1343 static void hci_clear_adv_cache(struct work_struct *work)
1345 struct hci_dev *hdev = container_of(work, struct hci_dev,
1350 hci_adv_entries_clear(hdev);
1352 hci_dev_unlock(hdev);
1355 int hci_adv_entries_clear(struct hci_dev *hdev)
1357 struct adv_entry *entry, *tmp;
1359 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1360 list_del(&entry->list);
1364 BT_DBG("%s adv cache cleared", hdev->name);
1369 struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1371 struct adv_entry *entry;
1373 list_for_each_entry(entry, &hdev->adv_entries, list)
1374 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1380 static inline int is_connectable_adv(u8 evt_type)
1382 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1388 int hci_add_adv_entry(struct hci_dev *hdev,
1389 struct hci_ev_le_advertising_info *ev)
1391 struct adv_entry *entry;
1393 if (!is_connectable_adv(ev->evt_type))
1396 /* Only new entries should be added to adv_entries. So, if
1397 * bdaddr was found, don't add it. */
1398 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1401 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
1405 bacpy(&entry->bdaddr, &ev->bdaddr);
1406 entry->bdaddr_type = ev->bdaddr_type;
1408 list_add(&entry->list, &hdev->adv_entries);
1410 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1411 batostr(&entry->bdaddr), entry->bdaddr_type);
1416 /* Register HCI device */
1417 int hci_register_dev(struct hci_dev *hdev)
1419 struct list_head *head = &hci_dev_list, *p;
1422 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
1423 hdev->bus, hdev->owner);
1425 if (!hdev->open || !hdev->close || !hdev->destruct)
1428 /* Do not allow HCI_AMP devices to register at index 0,
1429 * so the index can be used as the AMP controller ID.
1431 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1433 write_lock_bh(&hci_dev_list_lock);
1435 /* Find first available device id */
1436 list_for_each(p, &hci_dev_list) {
1437 if (list_entry(p, struct hci_dev, list)->id != id)
1442 sprintf(hdev->name, "hci%d", id);
1444 list_add_tail(&hdev->list, head);
1446 atomic_set(&hdev->refcnt, 1);
1447 mutex_init(&hdev->lock);
1450 hdev->dev_flags = 0;
1451 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1452 hdev->esco_type = (ESCO_HV1);
1453 hdev->link_mode = (HCI_LM_ACCEPT);
1454 hdev->io_capability = 0x03; /* No Input No Output */
1456 hdev->idle_timeout = 0;
1457 hdev->sniff_max_interval = 800;
1458 hdev->sniff_min_interval = 80;
1460 INIT_WORK(&hdev->rx_work, hci_rx_work);
1461 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1463 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
1465 skb_queue_head_init(&hdev->rx_q);
1466 skb_queue_head_init(&hdev->cmd_q);
1467 skb_queue_head_init(&hdev->raw_q);
1469 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1471 for (i = 0; i < NUM_REASSEMBLY; i++)
1472 hdev->reassembly[i] = NULL;
1474 init_waitqueue_head(&hdev->req_wait_q);
1475 mutex_init(&hdev->req_lock);
1477 inquiry_cache_init(hdev);
1479 hci_conn_hash_init(hdev);
1481 INIT_LIST_HEAD(&hdev->mgmt_pending);
1483 INIT_LIST_HEAD(&hdev->blacklist);
1485 INIT_LIST_HEAD(&hdev->uuids);
1487 INIT_LIST_HEAD(&hdev->link_keys);
1489 INIT_LIST_HEAD(&hdev->remote_oob_data);
1491 INIT_LIST_HEAD(&hdev->adv_entries);
1493 INIT_DELAYED_WORK(&hdev->adv_work, hci_clear_adv_cache);
1494 INIT_WORK(&hdev->power_on, hci_power_on);
1495 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1497 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1499 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1501 atomic_set(&hdev->promisc, 0);
1503 write_unlock_bh(&hci_dev_list_lock);
1505 hdev->workqueue = create_singlethread_workqueue(hdev->name);
1506 if (!hdev->workqueue) {
1511 error = hci_add_sysfs(hdev);
1515 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1516 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1518 if (rfkill_register(hdev->rfkill) < 0) {
1519 rfkill_destroy(hdev->rfkill);
1520 hdev->rfkill = NULL;
1524 set_bit(HCI_AUTO_OFF, &hdev->flags);
1525 set_bit(HCI_SETUP, &hdev->flags);
1526 queue_work(hdev->workqueue, &hdev->power_on);
1528 hci_notify(hdev, HCI_DEV_REG);
1533 destroy_workqueue(hdev->workqueue);
1535 write_lock_bh(&hci_dev_list_lock);
1536 list_del(&hdev->list);
1537 write_unlock_bh(&hci_dev_list_lock);
1541 EXPORT_SYMBOL(hci_register_dev);
1543 /* Unregister HCI device */
1544 void hci_unregister_dev(struct hci_dev *hdev)
1548 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1550 write_lock_bh(&hci_dev_list_lock);
1551 list_del(&hdev->list);
1552 write_unlock_bh(&hci_dev_list_lock);
1554 hci_dev_do_close(hdev);
1556 for (i = 0; i < NUM_REASSEMBLY; i++)
1557 kfree_skb(hdev->reassembly[i]);
1559 if (!test_bit(HCI_INIT, &hdev->flags) &&
1560 !test_bit(HCI_SETUP, &hdev->flags)) {
1562 mgmt_index_removed(hdev);
1563 hci_dev_unlock(hdev);
1566 /* mgmt_index_removed should take care of emptying the
1568 BUG_ON(!list_empty(&hdev->mgmt_pending));
1570 hci_notify(hdev, HCI_DEV_UNREG);
1573 rfkill_unregister(hdev->rfkill);
1574 rfkill_destroy(hdev->rfkill);
1577 hci_del_sysfs(hdev);
1579 cancel_delayed_work_sync(&hdev->adv_work);
1581 destroy_workqueue(hdev->workqueue);
1584 hci_blacklist_clear(hdev);
1585 hci_uuids_clear(hdev);
1586 hci_link_keys_clear(hdev);
1587 hci_remote_oob_data_clear(hdev);
1588 hci_adv_entries_clear(hdev);
1589 hci_dev_unlock(hdev);
1591 __hci_dev_put(hdev);
1593 EXPORT_SYMBOL(hci_unregister_dev);
1595 /* Suspend HCI device */
1596 int hci_suspend_dev(struct hci_dev *hdev)
1598 hci_notify(hdev, HCI_DEV_SUSPEND);
1601 EXPORT_SYMBOL(hci_suspend_dev);
1603 /* Resume HCI device */
1604 int hci_resume_dev(struct hci_dev *hdev)
1606 hci_notify(hdev, HCI_DEV_RESUME);
1609 EXPORT_SYMBOL(hci_resume_dev);
1611 /* Receive frame from HCI drivers */
1612 int hci_recv_frame(struct sk_buff *skb)
1614 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1615 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1616 && !test_bit(HCI_INIT, &hdev->flags))) {
1622 bt_cb(skb)->incoming = 1;
1625 __net_timestamp(skb);
1627 skb_queue_tail(&hdev->rx_q, skb);
1628 queue_work(hdev->workqueue, &hdev->rx_work);
1632 EXPORT_SYMBOL(hci_recv_frame);
1634 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1635 int count, __u8 index)
1640 struct sk_buff *skb;
1641 struct bt_skb_cb *scb;
1643 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1644 index >= NUM_REASSEMBLY)
1647 skb = hdev->reassembly[index];
1651 case HCI_ACLDATA_PKT:
1652 len = HCI_MAX_FRAME_SIZE;
1653 hlen = HCI_ACL_HDR_SIZE;
1656 len = HCI_MAX_EVENT_SIZE;
1657 hlen = HCI_EVENT_HDR_SIZE;
1659 case HCI_SCODATA_PKT:
1660 len = HCI_MAX_SCO_SIZE;
1661 hlen = HCI_SCO_HDR_SIZE;
1665 skb = bt_skb_alloc(len, GFP_ATOMIC);
1669 scb = (void *) skb->cb;
1671 scb->pkt_type = type;
1673 skb->dev = (void *) hdev;
1674 hdev->reassembly[index] = skb;
1678 scb = (void *) skb->cb;
1679 len = min(scb->expect, (__u16)count);
1681 memcpy(skb_put(skb, len), data, len);
1690 if (skb->len == HCI_EVENT_HDR_SIZE) {
1691 struct hci_event_hdr *h = hci_event_hdr(skb);
1692 scb->expect = h->plen;
1694 if (skb_tailroom(skb) < scb->expect) {
1696 hdev->reassembly[index] = NULL;
1702 case HCI_ACLDATA_PKT:
1703 if (skb->len == HCI_ACL_HDR_SIZE) {
1704 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1705 scb->expect = __le16_to_cpu(h->dlen);
1707 if (skb_tailroom(skb) < scb->expect) {
1709 hdev->reassembly[index] = NULL;
1715 case HCI_SCODATA_PKT:
1716 if (skb->len == HCI_SCO_HDR_SIZE) {
1717 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1718 scb->expect = h->dlen;
1720 if (skb_tailroom(skb) < scb->expect) {
1722 hdev->reassembly[index] = NULL;
1729 if (scb->expect == 0) {
1730 /* Complete frame */
1732 bt_cb(skb)->pkt_type = type;
1733 hci_recv_frame(skb);
1735 hdev->reassembly[index] = NULL;
1743 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1747 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1751 rem = hci_reassembly(hdev, type, data, count, type - 1);
1755 data += (count - rem);
1761 EXPORT_SYMBOL(hci_recv_fragment);
1763 #define STREAM_REASSEMBLY 0
1765 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1771 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1774 struct { char type; } *pkt;
1776 /* Start of the frame */
1783 type = bt_cb(skb)->pkt_type;
1785 rem = hci_reassembly(hdev, type, data, count,
1790 data += (count - rem);
1796 EXPORT_SYMBOL(hci_recv_stream_fragment);
1798 /* ---- Interface to upper protocols ---- */
1800 /* Register/Unregister protocols.
1801 * hci_task_lock is used to ensure that no tasks are running. */
1802 int hci_register_proto(struct hci_proto *hp)
1806 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1808 if (hp->id >= HCI_MAX_PROTO)
1811 mutex_lock(&hci_task_lock);
1813 if (!hci_proto[hp->id])
1814 hci_proto[hp->id] = hp;
1818 mutex_unlock(&hci_task_lock);
1822 EXPORT_SYMBOL(hci_register_proto);
1824 int hci_unregister_proto(struct hci_proto *hp)
1828 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1830 if (hp->id >= HCI_MAX_PROTO)
1833 mutex_lock(&hci_task_lock);
1835 if (hci_proto[hp->id])
1836 hci_proto[hp->id] = NULL;
1840 mutex_unlock(&hci_task_lock);
1844 EXPORT_SYMBOL(hci_unregister_proto);
1846 int hci_register_cb(struct hci_cb *cb)
1848 BT_DBG("%p name %s", cb, cb->name);
1850 write_lock_bh(&hci_cb_list_lock);
1851 list_add(&cb->list, &hci_cb_list);
1852 write_unlock_bh(&hci_cb_list_lock);
1856 EXPORT_SYMBOL(hci_register_cb);
1858 int hci_unregister_cb(struct hci_cb *cb)
1860 BT_DBG("%p name %s", cb, cb->name);
1862 write_lock_bh(&hci_cb_list_lock);
1863 list_del(&cb->list);
1864 write_unlock_bh(&hci_cb_list_lock);
1868 EXPORT_SYMBOL(hci_unregister_cb);
1870 static int hci_send_frame(struct sk_buff *skb)
1872 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1879 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1881 if (atomic_read(&hdev->promisc)) {
1883 __net_timestamp(skb);
1885 hci_send_to_sock(hdev, skb, NULL);
1888 /* Get rid of skb owner, prior to sending to the driver. */
1891 return hdev->send(skb);
1894 /* Send HCI command */
1895 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1897 int len = HCI_COMMAND_HDR_SIZE + plen;
1898 struct hci_command_hdr *hdr;
1899 struct sk_buff *skb;
1901 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1903 skb = bt_skb_alloc(len, GFP_ATOMIC);
1905 BT_ERR("%s no memory for command", hdev->name);
1909 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1910 hdr->opcode = cpu_to_le16(opcode);
1914 memcpy(skb_put(skb, plen), param, plen);
1916 BT_DBG("skb len %d", skb->len);
1918 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1919 skb->dev = (void *) hdev;
1921 if (test_bit(HCI_INIT, &hdev->flags))
1922 hdev->init_last_cmd = opcode;
1924 skb_queue_tail(&hdev->cmd_q, skb);
1925 queue_work(hdev->workqueue, &hdev->cmd_work);
1930 /* Get data from the previously sent command */
1931 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1933 struct hci_command_hdr *hdr;
1935 if (!hdev->sent_cmd)
1938 hdr = (void *) hdev->sent_cmd->data;
1940 if (hdr->opcode != cpu_to_le16(opcode))
1943 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1945 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1949 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1951 struct hci_acl_hdr *hdr;
1954 skb_push(skb, HCI_ACL_HDR_SIZE);
1955 skb_reset_transport_header(skb);
1956 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1957 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1958 hdr->dlen = cpu_to_le16(len);
1961 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
1962 struct sk_buff *skb, __u16 flags)
1964 struct hci_dev *hdev = conn->hdev;
1965 struct sk_buff *list;
1967 list = skb_shinfo(skb)->frag_list;
1969 /* Non fragmented */
1970 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1972 skb_queue_tail(queue, skb);
1975 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1977 skb_shinfo(skb)->frag_list = NULL;
1979 /* Queue all fragments atomically */
1980 spin_lock_bh(&queue->lock);
1982 __skb_queue_tail(queue, skb);
1984 flags &= ~ACL_START;
1987 skb = list; list = list->next;
1989 skb->dev = (void *) hdev;
1990 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1991 hci_add_acl_hdr(skb, conn->handle, flags);
1993 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1995 __skb_queue_tail(queue, skb);
1998 spin_unlock_bh(&queue->lock);
2002 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2004 struct hci_conn *conn = chan->conn;
2005 struct hci_dev *hdev = conn->hdev;
2007 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
2009 skb->dev = (void *) hdev;
2010 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2011 hci_add_acl_hdr(skb, conn->handle, flags);
2013 hci_queue_acl(conn, &chan->data_q, skb, flags);
2015 tasklet_schedule(&hdev->tx_task);
2017 EXPORT_SYMBOL(hci_send_acl);
2020 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2022 struct hci_dev *hdev = conn->hdev;
2023 struct hci_sco_hdr hdr;
2025 BT_DBG("%s len %d", hdev->name, skb->len);
2027 hdr.handle = cpu_to_le16(conn->handle);
2028 hdr.dlen = skb->len;
2030 skb_push(skb, HCI_SCO_HDR_SIZE);
2031 skb_reset_transport_header(skb);
2032 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2034 skb->dev = (void *) hdev;
2035 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2037 skb_queue_tail(&conn->data_q, skb);
2038 tasklet_schedule(&hdev->tx_task);
2040 EXPORT_SYMBOL(hci_send_sco);
2042 /* ---- HCI TX task (outgoing data) ---- */
2044 /* HCI Connection scheduler */
2045 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2047 struct hci_conn_hash *h = &hdev->conn_hash;
2048 struct hci_conn *conn = NULL, *c;
2049 int num = 0, min = ~0;
2051 /* We don't have to lock device here. Connections are always
2052 * added and removed with TX task disabled. */
2056 list_for_each_entry_rcu(c, &h->list, list) {
2057 if (c->type != type || skb_queue_empty(&c->data_q))
2060 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2065 if (c->sent < min) {
2070 if (hci_conn_num(hdev, type) == num)
2079 switch (conn->type) {
2081 cnt = hdev->acl_cnt;
2085 cnt = hdev->sco_cnt;
2088 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2092 BT_ERR("Unknown link type");
2100 BT_DBG("conn %p quote %d", conn, *quote);
2104 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2106 struct hci_conn_hash *h = &hdev->conn_hash;
2109 BT_ERR("%s link tx timeout", hdev->name);
2113 /* Kill stalled connections */
2114 list_for_each_entry_rcu(c, &h->list, list) {
2115 if (c->type == type && c->sent) {
2116 BT_ERR("%s killing stalled connection %s",
2117 hdev->name, batostr(&c->dst));
2118 hci_acl_disconn(c, 0x13);
2125 static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2128 struct hci_conn_hash *h = &hdev->conn_hash;
2129 struct hci_chan *chan = NULL;
2130 int num = 0, min = ~0, cur_prio = 0;
2131 struct hci_conn *conn;
2132 int cnt, q, conn_num = 0;
2134 BT_DBG("%s", hdev->name);
2138 list_for_each_entry_rcu(conn, &h->list, list) {
2139 struct hci_chan *tmp;
2141 if (conn->type != type)
2144 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2149 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2150 struct sk_buff *skb;
2152 if (skb_queue_empty(&tmp->data_q))
2155 skb = skb_peek(&tmp->data_q);
2156 if (skb->priority < cur_prio)
2159 if (skb->priority > cur_prio) {
2162 cur_prio = skb->priority;
2167 if (conn->sent < min) {
2173 if (hci_conn_num(hdev, type) == conn_num)
2182 switch (chan->conn->type) {
2184 cnt = hdev->acl_cnt;
2188 cnt = hdev->sco_cnt;
2191 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2195 BT_ERR("Unknown link type");
2200 BT_DBG("chan %p quote %d", chan, *quote);
2204 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2206 struct hci_conn_hash *h = &hdev->conn_hash;
2207 struct hci_conn *conn;
2210 BT_DBG("%s", hdev->name);
2214 list_for_each_entry_rcu(conn, &h->list, list) {
2215 struct hci_chan *chan;
2217 if (conn->type != type)
2220 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2225 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2226 struct sk_buff *skb;
2233 if (skb_queue_empty(&chan->data_q))
2236 skb = skb_peek(&chan->data_q);
2237 if (skb->priority >= HCI_PRIO_MAX - 1)
2240 skb->priority = HCI_PRIO_MAX - 1;
2242 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2246 if (hci_conn_num(hdev, type) == num)
2254 static inline void hci_sched_acl(struct hci_dev *hdev)
2256 struct hci_chan *chan;
2257 struct sk_buff *skb;
2261 BT_DBG("%s", hdev->name);
2263 if (!hci_conn_num(hdev, ACL_LINK))
2266 if (!test_bit(HCI_RAW, &hdev->flags)) {
2267 /* ACL tx timeout must be longer than maximum
2268 * link supervision timeout (40.9 seconds) */
2269 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
2270 hci_link_tx_to(hdev, ACL_LINK);
2273 cnt = hdev->acl_cnt;
2275 while (hdev->acl_cnt &&
2276 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2277 u32 priority = (skb_peek(&chan->data_q))->priority;
2278 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2279 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2280 skb->len, skb->priority);
2282 /* Stop if priority has changed */
2283 if (skb->priority < priority)
2286 skb = skb_dequeue(&chan->data_q);
2288 hci_conn_enter_active_mode(chan->conn,
2289 bt_cb(skb)->force_active);
2291 hci_send_frame(skb);
2292 hdev->acl_last_tx = jiffies;
2300 if (cnt != hdev->acl_cnt)
2301 hci_prio_recalculate(hdev, ACL_LINK);
2305 static inline void hci_sched_sco(struct hci_dev *hdev)
2307 struct hci_conn *conn;
2308 struct sk_buff *skb;
2311 BT_DBG("%s", hdev->name);
2313 if (!hci_conn_num(hdev, SCO_LINK))
2316 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
2317 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2318 BT_DBG("skb %p len %d", skb, skb->len);
2319 hci_send_frame(skb);
2322 if (conn->sent == ~0)
2328 static inline void hci_sched_esco(struct hci_dev *hdev)
2330 struct hci_conn *conn;
2331 struct sk_buff *skb;
2334 BT_DBG("%s", hdev->name);
2336 if (!hci_conn_num(hdev, ESCO_LINK))
2339 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
2340 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2341 BT_DBG("skb %p len %d", skb, skb->len);
2342 hci_send_frame(skb);
2345 if (conn->sent == ~0)
2351 static inline void hci_sched_le(struct hci_dev *hdev)
2353 struct hci_chan *chan;
2354 struct sk_buff *skb;
2355 int quote, cnt, tmp;
2357 BT_DBG("%s", hdev->name);
2359 if (!hci_conn_num(hdev, LE_LINK))
2362 if (!test_bit(HCI_RAW, &hdev->flags)) {
2363 /* LE tx timeout must be longer than maximum
2364 * link supervision timeout (40.9 seconds) */
2365 if (!hdev->le_cnt && hdev->le_pkts &&
2366 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2367 hci_link_tx_to(hdev, LE_LINK);
2370 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2372 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
2373 u32 priority = (skb_peek(&chan->data_q))->priority;
2374 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2375 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2376 skb->len, skb->priority);
2378 /* Stop if priority has changed */
2379 if (skb->priority < priority)
2382 skb = skb_dequeue(&chan->data_q);
2384 hci_send_frame(skb);
2385 hdev->le_last_tx = jiffies;
2396 hdev->acl_cnt = cnt;
2399 hci_prio_recalculate(hdev, LE_LINK);
2402 static void hci_tx_task(unsigned long arg)
2404 struct hci_dev *hdev = (struct hci_dev *) arg;
2405 struct sk_buff *skb;
2407 mutex_lock(&hci_task_lock);
2409 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2410 hdev->sco_cnt, hdev->le_cnt);
2412 /* Schedule queues and send stuff to HCI driver */
2414 hci_sched_acl(hdev);
2416 hci_sched_sco(hdev);
2418 hci_sched_esco(hdev);
2422 /* Send next queued raw (unknown type) packet */
2423 while ((skb = skb_dequeue(&hdev->raw_q)))
2424 hci_send_frame(skb);
2426 mutex_unlock(&hci_task_lock);
2429 /* ----- HCI RX task (incoming data processing) ----- */
2431 /* ACL data packet */
2432 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2434 struct hci_acl_hdr *hdr = (void *) skb->data;
2435 struct hci_conn *conn;
2436 __u16 handle, flags;
2438 skb_pull(skb, HCI_ACL_HDR_SIZE);
2440 handle = __le16_to_cpu(hdr->handle);
2441 flags = hci_flags(handle);
2442 handle = hci_handle(handle);
2444 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2446 hdev->stat.acl_rx++;
2449 conn = hci_conn_hash_lookup_handle(hdev, handle);
2450 hci_dev_unlock(hdev);
2453 register struct hci_proto *hp;
2455 hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active);
2457 /* Send to upper protocol */
2458 hp = hci_proto[HCI_PROTO_L2CAP];
2459 if (hp && hp->recv_acldata) {
2460 hp->recv_acldata(conn, skb, flags);
2464 BT_ERR("%s ACL packet for unknown connection handle %d",
2465 hdev->name, handle);
2471 /* SCO data packet */
2472 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2474 struct hci_sco_hdr *hdr = (void *) skb->data;
2475 struct hci_conn *conn;
2478 skb_pull(skb, HCI_SCO_HDR_SIZE);
2480 handle = __le16_to_cpu(hdr->handle);
2482 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2484 hdev->stat.sco_rx++;
2487 conn = hci_conn_hash_lookup_handle(hdev, handle);
2488 hci_dev_unlock(hdev);
2491 register struct hci_proto *hp;
2493 /* Send to upper protocol */
2494 hp = hci_proto[HCI_PROTO_SCO];
2495 if (hp && hp->recv_scodata) {
2496 hp->recv_scodata(conn, skb);
2500 BT_ERR("%s SCO packet for unknown connection handle %d",
2501 hdev->name, handle);
2507 static void hci_rx_work(struct work_struct *work)
2509 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2510 struct sk_buff *skb;
2512 BT_DBG("%s", hdev->name);
2514 mutex_lock(&hci_task_lock);
2516 while ((skb = skb_dequeue(&hdev->rx_q))) {
2517 if (atomic_read(&hdev->promisc)) {
2518 /* Send copy to the sockets */
2519 hci_send_to_sock(hdev, skb, NULL);
2522 if (test_bit(HCI_RAW, &hdev->flags)) {
2527 if (test_bit(HCI_INIT, &hdev->flags)) {
2528 /* Don't process data packets in this states. */
2529 switch (bt_cb(skb)->pkt_type) {
2530 case HCI_ACLDATA_PKT:
2531 case HCI_SCODATA_PKT:
2538 switch (bt_cb(skb)->pkt_type) {
2540 BT_DBG("%s Event packet", hdev->name);
2541 hci_event_packet(hdev, skb);
2544 case HCI_ACLDATA_PKT:
2545 BT_DBG("%s ACL data packet", hdev->name);
2546 hci_acldata_packet(hdev, skb);
2549 case HCI_SCODATA_PKT:
2550 BT_DBG("%s SCO data packet", hdev->name);
2551 hci_scodata_packet(hdev, skb);
2560 mutex_unlock(&hci_task_lock);
2563 static void hci_cmd_work(struct work_struct *work)
2565 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2566 struct sk_buff *skb;
2568 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2570 /* Send queued commands */
2571 if (atomic_read(&hdev->cmd_cnt)) {
2572 skb = skb_dequeue(&hdev->cmd_q);
2576 kfree_skb(hdev->sent_cmd);
2578 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2579 if (hdev->sent_cmd) {
2580 atomic_dec(&hdev->cmd_cnt);
2581 hci_send_frame(skb);
2582 if (test_bit(HCI_RESET, &hdev->flags))
2583 del_timer(&hdev->cmd_timer);
2585 mod_timer(&hdev->cmd_timer,
2586 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2588 skb_queue_head(&hdev->cmd_q, skb);
2589 queue_work(hdev->workqueue, &hdev->cmd_work);
2594 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2596 /* General inquiry access code (GIAC) */
2597 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2598 struct hci_cp_inquiry cp;
2600 BT_DBG("%s", hdev->name);
2602 if (test_bit(HCI_INQUIRY, &hdev->flags))
2603 return -EINPROGRESS;
2605 memset(&cp, 0, sizeof(cp));
2606 memcpy(&cp.lap, lap, sizeof(cp.lap));
2609 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2612 int hci_cancel_inquiry(struct hci_dev *hdev)
2614 BT_DBG("%s", hdev->name);
2616 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2619 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2622 module_param(enable_hs, bool, 0644);
2623 MODULE_PARM_DESC(enable_hs, "Enable High Speed");
projects / linux-flexiantxendom0-3.2.10.git / blob