2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI core. */
27 #include <linux/jiffies.h>
28 #include <linux/module.h>
29 #include <linux/kmod.h>
31 #include <linux/types.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/slab.h>
36 #include <linux/poll.h>
37 #include <linux/fcntl.h>
38 #include <linux/init.h>
39 #include <linux/skbuff.h>
40 #include <linux/workqueue.h>
41 #include <linux/interrupt.h>
42 #include <linux/notifier.h>
43 #include <linux/rfkill.h>
46 #include <asm/system.h>
47 #include <linux/uaccess.h>
48 #include <asm/unaligned.h>
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
53 static void hci_cmd_task(unsigned long arg);
54 static void hci_rx_task(unsigned long arg);
55 static void hci_tx_task(unsigned long arg);
56 static void hci_notify(struct hci_dev *hdev, int event);
58 static DEFINE_RWLOCK(hci_task_lock);
61 LIST_HEAD(hci_dev_list);
62 DEFINE_RWLOCK(hci_dev_list_lock);
64 /* HCI callback list */
65 LIST_HEAD(hci_cb_list);
66 DEFINE_RWLOCK(hci_cb_list_lock);
69 #define HCI_MAX_PROTO 2
70 struct hci_proto *hci_proto[HCI_MAX_PROTO];
72 /* HCI notifiers list */
73 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
75 /* ---- HCI notifications ---- */
77 int hci_register_notifier(struct notifier_block *nb)
79 return atomic_notifier_chain_register(&hci_notifier, nb);
82 int hci_unregister_notifier(struct notifier_block *nb)
84 return atomic_notifier_chain_unregister(&hci_notifier, nb);
87 static void hci_notify(struct hci_dev *hdev, int event)
89 atomic_notifier_call_chain(&hci_notifier, event, hdev);
92 /* ---- HCI requests ---- */
94 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
96 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
98 /* If the request has set req_last_cmd (typical for multi-HCI
99 * command requests) check if the completed command matches
100 * this, and if not just return. Single HCI command requests
101 * typically leave req_last_cmd as 0 */
102 if (hdev->req_last_cmd && cmd != hdev->req_last_cmd)
105 if (hdev->req_status == HCI_REQ_PEND) {
106 hdev->req_result = result;
107 hdev->req_status = HCI_REQ_DONE;
108 wake_up_interruptible(&hdev->req_wait_q);
112 static void hci_req_cancel(struct hci_dev *hdev, int err)
114 BT_DBG("%s err 0x%2.2x", hdev->name, err);
116 if (hdev->req_status == HCI_REQ_PEND) {
117 hdev->req_result = err;
118 hdev->req_status = HCI_REQ_CANCELED;
119 wake_up_interruptible(&hdev->req_wait_q);
123 /* Execute request and wait for completion. */
124 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
125 unsigned long opt, __u32 timeout)
127 DECLARE_WAITQUEUE(wait, current);
130 BT_DBG("%s start", hdev->name);
132 hdev->req_status = HCI_REQ_PEND;
134 add_wait_queue(&hdev->req_wait_q, &wait);
135 set_current_state(TASK_INTERRUPTIBLE);
138 schedule_timeout(timeout);
140 remove_wait_queue(&hdev->req_wait_q, &wait);
142 if (signal_pending(current))
145 switch (hdev->req_status) {
147 err = -bt_err(hdev->req_result);
150 case HCI_REQ_CANCELED:
151 err = -hdev->req_result;
159 hdev->req_last_cmd = hdev->req_status = hdev->req_result = 0;
161 BT_DBG("%s end: err %d", hdev->name, err);
166 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
167 unsigned long opt, __u32 timeout)
171 if (!test_bit(HCI_UP, &hdev->flags))
174 /* Serialize all requests */
176 ret = __hci_request(hdev, req, opt, timeout);
177 hci_req_unlock(hdev);
182 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
184 BT_DBG("%s %ld", hdev->name, opt);
187 set_bit(HCI_RESET, &hdev->flags);
188 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
191 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
197 BT_DBG("%s %ld", hdev->name, opt);
199 /* Driver initialization */
201 /* Special commands */
202 while ((skb = skb_dequeue(&hdev->driver_init))) {
203 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
204 skb->dev = (void *) hdev;
206 skb_queue_tail(&hdev->cmd_q, skb);
207 tasklet_schedule(&hdev->cmd_task);
209 skb_queue_purge(&hdev->driver_init);
211 /* Mandatory initialization */
214 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
215 set_bit(HCI_RESET, &hdev->flags);
216 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
219 /* Read Local Supported Features */
220 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
222 /* Read Local Version */
223 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
225 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
226 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
229 /* Host buffer size */
231 struct hci_cp_host_buffer_size cp;
232 cp.acl_mtu = cpu_to_le16(HCI_MAX_ACL_SIZE);
233 cp.sco_mtu = HCI_MAX_SCO_SIZE;
234 cp.acl_max_pkt = cpu_to_le16(0xffff);
235 cp.sco_max_pkt = cpu_to_le16(0xffff);
236 hci_send_cmd(hdev, HCI_OP_HOST_BUFFER_SIZE, sizeof(cp), &cp);
240 /* Read BD Address */
241 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
243 /* Read Class of Device */
244 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
246 /* Read Local Name */
247 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
249 /* Read Voice Setting */
250 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
252 /* Optional initialization */
254 /* Clear Event Filters */
255 flt_type = HCI_FLT_CLEAR_ALL;
256 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
258 /* Page timeout ~20 secs */
259 param = cpu_to_le16(0x8000);
260 hci_send_cmd(hdev, HCI_OP_WRITE_PG_TIMEOUT, 2, ¶m);
262 /* Connection accept timeout ~20 secs */
263 param = cpu_to_le16(0x7d00);
264 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
266 hdev->req_last_cmd = HCI_OP_WRITE_CA_TIMEOUT;
269 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
273 BT_DBG("%s %x", hdev->name, scan);
275 /* Inquiry and Page scans */
276 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
279 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
283 BT_DBG("%s %x", hdev->name, auth);
286 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
289 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
293 BT_DBG("%s %x", hdev->name, encrypt);
296 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
299 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
301 __le16 policy = cpu_to_le16(opt);
303 BT_DBG("%s %x", hdev->name, policy);
305 /* Default link policy */
306 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
309 /* Get HCI device by index.
310 * Device is held on return. */
311 struct hci_dev *hci_dev_get(int index)
313 struct hci_dev *hdev = NULL;
321 read_lock(&hci_dev_list_lock);
322 list_for_each(p, &hci_dev_list) {
323 struct hci_dev *d = list_entry(p, struct hci_dev, list);
324 if (d->id == index) {
325 hdev = hci_dev_hold(d);
329 read_unlock(&hci_dev_list_lock);
333 /* ---- Inquiry support ---- */
334 static void inquiry_cache_flush(struct hci_dev *hdev)
336 struct inquiry_cache *cache = &hdev->inq_cache;
337 struct inquiry_entry *next = cache->list, *e;
339 BT_DBG("cache %p", cache);
348 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
350 struct inquiry_cache *cache = &hdev->inq_cache;
351 struct inquiry_entry *e;
353 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
355 for (e = cache->list; e; e = e->next)
356 if (!bacmp(&e->data.bdaddr, bdaddr))
361 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
363 struct inquiry_cache *cache = &hdev->inq_cache;
364 struct inquiry_entry *ie;
366 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
368 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
370 /* Entry not in the cache. Add new one. */
371 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
375 ie->next = cache->list;
379 memcpy(&ie->data, data, sizeof(*data));
380 ie->timestamp = jiffies;
381 cache->timestamp = jiffies;
384 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
386 struct inquiry_cache *cache = &hdev->inq_cache;
387 struct inquiry_info *info = (struct inquiry_info *) buf;
388 struct inquiry_entry *e;
391 for (e = cache->list; e && copied < num; e = e->next, copied++) {
392 struct inquiry_data *data = &e->data;
393 bacpy(&info->bdaddr, &data->bdaddr);
394 info->pscan_rep_mode = data->pscan_rep_mode;
395 info->pscan_period_mode = data->pscan_period_mode;
396 info->pscan_mode = data->pscan_mode;
397 memcpy(info->dev_class, data->dev_class, 3);
398 info->clock_offset = data->clock_offset;
402 BT_DBG("cache %p, copied %d", cache, copied);
406 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
408 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
409 struct hci_cp_inquiry cp;
411 BT_DBG("%s", hdev->name);
413 if (test_bit(HCI_INQUIRY, &hdev->flags))
417 memcpy(&cp.lap, &ir->lap, 3);
418 cp.length = ir->length;
419 cp.num_rsp = ir->num_rsp;
420 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
423 int hci_inquiry(void __user *arg)
425 __u8 __user *ptr = arg;
426 struct hci_inquiry_req ir;
427 struct hci_dev *hdev;
428 int err = 0, do_inquiry = 0, max_rsp;
432 if (copy_from_user(&ir, ptr, sizeof(ir)))
435 if (!(hdev = hci_dev_get(ir.dev_id)))
438 hci_dev_lock_bh(hdev);
439 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
440 inquiry_cache_empty(hdev) ||
441 ir.flags & IREQ_CACHE_FLUSH) {
442 inquiry_cache_flush(hdev);
445 hci_dev_unlock_bh(hdev);
447 timeo = ir.length * msecs_to_jiffies(2000);
450 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
455 /* for unlimited number of responses we will use buffer with 255 entries */
456 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
458 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
459 * copy it to the user space.
461 buf = kmalloc(sizeof(struct inquiry_info) *max_rsp, GFP_KERNEL);
467 hci_dev_lock_bh(hdev);
468 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
469 hci_dev_unlock_bh(hdev);
471 BT_DBG("num_rsp %d", ir.num_rsp);
473 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
475 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
488 /* ---- HCI ioctl helpers ---- */
490 int hci_dev_open(__u16 dev)
492 struct hci_dev *hdev;
495 if (!(hdev = hci_dev_get(dev)))
498 BT_DBG("%s %p", hdev->name, hdev);
502 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
507 if (test_bit(HCI_UP, &hdev->flags)) {
512 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
513 set_bit(HCI_RAW, &hdev->flags);
515 /* Treat all non BR/EDR controllers as raw devices for now */
516 if (hdev->dev_type != HCI_BREDR)
517 set_bit(HCI_RAW, &hdev->flags);
519 if (hdev->open(hdev)) {
524 if (!test_bit(HCI_RAW, &hdev->flags)) {
525 atomic_set(&hdev->cmd_cnt, 1);
526 set_bit(HCI_INIT, &hdev->flags);
528 //__hci_request(hdev, hci_reset_req, 0, HZ);
529 ret = __hci_request(hdev, hci_init_req, 0,
530 msecs_to_jiffies(HCI_INIT_TIMEOUT));
532 clear_bit(HCI_INIT, &hdev->flags);
537 set_bit(HCI_UP, &hdev->flags);
538 hci_notify(hdev, HCI_DEV_UP);
540 /* Init failed, cleanup */
541 tasklet_kill(&hdev->rx_task);
542 tasklet_kill(&hdev->tx_task);
543 tasklet_kill(&hdev->cmd_task);
545 skb_queue_purge(&hdev->cmd_q);
546 skb_queue_purge(&hdev->rx_q);
551 if (hdev->sent_cmd) {
552 kfree_skb(hdev->sent_cmd);
553 hdev->sent_cmd = NULL;
561 hci_req_unlock(hdev);
566 static int hci_dev_do_close(struct hci_dev *hdev)
568 BT_DBG("%s %p", hdev->name, hdev);
570 hci_req_cancel(hdev, ENODEV);
573 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
574 hci_req_unlock(hdev);
578 /* Kill RX and TX tasks */
579 tasklet_kill(&hdev->rx_task);
580 tasklet_kill(&hdev->tx_task);
582 hci_dev_lock_bh(hdev);
583 inquiry_cache_flush(hdev);
584 hci_conn_hash_flush(hdev);
585 hci_dev_unlock_bh(hdev);
587 hci_notify(hdev, HCI_DEV_DOWN);
593 skb_queue_purge(&hdev->cmd_q);
594 atomic_set(&hdev->cmd_cnt, 1);
595 if (!test_bit(HCI_RAW, &hdev->flags)) {
596 set_bit(HCI_INIT, &hdev->flags);
597 __hci_request(hdev, hci_reset_req, 0,
598 msecs_to_jiffies(250));
599 clear_bit(HCI_INIT, &hdev->flags);
603 tasklet_kill(&hdev->cmd_task);
606 skb_queue_purge(&hdev->rx_q);
607 skb_queue_purge(&hdev->cmd_q);
608 skb_queue_purge(&hdev->raw_q);
610 /* Drop last sent command */
611 if (hdev->sent_cmd) {
612 kfree_skb(hdev->sent_cmd);
613 hdev->sent_cmd = NULL;
616 /* After this point our queues are empty
617 * and no tasks are scheduled. */
623 hci_req_unlock(hdev);
629 int hci_dev_close(__u16 dev)
631 struct hci_dev *hdev;
634 hdev = hci_dev_get(dev);
637 err = hci_dev_do_close(hdev);
642 int hci_dev_reset(__u16 dev)
644 struct hci_dev *hdev;
647 hdev = hci_dev_get(dev);
652 tasklet_disable(&hdev->tx_task);
654 if (!test_bit(HCI_UP, &hdev->flags))
658 skb_queue_purge(&hdev->rx_q);
659 skb_queue_purge(&hdev->cmd_q);
661 hci_dev_lock_bh(hdev);
662 inquiry_cache_flush(hdev);
663 hci_conn_hash_flush(hdev);
664 hci_dev_unlock_bh(hdev);
669 atomic_set(&hdev->cmd_cnt, 1);
670 hdev->acl_cnt = 0; hdev->sco_cnt = 0;
672 if (!test_bit(HCI_RAW, &hdev->flags))
673 ret = __hci_request(hdev, hci_reset_req, 0,
674 msecs_to_jiffies(HCI_INIT_TIMEOUT));
677 tasklet_enable(&hdev->tx_task);
678 hci_req_unlock(hdev);
683 int hci_dev_reset_stat(__u16 dev)
685 struct hci_dev *hdev;
688 hdev = hci_dev_get(dev);
692 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
699 int hci_dev_cmd(unsigned int cmd, void __user *arg)
701 struct hci_dev *hdev;
702 struct hci_dev_req dr;
705 if (copy_from_user(&dr, arg, sizeof(dr)))
708 hdev = hci_dev_get(dr.dev_id);
714 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
715 msecs_to_jiffies(HCI_INIT_TIMEOUT));
719 if (!lmp_encrypt_capable(hdev)) {
724 if (!test_bit(HCI_AUTH, &hdev->flags)) {
725 /* Auth must be enabled first */
726 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
727 msecs_to_jiffies(HCI_INIT_TIMEOUT));
732 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
733 msecs_to_jiffies(HCI_INIT_TIMEOUT));
737 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
738 msecs_to_jiffies(HCI_INIT_TIMEOUT));
742 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
743 msecs_to_jiffies(HCI_INIT_TIMEOUT));
747 hdev->link_mode = ((__u16) dr.dev_opt) &
748 (HCI_LM_MASTER | HCI_LM_ACCEPT);
752 hdev->pkt_type = (__u16) dr.dev_opt;
756 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
757 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
761 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
762 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
774 int hci_get_dev_list(void __user *arg)
776 struct hci_dev_list_req *dl;
777 struct hci_dev_req *dr;
779 int n = 0, size, err;
782 if (get_user(dev_num, (__u16 __user *) arg))
785 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
788 size = sizeof(*dl) + dev_num * sizeof(*dr);
790 dl = kzalloc(size, GFP_KERNEL);
796 read_lock_bh(&hci_dev_list_lock);
797 list_for_each(p, &hci_dev_list) {
798 struct hci_dev *hdev;
799 hdev = list_entry(p, struct hci_dev, list);
800 (dr + n)->dev_id = hdev->id;
801 (dr + n)->dev_opt = hdev->flags;
805 read_unlock_bh(&hci_dev_list_lock);
808 size = sizeof(*dl) + n * sizeof(*dr);
810 err = copy_to_user(arg, dl, size);
813 return err ? -EFAULT : 0;
816 int hci_get_dev_info(void __user *arg)
818 struct hci_dev *hdev;
819 struct hci_dev_info di;
822 if (copy_from_user(&di, arg, sizeof(di)))
825 hdev = hci_dev_get(di.dev_id);
829 strcpy(di.name, hdev->name);
830 di.bdaddr = hdev->bdaddr;
831 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
832 di.flags = hdev->flags;
833 di.pkt_type = hdev->pkt_type;
834 di.acl_mtu = hdev->acl_mtu;
835 di.acl_pkts = hdev->acl_pkts;
836 di.sco_mtu = hdev->sco_mtu;
837 di.sco_pkts = hdev->sco_pkts;
838 di.link_policy = hdev->link_policy;
839 di.link_mode = hdev->link_mode;
841 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
842 memcpy(&di.features, &hdev->features, sizeof(di.features));
844 if (copy_to_user(arg, &di, sizeof(di)))
852 /* ---- Interface to HCI drivers ---- */
854 static int hci_rfkill_set_block(void *data, bool blocked)
856 struct hci_dev *hdev = data;
858 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
863 hci_dev_do_close(hdev);
868 static const struct rfkill_ops hci_rfkill_ops = {
869 .set_block = hci_rfkill_set_block,
872 /* Alloc HCI device */
873 struct hci_dev *hci_alloc_dev(void)
875 struct hci_dev *hdev;
877 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
881 skb_queue_head_init(&hdev->driver_init);
885 EXPORT_SYMBOL(hci_alloc_dev);
887 /* Free HCI device */
888 void hci_free_dev(struct hci_dev *hdev)
890 skb_queue_purge(&hdev->driver_init);
892 /* will free via device release */
893 put_device(&hdev->dev);
895 EXPORT_SYMBOL(hci_free_dev);
897 /* Register HCI device */
898 int hci_register_dev(struct hci_dev *hdev)
900 struct list_head *head = &hci_dev_list, *p;
903 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
904 hdev->bus, hdev->owner);
906 if (!hdev->open || !hdev->close || !hdev->destruct)
909 write_lock_bh(&hci_dev_list_lock);
911 /* Find first available device id */
912 list_for_each(p, &hci_dev_list) {
913 if (list_entry(p, struct hci_dev, list)->id != id)
918 sprintf(hdev->name, "hci%d", id);
920 list_add(&hdev->list, head);
922 atomic_set(&hdev->refcnt, 1);
923 spin_lock_init(&hdev->lock);
926 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
927 hdev->esco_type = (ESCO_HV1);
928 hdev->link_mode = (HCI_LM_ACCEPT);
930 hdev->idle_timeout = 0;
931 hdev->sniff_max_interval = 800;
932 hdev->sniff_min_interval = 80;
934 tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev);
935 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
936 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
938 skb_queue_head_init(&hdev->rx_q);
939 skb_queue_head_init(&hdev->cmd_q);
940 skb_queue_head_init(&hdev->raw_q);
942 for (i = 0; i < NUM_REASSEMBLY; i++)
943 hdev->reassembly[i] = NULL;
945 init_waitqueue_head(&hdev->req_wait_q);
946 mutex_init(&hdev->req_lock);
948 inquiry_cache_init(hdev);
950 hci_conn_hash_init(hdev);
952 INIT_LIST_HEAD(&hdev->blacklist);
954 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
956 atomic_set(&hdev->promisc, 0);
958 write_unlock_bh(&hci_dev_list_lock);
960 hdev->workqueue = create_singlethread_workqueue(hdev->name);
961 if (!hdev->workqueue)
964 hci_register_sysfs(hdev);
966 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
967 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
969 if (rfkill_register(hdev->rfkill) < 0) {
970 rfkill_destroy(hdev->rfkill);
975 mgmt_index_added(hdev->id);
976 hci_notify(hdev, HCI_DEV_REG);
981 write_lock_bh(&hci_dev_list_lock);
982 list_del(&hdev->list);
983 write_unlock_bh(&hci_dev_list_lock);
987 EXPORT_SYMBOL(hci_register_dev);
989 /* Unregister HCI device */
990 int hci_unregister_dev(struct hci_dev *hdev)
994 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
996 write_lock_bh(&hci_dev_list_lock);
997 list_del(&hdev->list);
998 write_unlock_bh(&hci_dev_list_lock);
1000 hci_dev_do_close(hdev);
1002 for (i = 0; i < NUM_REASSEMBLY; i++)
1003 kfree_skb(hdev->reassembly[i]);
1005 mgmt_index_removed(hdev->id);
1006 hci_notify(hdev, HCI_DEV_UNREG);
1009 rfkill_unregister(hdev->rfkill);
1010 rfkill_destroy(hdev->rfkill);
1013 hci_unregister_sysfs(hdev);
1015 destroy_workqueue(hdev->workqueue);
1017 hci_dev_lock_bh(hdev);
1018 hci_blacklist_clear(hdev);
1019 hci_dev_unlock_bh(hdev);
1021 __hci_dev_put(hdev);
1025 EXPORT_SYMBOL(hci_unregister_dev);
1027 /* Suspend HCI device */
1028 int hci_suspend_dev(struct hci_dev *hdev)
1030 hci_notify(hdev, HCI_DEV_SUSPEND);
1033 EXPORT_SYMBOL(hci_suspend_dev);
1035 /* Resume HCI device */
1036 int hci_resume_dev(struct hci_dev *hdev)
1038 hci_notify(hdev, HCI_DEV_RESUME);
1041 EXPORT_SYMBOL(hci_resume_dev);
1043 /* Receive frame from HCI drivers */
1044 int hci_recv_frame(struct sk_buff *skb)
1046 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1047 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1048 && !test_bit(HCI_INIT, &hdev->flags))) {
1054 bt_cb(skb)->incoming = 1;
1057 __net_timestamp(skb);
1059 /* Queue frame for rx task */
1060 skb_queue_tail(&hdev->rx_q, skb);
1061 tasklet_schedule(&hdev->rx_task);
1065 EXPORT_SYMBOL(hci_recv_frame);
1067 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1068 int count, __u8 index, gfp_t gfp_mask)
1073 struct sk_buff *skb;
1074 struct bt_skb_cb *scb;
1076 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1077 index >= NUM_REASSEMBLY)
1080 skb = hdev->reassembly[index];
1084 case HCI_ACLDATA_PKT:
1085 len = HCI_MAX_FRAME_SIZE;
1086 hlen = HCI_ACL_HDR_SIZE;
1089 len = HCI_MAX_EVENT_SIZE;
1090 hlen = HCI_EVENT_HDR_SIZE;
1092 case HCI_SCODATA_PKT:
1093 len = HCI_MAX_SCO_SIZE;
1094 hlen = HCI_SCO_HDR_SIZE;
1098 skb = bt_skb_alloc(len, gfp_mask);
1102 scb = (void *) skb->cb;
1104 scb->pkt_type = type;
1106 skb->dev = (void *) hdev;
1107 hdev->reassembly[index] = skb;
1111 scb = (void *) skb->cb;
1112 len = min(scb->expect, (__u16)count);
1114 memcpy(skb_put(skb, len), data, len);
1123 if (skb->len == HCI_EVENT_HDR_SIZE) {
1124 struct hci_event_hdr *h = hci_event_hdr(skb);
1125 scb->expect = h->plen;
1127 if (skb_tailroom(skb) < scb->expect) {
1129 hdev->reassembly[index] = NULL;
1135 case HCI_ACLDATA_PKT:
1136 if (skb->len == HCI_ACL_HDR_SIZE) {
1137 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1138 scb->expect = __le16_to_cpu(h->dlen);
1140 if (skb_tailroom(skb) < scb->expect) {
1142 hdev->reassembly[index] = NULL;
1148 case HCI_SCODATA_PKT:
1149 if (skb->len == HCI_SCO_HDR_SIZE) {
1150 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1151 scb->expect = h->dlen;
1153 if (skb_tailroom(skb) < scb->expect) {
1155 hdev->reassembly[index] = NULL;
1162 if (scb->expect == 0) {
1163 /* Complete frame */
1165 bt_cb(skb)->pkt_type = type;
1166 hci_recv_frame(skb);
1168 hdev->reassembly[index] = NULL;
1176 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1180 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1184 rem = hci_reassembly(hdev, type, data, count,
1185 type - 1, GFP_ATOMIC);
1189 data += (count - rem);
1195 EXPORT_SYMBOL(hci_recv_fragment);
1197 #define STREAM_REASSEMBLY 0
1199 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1205 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1208 struct { char type; } *pkt;
1210 /* Start of the frame */
1217 type = bt_cb(skb)->pkt_type;
1219 rem = hci_reassembly(hdev, type, data,
1220 count, STREAM_REASSEMBLY, GFP_ATOMIC);
1224 data += (count - rem);
1230 EXPORT_SYMBOL(hci_recv_stream_fragment);
1232 /* ---- Interface to upper protocols ---- */
1234 /* Register/Unregister protocols.
1235 * hci_task_lock is used to ensure that no tasks are running. */
1236 int hci_register_proto(struct hci_proto *hp)
1240 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1242 if (hp->id >= HCI_MAX_PROTO)
1245 write_lock_bh(&hci_task_lock);
1247 if (!hci_proto[hp->id])
1248 hci_proto[hp->id] = hp;
1252 write_unlock_bh(&hci_task_lock);
1256 EXPORT_SYMBOL(hci_register_proto);
1258 int hci_unregister_proto(struct hci_proto *hp)
1262 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1264 if (hp->id >= HCI_MAX_PROTO)
1267 write_lock_bh(&hci_task_lock);
1269 if (hci_proto[hp->id])
1270 hci_proto[hp->id] = NULL;
1274 write_unlock_bh(&hci_task_lock);
1278 EXPORT_SYMBOL(hci_unregister_proto);
1280 int hci_register_cb(struct hci_cb *cb)
1282 BT_DBG("%p name %s", cb, cb->name);
1284 write_lock_bh(&hci_cb_list_lock);
1285 list_add(&cb->list, &hci_cb_list);
1286 write_unlock_bh(&hci_cb_list_lock);
1290 EXPORT_SYMBOL(hci_register_cb);
1292 int hci_unregister_cb(struct hci_cb *cb)
1294 BT_DBG("%p name %s", cb, cb->name);
1296 write_lock_bh(&hci_cb_list_lock);
1297 list_del(&cb->list);
1298 write_unlock_bh(&hci_cb_list_lock);
1302 EXPORT_SYMBOL(hci_unregister_cb);
1304 static int hci_send_frame(struct sk_buff *skb)
1306 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1313 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1315 if (atomic_read(&hdev->promisc)) {
1317 __net_timestamp(skb);
1319 hci_send_to_sock(hdev, skb);
1322 /* Get rid of skb owner, prior to sending to the driver. */
1325 return hdev->send(skb);
1328 /* Send HCI command */
1329 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1331 int len = HCI_COMMAND_HDR_SIZE + plen;
1332 struct hci_command_hdr *hdr;
1333 struct sk_buff *skb;
1335 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1337 skb = bt_skb_alloc(len, GFP_ATOMIC);
1339 BT_ERR("%s no memory for command", hdev->name);
1343 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1344 hdr->opcode = cpu_to_le16(opcode);
1348 memcpy(skb_put(skb, plen), param, plen);
1350 BT_DBG("skb len %d", skb->len);
1352 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1353 skb->dev = (void *) hdev;
1355 skb_queue_tail(&hdev->cmd_q, skb);
1356 tasklet_schedule(&hdev->cmd_task);
1361 /* Get data from the previously sent command */
1362 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1364 struct hci_command_hdr *hdr;
1366 if (!hdev->sent_cmd)
1369 hdr = (void *) hdev->sent_cmd->data;
1371 if (hdr->opcode != cpu_to_le16(opcode))
1374 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1376 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1380 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1382 struct hci_acl_hdr *hdr;
1385 skb_push(skb, HCI_ACL_HDR_SIZE);
1386 skb_reset_transport_header(skb);
1387 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1388 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1389 hdr->dlen = cpu_to_le16(len);
1392 void hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1394 struct hci_dev *hdev = conn->hdev;
1395 struct sk_buff *list;
1397 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
1399 skb->dev = (void *) hdev;
1400 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1401 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START);
1403 list = skb_shinfo(skb)->frag_list;
1405 /* Non fragmented */
1406 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1408 skb_queue_tail(&conn->data_q, skb);
1411 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1413 skb_shinfo(skb)->frag_list = NULL;
1415 /* Queue all fragments atomically */
1416 spin_lock_bh(&conn->data_q.lock);
1418 __skb_queue_tail(&conn->data_q, skb);
1420 skb = list; list = list->next;
1422 skb->dev = (void *) hdev;
1423 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1424 hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT);
1426 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1428 __skb_queue_tail(&conn->data_q, skb);
1431 spin_unlock_bh(&conn->data_q.lock);
1434 tasklet_schedule(&hdev->tx_task);
1436 EXPORT_SYMBOL(hci_send_acl);
1439 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1441 struct hci_dev *hdev = conn->hdev;
1442 struct hci_sco_hdr hdr;
1444 BT_DBG("%s len %d", hdev->name, skb->len);
1446 hdr.handle = cpu_to_le16(conn->handle);
1447 hdr.dlen = skb->len;
1449 skb_push(skb, HCI_SCO_HDR_SIZE);
1450 skb_reset_transport_header(skb);
1451 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
1453 skb->dev = (void *) hdev;
1454 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
1456 skb_queue_tail(&conn->data_q, skb);
1457 tasklet_schedule(&hdev->tx_task);
1459 EXPORT_SYMBOL(hci_send_sco);
1461 /* ---- HCI TX task (outgoing data) ---- */
1463 /* HCI Connection scheduler */
1464 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
1466 struct hci_conn_hash *h = &hdev->conn_hash;
1467 struct hci_conn *conn = NULL;
1468 int num = 0, min = ~0;
1469 struct list_head *p;
1471 /* We don't have to lock device here. Connections are always
1472 * added and removed with TX task disabled. */
1473 list_for_each(p, &h->list) {
1475 c = list_entry(p, struct hci_conn, list);
1477 if (c->type != type || skb_queue_empty(&c->data_q))
1480 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
1485 if (c->sent < min) {
1492 int cnt = (type == ACL_LINK ? hdev->acl_cnt : hdev->sco_cnt);
1498 BT_DBG("conn %p quote %d", conn, *quote);
1502 static inline void hci_acl_tx_to(struct hci_dev *hdev)
1504 struct hci_conn_hash *h = &hdev->conn_hash;
1505 struct list_head *p;
1508 BT_ERR("%s ACL tx timeout", hdev->name);
1510 /* Kill stalled connections */
1511 list_for_each(p, &h->list) {
1512 c = list_entry(p, struct hci_conn, list);
1513 if (c->type == ACL_LINK && c->sent) {
1514 BT_ERR("%s killing stalled ACL connection %s",
1515 hdev->name, batostr(&c->dst));
1516 hci_acl_disconn(c, 0x13);
1521 static inline void hci_sched_acl(struct hci_dev *hdev)
1523 struct hci_conn *conn;
1524 struct sk_buff *skb;
1527 BT_DBG("%s", hdev->name);
1529 if (!test_bit(HCI_RAW, &hdev->flags)) {
1530 /* ACL tx timeout must be longer than maximum
1531 * link supervision timeout (40.9 seconds) */
1532 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
1533 hci_acl_tx_to(hdev);
1536 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, "e))) {
1537 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1538 BT_DBG("skb %p len %d", skb, skb->len);
1540 hci_conn_enter_active_mode(conn);
1542 hci_send_frame(skb);
1543 hdev->acl_last_tx = jiffies;
1552 static inline void hci_sched_sco(struct hci_dev *hdev)
1554 struct hci_conn *conn;
1555 struct sk_buff *skb;
1558 BT_DBG("%s", hdev->name);
1560 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
1561 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1562 BT_DBG("skb %p len %d", skb, skb->len);
1563 hci_send_frame(skb);
1566 if (conn->sent == ~0)
1572 static inline void hci_sched_esco(struct hci_dev *hdev)
1574 struct hci_conn *conn;
1575 struct sk_buff *skb;
1578 BT_DBG("%s", hdev->name);
1580 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
1581 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
1582 BT_DBG("skb %p len %d", skb, skb->len);
1583 hci_send_frame(skb);
1586 if (conn->sent == ~0)
1592 static void hci_tx_task(unsigned long arg)
1594 struct hci_dev *hdev = (struct hci_dev *) arg;
1595 struct sk_buff *skb;
1597 read_lock(&hci_task_lock);
1599 BT_DBG("%s acl %d sco %d", hdev->name, hdev->acl_cnt, hdev->sco_cnt);
1601 /* Schedule queues and send stuff to HCI driver */
1603 hci_sched_acl(hdev);
1605 hci_sched_sco(hdev);
1607 hci_sched_esco(hdev);
1609 /* Send next queued raw (unknown type) packet */
1610 while ((skb = skb_dequeue(&hdev->raw_q)))
1611 hci_send_frame(skb);
1613 read_unlock(&hci_task_lock);
1616 /* ----- HCI RX task (incoming data proccessing) ----- */
1618 /* ACL data packet */
1619 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1621 struct hci_acl_hdr *hdr = (void *) skb->data;
1622 struct hci_conn *conn;
1623 __u16 handle, flags;
1625 skb_pull(skb, HCI_ACL_HDR_SIZE);
1627 handle = __le16_to_cpu(hdr->handle);
1628 flags = hci_flags(handle);
1629 handle = hci_handle(handle);
1631 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
1633 hdev->stat.acl_rx++;
1636 conn = hci_conn_hash_lookup_handle(hdev, handle);
1637 hci_dev_unlock(hdev);
1640 register struct hci_proto *hp;
1642 hci_conn_enter_active_mode(conn);
1644 /* Send to upper protocol */
1645 hp = hci_proto[HCI_PROTO_L2CAP];
1646 if (hp && hp->recv_acldata) {
1647 hp->recv_acldata(conn, skb, flags);
1651 BT_ERR("%s ACL packet for unknown connection handle %d",
1652 hdev->name, handle);
1658 /* SCO data packet */
1659 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1661 struct hci_sco_hdr *hdr = (void *) skb->data;
1662 struct hci_conn *conn;
1665 skb_pull(skb, HCI_SCO_HDR_SIZE);
1667 handle = __le16_to_cpu(hdr->handle);
1669 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
1671 hdev->stat.sco_rx++;
1674 conn = hci_conn_hash_lookup_handle(hdev, handle);
1675 hci_dev_unlock(hdev);
1678 register struct hci_proto *hp;
1680 /* Send to upper protocol */
1681 hp = hci_proto[HCI_PROTO_SCO];
1682 if (hp && hp->recv_scodata) {
1683 hp->recv_scodata(conn, skb);
1687 BT_ERR("%s SCO packet for unknown connection handle %d",
1688 hdev->name, handle);
1694 static void hci_rx_task(unsigned long arg)
1696 struct hci_dev *hdev = (struct hci_dev *) arg;
1697 struct sk_buff *skb;
1699 BT_DBG("%s", hdev->name);
1701 read_lock(&hci_task_lock);
1703 while ((skb = skb_dequeue(&hdev->rx_q))) {
1704 if (atomic_read(&hdev->promisc)) {
1705 /* Send copy to the sockets */
1706 hci_send_to_sock(hdev, skb);
1709 if (test_bit(HCI_RAW, &hdev->flags)) {
1714 if (test_bit(HCI_INIT, &hdev->flags)) {
1715 /* Don't process data packets in this states. */
1716 switch (bt_cb(skb)->pkt_type) {
1717 case HCI_ACLDATA_PKT:
1718 case HCI_SCODATA_PKT:
1725 switch (bt_cb(skb)->pkt_type) {
1727 hci_event_packet(hdev, skb);
1730 case HCI_ACLDATA_PKT:
1731 BT_DBG("%s ACL data packet", hdev->name);
1732 hci_acldata_packet(hdev, skb);
1735 case HCI_SCODATA_PKT:
1736 BT_DBG("%s SCO data packet", hdev->name);
1737 hci_scodata_packet(hdev, skb);
1746 read_unlock(&hci_task_lock);
1749 static void hci_cmd_task(unsigned long arg)
1751 struct hci_dev *hdev = (struct hci_dev *) arg;
1752 struct sk_buff *skb;
1754 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
1756 if (!atomic_read(&hdev->cmd_cnt) && time_after(jiffies, hdev->cmd_last_tx + HZ)) {
1757 BT_ERR("%s command tx timeout", hdev->name);
1758 atomic_set(&hdev->cmd_cnt, 1);
1761 /* Send queued commands */
1762 if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) {
1763 kfree_skb(hdev->sent_cmd);
1765 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
1766 if (hdev->sent_cmd) {
1767 atomic_dec(&hdev->cmd_cnt);
1768 hci_send_frame(skb);
1769 hdev->cmd_last_tx = jiffies;
1771 skb_queue_head(&hdev->cmd_q, skb);
1772 tasklet_schedule(&hdev->cmd_task);
projects / linux-flexiantxendom0-natty.git / blob