search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm...
[linux-2.6.git] / net / bluetooth / hci_core.c
blob6ccc4eb9e55e4958f3eb070894a7668b05c98b5b
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
24 */
25
26 /* Bluetooth HCI core. */
27
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <asm/unaligned.h>
33
34 #include <net/bluetooth/bluetooth.h>
35 #include <net/bluetooth/hci_core.h>
36
37 static void hci_rx_work(struct work_struct *work);
38 static void hci_cmd_work(struct work_struct *work);
39 static void hci_tx_work(struct work_struct *work);
40
41 /* HCI device list */
42 LIST_HEAD(hci_dev_list);
43 DEFINE_RWLOCK(hci_dev_list_lock);
44
45 /* HCI callback list */
46 LIST_HEAD(hci_cb_list);
47 DEFINE_RWLOCK(hci_cb_list_lock);
48
49 /* HCI ID Numbering */
50 static DEFINE_IDA(hci_index_ida);
51
52 /* ---- HCI notifications ---- */
53
54 static void hci_notify(struct hci_dev *hdev, int event)
55 {
56 hci_sock_dev_event(hdev, event);
57 }
58
59 /* ---- HCI debugfs entries ---- */
60
61 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
62 size_t count, loff_t *ppos)
63 {
64 struct hci_dev *hdev = file->private_data;
65 char buf[3];
66
67 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dev_flags) ? 'Y': 'N';
68 buf[1] = '\n';
69 buf[2] = '\0';
70 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
71 }
72
73 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
74 size_t count, loff_t *ppos)
75 {
76 struct hci_dev *hdev = file->private_data;
77 struct sk_buff *skb;
78 char buf[32];
79 size_t buf_size = min(count, (sizeof(buf)-1));
80 bool enable;
81 int err;
82
83 if (!test_bit(HCI_UP, &hdev->flags))
84 return -ENETDOWN;
85
86 if (copy_from_user(buf, user_buf, buf_size))
87 return -EFAULT;
88
89 buf[buf_size] = '\0';
90 if (strtobool(buf, &enable))
91 return -EINVAL;
92
93 if (enable == test_bit(HCI_DUT_MODE, &hdev->dev_flags))
94 return -EALREADY;
95
96 hci_req_lock(hdev);
97 if (enable)
98 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
99 HCI_CMD_TIMEOUT);
100 else
101 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
102 HCI_CMD_TIMEOUT);
103 hci_req_unlock(hdev);
104
105 if (IS_ERR(skb))
106 return PTR_ERR(skb);
107
108 err = -bt_to_errno(skb->data[0]);
109 kfree_skb(skb);
110
111 if (err < 0)
112 return err;
113
114 change_bit(HCI_DUT_MODE, &hdev->dev_flags);
115
116 return count;
117 }
118
119 static const struct file_operations dut_mode_fops = {
120 .open = simple_open,
121 .read = dut_mode_read,
122 .write = dut_mode_write,
123 .llseek = default_llseek,
124 };
125
126 static int features_show(struct seq_file *f, void *ptr)
127 {
128 struct hci_dev *hdev = f->private;
129 u8 p;
130
131 hci_dev_lock(hdev);
132 for (p = 0; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
133 seq_printf(f, "%2u: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
134 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", p,
135 hdev->features[p][0], hdev->features[p][1],
136 hdev->features[p][2], hdev->features[p][3],
137 hdev->features[p][4], hdev->features[p][5],
138 hdev->features[p][6], hdev->features[p][7]);
139 }
140 if (lmp_le_capable(hdev))
141 seq_printf(f, "LE: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
142 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
143 hdev->le_features[0], hdev->le_features[1],
144 hdev->le_features[2], hdev->le_features[3],
145 hdev->le_features[4], hdev->le_features[5],
146 hdev->le_features[6], hdev->le_features[7]);
147 hci_dev_unlock(hdev);
148
149 return 0;
150 }
151
152 static int features_open(struct inode *inode, struct file *file)
153 {
154 return single_open(file, features_show, inode->i_private);
155 }
156
157 static const struct file_operations features_fops = {
158 .open = features_open,
159 .read = seq_read,
160 .llseek = seq_lseek,
161 .release = single_release,
162 };
163
164 static int blacklist_show(struct seq_file *f, void *p)
165 {
166 struct hci_dev *hdev = f->private;
167 struct bdaddr_list *b;
168
169 hci_dev_lock(hdev);
170 list_for_each_entry(b, &hdev->blacklist, list)
171 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
172 hci_dev_unlock(hdev);
173
174 return 0;
175 }
176
177 static int blacklist_open(struct inode *inode, struct file *file)
178 {
179 return single_open(file, blacklist_show, inode->i_private);
180 }
181
182 static const struct file_operations blacklist_fops = {
183 .open = blacklist_open,
184 .read = seq_read,
185 .llseek = seq_lseek,
186 .release = single_release,
187 };
188
189 static int uuids_show(struct seq_file *f, void *p)
190 {
191 struct hci_dev *hdev = f->private;
192 struct bt_uuid *uuid;
193
194 hci_dev_lock(hdev);
195 list_for_each_entry(uuid, &hdev->uuids, list) {
196 u8 i, val[16];
197
198 /* The Bluetooth UUID values are stored in big endian,
199 * but with reversed byte order. So convert them into
200 * the right order for the %pUb modifier.
201 */
202 for (i = 0; i < 16; i++)
203 val[i] = uuid->uuid[15 - i];
204
205 seq_printf(f, "%pUb\n", val);
206 }
207 hci_dev_unlock(hdev);
208
209 return 0;
210 }
211
212 static int uuids_open(struct inode *inode, struct file *file)
213 {
214 return single_open(file, uuids_show, inode->i_private);
215 }
216
217 static const struct file_operations uuids_fops = {
218 .open = uuids_open,
219 .read = seq_read,
220 .llseek = seq_lseek,
221 .release = single_release,
222 };
223
224 static int inquiry_cache_show(struct seq_file *f, void *p)
225 {
226 struct hci_dev *hdev = f->private;
227 struct discovery_state *cache = &hdev->discovery;
228 struct inquiry_entry *e;
229
230 hci_dev_lock(hdev);
231
232 list_for_each_entry(e, &cache->all, all) {
233 struct inquiry_data *data = &e->data;
234 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
235 &data->bdaddr,
236 data->pscan_rep_mode, data->pscan_period_mode,
237 data->pscan_mode, data->dev_class[2],
238 data->dev_class[1], data->dev_class[0],
239 __le16_to_cpu(data->clock_offset),
240 data->rssi, data->ssp_mode, e->timestamp);
241 }
242
243 hci_dev_unlock(hdev);
244
245 return 0;
246 }
247
248 static int inquiry_cache_open(struct inode *inode, struct file *file)
249 {
250 return single_open(file, inquiry_cache_show, inode->i_private);
251 }
252
253 static const struct file_operations inquiry_cache_fops = {
254 .open = inquiry_cache_open,
255 .read = seq_read,
256 .llseek = seq_lseek,
257 .release = single_release,
258 };
259
260 static int link_keys_show(struct seq_file *f, void *ptr)
261 {
262 struct hci_dev *hdev = f->private;
263 struct list_head *p, *n;
264
265 hci_dev_lock(hdev);
266 list_for_each_safe(p, n, &hdev->link_keys) {
267 struct link_key *key = list_entry(p, struct link_key, list);
268 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
269 HCI_LINK_KEY_SIZE, key->val, key->pin_len);
270 }
271 hci_dev_unlock(hdev);
272
273 return 0;
274 }
275
276 static int link_keys_open(struct inode *inode, struct file *file)
277 {
278 return single_open(file, link_keys_show, inode->i_private);
279 }
280
281 static const struct file_operations link_keys_fops = {
282 .open = link_keys_open,
283 .read = seq_read,
284 .llseek = seq_lseek,
285 .release = single_release,
286 };
287
288 static ssize_t use_debug_keys_read(struct file *file, char __user *user_buf,
289 size_t count, loff_t *ppos)
290 {
291 struct hci_dev *hdev = file->private_data;
292 char buf[3];
293
294 buf[0] = test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) ? 'Y': 'N';
295 buf[1] = '\n';
296 buf[2] = '\0';
297 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
298 }
299
300 static const struct file_operations use_debug_keys_fops = {
301 .open = simple_open,
302 .read = use_debug_keys_read,
303 .llseek = default_llseek,
304 };
305
306 static int dev_class_show(struct seq_file *f, void *ptr)
307 {
308 struct hci_dev *hdev = f->private;
309
310 hci_dev_lock(hdev);
311 seq_printf(f, "0x%.2x%.2x%.2x\n", hdev->dev_class[2],
312 hdev->dev_class[1], hdev->dev_class[0]);
313 hci_dev_unlock(hdev);
314
315 return 0;
316 }
317
318 static int dev_class_open(struct inode *inode, struct file *file)
319 {
320 return single_open(file, dev_class_show, inode->i_private);
321 }
322
323 static const struct file_operations dev_class_fops = {
324 .open = dev_class_open,
325 .read = seq_read,
326 .llseek = seq_lseek,
327 .release = single_release,
328 };
329
330 static int voice_setting_get(void *data, u64 *val)
331 {
332 struct hci_dev *hdev = data;
333
334 hci_dev_lock(hdev);
335 *val = hdev->voice_setting;
336 hci_dev_unlock(hdev);
337
338 return 0;
339 }
340
341 DEFINE_SIMPLE_ATTRIBUTE(voice_setting_fops, voice_setting_get,
342 NULL, "0x%4.4llx\n");
343
344 static int auto_accept_delay_set(void *data, u64 val)
345 {
346 struct hci_dev *hdev = data;
347
348 hci_dev_lock(hdev);
349 hdev->auto_accept_delay = val;
350 hci_dev_unlock(hdev);
351
352 return 0;
353 }
354
355 static int auto_accept_delay_get(void *data, u64 *val)
356 {
357 struct hci_dev *hdev = data;
358
359 hci_dev_lock(hdev);
360 *val = hdev->auto_accept_delay;
361 hci_dev_unlock(hdev);
362
363 return 0;
364 }
365
366 DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
367 auto_accept_delay_set, "%llu\n");
368
369 static int ssp_debug_mode_set(void *data, u64 val)
370 {
371 struct hci_dev *hdev = data;
372 struct sk_buff *skb;
373 __u8 mode;
374 int err;
375
376 if (val != 0 && val != 1)
377 return -EINVAL;
378
379 if (!test_bit(HCI_UP, &hdev->flags))
380 return -ENETDOWN;
381
382 hci_req_lock(hdev);
383 mode = val;
384 skb = __hci_cmd_sync(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, sizeof(mode),
385 &mode, HCI_CMD_TIMEOUT);
386 hci_req_unlock(hdev);
387
388 if (IS_ERR(skb))
389 return PTR_ERR(skb);
390
391 err = -bt_to_errno(skb->data[0]);
392 kfree_skb(skb);
393
394 if (err < 0)
395 return err;
396
397 hci_dev_lock(hdev);
398 hdev->ssp_debug_mode = val;
399 hci_dev_unlock(hdev);
400
401 return 0;
402 }
403
404 static int ssp_debug_mode_get(void *data, u64 *val)
405 {
406 struct hci_dev *hdev = data;
407
408 hci_dev_lock(hdev);
409 *val = hdev->ssp_debug_mode;
410 hci_dev_unlock(hdev);
411
412 return 0;
413 }
414
415 DEFINE_SIMPLE_ATTRIBUTE(ssp_debug_mode_fops, ssp_debug_mode_get,
416 ssp_debug_mode_set, "%llu\n");
417
418 static int idle_timeout_set(void *data, u64 val)
419 {
420 struct hci_dev *hdev = data;
421
422 if (val != 0 && (val < 500 || val > 3600000))
423 return -EINVAL;
424
425 hci_dev_lock(hdev);
426 hdev->idle_timeout = val;
427 hci_dev_unlock(hdev);
428
429 return 0;
430 }
431
432 static int idle_timeout_get(void *data, u64 *val)
433 {
434 struct hci_dev *hdev = data;
435
436 hci_dev_lock(hdev);
437 *val = hdev->idle_timeout;
438 hci_dev_unlock(hdev);
439
440 return 0;
441 }
442
443 DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
444 idle_timeout_set, "%llu\n");
445
446 static int sniff_min_interval_set(void *data, u64 val)
447 {
448 struct hci_dev *hdev = data;
449
450 if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
451 return -EINVAL;
452
453 hci_dev_lock(hdev);
454 hdev->sniff_min_interval = val;
455 hci_dev_unlock(hdev);
456
457 return 0;
458 }
459
460 static int sniff_min_interval_get(void *data, u64 *val)
461 {
462 struct hci_dev *hdev = data;
463
464 hci_dev_lock(hdev);
465 *val = hdev->sniff_min_interval;
466 hci_dev_unlock(hdev);
467
468 return 0;
469 }
470
471 DEFINE_SIMPLE_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get,
472 sniff_min_interval_set, "%llu\n");
473
474 static int sniff_max_interval_set(void *data, u64 val)
475 {
476 struct hci_dev *hdev = data;
477
478 if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
479 return -EINVAL;
480
481 hci_dev_lock(hdev);
482 hdev->sniff_max_interval = val;
483 hci_dev_unlock(hdev);
484
485 return 0;
486 }
487
488 static int sniff_max_interval_get(void *data, u64 *val)
489 {
490 struct hci_dev *hdev = data;
491
492 hci_dev_lock(hdev);
493 *val = hdev->sniff_max_interval;
494 hci_dev_unlock(hdev);
495
496 return 0;
497 }
498
499 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
500 sniff_max_interval_set, "%llu\n");
501
502 static int static_address_show(struct seq_file *f, void *p)
503 {
504 struct hci_dev *hdev = f->private;
505
506 hci_dev_lock(hdev);
507 seq_printf(f, "%pMR\n", &hdev->static_addr);
508 hci_dev_unlock(hdev);
509
510 return 0;
511 }
512
513 static int static_address_open(struct inode *inode, struct file *file)
514 {
515 return single_open(file, static_address_show, inode->i_private);
516 }
517
518 static const struct file_operations static_address_fops = {
519 .open = static_address_open,
520 .read = seq_read,
521 .llseek = seq_lseek,
522 .release = single_release,
523 };
524
525 static int own_address_type_set(void *data, u64 val)
526 {
527 struct hci_dev *hdev = data;
528
529 if (val != 0 && val != 1)
530 return -EINVAL;
531
532 hci_dev_lock(hdev);
533 hdev->own_addr_type = val;
534 hci_dev_unlock(hdev);
535
536 return 0;
537 }
538
539 static int own_address_type_get(void *data, u64 *val)
540 {
541 struct hci_dev *hdev = data;
542
543 hci_dev_lock(hdev);
544 *val = hdev->own_addr_type;
545 hci_dev_unlock(hdev);
546
547 return 0;
548 }
549
550 DEFINE_SIMPLE_ATTRIBUTE(own_address_type_fops, own_address_type_get,
551 own_address_type_set, "%llu\n");
552
553 static int long_term_keys_show(struct seq_file *f, void *ptr)
554 {
555 struct hci_dev *hdev = f->private;
556 struct list_head *p, *n;
557
558 hci_dev_lock(hdev);
559 list_for_each_safe(p, n, &hdev->link_keys) {
560 struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list);
561 seq_printf(f, "%pMR (type %u) %u %u %u %.4x %*phN %*phN\\n",
562 &ltk->bdaddr, ltk->bdaddr_type, ltk->authenticated,
563 ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
564 8, ltk->rand, 16, ltk->val);
565 }
566 hci_dev_unlock(hdev);
567
568 return 0;
569 }
570
571 static int long_term_keys_open(struct inode *inode, struct file *file)
572 {
573 return single_open(file, long_term_keys_show, inode->i_private);
574 }
575
576 static const struct file_operations long_term_keys_fops = {
577 .open = long_term_keys_open,
578 .read = seq_read,
579 .llseek = seq_lseek,
580 .release = single_release,
581 };
582
583 static int conn_min_interval_set(void *data, u64 val)
584 {
585 struct hci_dev *hdev = data;
586
587 if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval)
588 return -EINVAL;
589
590 hci_dev_lock(hdev);
591 hdev->le_conn_min_interval = val;
592 hci_dev_unlock(hdev);
593
594 return 0;
595 }
596
597 static int conn_min_interval_get(void *data, u64 *val)
598 {
599 struct hci_dev *hdev = data;
600
601 hci_dev_lock(hdev);
602 *val = hdev->le_conn_min_interval;
603 hci_dev_unlock(hdev);
604
605 return 0;
606 }
607
608 DEFINE_SIMPLE_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get,
609 conn_min_interval_set, "%llu\n");
610
611 static int conn_max_interval_set(void *data, u64 val)
612 {
613 struct hci_dev *hdev = data;
614
615 if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval)
616 return -EINVAL;
617
618 hci_dev_lock(hdev);
619 hdev->le_conn_max_interval = val;
620 hci_dev_unlock(hdev);
621
622 return 0;
623 }
624
625 static int conn_max_interval_get(void *data, u64 *val)
626 {
627 struct hci_dev *hdev = data;
628
629 hci_dev_lock(hdev);
630 *val = hdev->le_conn_max_interval;
631 hci_dev_unlock(hdev);
632
633 return 0;
634 }
635
636 DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get,
637 conn_max_interval_set, "%llu\n");
638
639 /* ---- HCI requests ---- */
640
641 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
642 {
643 BT_DBG("%s result 0x%2.2x", hdev->name, result);
644
645 if (hdev->req_status == HCI_REQ_PEND) {
646 hdev->req_result = result;
647 hdev->req_status = HCI_REQ_DONE;
648 wake_up_interruptible(&hdev->req_wait_q);
649 }
650 }
651
652 static void hci_req_cancel(struct hci_dev *hdev, int err)
653 {
654 BT_DBG("%s err 0x%2.2x", hdev->name, err);
655
656 if (hdev->req_status == HCI_REQ_PEND) {
657 hdev->req_result = err;
658 hdev->req_status = HCI_REQ_CANCELED;
659 wake_up_interruptible(&hdev->req_wait_q);
660 }
661 }
662
663 static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
664 u8 event)
665 {
666 struct hci_ev_cmd_complete *ev;
667 struct hci_event_hdr *hdr;
668 struct sk_buff *skb;
669
670 hci_dev_lock(hdev);
671
672 skb = hdev->recv_evt;
673 hdev->recv_evt = NULL;
674
675 hci_dev_unlock(hdev);
676
677 if (!skb)
678 return ERR_PTR(-ENODATA);
679
680 if (skb->len < sizeof(*hdr)) {
681 BT_ERR("Too short HCI event");
682 goto failed;
683 }
684
685 hdr = (void *) skb->data;
686 skb_pull(skb, HCI_EVENT_HDR_SIZE);
687
688 if (event) {
689 if (hdr->evt != event)
690 goto failed;
691 return skb;
692 }
693
694 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
695 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
696 goto failed;
697 }
698
699 if (skb->len < sizeof(*ev)) {
700 BT_ERR("Too short cmd_complete event");
701 goto failed;
702 }
703
704 ev = (void *) skb->data;
705 skb_pull(skb, sizeof(*ev));
706
707 if (opcode == __le16_to_cpu(ev->opcode))
708 return skb;
709
710 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
711 __le16_to_cpu(ev->opcode));
712
713 failed:
714 kfree_skb(skb);
715 return ERR_PTR(-ENODATA);
716 }
717
718 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
719 const void *param, u8 event, u32 timeout)
720 {
721 DECLARE_WAITQUEUE(wait, current);
722 struct hci_request req;
723 int err = 0;
724
725 BT_DBG("%s", hdev->name);
726
727 hci_req_init(&req, hdev);
728
729 hci_req_add_ev(&req, opcode, plen, param, event);
730
731 hdev->req_status = HCI_REQ_PEND;
732
733 err = hci_req_run(&req, hci_req_sync_complete);
734 if (err < 0)
735 return ERR_PTR(err);
736
737 add_wait_queue(&hdev->req_wait_q, &wait);
738 set_current_state(TASK_INTERRUPTIBLE);
739
740 schedule_timeout(timeout);
741
742 remove_wait_queue(&hdev->req_wait_q, &wait);
743
744 if (signal_pending(current))
745 return ERR_PTR(-EINTR);
746
747 switch (hdev->req_status) {
748 case HCI_REQ_DONE:
749 err = -bt_to_errno(hdev->req_result);
750 break;
751
752 case HCI_REQ_CANCELED:
753 err = -hdev->req_result;
754 break;
755
756 default:
757 err = -ETIMEDOUT;
758 break;
759 }
760
761 hdev->req_status = hdev->req_result = 0;
762
763 BT_DBG("%s end: err %d", hdev->name, err);
764
765 if (err < 0)
766 return ERR_PTR(err);
767
768 return hci_get_cmd_complete(hdev, opcode, event);
769 }
770 EXPORT_SYMBOL(__hci_cmd_sync_ev);
771
772 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
773 const void *param, u32 timeout)
774 {
775 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
776 }
777 EXPORT_SYMBOL(__hci_cmd_sync);
778
779 /* Execute request and wait for completion. */
780 static int __hci_req_sync(struct hci_dev *hdev,
781 void (*func)(struct hci_request *req,
782 unsigned long opt),
783 unsigned long opt, __u32 timeout)
784 {
785 struct hci_request req;
786 DECLARE_WAITQUEUE(wait, current);
787 int err = 0;
788
789 BT_DBG("%s start", hdev->name);
790
791 hci_req_init(&req, hdev);
792
793 hdev->req_status = HCI_REQ_PEND;
794
795 func(&req, opt);
796
797 err = hci_req_run(&req, hci_req_sync_complete);
798 if (err < 0) {
799 hdev->req_status = 0;
800
801 /* ENODATA means the HCI request command queue is empty.
802 * This can happen when a request with conditionals doesn't
803 * trigger any commands to be sent. This is normal behavior
804 * and should not trigger an error return.
805 */
806 if (err == -ENODATA)
807 return 0;
808
809 return err;
810 }
811
812 add_wait_queue(&hdev->req_wait_q, &wait);
813 set_current_state(TASK_INTERRUPTIBLE);
814
815 schedule_timeout(timeout);
816
817 remove_wait_queue(&hdev->req_wait_q, &wait);
818
819 if (signal_pending(current))
820 return -EINTR;
821
822 switch (hdev->req_status) {
823 case HCI_REQ_DONE:
824 err = -bt_to_errno(hdev->req_result);
825 break;
826
827 case HCI_REQ_CANCELED:
828 err = -hdev->req_result;
829 break;
830
831 default:
832 err = -ETIMEDOUT;
833 break;
834 }
835
836 hdev->req_status = hdev->req_result = 0;
837
838 BT_DBG("%s end: err %d", hdev->name, err);
839
840 return err;
841 }
842
843 static int hci_req_sync(struct hci_dev *hdev,
844 void (*req)(struct hci_request *req,
845 unsigned long opt),
846 unsigned long opt, __u32 timeout)
847 {
848 int ret;
849
850 if (!test_bit(HCI_UP, &hdev->flags))
851 return -ENETDOWN;
852
853 /* Serialize all requests */
854 hci_req_lock(hdev);
855 ret = __hci_req_sync(hdev, req, opt, timeout);
856 hci_req_unlock(hdev);
857
858 return ret;
859 }
860
861 static void hci_reset_req(struct hci_request *req, unsigned long opt)
862 {
863 BT_DBG("%s %ld", req->hdev->name, opt);
864
865 /* Reset device */
866 set_bit(HCI_RESET, &req->hdev->flags);
867 hci_req_add(req, HCI_OP_RESET, 0, NULL);
868 }
869
870 static void bredr_init(struct hci_request *req)
871 {
872 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
873
874 /* Read Local Supported Features */
875 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
876
877 /* Read Local Version */
878 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
879
880 /* Read BD Address */
881 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
882 }
883
884 static void amp_init(struct hci_request *req)
885 {
886 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
887
888 /* Read Local Version */
889 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
890
891 /* Read Local Supported Commands */
892 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
893
894 /* Read Local Supported Features */
895 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
896
897 /* Read Local AMP Info */
898 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
899
900 /* Read Data Blk size */
901 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
902
903 /* Read Flow Control Mode */
904 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
905
906 /* Read Location Data */
907 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
908 }
909
910 static void hci_init1_req(struct hci_request *req, unsigned long opt)
911 {
912 struct hci_dev *hdev = req->hdev;
913
914 BT_DBG("%s %ld", hdev->name, opt);
915
916 /* Reset */
917 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
918 hci_reset_req(req, 0);
919
920 switch (hdev->dev_type) {
921 case HCI_BREDR:
922 bredr_init(req);
923 break;
924
925 case HCI_AMP:
926 amp_init(req);
927 break;
928
929 default:
930 BT_ERR("Unknown device type %d", hdev->dev_type);
931 break;
932 }
933 }
934
935 static void bredr_setup(struct hci_request *req)
936 {
937 struct hci_dev *hdev = req->hdev;
938
939 __le16 param;
940 __u8 flt_type;
941
942 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
943 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
944
945 /* Read Class of Device */
946 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
947
948 /* Read Local Name */
949 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
950
951 /* Read Voice Setting */
952 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
953
954 /* Read Number of Supported IAC */
955 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
956
957 /* Read Current IAC LAP */
958 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
959
960 /* Clear Event Filters */
961 flt_type = HCI_FLT_CLEAR_ALL;
962 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
963
964 /* Connection accept timeout ~20 secs */
965 param = __constant_cpu_to_le16(0x7d00);
966 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
967
968 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
969 * but it does not support page scan related HCI commands.
970 */
971 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
972 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
973 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
974 }
975 }
976
977 static void le_setup(struct hci_request *req)
978 {
979 struct hci_dev *hdev = req->hdev;
980
981 /* Read LE Buffer Size */
982 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
983
984 /* Read LE Local Supported Features */
985 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
986
987 /* Read LE Advertising Channel TX Power */
988 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
989
990 /* Read LE White List Size */
991 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
992
993 /* Read LE Supported States */
994 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
995
996 /* LE-only controllers have LE implicitly enabled */
997 if (!lmp_bredr_capable(hdev))
998 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
999 }
1000
1001 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
1002 {
1003 if (lmp_ext_inq_capable(hdev))
1004 return 0x02;
1005
1006 if (lmp_inq_rssi_capable(hdev))
1007 return 0x01;
1008
1009 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
1010 hdev->lmp_subver == 0x0757)
1011 return 0x01;
1012
1013 if (hdev->manufacturer == 15) {
1014 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
1015 return 0x01;
1016 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
1017 return 0x01;
1018 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
1019 return 0x01;
1020 }
1021
1022 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
1023 hdev->lmp_subver == 0x1805)
1024 return 0x01;
1025
1026 return 0x00;
1027 }
1028
1029 static void hci_setup_inquiry_mode(struct hci_request *req)
1030 {
1031 u8 mode;
1032
1033 mode = hci_get_inquiry_mode(req->hdev);
1034
1035 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
1036 }
1037
1038 static void hci_setup_event_mask(struct hci_request *req)
1039 {
1040 struct hci_dev *hdev = req->hdev;
1041
1042 /* The second byte is 0xff instead of 0x9f (two reserved bits
1043 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
1044 * command otherwise.
1045 */
1046 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
1047
1048 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
1049 * any event mask for pre 1.2 devices.
1050 */
1051 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1052 return;
1053
1054 if (lmp_bredr_capable(hdev)) {
1055 events[4] |= 0x01; /* Flow Specification Complete */
1056 events[4] |= 0x02; /* Inquiry Result with RSSI */
1057 events[4] |= 0x04; /* Read Remote Extended Features Complete */
1058 events[5] |= 0x08; /* Synchronous Connection Complete */
1059 events[5] |= 0x10; /* Synchronous Connection Changed */
1060 } else {
1061 /* Use a different default for LE-only devices */
1062 memset(events, 0, sizeof(events));
1063 events[0] |= 0x10; /* Disconnection Complete */
1064 events[0] |= 0x80; /* Encryption Change */
1065 events[1] |= 0x08; /* Read Remote Version Information Complete */
1066 events[1] |= 0x20; /* Command Complete */
1067 events[1] |= 0x40; /* Command Status */
1068 events[1] |= 0x80; /* Hardware Error */
1069 events[2] |= 0x04; /* Number of Completed Packets */
1070 events[3] |= 0x02; /* Data Buffer Overflow */
1071 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1072 }
1073
1074 if (lmp_inq_rssi_capable(hdev))
1075 events[4] |= 0x02; /* Inquiry Result with RSSI */
1076
1077 if (lmp_sniffsubr_capable(hdev))
1078 events[5] |= 0x20; /* Sniff Subrating */
1079
1080 if (lmp_pause_enc_capable(hdev))
1081 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1082
1083 if (lmp_ext_inq_capable(hdev))
1084 events[5] |= 0x40; /* Extended Inquiry Result */
1085
1086 if (lmp_no_flush_capable(hdev))
1087 events[7] |= 0x01; /* Enhanced Flush Complete */
1088
1089 if (lmp_lsto_capable(hdev))
1090 events[6] |= 0x80; /* Link Supervision Timeout Changed */
1091
1092 if (lmp_ssp_capable(hdev)) {
1093 events[6] |= 0x01; /* IO Capability Request */
1094 events[6] |= 0x02; /* IO Capability Response */
1095 events[6] |= 0x04; /* User Confirmation Request */
1096 events[6] |= 0x08; /* User Passkey Request */
1097 events[6] |= 0x10; /* Remote OOB Data Request */
1098 events[6] |= 0x20; /* Simple Pairing Complete */
1099 events[7] |= 0x04; /* User Passkey Notification */
1100 events[7] |= 0x08; /* Keypress Notification */
1101 events[7] |= 0x10; /* Remote Host Supported
1102 * Features Notification
1103 */
1104 }
1105
1106 if (lmp_le_capable(hdev))
1107 events[7] |= 0x20; /* LE Meta-Event */
1108
1109 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
1110
1111 if (lmp_le_capable(hdev)) {
1112 memset(events, 0, sizeof(events));
1113 events[0] = 0x1f;
1114 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK,
1115 sizeof(events), events);
1116 }
1117 }
1118
1119 static void hci_init2_req(struct hci_request *req, unsigned long opt)
1120 {
1121 struct hci_dev *hdev = req->hdev;
1122
1123 if (lmp_bredr_capable(hdev))
1124 bredr_setup(req);
1125 else
1126 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
1127
1128 if (lmp_le_capable(hdev))
1129 le_setup(req);
1130
1131 hci_setup_event_mask(req);
1132
1133 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
1134 * local supported commands HCI command.
1135 */
1136 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1)
1137 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1138
1139 if (lmp_ssp_capable(hdev)) {
1140 /* When SSP is available, then the host features page
1141 * should also be available as well. However some
1142 * controllers list the max_page as 0 as long as SSP
1143 * has not been enabled. To achieve proper debugging
1144 * output, force the minimum max_page to 1 at least.
1145 */
1146 hdev->max_page = 0x01;
1147
1148 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1149 u8 mode = 0x01;
1150 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
1151 sizeof(mode), &mode);
1152 } else {
1153 struct hci_cp_write_eir cp;
1154
1155 memset(hdev->eir, 0, sizeof(hdev->eir));
1156 memset(&cp, 0, sizeof(cp));
1157
1158 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1159 }
1160 }
1161
1162 if (lmp_inq_rssi_capable(hdev))
1163 hci_setup_inquiry_mode(req);
1164
1165 if (lmp_inq_tx_pwr_capable(hdev))
1166 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
1167
1168 if (lmp_ext_feat_capable(hdev)) {
1169 struct hci_cp_read_local_ext_features cp;
1170
1171 cp.page = 0x01;
1172 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1173 sizeof(cp), &cp);
1174 }
1175
1176 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
1177 u8 enable = 1;
1178 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
1179 &enable);
1180 }
1181 }
1182
1183 static void hci_setup_link_policy(struct hci_request *req)
1184 {
1185 struct hci_dev *hdev = req->hdev;
1186 struct hci_cp_write_def_link_policy cp;
1187 u16 link_policy = 0;
1188
1189 if (lmp_rswitch_capable(hdev))
1190 link_policy |= HCI_LP_RSWITCH;
1191 if (lmp_hold_capable(hdev))
1192 link_policy |= HCI_LP_HOLD;
1193 if (lmp_sniff_capable(hdev))
1194 link_policy |= HCI_LP_SNIFF;
1195 if (lmp_park_capable(hdev))
1196 link_policy |= HCI_LP_PARK;
1197
1198 cp.policy = cpu_to_le16(link_policy);
1199 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
1200 }
1201
1202 static void hci_set_le_support(struct hci_request *req)
1203 {
1204 struct hci_dev *hdev = req->hdev;
1205 struct hci_cp_write_le_host_supported cp;
1206
1207 /* LE-only devices do not support explicit enablement */
1208 if (!lmp_bredr_capable(hdev))
1209 return;
1210
1211 memset(&cp, 0, sizeof(cp));
1212
1213 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1214 cp.le = 0x01;
1215 cp.simul = lmp_le_br_capable(hdev);
1216 }
1217
1218 if (cp.le != lmp_host_le_capable(hdev))
1219 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
1220 &cp);
1221 }
1222
1223 static void hci_set_event_mask_page_2(struct hci_request *req)
1224 {
1225 struct hci_dev *hdev = req->hdev;
1226 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
1227
1228 /* If Connectionless Slave Broadcast master role is supported
1229 * enable all necessary events for it.
1230 */
1231 if (hdev->features[2][0] & 0x01) {
1232 events[1] |= 0x40; /* Triggered Clock Capture */
1233 events[1] |= 0x80; /* Synchronization Train Complete */
1234 events[2] |= 0x10; /* Slave Page Response Timeout */
1235 events[2] |= 0x20; /* CSB Channel Map Change */
1236 }
1237
1238 /* If Connectionless Slave Broadcast slave role is supported
1239 * enable all necessary events for it.
1240 */
1241 if (hdev->features[2][0] & 0x02) {
1242 events[2] |= 0x01; /* Synchronization Train Received */
1243 events[2] |= 0x02; /* CSB Receive */
1244 events[2] |= 0x04; /* CSB Timeout */
1245 events[2] |= 0x08; /* Truncated Page Complete */
1246 }
1247
1248 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
1249 }
1250
1251 static void hci_init3_req(struct hci_request *req, unsigned long opt)
1252 {
1253 struct hci_dev *hdev = req->hdev;
1254 u8 p;
1255
1256 /* Some Broadcom based Bluetooth controllers do not support the
1257 * Delete Stored Link Key command. They are clearly indicating its
1258 * absence in the bit mask of supported commands.
1259 *
1260 * Check the supported commands and only if the the command is marked
1261 * as supported send it. If not supported assume that the controller
1262 * does not have actual support for stored link keys which makes this
1263 * command redundant anyway.
1264 */
1265 if (hdev->commands[6] & 0x80) {
1266 struct hci_cp_delete_stored_link_key cp;
1267
1268 bacpy(&cp.bdaddr, BDADDR_ANY);
1269 cp.delete_all = 0x01;
1270 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
1271 sizeof(cp), &cp);
1272 }
1273
1274 if (hdev->commands[5] & 0x10)
1275 hci_setup_link_policy(req);
1276
1277 if (lmp_le_capable(hdev)) {
1278 /* If the controller has a public BD_ADDR, then by
1279 * default use that one. If this is a LE only
1280 * controller without one, default to the random
1281 * address.
1282 */
1283 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1284 hdev->own_addr_type = ADDR_LE_DEV_PUBLIC;
1285 else
1286 hdev->own_addr_type = ADDR_LE_DEV_RANDOM;
1287
1288 hci_set_le_support(req);
1289 }
1290
1291 /* Read features beyond page 1 if available */
1292 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
1293 struct hci_cp_read_local_ext_features cp;
1294
1295 cp.page = p;
1296 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1297 sizeof(cp), &cp);
1298 }
1299 }
1300
1301 static void hci_init4_req(struct hci_request *req, unsigned long opt)
1302 {
1303 struct hci_dev *hdev = req->hdev;
1304
1305 /* Set event mask page 2 if the HCI command for it is supported */
1306 if (hdev->commands[22] & 0x04)
1307 hci_set_event_mask_page_2(req);
1308
1309 /* Check for Synchronization Train support */
1310 if (hdev->features[2][0] & 0x04)
1311 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1312 }
1313
1314 static int __hci_init(struct hci_dev *hdev)
1315 {
1316 int err;
1317
1318 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
1319 if (err < 0)
1320 return err;
1321
1322 /* The Device Under Test (DUT) mode is special and available for
1323 * all controller types. So just create it early on.
1324 */
1325 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1326 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
1327 &dut_mode_fops);
1328 }
1329
1330 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
1331 * BR/EDR/LE type controllers. AMP controllers only need the
1332 * first stage init.
1333 */
1334 if (hdev->dev_type != HCI_BREDR)
1335 return 0;
1336
1337 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
1338 if (err < 0)
1339 return err;
1340
1341 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
1342 if (err < 0)
1343 return err;
1344
1345 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
1346 if (err < 0)
1347 return err;
1348
1349 /* Only create debugfs entries during the initial setup
1350 * phase and not every time the controller gets powered on.
1351 */
1352 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
1353 return 0;
1354
1355 debugfs_create_file("features", 0444, hdev->debugfs, hdev,
1356 &features_fops);
1357 debugfs_create_u16("manufacturer", 0444, hdev->debugfs,
1358 &hdev->manufacturer);
1359 debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver);
1360 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
1361 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1362 &blacklist_fops);
1363 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1364
1365 if (lmp_bredr_capable(hdev)) {
1366 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
1367 hdev, &inquiry_cache_fops);
1368 debugfs_create_file("link_keys", 0400, hdev->debugfs,
1369 hdev, &link_keys_fops);
1370 debugfs_create_file("use_debug_keys", 0444, hdev->debugfs,
1371 hdev, &use_debug_keys_fops);
1372 debugfs_create_file("dev_class", 0444, hdev->debugfs,
1373 hdev, &dev_class_fops);
1374 debugfs_create_file("voice_setting", 0444, hdev->debugfs,
1375 hdev, &voice_setting_fops);
1376 }
1377
1378 if (lmp_ssp_capable(hdev)) {
1379 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs,
1380 hdev, &auto_accept_delay_fops);
1381 debugfs_create_file("ssp_debug_mode", 0644, hdev->debugfs,
1382 hdev, &ssp_debug_mode_fops);
1383 }
1384
1385 if (lmp_sniff_capable(hdev)) {
1386 debugfs_create_file("idle_timeout", 0644, hdev->debugfs,
1387 hdev, &idle_timeout_fops);
1388 debugfs_create_file("sniff_min_interval", 0644, hdev->debugfs,
1389 hdev, &sniff_min_interval_fops);
1390 debugfs_create_file("sniff_max_interval", 0644, hdev->debugfs,
1391 hdev, &sniff_max_interval_fops);
1392 }
1393
1394 if (lmp_le_capable(hdev)) {
1395 debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
1396 &hdev->le_white_list_size);
1397 debugfs_create_file("static_address", 0444, hdev->debugfs,
1398 hdev, &static_address_fops);
1399 debugfs_create_file("own_address_type", 0644, hdev->debugfs,
1400 hdev, &own_address_type_fops);
1401 debugfs_create_file("long_term_keys", 0400, hdev->debugfs,
1402 hdev, &long_term_keys_fops);
1403 debugfs_create_file("conn_min_interval", 0644, hdev->debugfs,
1404 hdev, &conn_min_interval_fops);
1405 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs,
1406 hdev, &conn_max_interval_fops);
1407 }
1408
1409 return 0;
1410 }
1411
1412 static void hci_scan_req(struct hci_request *req, unsigned long opt)
1413 {
1414 __u8 scan = opt;
1415
1416 BT_DBG("%s %x", req->hdev->name, scan);
1417
1418 /* Inquiry and Page scans */
1419 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1420 }
1421
1422 static void hci_auth_req(struct hci_request *req, unsigned long opt)
1423 {
1424 __u8 auth = opt;
1425
1426 BT_DBG("%s %x", req->hdev->name, auth);
1427
1428 /* Authentication */
1429 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1430 }
1431
1432 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
1433 {
1434 __u8 encrypt = opt;
1435
1436 BT_DBG("%s %x", req->hdev->name, encrypt);
1437
1438 /* Encryption */
1439 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1440 }
1441
1442 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
1443 {
1444 __le16 policy = cpu_to_le16(opt);
1445
1446 BT_DBG("%s %x", req->hdev->name, policy);
1447
1448 /* Default link policy */
1449 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1450 }
1451
1452 /* Get HCI device by index.
1453 * Device is held on return. */
1454 struct hci_dev *hci_dev_get(int index)
1455 {
1456 struct hci_dev *hdev = NULL, *d;
1457
1458 BT_DBG("%d", index);
1459
1460 if (index < 0)
1461 return NULL;
1462
1463 read_lock(&hci_dev_list_lock);
1464 list_for_each_entry(d, &hci_dev_list, list) {
1465 if (d->id == index) {
1466 hdev = hci_dev_hold(d);
1467 break;
1468 }
1469 }
1470 read_unlock(&hci_dev_list_lock);
1471 return hdev;
1472 }
1473
1474 /* ---- Inquiry support ---- */
1475
1476 bool hci_discovery_active(struct hci_dev *hdev)
1477 {
1478 struct discovery_state *discov = &hdev->discovery;
1479
1480 switch (discov->state) {
1481 case DISCOVERY_FINDING:
1482 case DISCOVERY_RESOLVING:
1483 return true;
1484
1485 default:
1486 return false;
1487 }
1488 }
1489
1490 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1491 {
1492 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1493
1494 if (hdev->discovery.state == state)
1495 return;
1496
1497 switch (state) {
1498 case DISCOVERY_STOPPED:
1499 if (hdev->discovery.state != DISCOVERY_STARTING)
1500 mgmt_discovering(hdev, 0);
1501 break;
1502 case DISCOVERY_STARTING:
1503 break;
1504 case DISCOVERY_FINDING:
1505 mgmt_discovering(hdev, 1);
1506 break;
1507 case DISCOVERY_RESOLVING:
1508 break;
1509 case DISCOVERY_STOPPING:
1510 break;
1511 }
1512
1513 hdev->discovery.state = state;
1514 }
1515
1516 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1517 {
1518 struct discovery_state *cache = &hdev->discovery;
1519 struct inquiry_entry *p, *n;
1520
1521 list_for_each_entry_safe(p, n, &cache->all, all) {
1522 list_del(&p->all);
1523 kfree(p);
1524 }
1525
1526 INIT_LIST_HEAD(&cache->unknown);
1527 INIT_LIST_HEAD(&cache->resolve);
1528 }
1529
1530 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1531 bdaddr_t *bdaddr)
1532 {
1533 struct discovery_state *cache = &hdev->discovery;
1534 struct inquiry_entry *e;
1535
1536 BT_DBG("cache %p, %pMR", cache, bdaddr);
1537
1538 list_for_each_entry(e, &cache->all, all) {
1539 if (!bacmp(&e->data.bdaddr, bdaddr))
1540 return e;
1541 }
1542
1543 return NULL;
1544 }
1545
1546 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1547 bdaddr_t *bdaddr)
1548 {
1549 struct discovery_state *cache = &hdev->discovery;
1550 struct inquiry_entry *e;
1551
1552 BT_DBG("cache %p, %pMR", cache, bdaddr);
1553
1554 list_for_each_entry(e, &cache->unknown, list) {
1555 if (!bacmp(&e->data.bdaddr, bdaddr))
1556 return e;
1557 }
1558
1559 return NULL;
1560 }
1561
1562 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1563 bdaddr_t *bdaddr,
1564 int state)
1565 {
1566 struct discovery_state *cache = &hdev->discovery;
1567 struct inquiry_entry *e;
1568
1569 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1570
1571 list_for_each_entry(e, &cache->resolve, list) {
1572 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1573 return e;
1574 if (!bacmp(&e->data.bdaddr, bdaddr))
1575 return e;
1576 }
1577
1578 return NULL;
1579 }
1580
1581 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1582 struct inquiry_entry *ie)
1583 {
1584 struct discovery_state *cache = &hdev->discovery;
1585 struct list_head *pos = &cache->resolve;
1586 struct inquiry_entry *p;
1587
1588 list_del(&ie->list);
1589
1590 list_for_each_entry(p, &cache->resolve, list) {
1591 if (p->name_state != NAME_PENDING &&
1592 abs(p->data.rssi) >= abs(ie->data.rssi))
1593 break;
1594 pos = &p->list;
1595 }
1596
1597 list_add(&ie->list, pos);
1598 }
1599
1600 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1601 bool name_known, bool *ssp)
1602 {
1603 struct discovery_state *cache = &hdev->discovery;
1604 struct inquiry_entry *ie;
1605
1606 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1607
1608 hci_remove_remote_oob_data(hdev, &data->bdaddr);
1609
1610 if (ssp)
1611 *ssp = data->ssp_mode;
1612
1613 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1614 if (ie) {
1615 if (ie->data.ssp_mode && ssp)
1616 *ssp = true;
1617
1618 if (ie->name_state == NAME_NEEDED &&
1619 data->rssi != ie->data.rssi) {
1620 ie->data.rssi = data->rssi;
1621 hci_inquiry_cache_update_resolve(hdev, ie);
1622 }
1623
1624 goto update;
1625 }
1626
1627 /* Entry not in the cache. Add new one. */
1628 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
1629 if (!ie)
1630 return false;
1631
1632 list_add(&ie->all, &cache->all);
1633
1634 if (name_known) {
1635 ie->name_state = NAME_KNOWN;
1636 } else {
1637 ie->name_state = NAME_NOT_KNOWN;
1638 list_add(&ie->list, &cache->unknown);
1639 }
1640
1641 update:
1642 if (name_known && ie->name_state != NAME_KNOWN &&
1643 ie->name_state != NAME_PENDING) {
1644 ie->name_state = NAME_KNOWN;
1645 list_del(&ie->list);
1646 }
1647
1648 memcpy(&ie->data, data, sizeof(*data));
1649 ie->timestamp = jiffies;
1650 cache->timestamp = jiffies;
1651
1652 if (ie->name_state == NAME_NOT_KNOWN)
1653 return false;
1654
1655 return true;
1656 }
1657
1658 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1659 {
1660 struct discovery_state *cache = &hdev->discovery;
1661 struct inquiry_info *info = (struct inquiry_info *) buf;
1662 struct inquiry_entry *e;
1663 int copied = 0;
1664
1665 list_for_each_entry(e, &cache->all, all) {
1666 struct inquiry_data *data = &e->data;
1667
1668 if (copied >= num)
1669 break;
1670
1671 bacpy(&info->bdaddr, &data->bdaddr);
1672 info->pscan_rep_mode = data->pscan_rep_mode;
1673 info->pscan_period_mode = data->pscan_period_mode;
1674 info->pscan_mode = data->pscan_mode;
1675 memcpy(info->dev_class, data->dev_class, 3);
1676 info->clock_offset = data->clock_offset;
1677
1678 info++;
1679 copied++;
1680 }
1681
1682 BT_DBG("cache %p, copied %d", cache, copied);
1683 return copied;
1684 }
1685
1686 static void hci_inq_req(struct hci_request *req, unsigned long opt)
1687 {
1688 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1689 struct hci_dev *hdev = req->hdev;
1690 struct hci_cp_inquiry cp;
1691
1692 BT_DBG("%s", hdev->name);
1693
1694 if (test_bit(HCI_INQUIRY, &hdev->flags))
1695 return;
1696
1697 /* Start Inquiry */
1698 memcpy(&cp.lap, &ir->lap, 3);
1699 cp.length = ir->length;
1700 cp.num_rsp = ir->num_rsp;
1701 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1702 }
1703
1704 static int wait_inquiry(void *word)
1705 {
1706 schedule();
1707 return signal_pending(current);
1708 }
1709
1710 int hci_inquiry(void __user *arg)
1711 {
1712 __u8 __user *ptr = arg;
1713 struct hci_inquiry_req ir;
1714 struct hci_dev *hdev;
1715 int err = 0, do_inquiry = 0, max_rsp;
1716 long timeo;
1717 __u8 *buf;
1718
1719 if (copy_from_user(&ir, ptr, sizeof(ir)))
1720 return -EFAULT;
1721
1722 hdev = hci_dev_get(ir.dev_id);
1723 if (!hdev)
1724 return -ENODEV;
1725
1726 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
1727 err = -EBUSY;
1728 goto done;
1729 }
1730
1731 if (hdev->dev_type != HCI_BREDR) {
1732 err = -EOPNOTSUPP;
1733 goto done;
1734 }
1735
1736 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1737 err = -EOPNOTSUPP;
1738 goto done;
1739 }
1740
1741 hci_dev_lock(hdev);
1742 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1743 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1744 hci_inquiry_cache_flush(hdev);
1745 do_inquiry = 1;
1746 }
1747 hci_dev_unlock(hdev);
1748
1749 timeo = ir.length * msecs_to_jiffies(2000);
1750
1751 if (do_inquiry) {
1752 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1753 timeo);
1754 if (err < 0)
1755 goto done;
1756
1757 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1758 * cleared). If it is interrupted by a signal, return -EINTR.
1759 */
1760 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry,
1761 TASK_INTERRUPTIBLE))
1762 return -EINTR;
1763 }
1764
1765 /* for unlimited number of responses we will use buffer with
1766 * 255 entries
1767 */
1768 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1769
1770 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1771 * copy it to the user space.
1772 */
1773 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
1774 if (!buf) {
1775 err = -ENOMEM;
1776 goto done;
1777 }
1778
1779 hci_dev_lock(hdev);
1780 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1781 hci_dev_unlock(hdev);
1782
1783 BT_DBG("num_rsp %d", ir.num_rsp);
1784
1785 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1786 ptr += sizeof(ir);
1787 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1788 ir.num_rsp))
1789 err = -EFAULT;
1790 } else
1791 err = -EFAULT;
1792
1793 kfree(buf);
1794
1795 done:
1796 hci_dev_put(hdev);
1797 return err;
1798 }
1799
1800 static int hci_dev_do_open(struct hci_dev *hdev)
1801 {
1802 int ret = 0;
1803
1804 BT_DBG("%s %p", hdev->name, hdev);
1805
1806 hci_req_lock(hdev);
1807
1808 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
1809 ret = -ENODEV;
1810 goto done;
1811 }
1812
1813 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
1814 /* Check for rfkill but allow the HCI setup stage to
1815 * proceed (which in itself doesn't cause any RF activity).
1816 */
1817 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) {
1818 ret = -ERFKILL;
1819 goto done;
1820 }
1821
1822 /* Check for valid public address or a configured static
1823 * random adddress, but let the HCI setup proceed to
1824 * be able to determine if there is a public address
1825 * or not.
1826 *
1827 * This check is only valid for BR/EDR controllers
1828 * since AMP controllers do not have an address.
1829 */
1830 if (hdev->dev_type == HCI_BREDR &&
1831 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1832 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1833 ret = -EADDRNOTAVAIL;
1834 goto done;
1835 }
1836 }
1837
1838 if (test_bit(HCI_UP, &hdev->flags)) {
1839 ret = -EALREADY;
1840 goto done;
1841 }
1842
1843 if (hdev->open(hdev)) {
1844 ret = -EIO;
1845 goto done;
1846 }
1847
1848 atomic_set(&hdev->cmd_cnt, 1);
1849 set_bit(HCI_INIT, &hdev->flags);
1850
1851 if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags))
1852 ret = hdev->setup(hdev);
1853
1854 if (!ret) {
1855 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1856 set_bit(HCI_RAW, &hdev->flags);
1857
1858 if (!test_bit(HCI_RAW, &hdev->flags) &&
1859 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
1860 ret = __hci_init(hdev);
1861 }
1862
1863 clear_bit(HCI_INIT, &hdev->flags);
1864
1865 if (!ret) {
1866 hci_dev_hold(hdev);
1867 set_bit(HCI_UP, &hdev->flags);
1868 hci_notify(hdev, HCI_DEV_UP);
1869 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
1870 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
1871 hdev->dev_type == HCI_BREDR) {
1872 hci_dev_lock(hdev);
1873 mgmt_powered(hdev, 1);
1874 hci_dev_unlock(hdev);
1875 }
1876 } else {
1877 /* Init failed, cleanup */
1878 flush_work(&hdev->tx_work);
1879 flush_work(&hdev->cmd_work);
1880 flush_work(&hdev->rx_work);
1881
1882 skb_queue_purge(&hdev->cmd_q);
1883 skb_queue_purge(&hdev->rx_q);
1884
1885 if (hdev->flush)
1886 hdev->flush(hdev);
1887
1888 if (hdev->sent_cmd) {
1889 kfree_skb(hdev->sent_cmd);
1890 hdev->sent_cmd = NULL;
1891 }
1892
1893 hdev->close(hdev);
1894 hdev->flags = 0;
1895 }
1896
1897 done:
1898 hci_req_unlock(hdev);
1899 return ret;
1900 }
1901
1902 /* ---- HCI ioctl helpers ---- */
1903
1904 int hci_dev_open(__u16 dev)
1905 {
1906 struct hci_dev *hdev;
1907 int err;
1908
1909 hdev = hci_dev_get(dev);
1910 if (!hdev)
1911 return -ENODEV;
1912
1913 /* We need to ensure that no other power on/off work is pending
1914 * before proceeding to call hci_dev_do_open. This is
1915 * particularly important if the setup procedure has not yet
1916 * completed.
1917 */
1918 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1919 cancel_delayed_work(&hdev->power_off);
1920
1921 /* After this call it is guaranteed that the setup procedure
1922 * has finished. This means that error conditions like RFKILL
1923 * or no valid public or static random address apply.
1924 */
1925 flush_workqueue(hdev->req_workqueue);
1926
1927 err = hci_dev_do_open(hdev);
1928
1929 hci_dev_put(hdev);
1930
1931 return err;
1932 }
1933
1934 static int hci_dev_do_close(struct hci_dev *hdev)
1935 {
1936 BT_DBG("%s %p", hdev->name, hdev);
1937
1938 cancel_delayed_work(&hdev->power_off);
1939
1940 hci_req_cancel(hdev, ENODEV);
1941 hci_req_lock(hdev);
1942
1943 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1944 del_timer_sync(&hdev->cmd_timer);
1945 hci_req_unlock(hdev);
1946 return 0;
1947 }
1948
1949 /* Flush RX and TX works */
1950 flush_work(&hdev->tx_work);
1951 flush_work(&hdev->rx_work);
1952
1953 if (hdev->discov_timeout > 0) {
1954 cancel_delayed_work(&hdev->discov_off);
1955 hdev->discov_timeout = 0;
1956 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1957 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1958 }
1959
1960 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1961 cancel_delayed_work(&hdev->service_cache);
1962
1963 cancel_delayed_work_sync(&hdev->le_scan_disable);
1964
1965 hci_dev_lock(hdev);
1966 hci_inquiry_cache_flush(hdev);
1967 hci_conn_hash_flush(hdev);
1968 hci_dev_unlock(hdev);
1969
1970 hci_notify(hdev, HCI_DEV_DOWN);
1971
1972 if (hdev->flush)
1973 hdev->flush(hdev);
1974
1975 /* Reset device */
1976 skb_queue_purge(&hdev->cmd_q);
1977 atomic_set(&hdev->cmd_cnt, 1);
1978 if (!test_bit(HCI_RAW, &hdev->flags) &&
1979 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
1980 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
1981 set_bit(HCI_INIT, &hdev->flags);
1982 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
1983 clear_bit(HCI_INIT, &hdev->flags);
1984 }
1985
1986 /* flush cmd work */
1987 flush_work(&hdev->cmd_work);
1988
1989 /* Drop queues */
1990 skb_queue_purge(&hdev->rx_q);
1991 skb_queue_purge(&hdev->cmd_q);
1992 skb_queue_purge(&hdev->raw_q);
1993
1994 /* Drop last sent command */
1995 if (hdev->sent_cmd) {
1996 del_timer_sync(&hdev->cmd_timer);
1997 kfree_skb(hdev->sent_cmd);
1998 hdev->sent_cmd = NULL;
1999 }
2000
2001 kfree_skb(hdev->recv_evt);
2002 hdev->recv_evt = NULL;
2003
2004 /* After this point our queues are empty
2005 * and no tasks are scheduled. */
2006 hdev->close(hdev);
2007
2008 /* Clear flags */
2009 hdev->flags = 0;
2010 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2011
2012 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2013 if (hdev->dev_type == HCI_BREDR) {
2014 hci_dev_lock(hdev);
2015 mgmt_powered(hdev, 0);
2016 hci_dev_unlock(hdev);
2017 }
2018 }
2019
2020 /* Controller radio is available but is currently powered down */
2021 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
2022
2023 memset(hdev->eir, 0, sizeof(hdev->eir));
2024 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
2025
2026 hci_req_unlock(hdev);
2027
2028 hci_dev_put(hdev);
2029 return 0;
2030 }
2031
2032 int hci_dev_close(__u16 dev)
2033 {
2034 struct hci_dev *hdev;
2035 int err;
2036
2037 hdev = hci_dev_get(dev);
2038 if (!hdev)
2039 return -ENODEV;
2040
2041 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2042 err = -EBUSY;
2043 goto done;
2044 }
2045
2046 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2047 cancel_delayed_work(&hdev->power_off);
2048
2049 err = hci_dev_do_close(hdev);
2050
2051 done:
2052 hci_dev_put(hdev);
2053 return err;
2054 }
2055
2056 int hci_dev_reset(__u16 dev)
2057 {
2058 struct hci_dev *hdev;
2059 int ret = 0;
2060
2061 hdev = hci_dev_get(dev);
2062 if (!hdev)
2063 return -ENODEV;
2064
2065 hci_req_lock(hdev);
2066
2067 if (!test_bit(HCI_UP, &hdev->flags)) {
2068 ret = -ENETDOWN;
2069 goto done;
2070 }
2071
2072 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2073 ret = -EBUSY;
2074 goto done;
2075 }
2076
2077 /* Drop queues */
2078 skb_queue_purge(&hdev->rx_q);
2079 skb_queue_purge(&hdev->cmd_q);
2080
2081 hci_dev_lock(hdev);
2082 hci_inquiry_cache_flush(hdev);
2083 hci_conn_hash_flush(hdev);
2084 hci_dev_unlock(hdev);
2085
2086 if (hdev->flush)
2087 hdev->flush(hdev);
2088
2089 atomic_set(&hdev->cmd_cnt, 1);
2090 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
2091
2092 if (!test_bit(HCI_RAW, &hdev->flags))
2093 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2094
2095 done:
2096 hci_req_unlock(hdev);
2097 hci_dev_put(hdev);
2098 return ret;
2099 }
2100
2101 int hci_dev_reset_stat(__u16 dev)
2102 {
2103 struct hci_dev *hdev;
2104 int ret = 0;
2105
2106 hdev = hci_dev_get(dev);
2107 if (!hdev)
2108 return -ENODEV;
2109
2110 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2111 ret = -EBUSY;
2112 goto done;
2113 }
2114
2115 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
2116
2117 done:
2118 hci_dev_put(hdev);
2119 return ret;
2120 }
2121
2122 int hci_dev_cmd(unsigned int cmd, void __user *arg)
2123 {
2124 struct hci_dev *hdev;
2125 struct hci_dev_req dr;
2126 int err = 0;
2127
2128 if (copy_from_user(&dr, arg, sizeof(dr)))
2129 return -EFAULT;
2130
2131 hdev = hci_dev_get(dr.dev_id);
2132 if (!hdev)
2133 return -ENODEV;
2134
2135 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2136 err = -EBUSY;
2137 goto done;
2138 }
2139
2140 if (hdev->dev_type != HCI_BREDR) {
2141 err = -EOPNOTSUPP;
2142 goto done;
2143 }
2144
2145 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2146 err = -EOPNOTSUPP;
2147 goto done;
2148 }
2149
2150 switch (cmd) {
2151 case HCISETAUTH:
2152 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2153 HCI_INIT_TIMEOUT);
2154 break;
2155
2156 case HCISETENCRYPT:
2157 if (!lmp_encrypt_capable(hdev)) {
2158 err = -EOPNOTSUPP;
2159 break;
2160 }
2161
2162 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2163 /* Auth must be enabled first */
2164 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2165 HCI_INIT_TIMEOUT);
2166 if (err)
2167 break;
2168 }
2169
2170 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2171 HCI_INIT_TIMEOUT);
2172 break;
2173
2174 case HCISETSCAN:
2175 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2176 HCI_INIT_TIMEOUT);
2177 break;
2178
2179 case HCISETLINKPOL:
2180 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2181 HCI_INIT_TIMEOUT);
2182 break;
2183
2184 case HCISETLINKMODE:
2185 hdev->link_mode = ((__u16) dr.dev_opt) &
2186 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2187 break;
2188
2189 case HCISETPTYPE:
2190 hdev->pkt_type = (__u16) dr.dev_opt;
2191 break;
2192
2193 case HCISETACLMTU:
2194 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2195 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2196 break;
2197
2198 case HCISETSCOMTU:
2199 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2200 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2201 break;
2202
2203 default:
2204 err = -EINVAL;
2205 break;
2206 }
2207
2208 done:
2209 hci_dev_put(hdev);
2210 return err;
2211 }
2212
2213 int hci_get_dev_list(void __user *arg)
2214 {
2215 struct hci_dev *hdev;
2216 struct hci_dev_list_req *dl;
2217 struct hci_dev_req *dr;
2218 int n = 0, size, err;
2219 __u16 dev_num;
2220
2221 if (get_user(dev_num, (__u16 __user *) arg))
2222 return -EFAULT;
2223
2224 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2225 return -EINVAL;
2226
2227 size = sizeof(*dl) + dev_num * sizeof(*dr);
2228
2229 dl = kzalloc(size, GFP_KERNEL);
2230 if (!dl)
2231 return -ENOMEM;
2232
2233 dr = dl->dev_req;
2234
2235 read_lock(&hci_dev_list_lock);
2236 list_for_each_entry(hdev, &hci_dev_list, list) {
2237 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2238 cancel_delayed_work(&hdev->power_off);
2239
2240 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2241 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
2242
2243 (dr + n)->dev_id = hdev->id;
2244 (dr + n)->dev_opt = hdev->flags;
2245
2246 if (++n >= dev_num)
2247 break;
2248 }
2249 read_unlock(&hci_dev_list_lock);
2250
2251 dl->dev_num = n;
2252 size = sizeof(*dl) + n * sizeof(*dr);
2253
2254 err = copy_to_user(arg, dl, size);
2255 kfree(dl);
2256
2257 return err ? -EFAULT : 0;
2258 }
2259
2260 int hci_get_dev_info(void __user *arg)
2261 {
2262 struct hci_dev *hdev;
2263 struct hci_dev_info di;
2264 int err = 0;
2265
2266 if (copy_from_user(&di, arg, sizeof(di)))
2267 return -EFAULT;
2268
2269 hdev = hci_dev_get(di.dev_id);
2270 if (!hdev)
2271 return -ENODEV;
2272
2273 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2274 cancel_delayed_work_sync(&hdev->power_off);
2275
2276 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2277 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
2278
2279 strcpy(di.name, hdev->name);
2280 di.bdaddr = hdev->bdaddr;
2281 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2282 di.flags = hdev->flags;
2283 di.pkt_type = hdev->pkt_type;
2284 if (lmp_bredr_capable(hdev)) {
2285 di.acl_mtu = hdev->acl_mtu;
2286 di.acl_pkts = hdev->acl_pkts;
2287 di.sco_mtu = hdev->sco_mtu;
2288 di.sco_pkts = hdev->sco_pkts;
2289 } else {
2290 di.acl_mtu = hdev->le_mtu;
2291 di.acl_pkts = hdev->le_pkts;
2292 di.sco_mtu = 0;
2293 di.sco_pkts = 0;
2294 }
2295 di.link_policy = hdev->link_policy;
2296 di.link_mode = hdev->link_mode;
2297
2298 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2299 memcpy(&di.features, &hdev->features, sizeof(di.features));
2300
2301 if (copy_to_user(arg, &di, sizeof(di)))
2302 err = -EFAULT;
2303
2304 hci_dev_put(hdev);
2305
2306 return err;
2307 }
2308
2309 /* ---- Interface to HCI drivers ---- */
2310
2311 static int hci_rfkill_set_block(void *data, bool blocked)
2312 {
2313 struct hci_dev *hdev = data;
2314
2315 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2316
2317 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2318 return -EBUSY;
2319
2320 if (blocked) {
2321 set_bit(HCI_RFKILLED, &hdev->dev_flags);
2322 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
2323 hci_dev_do_close(hdev);
2324 } else {
2325 clear_bit(HCI_RFKILLED, &hdev->dev_flags);
2326 }
2327
2328 return 0;
2329 }
2330
2331 static const struct rfkill_ops hci_rfkill_ops = {
2332 .set_block = hci_rfkill_set_block,
2333 };
2334
2335 static void hci_power_on(struct work_struct *work)
2336 {
2337 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2338 int err;
2339
2340 BT_DBG("%s", hdev->name);
2341
2342 err = hci_dev_do_open(hdev);
2343 if (err < 0) {
2344 mgmt_set_powered_failed(hdev, err);
2345 return;
2346 }
2347
2348 /* During the HCI setup phase, a few error conditions are
2349 * ignored and they need to be checked now. If they are still
2350 * valid, it is important to turn the device back off.
2351 */
2352 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
2353 (hdev->dev_type == HCI_BREDR &&
2354 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2355 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2356 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2357 hci_dev_do_close(hdev);
2358 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2359 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2360 HCI_AUTO_OFF_TIMEOUT);
2361 }
2362
2363 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
2364 mgmt_index_added(hdev);
2365 }
2366
2367 static void hci_power_off(struct work_struct *work)
2368 {
2369 struct hci_dev *hdev = container_of(work, struct hci_dev,
2370 power_off.work);
2371
2372 BT_DBG("%s", hdev->name);
2373
2374 hci_dev_do_close(hdev);
2375 }
2376
2377 static void hci_discov_off(struct work_struct *work)
2378 {
2379 struct hci_dev *hdev;
2380
2381 hdev = container_of(work, struct hci_dev, discov_off.work);
2382
2383 BT_DBG("%s", hdev->name);
2384
2385 mgmt_discoverable_timeout(hdev);
2386 }
2387
2388 int hci_uuids_clear(struct hci_dev *hdev)
2389 {
2390 struct bt_uuid *uuid, *tmp;
2391
2392 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2393 list_del(&uuid->list);
2394 kfree(uuid);
2395 }
2396
2397 return 0;
2398 }
2399
2400 int hci_link_keys_clear(struct hci_dev *hdev)
2401 {
2402 struct list_head *p, *n;
2403
2404 list_for_each_safe(p, n, &hdev->link_keys) {
2405 struct link_key *key;
2406
2407 key = list_entry(p, struct link_key, list);
2408
2409 list_del(p);
2410 kfree(key);
2411 }
2412
2413 return 0;
2414 }
2415
2416 int hci_smp_ltks_clear(struct hci_dev *hdev)
2417 {
2418 struct smp_ltk *k, *tmp;
2419
2420 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
2421 list_del(&k->list);
2422 kfree(k);
2423 }
2424
2425 return 0;
2426 }
2427
2428 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2429 {
2430 struct link_key *k;
2431
2432 list_for_each_entry(k, &hdev->link_keys, list)
2433 if (bacmp(bdaddr, &k->bdaddr) == 0)
2434 return k;
2435
2436 return NULL;
2437 }
2438
2439 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2440 u8 key_type, u8 old_key_type)
2441 {
2442 /* Legacy key */
2443 if (key_type < 0x03)
2444 return true;
2445
2446 /* Debug keys are insecure so don't store them persistently */
2447 if (key_type == HCI_LK_DEBUG_COMBINATION)
2448 return false;
2449
2450 /* Changed combination key and there's no previous one */
2451 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2452 return false;
2453
2454 /* Security mode 3 case */
2455 if (!conn)
2456 return true;
2457
2458 /* Neither local nor remote side had no-bonding as requirement */
2459 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2460 return true;
2461
2462 /* Local side had dedicated bonding as requirement */
2463 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2464 return true;
2465
2466 /* Remote side had dedicated bonding as requirement */
2467 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2468 return true;
2469
2470 /* If none of the above criteria match, then don't store the key
2471 * persistently */
2472 return false;
2473 }
2474
2475 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
2476 {
2477 struct smp_ltk *k;
2478
2479 list_for_each_entry(k, &hdev->long_term_keys, list) {
2480 if (k->ediv != ediv ||
2481 memcmp(rand, k->rand, sizeof(k->rand)))
2482 continue;
2483
2484 return k;
2485 }
2486
2487 return NULL;
2488 }
2489
2490 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2491 u8 addr_type)
2492 {
2493 struct smp_ltk *k;
2494
2495 list_for_each_entry(k, &hdev->long_term_keys, list)
2496 if (addr_type == k->bdaddr_type &&
2497 bacmp(bdaddr, &k->bdaddr) == 0)
2498 return k;
2499
2500 return NULL;
2501 }
2502
2503 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
2504 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
2505 {
2506 struct link_key *key, *old_key;
2507 u8 old_key_type;
2508 bool persistent;
2509
2510 old_key = hci_find_link_key(hdev, bdaddr);
2511 if (old_key) {
2512 old_key_type = old_key->type;
2513 key = old_key;
2514 } else {
2515 old_key_type = conn ? conn->key_type : 0xff;
2516 key = kzalloc(sizeof(*key), GFP_ATOMIC);
2517 if (!key)
2518 return -ENOMEM;
2519 list_add(&key->list, &hdev->link_keys);
2520 }
2521
2522 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2523
2524 /* Some buggy controller combinations generate a changed
2525 * combination key for legacy pairing even when there's no
2526 * previous key */
2527 if (type == HCI_LK_CHANGED_COMBINATION &&
2528 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2529 type = HCI_LK_COMBINATION;
2530 if (conn)
2531 conn->key_type = type;
2532 }
2533
2534 bacpy(&key->bdaddr, bdaddr);
2535 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2536 key->pin_len = pin_len;
2537
2538 if (type == HCI_LK_CHANGED_COMBINATION)
2539 key->type = old_key_type;
2540 else
2541 key->type = type;
2542
2543 if (!new_key)
2544 return 0;
2545
2546 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
2547
2548 mgmt_new_link_key(hdev, key, persistent);
2549
2550 if (conn)
2551 conn->flush_key = !persistent;
2552
2553 return 0;
2554 }
2555
2556 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
2557 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
2558 ediv, u8 rand[8])
2559 {
2560 struct smp_ltk *key, *old_key;
2561
2562 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
2563 return 0;
2564
2565 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
2566 if (old_key)
2567 key = old_key;
2568 else {
2569 key = kzalloc(sizeof(*key), GFP_ATOMIC);
2570 if (!key)
2571 return -ENOMEM;
2572 list_add(&key->list, &hdev->long_term_keys);
2573 }
2574
2575 bacpy(&key->bdaddr, bdaddr);
2576 key->bdaddr_type = addr_type;
2577 memcpy(key->val, tk, sizeof(key->val));
2578 key->authenticated = authenticated;
2579 key->ediv = ediv;
2580 key->enc_size = enc_size;
2581 key->type = type;
2582 memcpy(key->rand, rand, sizeof(key->rand));
2583
2584 if (!new_key)
2585 return 0;
2586
2587 if (type & HCI_SMP_LTK)
2588 mgmt_new_ltk(hdev, key, 1);
2589
2590 return 0;
2591 }
2592
2593 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2594 {
2595 struct link_key *key;
2596
2597 key = hci_find_link_key(hdev, bdaddr);
2598 if (!key)
2599 return -ENOENT;
2600
2601 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2602
2603 list_del(&key->list);
2604 kfree(key);
2605
2606 return 0;
2607 }
2608
2609 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
2610 {
2611 struct smp_ltk *k, *tmp;
2612
2613 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
2614 if (bacmp(bdaddr, &k->bdaddr))
2615 continue;
2616
2617 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2618
2619 list_del(&k->list);
2620 kfree(k);
2621 }
2622
2623 return 0;
2624 }
2625
2626 /* HCI command timer function */
2627 static void hci_cmd_timeout(unsigned long arg)
2628 {
2629 struct hci_dev *hdev = (void *) arg;
2630
2631 if (hdev->sent_cmd) {
2632 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2633 u16 opcode = __le16_to_cpu(sent->opcode);
2634
2635 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
2636 } else {
2637 BT_ERR("%s command tx timeout", hdev->name);
2638 }
2639
2640 atomic_set(&hdev->cmd_cnt, 1);
2641 queue_work(hdev->workqueue, &hdev->cmd_work);
2642 }
2643
2644 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2645 bdaddr_t *bdaddr)
2646 {
2647 struct oob_data *data;
2648
2649 list_for_each_entry(data, &hdev->remote_oob_data, list)
2650 if (bacmp(bdaddr, &data->bdaddr) == 0)
2651 return data;
2652
2653 return NULL;
2654 }
2655
2656 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
2657 {
2658 struct oob_data *data;
2659
2660 data = hci_find_remote_oob_data(hdev, bdaddr);
2661 if (!data)
2662 return -ENOENT;
2663
2664 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2665
2666 list_del(&data->list);
2667 kfree(data);
2668
2669 return 0;
2670 }
2671
2672 int hci_remote_oob_data_clear(struct hci_dev *hdev)
2673 {
2674 struct oob_data *data, *n;
2675
2676 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2677 list_del(&data->list);
2678 kfree(data);
2679 }
2680
2681 return 0;
2682 }
2683
2684 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
2685 u8 *randomizer)
2686 {
2687 struct oob_data *data;
2688
2689 data = hci_find_remote_oob_data(hdev, bdaddr);
2690
2691 if (!data) {
2692 data = kmalloc(sizeof(*data), GFP_ATOMIC);
2693 if (!data)
2694 return -ENOMEM;
2695
2696 bacpy(&data->bdaddr, bdaddr);
2697 list_add(&data->list, &hdev->remote_oob_data);
2698 }
2699
2700 memcpy(data->hash, hash, sizeof(data->hash));
2701 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
2702
2703 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2704
2705 return 0;
2706 }
2707
2708 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
2709 bdaddr_t *bdaddr, u8 type)
2710 {
2711 struct bdaddr_list *b;
2712
2713 list_for_each_entry(b, &hdev->blacklist, list) {
2714 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2715 return b;
2716 }
2717
2718 return NULL;
2719 }
2720
2721 int hci_blacklist_clear(struct hci_dev *hdev)
2722 {
2723 struct list_head *p, *n;
2724
2725 list_for_each_safe(p, n, &hdev->blacklist) {
2726 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
2727
2728 list_del(p);
2729 kfree(b);
2730 }
2731
2732 return 0;
2733 }
2734
2735 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2736 {
2737 struct bdaddr_list *entry;
2738
2739 if (!bacmp(bdaddr, BDADDR_ANY))
2740 return -EBADF;
2741
2742 if (hci_blacklist_lookup(hdev, bdaddr, type))
2743 return -EEXIST;
2744
2745 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
2746 if (!entry)
2747 return -ENOMEM;
2748
2749 bacpy(&entry->bdaddr, bdaddr);
2750 entry->bdaddr_type = type;
2751
2752 list_add(&entry->list, &hdev->blacklist);
2753
2754 return mgmt_device_blocked(hdev, bdaddr, type);
2755 }
2756
2757 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2758 {
2759 struct bdaddr_list *entry;
2760
2761 if (!bacmp(bdaddr, BDADDR_ANY))
2762 return hci_blacklist_clear(hdev);
2763
2764 entry = hci_blacklist_lookup(hdev, bdaddr, type);
2765 if (!entry)
2766 return -ENOENT;
2767
2768 list_del(&entry->list);
2769 kfree(entry);
2770
2771 return mgmt_device_unblocked(hdev, bdaddr, type);
2772 }
2773
2774 static void inquiry_complete(struct hci_dev *hdev, u8 status)
2775 {
2776 if (status) {
2777 BT_ERR("Failed to start inquiry: status %d", status);
2778
2779 hci_dev_lock(hdev);
2780 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2781 hci_dev_unlock(hdev);
2782 return;
2783 }
2784 }
2785
2786 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status)
2787 {
2788 /* General inquiry access code (GIAC) */
2789 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2790 struct hci_request req;
2791 struct hci_cp_inquiry cp;
2792 int err;
2793
2794 if (status) {
2795 BT_ERR("Failed to disable LE scanning: status %d", status);
2796 return;
2797 }
2798
2799 switch (hdev->discovery.type) {
2800 case DISCOV_TYPE_LE:
2801 hci_dev_lock(hdev);
2802 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2803 hci_dev_unlock(hdev);
2804 break;
2805
2806 case DISCOV_TYPE_INTERLEAVED:
2807 hci_req_init(&req, hdev);
2808
2809 memset(&cp, 0, sizeof(cp));
2810 memcpy(&cp.lap, lap, sizeof(cp.lap));
2811 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
2812 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2813
2814 hci_dev_lock(hdev);
2815
2816 hci_inquiry_cache_flush(hdev);
2817
2818 err = hci_req_run(&req, inquiry_complete);
2819 if (err) {
2820 BT_ERR("Inquiry request failed: err %d", err);
2821 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2822 }
2823
2824 hci_dev_unlock(hdev);
2825 break;
2826 }
2827 }
2828
2829 static void le_scan_disable_work(struct work_struct *work)
2830 {
2831 struct hci_dev *hdev = container_of(work, struct hci_dev,
2832 le_scan_disable.work);
2833 struct hci_cp_le_set_scan_enable cp;
2834 struct hci_request req;
2835 int err;
2836
2837 BT_DBG("%s", hdev->name);
2838
2839 hci_req_init(&req, hdev);
2840
2841 memset(&cp, 0, sizeof(cp));
2842 cp.enable = LE_SCAN_DISABLE;
2843 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
2844
2845 err = hci_req_run(&req, le_scan_disable_work_complete);
2846 if (err)
2847 BT_ERR("Disable LE scanning request failed: err %d", err);
2848 }
2849
2850 /* Alloc HCI device */
2851 struct hci_dev *hci_alloc_dev(void)
2852 {
2853 struct hci_dev *hdev;
2854
2855 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
2856 if (!hdev)
2857 return NULL;
2858
2859 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
2860 hdev->esco_type = (ESCO_HV1);
2861 hdev->link_mode = (HCI_LM_ACCEPT);
2862 hdev->num_iac = 0x01; /* One IAC support is mandatory */
2863 hdev->io_capability = 0x03; /* No Input No Output */
2864 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
2865 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
2866
2867 hdev->sniff_max_interval = 800;
2868 hdev->sniff_min_interval = 80;
2869
2870 hdev->le_scan_interval = 0x0060;
2871 hdev->le_scan_window = 0x0030;
2872 hdev->le_conn_min_interval = 0x0028;
2873 hdev->le_conn_max_interval = 0x0038;
2874
2875 mutex_init(&hdev->lock);
2876 mutex_init(&hdev->req_lock);
2877
2878 INIT_LIST_HEAD(&hdev->mgmt_pending);
2879 INIT_LIST_HEAD(&hdev->blacklist);
2880 INIT_LIST_HEAD(&hdev->uuids);
2881 INIT_LIST_HEAD(&hdev->link_keys);
2882 INIT_LIST_HEAD(&hdev->long_term_keys);
2883 INIT_LIST_HEAD(&hdev->remote_oob_data);
2884 INIT_LIST_HEAD(&hdev->conn_hash.list);
2885
2886 INIT_WORK(&hdev->rx_work, hci_rx_work);
2887 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
2888 INIT_WORK(&hdev->tx_work, hci_tx_work);
2889 INIT_WORK(&hdev->power_on, hci_power_on);
2890
2891 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
2892 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
2893 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2894
2895 skb_queue_head_init(&hdev->rx_q);
2896 skb_queue_head_init(&hdev->cmd_q);
2897 skb_queue_head_init(&hdev->raw_q);
2898
2899 init_waitqueue_head(&hdev->req_wait_q);
2900
2901 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
2902
2903 hci_init_sysfs(hdev);
2904 discovery_init(hdev);
2905
2906 return hdev;
2907 }
2908 EXPORT_SYMBOL(hci_alloc_dev);
2909
2910 /* Free HCI device */
2911 void hci_free_dev(struct hci_dev *hdev)
2912 {
2913 /* will free via device release */
2914 put_device(&hdev->dev);
2915 }
2916 EXPORT_SYMBOL(hci_free_dev);
2917
2918 /* Register HCI device */
2919 int hci_register_dev(struct hci_dev *hdev)
2920 {
2921 int id, error;
2922
2923 if (!hdev->open || !hdev->close)
2924 return -EINVAL;
2925
2926 /* Do not allow HCI_AMP devices to register at index 0,
2927 * so the index can be used as the AMP controller ID.
2928 */
2929 switch (hdev->dev_type) {
2930 case HCI_BREDR:
2931 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
2932 break;
2933 case HCI_AMP:
2934 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
2935 break;
2936 default:
2937 return -EINVAL;
2938 }
2939
2940 if (id < 0)
2941 return id;
2942
2943 sprintf(hdev->name, "hci%d", id);
2944 hdev->id = id;
2945
2946 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2947
2948 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
2949 WQ_MEM_RECLAIM, 1, hdev->name);
2950 if (!hdev->workqueue) {
2951 error = -ENOMEM;
2952 goto err;
2953 }
2954
2955 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
2956 WQ_MEM_RECLAIM, 1, hdev->name);
2957 if (!hdev->req_workqueue) {
2958 destroy_workqueue(hdev->workqueue);
2959 error = -ENOMEM;
2960 goto err;
2961 }
2962
2963 if (!IS_ERR_OR_NULL(bt_debugfs))
2964 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
2965
2966 dev_set_name(&hdev->dev, "%s", hdev->name);
2967
2968 error = device_add(&hdev->dev);
2969 if (error < 0)
2970 goto err_wqueue;
2971
2972 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
2973 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
2974 hdev);
2975 if (hdev->rfkill) {
2976 if (rfkill_register(hdev->rfkill) < 0) {
2977 rfkill_destroy(hdev->rfkill);
2978 hdev->rfkill = NULL;
2979 }
2980 }
2981
2982 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
2983 set_bit(HCI_RFKILLED, &hdev->dev_flags);
2984
2985 set_bit(HCI_SETUP, &hdev->dev_flags);
2986 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2987
2988 if (hdev->dev_type == HCI_BREDR) {
2989 /* Assume BR/EDR support until proven otherwise (such as
2990 * through reading supported features during init.
2991 */
2992 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
2993 }
2994
2995 write_lock(&hci_dev_list_lock);
2996 list_add(&hdev->list, &hci_dev_list);
2997 write_unlock(&hci_dev_list_lock);
2998
2999 hci_notify(hdev, HCI_DEV_REG);
3000 hci_dev_hold(hdev);
3001
3002 queue_work(hdev->req_workqueue, &hdev->power_on);
3003
3004 return id;
3005
3006 err_wqueue:
3007 destroy_workqueue(hdev->workqueue);
3008 destroy_workqueue(hdev->req_workqueue);
3009 err:
3010 ida_simple_remove(&hci_index_ida, hdev->id);
3011
3012 return error;
3013 }
3014 EXPORT_SYMBOL(hci_register_dev);
3015
3016 /* Unregister HCI device */
3017 void hci_unregister_dev(struct hci_dev *hdev)
3018 {
3019 int i, id;
3020
3021 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3022
3023 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
3024
3025 id = hdev->id;
3026
3027 write_lock(&hci_dev_list_lock);
3028 list_del(&hdev->list);
3029 write_unlock(&hci_dev_list_lock);
3030
3031 hci_dev_do_close(hdev);
3032
3033 for (i = 0; i < NUM_REASSEMBLY; i++)
3034 kfree_skb(hdev->reassembly[i]);
3035
3036 cancel_work_sync(&hdev->power_on);
3037
3038 if (!test_bit(HCI_INIT, &hdev->flags) &&
3039 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
3040 hci_dev_lock(hdev);
3041 mgmt_index_removed(hdev);
3042 hci_dev_unlock(hdev);
3043 }
3044
3045 /* mgmt_index_removed should take care of emptying the
3046 * pending list */
3047 BUG_ON(!list_empty(&hdev->mgmt_pending));
3048
3049 hci_notify(hdev, HCI_DEV_UNREG);
3050
3051 if (hdev->rfkill) {
3052 rfkill_unregister(hdev->rfkill);
3053 rfkill_destroy(hdev->rfkill);
3054 }
3055
3056 device_del(&hdev->dev);
3057
3058 debugfs_remove_recursive(hdev->debugfs);
3059
3060 destroy_workqueue(hdev->workqueue);
3061 destroy_workqueue(hdev->req_workqueue);
3062
3063 hci_dev_lock(hdev);
3064 hci_blacklist_clear(hdev);
3065 hci_uuids_clear(hdev);
3066 hci_link_keys_clear(hdev);
3067 hci_smp_ltks_clear(hdev);
3068 hci_remote_oob_data_clear(hdev);
3069 hci_dev_unlock(hdev);
3070
3071 hci_dev_put(hdev);
3072
3073 ida_simple_remove(&hci_index_ida, id);
3074 }
3075 EXPORT_SYMBOL(hci_unregister_dev);
3076
3077 /* Suspend HCI device */
3078 int hci_suspend_dev(struct hci_dev *hdev)
3079 {
3080 hci_notify(hdev, HCI_DEV_SUSPEND);
3081 return 0;
3082 }
3083 EXPORT_SYMBOL(hci_suspend_dev);
3084
3085 /* Resume HCI device */
3086 int hci_resume_dev(struct hci_dev *hdev)
3087 {
3088 hci_notify(hdev, HCI_DEV_RESUME);
3089 return 0;
3090 }
3091 EXPORT_SYMBOL(hci_resume_dev);
3092
3093 /* Receive frame from HCI drivers */
3094 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3095 {
3096 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3097 && !test_bit(HCI_INIT, &hdev->flags))) {
3098 kfree_skb(skb);
3099 return -ENXIO;
3100 }
3101
3102 /* Incoming skb */
3103 bt_cb(skb)->incoming = 1;
3104
3105 /* Time stamp */
3106 __net_timestamp(skb);
3107
3108 skb_queue_tail(&hdev->rx_q, skb);
3109 queue_work(hdev->workqueue, &hdev->rx_work);
3110
3111 return 0;
3112 }
3113 EXPORT_SYMBOL(hci_recv_frame);
3114
3115 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
3116 int count, __u8 index)
3117 {
3118 int len = 0;
3119 int hlen = 0;
3120 int remain = count;
3121 struct sk_buff *skb;
3122 struct bt_skb_cb *scb;
3123
3124 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
3125 index >= NUM_REASSEMBLY)
3126 return -EILSEQ;
3127
3128 skb = hdev->reassembly[index];
3129
3130 if (!skb) {
3131 switch (type) {
3132 case HCI_ACLDATA_PKT:
3133 len = HCI_MAX_FRAME_SIZE;
3134 hlen = HCI_ACL_HDR_SIZE;
3135 break;
3136 case HCI_EVENT_PKT:
3137 len = HCI_MAX_EVENT_SIZE;
3138 hlen = HCI_EVENT_HDR_SIZE;
3139 break;
3140 case HCI_SCODATA_PKT:
3141 len = HCI_MAX_SCO_SIZE;
3142 hlen = HCI_SCO_HDR_SIZE;
3143 break;
3144 }
3145
3146 skb = bt_skb_alloc(len, GFP_ATOMIC);
3147 if (!skb)
3148 return -ENOMEM;
3149
3150 scb = (void *) skb->cb;
3151 scb->expect = hlen;
3152 scb->pkt_type = type;
3153
3154 hdev->reassembly[index] = skb;
3155 }
3156
3157 while (count) {
3158 scb = (void *) skb->cb;
3159 len = min_t(uint, scb->expect, count);
3160
3161 memcpy(skb_put(skb, len), data, len);
3162
3163 count -= len;
3164 data += len;
3165 scb->expect -= len;
3166 remain = count;
3167
3168 switch (type) {
3169 case HCI_EVENT_PKT:
3170 if (skb->len == HCI_EVENT_HDR_SIZE) {
3171 struct hci_event_hdr *h = hci_event_hdr(skb);
3172 scb->expect = h->plen;
3173
3174 if (skb_tailroom(skb) < scb->expect) {
3175 kfree_skb(skb);
3176 hdev->reassembly[index] = NULL;
3177 return -ENOMEM;
3178 }
3179 }
3180 break;
3181
3182 case HCI_ACLDATA_PKT:
3183 if (skb->len == HCI_ACL_HDR_SIZE) {
3184 struct hci_acl_hdr *h = hci_acl_hdr(skb);
3185 scb->expect = __le16_to_cpu(h->dlen);
3186
3187 if (skb_tailroom(skb) < scb->expect) {
3188 kfree_skb(skb);
3189 hdev->reassembly[index] = NULL;
3190 return -ENOMEM;
3191 }
3192 }
3193 break;
3194
3195 case HCI_SCODATA_PKT:
3196 if (skb->len == HCI_SCO_HDR_SIZE) {
3197 struct hci_sco_hdr *h = hci_sco_hdr(skb);
3198 scb->expect = h->dlen;
3199
3200 if (skb_tailroom(skb) < scb->expect) {
3201 kfree_skb(skb);
3202 hdev->reassembly[index] = NULL;
3203 return -ENOMEM;
3204 }
3205 }
3206 break;
3207 }
3208
3209 if (scb->expect == 0) {
3210 /* Complete frame */
3211
3212 bt_cb(skb)->pkt_type = type;
3213 hci_recv_frame(hdev, skb);
3214
3215 hdev->reassembly[index] = NULL;
3216 return remain;
3217 }
3218 }
3219
3220 return remain;
3221 }
3222
3223 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
3224 {
3225 int rem = 0;
3226
3227 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
3228 return -EILSEQ;
3229
3230 while (count) {
3231 rem = hci_reassembly(hdev, type, data, count, type - 1);
3232 if (rem < 0)
3233 return rem;
3234
3235 data += (count - rem);
3236 count = rem;
3237 }
3238
3239 return rem;
3240 }
3241 EXPORT_SYMBOL(hci_recv_fragment);
3242
3243 #define STREAM_REASSEMBLY 0
3244
3245 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
3246 {
3247 int type;
3248 int rem = 0;
3249
3250 while (count) {
3251 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
3252
3253 if (!skb) {
3254 struct { char type; } *pkt;
3255
3256 /* Start of the frame */
3257 pkt = data;
3258 type = pkt->type;
3259
3260 data++;
3261 count--;
3262 } else
3263 type = bt_cb(skb)->pkt_type;
3264
3265 rem = hci_reassembly(hdev, type, data, count,
3266 STREAM_REASSEMBLY);
3267 if (rem < 0)
3268 return rem;
3269
3270 data += (count - rem);
3271 count = rem;
3272 }
3273
3274 return rem;
3275 }
3276 EXPORT_SYMBOL(hci_recv_stream_fragment);
3277
3278 /* ---- Interface to upper protocols ---- */
3279
3280 int hci_register_cb(struct hci_cb *cb)
3281 {
3282 BT_DBG("%p name %s", cb, cb->name);
3283
3284 write_lock(&hci_cb_list_lock);
3285 list_add(&cb->list, &hci_cb_list);
3286 write_unlock(&hci_cb_list_lock);
3287
3288 return 0;
3289 }
3290 EXPORT_SYMBOL(hci_register_cb);
3291
3292 int hci_unregister_cb(struct hci_cb *cb)
3293 {
3294 BT_DBG("%p name %s", cb, cb->name);
3295
3296 write_lock(&hci_cb_list_lock);
3297 list_del(&cb->list);
3298 write_unlock(&hci_cb_list_lock);
3299
3300 return 0;
3301 }
3302 EXPORT_SYMBOL(hci_unregister_cb);
3303
3304 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
3305 {
3306 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
3307
3308 /* Time stamp */
3309 __net_timestamp(skb);
3310
3311 /* Send copy to monitor */
3312 hci_send_to_monitor(hdev, skb);
3313
3314 if (atomic_read(&hdev->promisc)) {
3315 /* Send copy to the sockets */
3316 hci_send_to_sock(hdev, skb);
3317 }
3318
3319 /* Get rid of skb owner, prior to sending to the driver. */
3320 skb_orphan(skb);
3321
3322 if (hdev->send(hdev, skb) < 0)
3323 BT_ERR("%s sending frame failed", hdev->name);
3324 }
3325
3326 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
3327 {
3328 skb_queue_head_init(&req->cmd_q);
3329 req->hdev = hdev;
3330 req->err = 0;
3331 }
3332
3333 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
3334 {
3335 struct hci_dev *hdev = req->hdev;
3336 struct sk_buff *skb;
3337 unsigned long flags;
3338
3339 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
3340
3341 /* If an error occured during request building, remove all HCI
3342 * commands queued on the HCI request queue.
3343 */
3344 if (req->err) {
3345 skb_queue_purge(&req->cmd_q);
3346 return req->err;
3347 }
3348
3349 /* Do not allow empty requests */
3350 if (skb_queue_empty(&req->cmd_q))
3351 return -ENODATA;
3352
3353 skb = skb_peek_tail(&req->cmd_q);
3354 bt_cb(skb)->req.complete = complete;
3355
3356 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
3357 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
3358 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
3359
3360 queue_work(hdev->workqueue, &hdev->cmd_work);
3361
3362 return 0;
3363 }
3364
3365 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
3366 u32 plen, const void *param)
3367 {
3368 int len = HCI_COMMAND_HDR_SIZE + plen;
3369 struct hci_command_hdr *hdr;
3370 struct sk_buff *skb;
3371
3372 skb = bt_skb_alloc(len, GFP_ATOMIC);
3373 if (!skb)
3374 return NULL;
3375
3376 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
3377 hdr->opcode = cpu_to_le16(opcode);
3378 hdr->plen = plen;
3379
3380 if (plen)
3381 memcpy(skb_put(skb, plen), param, plen);
3382
3383 BT_DBG("skb len %d", skb->len);
3384
3385 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
3386
3387 return skb;
3388 }
3389
3390 /* Send HCI command */
3391 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3392 const void *param)
3393 {
3394 struct sk_buff *skb;
3395
3396 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3397
3398 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3399 if (!skb) {
3400 BT_ERR("%s no memory for command", hdev->name);
3401 return -ENOMEM;
3402 }
3403
3404 /* Stand-alone HCI commands must be flaged as
3405 * single-command requests.
3406 */
3407 bt_cb(skb)->req.start = true;
3408
3409 skb_queue_tail(&hdev->cmd_q, skb);
3410 queue_work(hdev->workqueue, &hdev->cmd_work);
3411
3412 return 0;
3413 }
3414
3415 /* Queue a command to an asynchronous HCI request */
3416 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
3417 const void *param, u8 event)
3418 {
3419 struct hci_dev *hdev = req->hdev;
3420 struct sk_buff *skb;
3421
3422 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3423
3424 /* If an error occured during request building, there is no point in
3425 * queueing the HCI command. We can simply return.
3426 */
3427 if (req->err)
3428 return;
3429
3430 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3431 if (!skb) {
3432 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
3433 hdev->name, opcode);
3434 req->err = -ENOMEM;
3435 return;
3436 }
3437
3438 if (skb_queue_empty(&req->cmd_q))
3439 bt_cb(skb)->req.start = true;
3440
3441 bt_cb(skb)->req.event = event;
3442
3443 skb_queue_tail(&req->cmd_q, skb);
3444 }
3445
3446 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
3447 const void *param)
3448 {
3449 hci_req_add_ev(req, opcode, plen, param, 0);
3450 }
3451
3452 /* Get data from the previously sent command */
3453 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
3454 {
3455 struct hci_command_hdr *hdr;
3456
3457 if (!hdev->sent_cmd)
3458 return NULL;
3459
3460 hdr = (void *) hdev->sent_cmd->data;
3461
3462 if (hdr->opcode != cpu_to_le16(opcode))
3463 return NULL;
3464
3465 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3466
3467 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3468 }
3469
3470 /* Send ACL data */
3471 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3472 {
3473 struct hci_acl_hdr *hdr;
3474 int len = skb->len;
3475
3476 skb_push(skb, HCI_ACL_HDR_SIZE);
3477 skb_reset_transport_header(skb);
3478 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
3479 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3480 hdr->dlen = cpu_to_le16(len);
3481 }
3482
3483 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
3484 struct sk_buff *skb, __u16 flags)
3485 {
3486 struct hci_conn *conn = chan->conn;
3487 struct hci_dev *hdev = conn->hdev;
3488 struct sk_buff *list;
3489
3490 skb->len = skb_headlen(skb);
3491 skb->data_len = 0;
3492
3493 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
3494
3495 switch (hdev->dev_type) {
3496 case HCI_BREDR:
3497 hci_add_acl_hdr(skb, conn->handle, flags);
3498 break;
3499 case HCI_AMP:
3500 hci_add_acl_hdr(skb, chan->handle, flags);
3501 break;
3502 default:
3503 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3504 return;
3505 }
3506
3507 list = skb_shinfo(skb)->frag_list;
3508 if (!list) {
3509 /* Non fragmented */
3510 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3511
3512 skb_queue_tail(queue, skb);
3513 } else {
3514 /* Fragmented */
3515 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3516
3517 skb_shinfo(skb)->frag_list = NULL;
3518
3519 /* Queue all fragments atomically */
3520 spin_lock(&queue->lock);
3521
3522 __skb_queue_tail(queue, skb);
3523
3524 flags &= ~ACL_START;
3525 flags |= ACL_CONT;
3526 do {
3527 skb = list; list = list->next;
3528
3529 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
3530 hci_add_acl_hdr(skb, conn->handle, flags);
3531
3532 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3533
3534 __skb_queue_tail(queue, skb);
3535 } while (list);
3536
3537 spin_unlock(&queue->lock);
3538 }
3539 }
3540
3541 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3542 {
3543 struct hci_dev *hdev = chan->conn->hdev;
3544
3545 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
3546
3547 hci_queue_acl(chan, &chan->data_q, skb, flags);
3548
3549 queue_work(hdev->workqueue, &hdev->tx_work);
3550 }
3551
3552 /* Send SCO data */
3553 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
3554 {
3555 struct hci_dev *hdev = conn->hdev;
3556 struct hci_sco_hdr hdr;
3557
3558 BT_DBG("%s len %d", hdev->name, skb->len);
3559
3560 hdr.handle = cpu_to_le16(conn->handle);
3561 hdr.dlen = skb->len;
3562
3563 skb_push(skb, HCI_SCO_HDR_SIZE);
3564 skb_reset_transport_header(skb);
3565 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
3566
3567 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
3568
3569 skb_queue_tail(&conn->data_q, skb);
3570 queue_work(hdev->workqueue, &hdev->tx_work);
3571 }
3572
3573 /* ---- HCI TX task (outgoing data) ---- */
3574
3575 /* HCI Connection scheduler */
3576 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3577 int *quote)
3578 {
3579 struct hci_conn_hash *h = &hdev->conn_hash;
3580 struct hci_conn *conn = NULL, *c;
3581 unsigned int num = 0, min = ~0;
3582
3583 /* We don't have to lock device here. Connections are always
3584 * added and removed with TX task disabled. */
3585
3586 rcu_read_lock();
3587
3588 list_for_each_entry_rcu(c, &h->list, list) {
3589 if (c->type != type || skb_queue_empty(&c->data_q))
3590 continue;
3591
3592 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3593 continue;
3594
3595 num++;
3596
3597 if (c->sent < min) {
3598 min = c->sent;
3599 conn = c;
3600 }
3601
3602 if (hci_conn_num(hdev, type) == num)
3603 break;
3604 }
3605
3606 rcu_read_unlock();
3607
3608 if (conn) {
3609 int cnt, q;
3610
3611 switch (conn->type) {
3612 case ACL_LINK:
3613 cnt = hdev->acl_cnt;
3614 break;
3615 case SCO_LINK:
3616 case ESCO_LINK:
3617 cnt = hdev->sco_cnt;
3618 break;
3619 case LE_LINK:
3620 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3621 break;
3622 default:
3623 cnt = 0;
3624 BT_ERR("Unknown link type");
3625 }
3626
3627 q = cnt / num;
3628 *quote = q ? q : 1;
3629 } else
3630 *quote = 0;
3631
3632 BT_DBG("conn %p quote %d", conn, *quote);
3633 return conn;
3634 }
3635
3636 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
3637 {
3638 struct hci_conn_hash *h = &hdev->conn_hash;
3639 struct hci_conn *c;
3640
3641 BT_ERR("%s link tx timeout", hdev->name);
3642
3643 rcu_read_lock();
3644
3645 /* Kill stalled connections */
3646 list_for_each_entry_rcu(c, &h->list, list) {
3647 if (c->type == type && c->sent) {
3648 BT_ERR("%s killing stalled connection %pMR",
3649 hdev->name, &c->dst);
3650 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
3651 }
3652 }
3653
3654 rcu_read_unlock();
3655 }
3656
3657 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3658 int *quote)
3659 {
3660 struct hci_conn_hash *h = &hdev->conn_hash;
3661 struct hci_chan *chan = NULL;
3662 unsigned int num = 0, min = ~0, cur_prio = 0;
3663 struct hci_conn *conn;
3664 int cnt, q, conn_num = 0;
3665
3666 BT_DBG("%s", hdev->name);
3667
3668 rcu_read_lock();
3669
3670 list_for_each_entry_rcu(conn, &h->list, list) {
3671 struct hci_chan *tmp;
3672
3673 if (conn->type != type)
3674 continue;
3675
3676 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3677 continue;
3678
3679 conn_num++;
3680
3681 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
3682 struct sk_buff *skb;
3683
3684 if (skb_queue_empty(&tmp->data_q))
3685 continue;
3686
3687 skb = skb_peek(&tmp->data_q);
3688 if (skb->priority < cur_prio)
3689 continue;
3690
3691 if (skb->priority > cur_prio) {
3692 num = 0;
3693 min = ~0;
3694 cur_prio = skb->priority;
3695 }
3696
3697 num++;
3698
3699 if (conn->sent < min) {
3700 min = conn->sent;
3701 chan = tmp;
3702 }
3703 }
3704
3705 if (hci_conn_num(hdev, type) == conn_num)
3706 break;
3707 }
3708
3709 rcu_read_unlock();
3710
3711 if (!chan)
3712 return NULL;
3713
3714 switch (chan->conn->type) {
3715 case ACL_LINK:
3716 cnt = hdev->acl_cnt;
3717 break;
3718 case AMP_LINK:
3719 cnt = hdev->block_cnt;
3720 break;
3721 case SCO_LINK:
3722 case ESCO_LINK:
3723 cnt = hdev->sco_cnt;
3724 break;
3725 case LE_LINK:
3726 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3727 break;
3728 default:
3729 cnt = 0;
3730 BT_ERR("Unknown link type");
3731 }
3732
3733 q = cnt / num;
3734 *quote = q ? q : 1;
3735 BT_DBG("chan %p quote %d", chan, *quote);
3736 return chan;
3737 }
3738
3739 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3740 {
3741 struct hci_conn_hash *h = &hdev->conn_hash;
3742 struct hci_conn *conn;
3743 int num = 0;
3744
3745 BT_DBG("%s", hdev->name);
3746
3747 rcu_read_lock();
3748
3749 list_for_each_entry_rcu(conn, &h->list, list) {
3750 struct hci_chan *chan;
3751
3752 if (conn->type != type)
3753 continue;
3754
3755 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3756 continue;
3757
3758 num++;
3759
3760 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3761 struct sk_buff *skb;
3762
3763 if (chan->sent) {
3764 chan->sent = 0;
3765 continue;
3766 }
3767
3768 if (skb_queue_empty(&chan->data_q))
3769 continue;
3770
3771 skb = skb_peek(&chan->data_q);
3772 if (skb->priority >= HCI_PRIO_MAX - 1)
3773 continue;
3774
3775 skb->priority = HCI_PRIO_MAX - 1;
3776
3777 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3778 skb->priority);
3779 }
3780
3781 if (hci_conn_num(hdev, type) == num)
3782 break;
3783 }
3784
3785 rcu_read_unlock();
3786
3787 }
3788
3789 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3790 {
3791 /* Calculate count of blocks used by this packet */
3792 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3793 }
3794
3795 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3796 {
3797 if (!test_bit(HCI_RAW, &hdev->flags)) {
3798 /* ACL tx timeout must be longer than maximum
3799 * link supervision timeout (40.9 seconds) */
3800 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3801 HCI_ACL_TX_TIMEOUT))
3802 hci_link_tx_to(hdev, ACL_LINK);
3803 }
3804 }
3805
3806 static void hci_sched_acl_pkt(struct hci_dev *hdev)
3807 {
3808 unsigned int cnt = hdev->acl_cnt;
3809 struct hci_chan *chan;
3810 struct sk_buff *skb;
3811 int quote;
3812
3813 __check_timeout(hdev, cnt);
3814
3815 while (hdev->acl_cnt &&
3816 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
3817 u32 priority = (skb_peek(&chan->data_q))->priority;
3818 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3819 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3820 skb->len, skb->priority);
3821
3822 /* Stop if priority has changed */
3823 if (skb->priority < priority)
3824 break;
3825
3826 skb = skb_dequeue(&chan->data_q);
3827
3828 hci_conn_enter_active_mode(chan->conn,
3829 bt_cb(skb)->force_active);
3830
3831 hci_send_frame(hdev, skb);
3832 hdev->acl_last_tx = jiffies;
3833
3834 hdev->acl_cnt--;
3835 chan->sent++;
3836 chan->conn->sent++;
3837 }
3838 }
3839
3840 if (cnt != hdev->acl_cnt)
3841 hci_prio_recalculate(hdev, ACL_LINK);
3842 }
3843
3844 static void hci_sched_acl_blk(struct hci_dev *hdev)
3845 {
3846 unsigned int cnt = hdev->block_cnt;
3847 struct hci_chan *chan;
3848 struct sk_buff *skb;
3849 int quote;
3850 u8 type;
3851
3852 __check_timeout(hdev, cnt);
3853
3854 BT_DBG("%s", hdev->name);
3855
3856 if (hdev->dev_type == HCI_AMP)
3857 type = AMP_LINK;
3858 else
3859 type = ACL_LINK;
3860
3861 while (hdev->block_cnt > 0 &&
3862 (chan = hci_chan_sent(hdev, type, &quote))) {
3863 u32 priority = (skb_peek(&chan->data_q))->priority;
3864 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
3865 int blocks;
3866
3867 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3868 skb->len, skb->priority);
3869
3870 /* Stop if priority has changed */
3871 if (skb->priority < priority)
3872 break;
3873
3874 skb = skb_dequeue(&chan->data_q);
3875
3876 blocks = __get_blocks(hdev, skb);
3877 if (blocks > hdev->block_cnt)
3878 return;
3879
3880 hci_conn_enter_active_mode(chan->conn,
3881 bt_cb(skb)->force_active);
3882
3883 hci_send_frame(hdev, skb);
3884 hdev->acl_last_tx = jiffies;
3885
3886 hdev->block_cnt -= blocks;
3887 quote -= blocks;
3888
3889 chan->sent += blocks;
3890 chan->conn->sent += blocks;
3891 }
3892 }
3893
3894 if (cnt != hdev->block_cnt)
3895 hci_prio_recalculate(hdev, type);
3896 }
3897
3898 static void hci_sched_acl(struct hci_dev *hdev)
3899 {
3900 BT_DBG("%s", hdev->name);
3901
3902 /* No ACL link over BR/EDR controller */
3903 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
3904 return;
3905
3906 /* No AMP link over AMP controller */
3907 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
3908 return;
3909
3910 switch (hdev->flow_ctl_mode) {
3911 case HCI_FLOW_CTL_MODE_PACKET_BASED:
3912 hci_sched_acl_pkt(hdev);
3913 break;
3914
3915 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
3916 hci_sched_acl_blk(hdev);
3917 break;
3918 }
3919 }
3920
3921 /* Schedule SCO */
3922 static void hci_sched_sco(struct hci_dev *hdev)
3923 {
3924 struct hci_conn *conn;
3925 struct sk_buff *skb;
3926 int quote;
3927
3928 BT_DBG("%s", hdev->name);
3929
3930 if (!hci_conn_num(hdev, SCO_LINK))
3931 return;
3932
3933 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
3934 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3935 BT_DBG("skb %p len %d", skb, skb->len);
3936 hci_send_frame(hdev, skb);
3937
3938 conn->sent++;
3939 if (conn->sent == ~0)
3940 conn->sent = 0;
3941 }
3942 }
3943 }
3944
3945 static void hci_sched_esco(struct hci_dev *hdev)
3946 {
3947 struct hci_conn *conn;
3948 struct sk_buff *skb;
3949 int quote;
3950
3951 BT_DBG("%s", hdev->name);
3952
3953 if (!hci_conn_num(hdev, ESCO_LINK))
3954 return;
3955
3956 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
3957 &quote))) {
3958 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3959 BT_DBG("skb %p len %d", skb, skb->len);
3960 hci_send_frame(hdev, skb);
3961
3962 conn->sent++;
3963 if (conn->sent == ~0)
3964 conn->sent = 0;
3965 }
3966 }
3967 }
3968
3969 static void hci_sched_le(struct hci_dev *hdev)
3970 {
3971 struct hci_chan *chan;
3972 struct sk_buff *skb;
3973 int quote, cnt, tmp;
3974
3975 BT_DBG("%s", hdev->name);
3976
3977 if (!hci_conn_num(hdev, LE_LINK))
3978 return;
3979
3980 if (!test_bit(HCI_RAW, &hdev->flags)) {
3981 /* LE tx timeout must be longer than maximum
3982 * link supervision timeout (40.9 seconds) */
3983 if (!hdev->le_cnt && hdev->le_pkts &&
3984 time_after(jiffies, hdev->le_last_tx + HZ * 45))
3985 hci_link_tx_to(hdev, LE_LINK);
3986 }
3987
3988 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
3989 tmp = cnt;
3990 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
3991 u32 priority = (skb_peek(&chan->data_q))->priority;
3992 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3993 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3994 skb->len, skb->priority);
3995
3996 /* Stop if priority has changed */
3997 if (skb->priority < priority)
3998 break;
3999
4000 skb = skb_dequeue(&chan->data_q);
4001
4002 hci_send_frame(hdev, skb);
4003 hdev->le_last_tx = jiffies;
4004
4005 cnt--;
4006 chan->sent++;
4007 chan->conn->sent++;
4008 }
4009 }
4010
4011 if (hdev->le_pkts)
4012 hdev->le_cnt = cnt;
4013 else
4014 hdev->acl_cnt = cnt;
4015
4016 if (cnt != tmp)
4017 hci_prio_recalculate(hdev, LE_LINK);
4018 }
4019
4020 static void hci_tx_work(struct work_struct *work)
4021 {
4022 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4023 struct sk_buff *skb;
4024
4025 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4026 hdev->sco_cnt, hdev->le_cnt);
4027
4028 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4029 /* Schedule queues and send stuff to HCI driver */
4030 hci_sched_acl(hdev);
4031 hci_sched_sco(hdev);
4032 hci_sched_esco(hdev);
4033 hci_sched_le(hdev);
4034 }
4035
4036 /* Send next queued raw (unknown type) packet */
4037 while ((skb = skb_dequeue(&hdev->raw_q)))
4038 hci_send_frame(hdev, skb);
4039 }
4040
4041 /* ----- HCI RX task (incoming data processing) ----- */
4042
4043 /* ACL data packet */
4044 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4045 {
4046 struct hci_acl_hdr *hdr = (void *) skb->data;
4047 struct hci_conn *conn;
4048 __u16 handle, flags;
4049
4050 skb_pull(skb, HCI_ACL_HDR_SIZE);
4051
4052 handle = __le16_to_cpu(hdr->handle);
4053 flags = hci_flags(handle);
4054 handle = hci_handle(handle);
4055
4056 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4057 handle, flags);
4058
4059 hdev->stat.acl_rx++;
4060
4061 hci_dev_lock(hdev);
4062 conn = hci_conn_hash_lookup_handle(hdev, handle);
4063 hci_dev_unlock(hdev);
4064
4065 if (conn) {
4066 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4067
4068 /* Send to upper protocol */
4069 l2cap_recv_acldata(conn, skb, flags);
4070 return;
4071 } else {
4072 BT_ERR("%s ACL packet for unknown connection handle %d",
4073 hdev->name, handle);
4074 }
4075
4076 kfree_skb(skb);
4077 }
4078
4079 /* SCO data packet */
4080 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4081 {
4082 struct hci_sco_hdr *hdr = (void *) skb->data;
4083 struct hci_conn *conn;
4084 __u16 handle;
4085
4086 skb_pull(skb, HCI_SCO_HDR_SIZE);
4087
4088 handle = __le16_to_cpu(hdr->handle);
4089
4090 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
4091
4092 hdev->stat.sco_rx++;
4093
4094 hci_dev_lock(hdev);
4095 conn = hci_conn_hash_lookup_handle(hdev, handle);
4096 hci_dev_unlock(hdev);
4097
4098 if (conn) {
4099 /* Send to upper protocol */
4100 sco_recv_scodata(conn, skb);
4101 return;
4102 } else {
4103 BT_ERR("%s SCO packet for unknown connection handle %d",
4104 hdev->name, handle);
4105 }
4106
4107 kfree_skb(skb);
4108 }
4109
4110 static bool hci_req_is_complete(struct hci_dev *hdev)
4111 {
4112 struct sk_buff *skb;
4113
4114 skb = skb_peek(&hdev->cmd_q);
4115 if (!skb)
4116 return true;
4117
4118 return bt_cb(skb)->req.start;
4119 }
4120
4121 static void hci_resend_last(struct hci_dev *hdev)
4122 {
4123 struct hci_command_hdr *sent;
4124 struct sk_buff *skb;
4125 u16 opcode;
4126
4127 if (!hdev->sent_cmd)
4128 return;
4129
4130 sent = (void *) hdev->sent_cmd->data;
4131 opcode = __le16_to_cpu(sent->opcode);
4132 if (opcode == HCI_OP_RESET)
4133 return;
4134
4135 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4136 if (!skb)
4137 return;
4138
4139 skb_queue_head(&hdev->cmd_q, skb);
4140 queue_work(hdev->workqueue, &hdev->cmd_work);
4141 }
4142
4143 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
4144 {
4145 hci_req_complete_t req_complete = NULL;
4146 struct sk_buff *skb;
4147 unsigned long flags;
4148
4149 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4150
4151 /* If the completed command doesn't match the last one that was
4152 * sent we need to do special handling of it.
4153 */
4154 if (!hci_sent_cmd_data(hdev, opcode)) {
4155 /* Some CSR based controllers generate a spontaneous
4156 * reset complete event during init and any pending
4157 * command will never be completed. In such a case we
4158 * need to resend whatever was the last sent
4159 * command.
4160 */
4161 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4162 hci_resend_last(hdev);
4163
4164 return;
4165 }
4166
4167 /* If the command succeeded and there's still more commands in
4168 * this request the request is not yet complete.
4169 */
4170 if (!status && !hci_req_is_complete(hdev))
4171 return;
4172
4173 /* If this was the last command in a request the complete
4174 * callback would be found in hdev->sent_cmd instead of the
4175 * command queue (hdev->cmd_q).
4176 */
4177 if (hdev->sent_cmd) {
4178 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
4179
4180 if (req_complete) {
4181 /* We must set the complete callback to NULL to
4182 * avoid calling the callback more than once if
4183 * this function gets called again.
4184 */
4185 bt_cb(hdev->sent_cmd)->req.complete = NULL;
4186
4187 goto call_complete;
4188 }
4189 }
4190
4191 /* Remove all pending commands belonging to this request */
4192 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4193 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4194 if (bt_cb(skb)->req.start) {
4195 __skb_queue_head(&hdev->cmd_q, skb);
4196 break;
4197 }
4198
4199 req_complete = bt_cb(skb)->req.complete;
4200 kfree_skb(skb);
4201 }
4202 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4203
4204 call_complete:
4205 if (req_complete)
4206 req_complete(hdev, status);
4207 }
4208
4209 static void hci_rx_work(struct work_struct *work)
4210 {
4211 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4212 struct sk_buff *skb;
4213
4214 BT_DBG("%s", hdev->name);
4215
4216 while ((skb = skb_dequeue(&hdev->rx_q))) {
4217 /* Send copy to monitor */
4218 hci_send_to_monitor(hdev, skb);
4219
4220 if (atomic_read(&hdev->promisc)) {
4221 /* Send copy to the sockets */
4222 hci_send_to_sock(hdev, skb);
4223 }
4224
4225 if (test_bit(HCI_RAW, &hdev->flags) ||
4226 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4227 kfree_skb(skb);
4228 continue;
4229 }
4230
4231 if (test_bit(HCI_INIT, &hdev->flags)) {
4232 /* Don't process data packets in this states. */
4233 switch (bt_cb(skb)->pkt_type) {
4234 case HCI_ACLDATA_PKT:
4235 case HCI_SCODATA_PKT:
4236 kfree_skb(skb);
4237 continue;
4238 }
4239 }
4240
4241 /* Process frame */
4242 switch (bt_cb(skb)->pkt_type) {
4243 case HCI_EVENT_PKT:
4244 BT_DBG("%s Event packet", hdev->name);
4245 hci_event_packet(hdev, skb);
4246 break;
4247
4248 case HCI_ACLDATA_PKT:
4249 BT_DBG("%s ACL data packet", hdev->name);
4250 hci_acldata_packet(hdev, skb);
4251 break;
4252
4253 case HCI_SCODATA_PKT:
4254 BT_DBG("%s SCO data packet", hdev->name);
4255 hci_scodata_packet(hdev, skb);
4256 break;
4257
4258 default:
4259 kfree_skb(skb);
4260 break;
4261 }
4262 }
4263 }
4264
4265 static void hci_cmd_work(struct work_struct *work)
4266 {
4267 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4268 struct sk_buff *skb;
4269
4270 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4271 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4272
4273 /* Send queued commands */
4274 if (atomic_read(&hdev->cmd_cnt)) {
4275 skb = skb_dequeue(&hdev->cmd_q);
4276 if (!skb)
4277 return;
4278
4279 kfree_skb(hdev->sent_cmd);
4280
4281 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4282 if (hdev->sent_cmd) {
4283 atomic_dec(&hdev->cmd_cnt);
4284 hci_send_frame(hdev, skb);
4285 if (test_bit(HCI_RESET, &hdev->flags))
4286 del_timer(&hdev->cmd_timer);
4287 else
4288 mod_timer(&hdev->cmd_timer,
4289 jiffies + HCI_CMD_TIMEOUT);
4290 } else {
4291 skb_queue_head(&hdev->cmd_q, skb);
4292 queue_work(hdev->workqueue, &hdev->cmd_work);
4293 }
4294 }
4295 }
Linus' kernel tree