2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
40 #include "hci_request.h"
41 #include "hci_debugfs.h"
44 static void hci_rx_work(struct work_struct *work);
45 static void hci_cmd_work(struct work_struct *work);
46 static void hci_tx_work(struct work_struct *work);
49 LIST_HEAD(hci_dev_list);
50 DEFINE_RWLOCK(hci_dev_list_lock);
52 /* HCI callback list */
53 LIST_HEAD(hci_cb_list);
54 DEFINE_MUTEX(hci_cb_list_lock);
56 /* HCI ID Numbering */
57 static DEFINE_IDA(hci_index_ida);
59 /* ----- HCI requests ----- */
61 #define HCI_REQ_DONE 0
62 #define HCI_REQ_PEND 1
63 #define HCI_REQ_CANCELED 2
65 #define hci_req_lock(d) mutex_lock(&d->req_lock)
66 #define hci_req_unlock(d) mutex_unlock(&d->req_lock)
68 /* ---- HCI notifications ---- */
70 static void hci_notify(struct hci_dev *hdev, int event)
72 hci_sock_dev_event(hdev, event);
75 /* ---- HCI debugfs entries ---- */
77 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
78 size_t count, loff_t *ppos)
80 struct hci_dev *hdev = file->private_data;
83 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y': 'N';
86 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
89 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
90 size_t count, loff_t *ppos)
92 struct hci_dev *hdev = file->private_data;
95 size_t buf_size = min(count, (sizeof(buf)-1));
98 if (!test_bit(HCI_UP, &hdev->flags))
101 if (copy_from_user(buf, user_buf, buf_size))
104 buf[buf_size] = '\0';
105 if (strtobool(buf, &enable))
108 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
113 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
116 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
118 hci_req_unlock(hdev);
125 hci_dev_change_flag(hdev, HCI_DUT_MODE);
130 static const struct file_operations dut_mode_fops = {
132 .read = dut_mode_read,
133 .write = dut_mode_write,
134 .llseek = default_llseek,
137 /* ---- HCI requests ---- */
139 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result, u16 opcode,
142 BT_DBG("%s result 0x%2.2x", hdev->name, result);
144 if (hdev->req_status == HCI_REQ_PEND) {
145 hdev->req_result = result;
146 hdev->req_status = HCI_REQ_DONE;
148 hdev->req_skb = skb_get(skb);
149 wake_up_interruptible(&hdev->req_wait_q);
153 static void hci_req_cancel(struct hci_dev *hdev, int err)
155 BT_DBG("%s err 0x%2.2x", hdev->name, err);
157 if (hdev->req_status == HCI_REQ_PEND) {
158 hdev->req_result = err;
159 hdev->req_status = HCI_REQ_CANCELED;
160 wake_up_interruptible(&hdev->req_wait_q);
164 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
165 const void *param, u8 event, u32 timeout)
167 DECLARE_WAITQUEUE(wait, current);
168 struct hci_request req;
172 BT_DBG("%s", hdev->name);
174 hci_req_init(&req, hdev);
176 hci_req_add_ev(&req, opcode, plen, param, event);
178 hdev->req_status = HCI_REQ_PEND;
180 add_wait_queue(&hdev->req_wait_q, &wait);
181 set_current_state(TASK_INTERRUPTIBLE);
183 err = hci_req_run_skb(&req, hci_req_sync_complete);
185 remove_wait_queue(&hdev->req_wait_q, &wait);
186 set_current_state(TASK_RUNNING);
190 schedule_timeout(timeout);
192 remove_wait_queue(&hdev->req_wait_q, &wait);
194 if (signal_pending(current))
195 return ERR_PTR(-EINTR);
197 switch (hdev->req_status) {
199 err = -bt_to_errno(hdev->req_result);
202 case HCI_REQ_CANCELED:
203 err = -hdev->req_result;
211 hdev->req_status = hdev->req_result = 0;
213 hdev->req_skb = NULL;
215 BT_DBG("%s end: err %d", hdev->name, err);
223 return ERR_PTR(-ENODATA);
227 EXPORT_SYMBOL(__hci_cmd_sync_ev);
229 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
230 const void *param, u32 timeout)
232 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
234 EXPORT_SYMBOL(__hci_cmd_sync);
236 /* Execute request and wait for completion. */
237 static int __hci_req_sync(struct hci_dev *hdev,
238 void (*func)(struct hci_request *req,
240 unsigned long opt, __u32 timeout)
242 struct hci_request req;
243 DECLARE_WAITQUEUE(wait, current);
246 BT_DBG("%s start", hdev->name);
248 hci_req_init(&req, hdev);
250 hdev->req_status = HCI_REQ_PEND;
254 add_wait_queue(&hdev->req_wait_q, &wait);
255 set_current_state(TASK_INTERRUPTIBLE);
257 err = hci_req_run_skb(&req, hci_req_sync_complete);
259 hdev->req_status = 0;
261 remove_wait_queue(&hdev->req_wait_q, &wait);
262 set_current_state(TASK_RUNNING);
264 /* ENODATA means the HCI request command queue is empty.
265 * This can happen when a request with conditionals doesn't
266 * trigger any commands to be sent. This is normal behavior
267 * and should not trigger an error return.
275 schedule_timeout(timeout);
277 remove_wait_queue(&hdev->req_wait_q, &wait);
279 if (signal_pending(current))
282 switch (hdev->req_status) {
284 err = -bt_to_errno(hdev->req_result);
287 case HCI_REQ_CANCELED:
288 err = -hdev->req_result;
296 hdev->req_status = hdev->req_result = 0;
298 BT_DBG("%s end: err %d", hdev->name, err);
303 static int hci_req_sync(struct hci_dev *hdev,
304 void (*req)(struct hci_request *req,
306 unsigned long opt, __u32 timeout)
310 if (!test_bit(HCI_UP, &hdev->flags))
313 /* Serialize all requests */
315 ret = __hci_req_sync(hdev, req, opt, timeout);
316 hci_req_unlock(hdev);
321 static void hci_reset_req(struct hci_request *req, unsigned long opt)
323 BT_DBG("%s %ld", req->hdev->name, opt);
326 set_bit(HCI_RESET, &req->hdev->flags);
327 hci_req_add(req, HCI_OP_RESET, 0, NULL);
330 static void bredr_init(struct hci_request *req)
332 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
334 /* Read Local Supported Features */
335 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
337 /* Read Local Version */
338 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
340 /* Read BD Address */
341 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
344 static void amp_init1(struct hci_request *req)
346 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
348 /* Read Local Version */
349 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
351 /* Read Local Supported Commands */
352 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
354 /* Read Local AMP Info */
355 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
357 /* Read Data Blk size */
358 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
360 /* Read Flow Control Mode */
361 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
363 /* Read Location Data */
364 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
367 static void amp_init2(struct hci_request *req)
369 /* Read Local Supported Features. Not all AMP controllers
370 * support this so it's placed conditionally in the second
373 if (req->hdev->commands[14] & 0x20)
374 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
377 static void hci_init1_req(struct hci_request *req, unsigned long opt)
379 struct hci_dev *hdev = req->hdev;
381 BT_DBG("%s %ld", hdev->name, opt);
384 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
385 hci_reset_req(req, 0);
387 switch (hdev->dev_type) {
397 BT_ERR("Unknown device type %d", hdev->dev_type);
402 static void bredr_setup(struct hci_request *req)
407 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
408 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
410 /* Read Class of Device */
411 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
413 /* Read Local Name */
414 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
416 /* Read Voice Setting */
417 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
419 /* Read Number of Supported IAC */
420 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
422 /* Read Current IAC LAP */
423 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
425 /* Clear Event Filters */
426 flt_type = HCI_FLT_CLEAR_ALL;
427 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
429 /* Connection accept timeout ~20 secs */
430 param = cpu_to_le16(0x7d00);
431 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
434 static void le_setup(struct hci_request *req)
436 struct hci_dev *hdev = req->hdev;
438 /* Read LE Buffer Size */
439 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
441 /* Read LE Local Supported Features */
442 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
444 /* Read LE Supported States */
445 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
447 /* Read LE White List Size */
448 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
450 /* Clear LE White List */
451 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
453 /* LE-only controllers have LE implicitly enabled */
454 if (!lmp_bredr_capable(hdev))
455 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
458 static void hci_setup_event_mask(struct hci_request *req)
460 struct hci_dev *hdev = req->hdev;
462 /* The second byte is 0xff instead of 0x9f (two reserved bits
463 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
466 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
468 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
469 * any event mask for pre 1.2 devices.
471 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
474 if (lmp_bredr_capable(hdev)) {
475 events[4] |= 0x01; /* Flow Specification Complete */
476 events[4] |= 0x02; /* Inquiry Result with RSSI */
477 events[4] |= 0x04; /* Read Remote Extended Features Complete */
478 events[5] |= 0x08; /* Synchronous Connection Complete */
479 events[5] |= 0x10; /* Synchronous Connection Changed */
481 /* Use a different default for LE-only devices */
482 memset(events, 0, sizeof(events));
483 events[0] |= 0x10; /* Disconnection Complete */
484 events[1] |= 0x08; /* Read Remote Version Information Complete */
485 events[1] |= 0x20; /* Command Complete */
486 events[1] |= 0x40; /* Command Status */
487 events[1] |= 0x80; /* Hardware Error */
488 events[2] |= 0x04; /* Number of Completed Packets */
489 events[3] |= 0x02; /* Data Buffer Overflow */
491 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
492 events[0] |= 0x80; /* Encryption Change */
493 events[5] |= 0x80; /* Encryption Key Refresh Complete */
497 if (lmp_inq_rssi_capable(hdev))
498 events[4] |= 0x02; /* Inquiry Result with RSSI */
500 if (lmp_sniffsubr_capable(hdev))
501 events[5] |= 0x20; /* Sniff Subrating */
503 if (lmp_pause_enc_capable(hdev))
504 events[5] |= 0x80; /* Encryption Key Refresh Complete */
506 if (lmp_ext_inq_capable(hdev))
507 events[5] |= 0x40; /* Extended Inquiry Result */
509 if (lmp_no_flush_capable(hdev))
510 events[7] |= 0x01; /* Enhanced Flush Complete */
512 if (lmp_lsto_capable(hdev))
513 events[6] |= 0x80; /* Link Supervision Timeout Changed */
515 if (lmp_ssp_capable(hdev)) {
516 events[6] |= 0x01; /* IO Capability Request */
517 events[6] |= 0x02; /* IO Capability Response */
518 events[6] |= 0x04; /* User Confirmation Request */
519 events[6] |= 0x08; /* User Passkey Request */
520 events[6] |= 0x10; /* Remote OOB Data Request */
521 events[6] |= 0x20; /* Simple Pairing Complete */
522 events[7] |= 0x04; /* User Passkey Notification */
523 events[7] |= 0x08; /* Keypress Notification */
524 events[7] |= 0x10; /* Remote Host Supported
525 * Features Notification
529 if (lmp_le_capable(hdev))
530 events[7] |= 0x20; /* LE Meta-Event */
532 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
535 static void hci_init2_req(struct hci_request *req, unsigned long opt)
537 struct hci_dev *hdev = req->hdev;
539 if (hdev->dev_type == HCI_AMP)
540 return amp_init2(req);
542 if (lmp_bredr_capable(hdev))
545 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
547 if (lmp_le_capable(hdev))
550 /* All Bluetooth 1.2 and later controllers should support the
551 * HCI command for reading the local supported commands.
553 * Unfortunately some controllers indicate Bluetooth 1.2 support,
554 * but do not have support for this command. If that is the case,
555 * the driver can quirk the behavior and skip reading the local
556 * supported commands.
558 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
559 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
560 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
562 if (lmp_ssp_capable(hdev)) {
563 /* When SSP is available, then the host features page
564 * should also be available as well. However some
565 * controllers list the max_page as 0 as long as SSP
566 * has not been enabled. To achieve proper debugging
567 * output, force the minimum max_page to 1 at least.
569 hdev->max_page = 0x01;
571 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
574 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
575 sizeof(mode), &mode);
577 struct hci_cp_write_eir cp;
579 memset(hdev->eir, 0, sizeof(hdev->eir));
580 memset(&cp, 0, sizeof(cp));
582 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
586 if (lmp_inq_rssi_capable(hdev) ||
587 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
590 /* If Extended Inquiry Result events are supported, then
591 * they are clearly preferred over Inquiry Result with RSSI
594 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
596 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
599 if (lmp_inq_tx_pwr_capable(hdev))
600 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
602 if (lmp_ext_feat_capable(hdev)) {
603 struct hci_cp_read_local_ext_features cp;
606 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
610 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
612 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
617 static void hci_setup_link_policy(struct hci_request *req)
619 struct hci_dev *hdev = req->hdev;
620 struct hci_cp_write_def_link_policy cp;
623 if (lmp_rswitch_capable(hdev))
624 link_policy |= HCI_LP_RSWITCH;
625 if (lmp_hold_capable(hdev))
626 link_policy |= HCI_LP_HOLD;
627 if (lmp_sniff_capable(hdev))
628 link_policy |= HCI_LP_SNIFF;
629 if (lmp_park_capable(hdev))
630 link_policy |= HCI_LP_PARK;
632 cp.policy = cpu_to_le16(link_policy);
633 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
636 static void hci_set_le_support(struct hci_request *req)
638 struct hci_dev *hdev = req->hdev;
639 struct hci_cp_write_le_host_supported cp;
641 /* LE-only devices do not support explicit enablement */
642 if (!lmp_bredr_capable(hdev))
645 memset(&cp, 0, sizeof(cp));
647 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
652 if (cp.le != lmp_host_le_capable(hdev))
653 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
657 static void hci_set_event_mask_page_2(struct hci_request *req)
659 struct hci_dev *hdev = req->hdev;
660 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
662 /* If Connectionless Slave Broadcast master role is supported
663 * enable all necessary events for it.
665 if (lmp_csb_master_capable(hdev)) {
666 events[1] |= 0x40; /* Triggered Clock Capture */
667 events[1] |= 0x80; /* Synchronization Train Complete */
668 events[2] |= 0x10; /* Slave Page Response Timeout */
669 events[2] |= 0x20; /* CSB Channel Map Change */
672 /* If Connectionless Slave Broadcast slave role is supported
673 * enable all necessary events for it.
675 if (lmp_csb_slave_capable(hdev)) {
676 events[2] |= 0x01; /* Synchronization Train Received */
677 events[2] |= 0x02; /* CSB Receive */
678 events[2] |= 0x04; /* CSB Timeout */
679 events[2] |= 0x08; /* Truncated Page Complete */
682 /* Enable Authenticated Payload Timeout Expired event if supported */
683 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
686 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
689 static void hci_init3_req(struct hci_request *req, unsigned long opt)
691 struct hci_dev *hdev = req->hdev;
694 hci_setup_event_mask(req);
696 if (hdev->commands[6] & 0x20 &&
697 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
698 struct hci_cp_read_stored_link_key cp;
700 bacpy(&cp.bdaddr, BDADDR_ANY);
702 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
705 if (hdev->commands[5] & 0x10)
706 hci_setup_link_policy(req);
708 if (hdev->commands[8] & 0x01)
709 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
711 /* Some older Broadcom based Bluetooth 1.2 controllers do not
712 * support the Read Page Scan Type command. Check support for
713 * this command in the bit mask of supported commands.
715 if (hdev->commands[13] & 0x01)
716 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
718 if (lmp_le_capable(hdev)) {
721 memset(events, 0, sizeof(events));
724 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
725 events[0] |= 0x10; /* LE Long Term Key Request */
727 /* If controller supports the Connection Parameters Request
728 * Link Layer Procedure, enable the corresponding event.
730 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
731 events[0] |= 0x20; /* LE Remote Connection
735 /* If the controller supports the Data Length Extension
736 * feature, enable the corresponding event.
738 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
739 events[0] |= 0x40; /* LE Data Length Change */
741 /* If the controller supports Extended Scanner Filter
742 * Policies, enable the correspondig event.
744 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
745 events[1] |= 0x04; /* LE Direct Advertising
749 /* If the controller supports the LE Read Local P-256
750 * Public Key command, enable the corresponding event.
752 if (hdev->commands[34] & 0x02)
753 events[0] |= 0x80; /* LE Read Local P-256
754 * Public Key Complete
757 /* If the controller supports the LE Generate DHKey
758 * command, enable the corresponding event.
760 if (hdev->commands[34] & 0x04)
761 events[1] |= 0x01; /* LE Generate DHKey Complete */
763 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
766 if (hdev->commands[25] & 0x40) {
767 /* Read LE Advertising Channel TX Power */
768 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
771 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
772 /* Read LE Maximum Data Length */
773 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
775 /* Read LE Suggested Default Data Length */
776 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
779 hci_set_le_support(req);
782 /* Read features beyond page 1 if available */
783 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
784 struct hci_cp_read_local_ext_features cp;
787 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
792 static void hci_init4_req(struct hci_request *req, unsigned long opt)
794 struct hci_dev *hdev = req->hdev;
796 /* Some Broadcom based Bluetooth controllers do not support the
797 * Delete Stored Link Key command. They are clearly indicating its
798 * absence in the bit mask of supported commands.
800 * Check the supported commands and only if the the command is marked
801 * as supported send it. If not supported assume that the controller
802 * does not have actual support for stored link keys which makes this
803 * command redundant anyway.
805 * Some controllers indicate that they support handling deleting
806 * stored link keys, but they don't. The quirk lets a driver
807 * just disable this command.
809 if (hdev->commands[6] & 0x80 &&
810 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
811 struct hci_cp_delete_stored_link_key cp;
813 bacpy(&cp.bdaddr, BDADDR_ANY);
814 cp.delete_all = 0x01;
815 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
819 /* Set event mask page 2 if the HCI command for it is supported */
820 if (hdev->commands[22] & 0x04)
821 hci_set_event_mask_page_2(req);
823 /* Read local codec list if the HCI command is supported */
824 if (hdev->commands[29] & 0x20)
825 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
827 /* Get MWS transport configuration if the HCI command is supported */
828 if (hdev->commands[30] & 0x08)
829 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
831 /* Check for Synchronization Train support */
832 if (lmp_sync_train_capable(hdev))
833 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
835 /* Enable Secure Connections if supported and configured */
836 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
837 bredr_sc_enabled(hdev)) {
840 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
841 sizeof(support), &support);
845 static int __hci_init(struct hci_dev *hdev)
849 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
853 /* The Device Under Test (DUT) mode is special and available for
854 * all controller types. So just create it early on.
856 if (hci_dev_test_flag(hdev, HCI_SETUP)) {
857 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
861 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
865 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
866 * BR/EDR/LE type controllers. AMP controllers only need the
867 * first two stages of init.
869 if (hdev->dev_type != HCI_BREDR)
872 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
876 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
880 /* This function is only called when the controller is actually in
881 * configured state. When the controller is marked as unconfigured,
882 * this initialization procedure is not run.
884 * It means that it is possible that a controller runs through its
885 * setup phase and then discovers missing settings. If that is the
886 * case, then this function will not be called. It then will only
887 * be called during the config phase.
889 * So only when in setup phase or config phase, create the debugfs
890 * entries and register the SMP channels.
892 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
893 !hci_dev_test_flag(hdev, HCI_CONFIG))
896 hci_debugfs_create_common(hdev);
898 if (lmp_bredr_capable(hdev))
899 hci_debugfs_create_bredr(hdev);
901 if (lmp_le_capable(hdev))
902 hci_debugfs_create_le(hdev);
907 static void hci_init0_req(struct hci_request *req, unsigned long opt)
909 struct hci_dev *hdev = req->hdev;
911 BT_DBG("%s %ld", hdev->name, opt);
914 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
915 hci_reset_req(req, 0);
917 /* Read Local Version */
918 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
920 /* Read BD Address */
921 if (hdev->set_bdaddr)
922 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
925 static int __hci_unconf_init(struct hci_dev *hdev)
929 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
932 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT);
939 static void hci_scan_req(struct hci_request *req, unsigned long opt)
943 BT_DBG("%s %x", req->hdev->name, scan);
945 /* Inquiry and Page scans */
946 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
949 static void hci_auth_req(struct hci_request *req, unsigned long opt)
953 BT_DBG("%s %x", req->hdev->name, auth);
956 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
959 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
963 BT_DBG("%s %x", req->hdev->name, encrypt);
966 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
969 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
971 __le16 policy = cpu_to_le16(opt);
973 BT_DBG("%s %x", req->hdev->name, policy);
975 /* Default link policy */
976 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
979 /* Get HCI device by index.
980 * Device is held on return. */
981 struct hci_dev *hci_dev_get(int index)
983 struct hci_dev *hdev = NULL, *d;
990 read_lock(&hci_dev_list_lock);
991 list_for_each_entry(d, &hci_dev_list, list) {
992 if (d->id == index) {
993 hdev = hci_dev_hold(d);
997 read_unlock(&hci_dev_list_lock);
1001 /* ---- Inquiry support ---- */
1003 bool hci_discovery_active(struct hci_dev *hdev)
1005 struct discovery_state *discov = &hdev->discovery;
1007 switch (discov->state) {
1008 case DISCOVERY_FINDING:
1009 case DISCOVERY_RESOLVING:
1017 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1019 int old_state = hdev->discovery.state;
1021 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1023 if (old_state == state)
1026 hdev->discovery.state = state;
1029 case DISCOVERY_STOPPED:
1030 hci_update_background_scan(hdev);
1032 if (old_state != DISCOVERY_STARTING)
1033 mgmt_discovering(hdev, 0);
1035 case DISCOVERY_STARTING:
1037 case DISCOVERY_FINDING:
1038 mgmt_discovering(hdev, 1);
1040 case DISCOVERY_RESOLVING:
1042 case DISCOVERY_STOPPING:
1047 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1049 struct discovery_state *cache = &hdev->discovery;
1050 struct inquiry_entry *p, *n;
1052 list_for_each_entry_safe(p, n, &cache->all, all) {
1057 INIT_LIST_HEAD(&cache->unknown);
1058 INIT_LIST_HEAD(&cache->resolve);
1061 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1064 struct discovery_state *cache = &hdev->discovery;
1065 struct inquiry_entry *e;
1067 BT_DBG("cache %p, %pMR", cache, bdaddr);
1069 list_for_each_entry(e, &cache->all, all) {
1070 if (!bacmp(&e->data.bdaddr, bdaddr))
1077 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1080 struct discovery_state *cache = &hdev->discovery;
1081 struct inquiry_entry *e;
1083 BT_DBG("cache %p, %pMR", cache, bdaddr);
1085 list_for_each_entry(e, &cache->unknown, list) {
1086 if (!bacmp(&e->data.bdaddr, bdaddr))
1093 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1097 struct discovery_state *cache = &hdev->discovery;
1098 struct inquiry_entry *e;
1100 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1102 list_for_each_entry(e, &cache->resolve, list) {
1103 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1105 if (!bacmp(&e->data.bdaddr, bdaddr))
1112 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1113 struct inquiry_entry *ie)
1115 struct discovery_state *cache = &hdev->discovery;
1116 struct list_head *pos = &cache->resolve;
1117 struct inquiry_entry *p;
1119 list_del(&ie->list);
1121 list_for_each_entry(p, &cache->resolve, list) {
1122 if (p->name_state != NAME_PENDING &&
1123 abs(p->data.rssi) >= abs(ie->data.rssi))
1128 list_add(&ie->list, pos);
1131 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1134 struct discovery_state *cache = &hdev->discovery;
1135 struct inquiry_entry *ie;
1138 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1140 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1142 if (!data->ssp_mode)
1143 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1145 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1147 if (!ie->data.ssp_mode)
1148 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1150 if (ie->name_state == NAME_NEEDED &&
1151 data->rssi != ie->data.rssi) {
1152 ie->data.rssi = data->rssi;
1153 hci_inquiry_cache_update_resolve(hdev, ie);
1159 /* Entry not in the cache. Add new one. */
1160 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1162 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1166 list_add(&ie->all, &cache->all);
1169 ie->name_state = NAME_KNOWN;
1171 ie->name_state = NAME_NOT_KNOWN;
1172 list_add(&ie->list, &cache->unknown);
1176 if (name_known && ie->name_state != NAME_KNOWN &&
1177 ie->name_state != NAME_PENDING) {
1178 ie->name_state = NAME_KNOWN;
1179 list_del(&ie->list);
1182 memcpy(&ie->data, data, sizeof(*data));
1183 ie->timestamp = jiffies;
1184 cache->timestamp = jiffies;
1186 if (ie->name_state == NAME_NOT_KNOWN)
1187 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1193 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1195 struct discovery_state *cache = &hdev->discovery;
1196 struct inquiry_info *info = (struct inquiry_info *) buf;
1197 struct inquiry_entry *e;
1200 list_for_each_entry(e, &cache->all, all) {
1201 struct inquiry_data *data = &e->data;
1206 bacpy(&info->bdaddr, &data->bdaddr);
1207 info->pscan_rep_mode = data->pscan_rep_mode;
1208 info->pscan_period_mode = data->pscan_period_mode;
1209 info->pscan_mode = data->pscan_mode;
1210 memcpy(info->dev_class, data->dev_class, 3);
1211 info->clock_offset = data->clock_offset;
1217 BT_DBG("cache %p, copied %d", cache, copied);
1221 static void hci_inq_req(struct hci_request *req, unsigned long opt)
1223 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1224 struct hci_dev *hdev = req->hdev;
1225 struct hci_cp_inquiry cp;
1227 BT_DBG("%s", hdev->name);
1229 if (test_bit(HCI_INQUIRY, &hdev->flags))
1233 memcpy(&cp.lap, &ir->lap, 3);
1234 cp.length = ir->length;
1235 cp.num_rsp = ir->num_rsp;
1236 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1239 int hci_inquiry(void __user *arg)
1241 __u8 __user *ptr = arg;
1242 struct hci_inquiry_req ir;
1243 struct hci_dev *hdev;
1244 int err = 0, do_inquiry = 0, max_rsp;
1248 if (copy_from_user(&ir, ptr, sizeof(ir)))
1251 hdev = hci_dev_get(ir.dev_id);
1255 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1260 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1265 if (hdev->dev_type != HCI_BREDR) {
1270 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1276 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1277 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1278 hci_inquiry_cache_flush(hdev);
1281 hci_dev_unlock(hdev);
1283 timeo = ir.length * msecs_to_jiffies(2000);
1286 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1291 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1292 * cleared). If it is interrupted by a signal, return -EINTR.
1294 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1295 TASK_INTERRUPTIBLE))
1299 /* for unlimited number of responses we will use buffer with
1302 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1304 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1305 * copy it to the user space.
1307 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
1314 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1315 hci_dev_unlock(hdev);
1317 BT_DBG("num_rsp %d", ir.num_rsp);
1319 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1321 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1334 static int hci_dev_do_open(struct hci_dev *hdev)
1338 BT_DBG("%s %p", hdev->name, hdev);
1342 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1347 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1348 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1349 /* Check for rfkill but allow the HCI setup stage to
1350 * proceed (which in itself doesn't cause any RF activity).
1352 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1357 /* Check for valid public address or a configured static
1358 * random adddress, but let the HCI setup proceed to
1359 * be able to determine if there is a public address
1362 * In case of user channel usage, it is not important
1363 * if a public address or static random address is
1366 * This check is only valid for BR/EDR controllers
1367 * since AMP controllers do not have an address.
1369 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1370 hdev->dev_type == HCI_BREDR &&
1371 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1372 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1373 ret = -EADDRNOTAVAIL;
1378 if (test_bit(HCI_UP, &hdev->flags)) {
1383 if (hdev->open(hdev)) {
1388 set_bit(HCI_RUNNING, &hdev->flags);
1389 hci_notify(hdev, HCI_DEV_OPEN);
1391 atomic_set(&hdev->cmd_cnt, 1);
1392 set_bit(HCI_INIT, &hdev->flags);
1394 if (hci_dev_test_flag(hdev, HCI_SETUP)) {
1396 ret = hdev->setup(hdev);
1398 /* The transport driver can set these quirks before
1399 * creating the HCI device or in its setup callback.
1401 * In case any of them is set, the controller has to
1402 * start up as unconfigured.
1404 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1405 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
1406 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1408 /* For an unconfigured controller it is required to
1409 * read at least the version information provided by
1410 * the Read Local Version Information command.
1412 * If the set_bdaddr driver callback is provided, then
1413 * also the original Bluetooth public device address
1414 * will be read using the Read BD Address command.
1416 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1417 ret = __hci_unconf_init(hdev);
1420 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1421 /* If public address change is configured, ensure that
1422 * the address gets programmed. If the driver does not
1423 * support changing the public address, fail the power
1426 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1428 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1430 ret = -EADDRNOTAVAIL;
1434 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1435 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
1436 ret = __hci_init(hdev);
1439 clear_bit(HCI_INIT, &hdev->flags);
1443 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1444 set_bit(HCI_UP, &hdev->flags);
1445 hci_notify(hdev, HCI_DEV_UP);
1446 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1447 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1448 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1449 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1450 hdev->dev_type == HCI_BREDR) {
1452 mgmt_powered(hdev, 1);
1453 hci_dev_unlock(hdev);
1456 /* Init failed, cleanup */
1457 flush_work(&hdev->tx_work);
1458 flush_work(&hdev->cmd_work);
1459 flush_work(&hdev->rx_work);
1461 skb_queue_purge(&hdev->cmd_q);
1462 skb_queue_purge(&hdev->rx_q);
1467 if (hdev->sent_cmd) {
1468 kfree_skb(hdev->sent_cmd);
1469 hdev->sent_cmd = NULL;
1472 clear_bit(HCI_RUNNING, &hdev->flags);
1473 hci_notify(hdev, HCI_DEV_CLOSE);
1476 hdev->flags &= BIT(HCI_RAW);
1480 hci_req_unlock(hdev);
1484 /* ---- HCI ioctl helpers ---- */
1486 int hci_dev_open(__u16 dev)
1488 struct hci_dev *hdev;
1491 hdev = hci_dev_get(dev);
1495 /* Devices that are marked as unconfigured can only be powered
1496 * up as user channel. Trying to bring them up as normal devices
1497 * will result into a failure. Only user channel operation is
1500 * When this function is called for a user channel, the flag
1501 * HCI_USER_CHANNEL will be set first before attempting to
1504 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1505 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1510 /* We need to ensure that no other power on/off work is pending
1511 * before proceeding to call hci_dev_do_open. This is
1512 * particularly important if the setup procedure has not yet
1515 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1516 cancel_delayed_work(&hdev->power_off);
1518 /* After this call it is guaranteed that the setup procedure
1519 * has finished. This means that error conditions like RFKILL
1520 * or no valid public or static random address apply.
1522 flush_workqueue(hdev->req_workqueue);
1524 /* For controllers not using the management interface and that
1525 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1526 * so that pairing works for them. Once the management interface
1527 * is in use this bit will be cleared again and userspace has
1528 * to explicitly enable it.
1530 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1531 !hci_dev_test_flag(hdev, HCI_MGMT))
1532 hci_dev_set_flag(hdev, HCI_BONDABLE);
1534 err = hci_dev_do_open(hdev);
1541 /* This function requires the caller holds hdev->lock */
1542 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1544 struct hci_conn_params *p;
1546 list_for_each_entry(p, &hdev->le_conn_params, list) {
1548 hci_conn_drop(p->conn);
1549 hci_conn_put(p->conn);
1552 list_del_init(&p->action);
1555 BT_DBG("All LE pending actions cleared");
1558 int hci_dev_do_close(struct hci_dev *hdev)
1560 BT_DBG("%s %p", hdev->name, hdev);
1562 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1563 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1564 test_bit(HCI_UP, &hdev->flags)) {
1565 /* Execute vendor specific shutdown routine */
1567 hdev->shutdown(hdev);
1570 cancel_delayed_work(&hdev->power_off);
1572 hci_req_cancel(hdev, ENODEV);
1575 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1576 cancel_delayed_work_sync(&hdev->cmd_timer);
1577 hci_req_unlock(hdev);
1581 /* Flush RX and TX works */
1582 flush_work(&hdev->tx_work);
1583 flush_work(&hdev->rx_work);
1585 if (hdev->discov_timeout > 0) {
1586 cancel_delayed_work(&hdev->discov_off);
1587 hdev->discov_timeout = 0;
1588 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1589 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1592 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1593 cancel_delayed_work(&hdev->service_cache);
1595 cancel_delayed_work_sync(&hdev->le_scan_disable);
1596 cancel_delayed_work_sync(&hdev->le_scan_restart);
1598 if (hci_dev_test_flag(hdev, HCI_MGMT))
1599 cancel_delayed_work_sync(&hdev->rpa_expired);
1601 if (hdev->adv_instance_timeout) {
1602 cancel_delayed_work_sync(&hdev->adv_instance_expire);
1603 hdev->adv_instance_timeout = 0;
1606 /* Avoid potential lockdep warnings from the *_flush() calls by
1607 * ensuring the workqueue is empty up front.
1609 drain_workqueue(hdev->workqueue);
1613 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1615 if (!hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1616 if (hdev->dev_type == HCI_BREDR)
1617 mgmt_powered(hdev, 0);
1620 hci_inquiry_cache_flush(hdev);
1621 hci_pend_le_actions_clear(hdev);
1622 hci_conn_hash_flush(hdev);
1623 hci_dev_unlock(hdev);
1625 smp_unregister(hdev);
1627 hci_notify(hdev, HCI_DEV_DOWN);
1633 skb_queue_purge(&hdev->cmd_q);
1634 atomic_set(&hdev->cmd_cnt, 1);
1635 if (!hci_dev_test_flag(hdev, HCI_AUTO_OFF) &&
1636 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1637 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
1638 set_bit(HCI_INIT, &hdev->flags);
1639 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
1640 clear_bit(HCI_INIT, &hdev->flags);
1643 /* flush cmd work */
1644 flush_work(&hdev->cmd_work);
1647 skb_queue_purge(&hdev->rx_q);
1648 skb_queue_purge(&hdev->cmd_q);
1649 skb_queue_purge(&hdev->raw_q);
1651 /* Drop last sent command */
1652 if (hdev->sent_cmd) {
1653 cancel_delayed_work_sync(&hdev->cmd_timer);
1654 kfree_skb(hdev->sent_cmd);
1655 hdev->sent_cmd = NULL;
1658 clear_bit(HCI_RUNNING, &hdev->flags);
1659 hci_notify(hdev, HCI_DEV_CLOSE);
1661 /* After this point our queues are empty
1662 * and no tasks are scheduled. */
1666 hdev->flags &= BIT(HCI_RAW);
1667 hci_dev_clear_volatile_flags(hdev);
1669 /* Controller radio is available but is currently powered down */
1670 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1672 memset(hdev->eir, 0, sizeof(hdev->eir));
1673 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1674 bacpy(&hdev->random_addr, BDADDR_ANY);
1676 hci_req_unlock(hdev);
1682 int hci_dev_close(__u16 dev)
1684 struct hci_dev *hdev;
1687 hdev = hci_dev_get(dev);
1691 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1696 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1697 cancel_delayed_work(&hdev->power_off);
1699 err = hci_dev_do_close(hdev);
1706 static int hci_dev_do_reset(struct hci_dev *hdev)
1710 BT_DBG("%s %p", hdev->name, hdev);
1715 skb_queue_purge(&hdev->rx_q);
1716 skb_queue_purge(&hdev->cmd_q);
1718 /* Avoid potential lockdep warnings from the *_flush() calls by
1719 * ensuring the workqueue is empty up front.
1721 drain_workqueue(hdev->workqueue);
1724 hci_inquiry_cache_flush(hdev);
1725 hci_conn_hash_flush(hdev);
1726 hci_dev_unlock(hdev);
1731 atomic_set(&hdev->cmd_cnt, 1);
1732 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1734 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
1736 hci_req_unlock(hdev);
1740 int hci_dev_reset(__u16 dev)
1742 struct hci_dev *hdev;
1745 hdev = hci_dev_get(dev);
1749 if (!test_bit(HCI_UP, &hdev->flags)) {
1754 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1759 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1764 err = hci_dev_do_reset(hdev);
1771 int hci_dev_reset_stat(__u16 dev)
1773 struct hci_dev *hdev;
1776 hdev = hci_dev_get(dev);
1780 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1785 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1790 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1797 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1799 bool conn_changed, discov_changed;
1801 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1803 if ((scan & SCAN_PAGE))
1804 conn_changed = !hci_dev_test_and_set_flag(hdev,
1807 conn_changed = hci_dev_test_and_clear_flag(hdev,
1810 if ((scan & SCAN_INQUIRY)) {
1811 discov_changed = !hci_dev_test_and_set_flag(hdev,
1814 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1815 discov_changed = hci_dev_test_and_clear_flag(hdev,
1819 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1822 if (conn_changed || discov_changed) {
1823 /* In case this was disabled through mgmt */
1824 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1826 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1827 mgmt_update_adv_data(hdev);
1829 mgmt_new_settings(hdev);
1833 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1835 struct hci_dev *hdev;
1836 struct hci_dev_req dr;
1839 if (copy_from_user(&dr, arg, sizeof(dr)))
1842 hdev = hci_dev_get(dr.dev_id);
1846 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1851 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1856 if (hdev->dev_type != HCI_BREDR) {
1861 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1868 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1873 if (!lmp_encrypt_capable(hdev)) {
1878 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1879 /* Auth must be enabled first */
1880 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1886 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1891 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1894 /* Ensure that the connectable and discoverable states
1895 * get correctly modified as this was a non-mgmt change.
1898 hci_update_scan_state(hdev, dr.dev_opt);
1902 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1906 case HCISETLINKMODE:
1907 hdev->link_mode = ((__u16) dr.dev_opt) &
1908 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1912 hdev->pkt_type = (__u16) dr.dev_opt;
1916 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1917 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1921 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1922 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1935 int hci_get_dev_list(void __user *arg)
1937 struct hci_dev *hdev;
1938 struct hci_dev_list_req *dl;
1939 struct hci_dev_req *dr;
1940 int n = 0, size, err;
1943 if (get_user(dev_num, (__u16 __user *) arg))
1946 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1949 size = sizeof(*dl) + dev_num * sizeof(*dr);
1951 dl = kzalloc(size, GFP_KERNEL);
1957 read_lock(&hci_dev_list_lock);
1958 list_for_each_entry(hdev, &hci_dev_list, list) {
1959 unsigned long flags = hdev->flags;
1961 /* When the auto-off is configured it means the transport
1962 * is running, but in that case still indicate that the
1963 * device is actually down.
1965 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
1966 flags &= ~BIT(HCI_UP);
1968 (dr + n)->dev_id = hdev->id;
1969 (dr + n)->dev_opt = flags;
1974 read_unlock(&hci_dev_list_lock);
1977 size = sizeof(*dl) + n * sizeof(*dr);
1979 err = copy_to_user(arg, dl, size);
1982 return err ? -EFAULT : 0;
1985 int hci_get_dev_info(void __user *arg)
1987 struct hci_dev *hdev;
1988 struct hci_dev_info di;
1989 unsigned long flags;
1992 if (copy_from_user(&di, arg, sizeof(di)))
1995 hdev = hci_dev_get(di.dev_id);
1999 /* When the auto-off is configured it means the transport
2000 * is running, but in that case still indicate that the
2001 * device is actually down.
2003 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2004 flags = hdev->flags & ~BIT(HCI_UP);
2006 flags = hdev->flags;
2008 strcpy(di.name, hdev->name);
2009 di.bdaddr = hdev->bdaddr;
2010 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2012 di.pkt_type = hdev->pkt_type;
2013 if (lmp_bredr_capable(hdev)) {
2014 di.acl_mtu = hdev->acl_mtu;
2015 di.acl_pkts = hdev->acl_pkts;
2016 di.sco_mtu = hdev->sco_mtu;
2017 di.sco_pkts = hdev->sco_pkts;
2019 di.acl_mtu = hdev->le_mtu;
2020 di.acl_pkts = hdev->le_pkts;
2024 di.link_policy = hdev->link_policy;
2025 di.link_mode = hdev->link_mode;
2027 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2028 memcpy(&di.features, &hdev->features, sizeof(di.features));
2030 if (copy_to_user(arg, &di, sizeof(di)))
2038 /* ---- Interface to HCI drivers ---- */
2040 static int hci_rfkill_set_block(void *data, bool blocked)
2042 struct hci_dev *hdev = data;
2044 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2046 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2050 hci_dev_set_flag(hdev, HCI_RFKILLED);
2051 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2052 !hci_dev_test_flag(hdev, HCI_CONFIG))
2053 hci_dev_do_close(hdev);
2055 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2061 static const struct rfkill_ops hci_rfkill_ops = {
2062 .set_block = hci_rfkill_set_block,
2065 static void hci_power_on(struct work_struct *work)
2067 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2070 BT_DBG("%s", hdev->name);
2072 err = hci_dev_do_open(hdev);
2075 mgmt_set_powered_failed(hdev, err);
2076 hci_dev_unlock(hdev);
2080 /* During the HCI setup phase, a few error conditions are
2081 * ignored and they need to be checked now. If they are still
2082 * valid, it is important to turn the device back off.
2084 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2085 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2086 (hdev->dev_type == HCI_BREDR &&
2087 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2088 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2089 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2090 hci_dev_do_close(hdev);
2091 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2092 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2093 HCI_AUTO_OFF_TIMEOUT);
2096 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2097 /* For unconfigured devices, set the HCI_RAW flag
2098 * so that userspace can easily identify them.
2100 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2101 set_bit(HCI_RAW, &hdev->flags);
2103 /* For fully configured devices, this will send
2104 * the Index Added event. For unconfigured devices,
2105 * it will send Unconfigued Index Added event.
2107 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2108 * and no event will be send.
2110 mgmt_index_added(hdev);
2111 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2112 /* When the controller is now configured, then it
2113 * is important to clear the HCI_RAW flag.
2115 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2116 clear_bit(HCI_RAW, &hdev->flags);
2118 /* Powering on the controller with HCI_CONFIG set only
2119 * happens with the transition from unconfigured to
2120 * configured. This will send the Index Added event.
2122 mgmt_index_added(hdev);
2126 static void hci_power_off(struct work_struct *work)
2128 struct hci_dev *hdev = container_of(work, struct hci_dev,
2131 BT_DBG("%s", hdev->name);
2133 hci_dev_do_close(hdev);
2136 static void hci_error_reset(struct work_struct *work)
2138 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2140 BT_DBG("%s", hdev->name);
2143 hdev->hw_error(hdev, hdev->hw_error_code);
2145 BT_ERR("%s hardware error 0x%2.2x", hdev->name,
2146 hdev->hw_error_code);
2148 if (hci_dev_do_close(hdev))
2151 hci_dev_do_open(hdev);
2154 static void hci_discov_off(struct work_struct *work)
2156 struct hci_dev *hdev;
2158 hdev = container_of(work, struct hci_dev, discov_off.work);
2160 BT_DBG("%s", hdev->name);
2162 mgmt_discoverable_timeout(hdev);
2165 static void hci_adv_timeout_expire(struct work_struct *work)
2167 struct hci_dev *hdev;
2169 hdev = container_of(work, struct hci_dev, adv_instance_expire.work);
2171 BT_DBG("%s", hdev->name);
2173 mgmt_adv_timeout_expired(hdev);
2176 void hci_uuids_clear(struct hci_dev *hdev)
2178 struct bt_uuid *uuid, *tmp;
2180 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2181 list_del(&uuid->list);
2186 void hci_link_keys_clear(struct hci_dev *hdev)
2188 struct link_key *key;
2190 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
2191 list_del_rcu(&key->list);
2192 kfree_rcu(key, rcu);
2196 void hci_smp_ltks_clear(struct hci_dev *hdev)
2200 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2201 list_del_rcu(&k->list);
2206 void hci_smp_irks_clear(struct hci_dev *hdev)
2210 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2211 list_del_rcu(&k->list);
2216 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2221 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2222 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2232 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2233 u8 key_type, u8 old_key_type)
2236 if (key_type < 0x03)
2239 /* Debug keys are insecure so don't store them persistently */
2240 if (key_type == HCI_LK_DEBUG_COMBINATION)
2243 /* Changed combination key and there's no previous one */
2244 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2247 /* Security mode 3 case */
2251 /* BR/EDR key derived using SC from an LE link */
2252 if (conn->type == LE_LINK)
2255 /* Neither local nor remote side had no-bonding as requirement */
2256 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2259 /* Local side had dedicated bonding as requirement */
2260 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2263 /* Remote side had dedicated bonding as requirement */
2264 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2267 /* If none of the above criteria match, then don't store the key
2272 static u8 ltk_role(u8 type)
2274 if (type == SMP_LTK)
2275 return HCI_ROLE_MASTER;
2277 return HCI_ROLE_SLAVE;
2280 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2281 u8 addr_type, u8 role)
2286 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2287 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2290 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2300 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2302 struct smp_irk *irk;
2305 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2306 if (!bacmp(&irk->rpa, rpa)) {
2312 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2313 if (smp_irk_matches(hdev, irk->val, rpa)) {
2314 bacpy(&irk->rpa, rpa);
2324 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2327 struct smp_irk *irk;
2329 /* Identity Address must be public or static random */
2330 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2334 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2335 if (addr_type == irk->addr_type &&
2336 bacmp(bdaddr, &irk->bdaddr) == 0) {
2346 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2347 bdaddr_t *bdaddr, u8 *val, u8 type,
2348 u8 pin_len, bool *persistent)
2350 struct link_key *key, *old_key;
2353 old_key = hci_find_link_key(hdev, bdaddr);
2355 old_key_type = old_key->type;
2358 old_key_type = conn ? conn->key_type : 0xff;
2359 key = kzalloc(sizeof(*key), GFP_KERNEL);
2362 list_add_rcu(&key->list, &hdev->link_keys);
2365 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2367 /* Some buggy controller combinations generate a changed
2368 * combination key for legacy pairing even when there's no
2370 if (type == HCI_LK_CHANGED_COMBINATION &&
2371 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2372 type = HCI_LK_COMBINATION;
2374 conn->key_type = type;
2377 bacpy(&key->bdaddr, bdaddr);
2378 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2379 key->pin_len = pin_len;
2381 if (type == HCI_LK_CHANGED_COMBINATION)
2382 key->type = old_key_type;
2387 *persistent = hci_persistent_key(hdev, conn, type,
2393 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2394 u8 addr_type, u8 type, u8 authenticated,
2395 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2397 struct smp_ltk *key, *old_key;
2398 u8 role = ltk_role(type);
2400 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2404 key = kzalloc(sizeof(*key), GFP_KERNEL);
2407 list_add_rcu(&key->list, &hdev->long_term_keys);
2410 bacpy(&key->bdaddr, bdaddr);
2411 key->bdaddr_type = addr_type;
2412 memcpy(key->val, tk, sizeof(key->val));
2413 key->authenticated = authenticated;
2416 key->enc_size = enc_size;
2422 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2423 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2425 struct smp_irk *irk;
2427 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2429 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2433 bacpy(&irk->bdaddr, bdaddr);
2434 irk->addr_type = addr_type;
2436 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2439 memcpy(irk->val, val, 16);
2440 bacpy(&irk->rpa, rpa);
2445 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2447 struct link_key *key;
2449 key = hci_find_link_key(hdev, bdaddr);
2453 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2455 list_del_rcu(&key->list);
2456 kfree_rcu(key, rcu);
2461 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2466 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2467 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2470 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2472 list_del_rcu(&k->list);
2477 return removed ? 0 : -ENOENT;
2480 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2484 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2485 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2488 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2490 list_del_rcu(&k->list);
2495 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2498 struct smp_irk *irk;
2501 if (type == BDADDR_BREDR) {
2502 if (hci_find_link_key(hdev, bdaddr))
2507 /* Convert to HCI addr type which struct smp_ltk uses */
2508 if (type == BDADDR_LE_PUBLIC)
2509 addr_type = ADDR_LE_DEV_PUBLIC;
2511 addr_type = ADDR_LE_DEV_RANDOM;
2513 irk = hci_get_irk(hdev, bdaddr, addr_type);
2515 bdaddr = &irk->bdaddr;
2516 addr_type = irk->addr_type;
2520 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2521 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2531 /* HCI command timer function */
2532 static void hci_cmd_timeout(struct work_struct *work)
2534 struct hci_dev *hdev = container_of(work, struct hci_dev,
2537 if (hdev->sent_cmd) {
2538 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2539 u16 opcode = __le16_to_cpu(sent->opcode);
2541 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
2543 BT_ERR("%s command tx timeout", hdev->name);
2546 atomic_set(&hdev->cmd_cnt, 1);
2547 queue_work(hdev->workqueue, &hdev->cmd_work);
2550 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2551 bdaddr_t *bdaddr, u8 bdaddr_type)
2553 struct oob_data *data;
2555 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2556 if (bacmp(bdaddr, &data->bdaddr) != 0)
2558 if (data->bdaddr_type != bdaddr_type)
2566 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2569 struct oob_data *data;
2571 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2575 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2577 list_del(&data->list);
2583 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2585 struct oob_data *data, *n;
2587 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2588 list_del(&data->list);
2593 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2594 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2595 u8 *hash256, u8 *rand256)
2597 struct oob_data *data;
2599 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2601 data = kmalloc(sizeof(*data), GFP_KERNEL);
2605 bacpy(&data->bdaddr, bdaddr);
2606 data->bdaddr_type = bdaddr_type;
2607 list_add(&data->list, &hdev->remote_oob_data);
2610 if (hash192 && rand192) {
2611 memcpy(data->hash192, hash192, sizeof(data->hash192));
2612 memcpy(data->rand192, rand192, sizeof(data->rand192));
2613 if (hash256 && rand256)
2614 data->present = 0x03;
2616 memset(data->hash192, 0, sizeof(data->hash192));
2617 memset(data->rand192, 0, sizeof(data->rand192));
2618 if (hash256 && rand256)
2619 data->present = 0x02;
2621 data->present = 0x00;
2624 if (hash256 && rand256) {
2625 memcpy(data->hash256, hash256, sizeof(data->hash256));
2626 memcpy(data->rand256, rand256, sizeof(data->rand256));
2628 memset(data->hash256, 0, sizeof(data->hash256));
2629 memset(data->rand256, 0, sizeof(data->rand256));
2630 if (hash192 && rand192)
2631 data->present = 0x01;
2634 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2639 /* This function requires the caller holds hdev->lock */
2640 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2642 struct adv_info *adv_instance;
2644 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2645 if (adv_instance->instance == instance)
2646 return adv_instance;
2652 /* This function requires the caller holds hdev->lock */
2653 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance) {
2654 struct adv_info *cur_instance;
2656 cur_instance = hci_find_adv_instance(hdev, instance);
2660 if (cur_instance == list_last_entry(&hdev->adv_instances,
2661 struct adv_info, list))
2662 return list_first_entry(&hdev->adv_instances,
2663 struct adv_info, list);
2665 return list_next_entry(cur_instance, list);
2668 /* This function requires the caller holds hdev->lock */
2669 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2671 struct adv_info *adv_instance;
2673 adv_instance = hci_find_adv_instance(hdev, instance);
2677 BT_DBG("%s removing %dMR", hdev->name, instance);
2679 if (hdev->cur_adv_instance == instance && hdev->adv_instance_timeout) {
2680 cancel_delayed_work(&hdev->adv_instance_expire);
2681 hdev->adv_instance_timeout = 0;
2684 list_del(&adv_instance->list);
2685 kfree(adv_instance);
2687 hdev->adv_instance_cnt--;
2692 /* This function requires the caller holds hdev->lock */
2693 void hci_adv_instances_clear(struct hci_dev *hdev)
2695 struct adv_info *adv_instance, *n;
2697 if (hdev->adv_instance_timeout) {
2698 cancel_delayed_work(&hdev->adv_instance_expire);
2699 hdev->adv_instance_timeout = 0;
2702 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2703 list_del(&adv_instance->list);
2704 kfree(adv_instance);
2707 hdev->adv_instance_cnt = 0;
2710 /* This function requires the caller holds hdev->lock */
2711 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2712 u16 adv_data_len, u8 *adv_data,
2713 u16 scan_rsp_len, u8 *scan_rsp_data,
2714 u16 timeout, u16 duration)
2716 struct adv_info *adv_instance;
2718 adv_instance = hci_find_adv_instance(hdev, instance);
2720 memset(adv_instance->adv_data, 0,
2721 sizeof(adv_instance->adv_data));
2722 memset(adv_instance->scan_rsp_data, 0,
2723 sizeof(adv_instance->scan_rsp_data));
2725 if (hdev->adv_instance_cnt >= HCI_MAX_ADV_INSTANCES ||
2726 instance < 1 || instance > HCI_MAX_ADV_INSTANCES)
2729 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2733 adv_instance->pending = true;
2734 adv_instance->instance = instance;
2735 list_add(&adv_instance->list, &hdev->adv_instances);
2736 hdev->adv_instance_cnt++;
2739 adv_instance->flags = flags;
2740 adv_instance->adv_data_len = adv_data_len;
2741 adv_instance->scan_rsp_len = scan_rsp_len;
2744 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
2747 memcpy(adv_instance->scan_rsp_data,
2748 scan_rsp_data, scan_rsp_len);
2750 adv_instance->timeout = timeout;
2751 adv_instance->remaining_time = timeout;
2754 adv_instance->duration = HCI_DEFAULT_ADV_DURATION;
2756 adv_instance->duration = duration;
2758 BT_DBG("%s for %dMR", hdev->name, instance);
2763 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
2764 bdaddr_t *bdaddr, u8 type)
2766 struct bdaddr_list *b;
2768 list_for_each_entry(b, bdaddr_list, list) {
2769 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2776 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
2778 struct list_head *p, *n;
2780 list_for_each_safe(p, n, bdaddr_list) {
2781 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
2788 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2790 struct bdaddr_list *entry;
2792 if (!bacmp(bdaddr, BDADDR_ANY))
2795 if (hci_bdaddr_list_lookup(list, bdaddr, type))
2798 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
2802 bacpy(&entry->bdaddr, bdaddr);
2803 entry->bdaddr_type = type;
2805 list_add(&entry->list, list);
2810 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2812 struct bdaddr_list *entry;
2814 if (!bacmp(bdaddr, BDADDR_ANY)) {
2815 hci_bdaddr_list_clear(list);
2819 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
2823 list_del(&entry->list);
2829 /* This function requires the caller holds hdev->lock */
2830 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
2831 bdaddr_t *addr, u8 addr_type)
2833 struct hci_conn_params *params;
2835 list_for_each_entry(params, &hdev->le_conn_params, list) {
2836 if (bacmp(¶ms->addr, addr) == 0 &&
2837 params->addr_type == addr_type) {
2845 /* This function requires the caller holds hdev->lock */
2846 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
2847 bdaddr_t *addr, u8 addr_type)
2849 struct hci_conn_params *param;
2851 list_for_each_entry(param, list, action) {
2852 if (bacmp(¶m->addr, addr) == 0 &&
2853 param->addr_type == addr_type)
2860 /* This function requires the caller holds hdev->lock */
2861 struct hci_conn_params *hci_explicit_connect_lookup(struct hci_dev *hdev,
2865 struct hci_conn_params *param;
2867 list_for_each_entry(param, &hdev->pend_le_conns, action) {
2868 if (bacmp(¶m->addr, addr) == 0 &&
2869 param->addr_type == addr_type &&
2870 param->explicit_connect)
2874 list_for_each_entry(param, &hdev->pend_le_reports, action) {
2875 if (bacmp(¶m->addr, addr) == 0 &&
2876 param->addr_type == addr_type &&
2877 param->explicit_connect)
2884 /* This function requires the caller holds hdev->lock */
2885 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
2886 bdaddr_t *addr, u8 addr_type)
2888 struct hci_conn_params *params;
2890 params = hci_conn_params_lookup(hdev, addr, addr_type);
2894 params = kzalloc(sizeof(*params), GFP_KERNEL);
2896 BT_ERR("Out of memory");
2900 bacpy(¶ms->addr, addr);
2901 params->addr_type = addr_type;
2903 list_add(¶ms->list, &hdev->le_conn_params);
2904 INIT_LIST_HEAD(¶ms->action);
2906 params->conn_min_interval = hdev->le_conn_min_interval;
2907 params->conn_max_interval = hdev->le_conn_max_interval;
2908 params->conn_latency = hdev->le_conn_latency;
2909 params->supervision_timeout = hdev->le_supv_timeout;
2910 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2912 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2917 static void hci_conn_params_free(struct hci_conn_params *params)
2920 hci_conn_drop(params->conn);
2921 hci_conn_put(params->conn);
2924 list_del(¶ms->action);
2925 list_del(¶ms->list);
2929 /* This function requires the caller holds hdev->lock */
2930 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
2932 struct hci_conn_params *params;
2934 params = hci_conn_params_lookup(hdev, addr, addr_type);
2938 hci_conn_params_free(params);
2940 hci_update_background_scan(hdev);
2942 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2945 /* This function requires the caller holds hdev->lock */
2946 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
2948 struct hci_conn_params *params, *tmp;
2950 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
2951 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
2954 /* If trying to estabilish one time connection to disabled
2955 * device, leave the params, but mark them as just once.
2957 if (params->explicit_connect) {
2958 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2962 list_del(¶ms->list);
2966 BT_DBG("All LE disabled connection parameters were removed");
2969 /* This function requires the caller holds hdev->lock */
2970 void hci_conn_params_clear_all(struct hci_dev *hdev)
2972 struct hci_conn_params *params, *tmp;
2974 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
2975 hci_conn_params_free(params);
2977 hci_update_background_scan(hdev);
2979 BT_DBG("All LE connection parameters were removed");
2982 static void inquiry_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2985 BT_ERR("Failed to start inquiry: status %d", status);
2988 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2989 hci_dev_unlock(hdev);
2994 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status,
2997 /* General inquiry access code (GIAC) */
2998 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2999 struct hci_cp_inquiry cp;
3003 BT_ERR("Failed to disable LE scanning: status %d", status);
3007 hdev->discovery.scan_start = 0;
3009 switch (hdev->discovery.type) {
3010 case DISCOV_TYPE_LE:
3012 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3013 hci_dev_unlock(hdev);
3016 case DISCOV_TYPE_INTERLEAVED:
3019 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
3021 /* If we were running LE only scan, change discovery
3022 * state. If we were running both LE and BR/EDR inquiry
3023 * simultaneously, and BR/EDR inquiry is already
3024 * finished, stop discovery, otherwise BR/EDR inquiry
3025 * will stop discovery when finished. If we will resolve
3026 * remote device name, do not change discovery state.
3028 if (!test_bit(HCI_INQUIRY, &hdev->flags) &&
3029 hdev->discovery.state != DISCOVERY_RESOLVING)
3030 hci_discovery_set_state(hdev,
3033 struct hci_request req;
3035 hci_inquiry_cache_flush(hdev);
3037 hci_req_init(&req, hdev);
3039 memset(&cp, 0, sizeof(cp));
3040 memcpy(&cp.lap, lap, sizeof(cp.lap));
3041 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
3042 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3044 err = hci_req_run(&req, inquiry_complete);
3046 BT_ERR("Inquiry request failed: err %d", err);
3047 hci_discovery_set_state(hdev,
3052 hci_dev_unlock(hdev);
3057 static void le_scan_disable_work(struct work_struct *work)
3059 struct hci_dev *hdev = container_of(work, struct hci_dev,
3060 le_scan_disable.work);
3061 struct hci_request req;
3064 BT_DBG("%s", hdev->name);
3066 cancel_delayed_work_sync(&hdev->le_scan_restart);
3068 hci_req_init(&req, hdev);
3070 hci_req_add_le_scan_disable(&req);
3072 err = hci_req_run(&req, le_scan_disable_work_complete);
3074 BT_ERR("Disable LE scanning request failed: err %d", err);
3077 static void le_scan_restart_work_complete(struct hci_dev *hdev, u8 status,
3080 unsigned long timeout, duration, scan_start, now;
3082 BT_DBG("%s", hdev->name);
3085 BT_ERR("Failed to restart LE scan: status %d", status);
3089 if (!test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks) ||
3090 !hdev->discovery.scan_start)
3093 /* When the scan was started, hdev->le_scan_disable has been queued
3094 * after duration from scan_start. During scan restart this job
3095 * has been canceled, and we need to queue it again after proper
3096 * timeout, to make sure that scan does not run indefinitely.
3098 duration = hdev->discovery.scan_duration;
3099 scan_start = hdev->discovery.scan_start;
3101 if (now - scan_start <= duration) {
3104 if (now >= scan_start)
3105 elapsed = now - scan_start;
3107 elapsed = ULONG_MAX - scan_start + now;
3109 timeout = duration - elapsed;
3113 queue_delayed_work(hdev->workqueue,
3114 &hdev->le_scan_disable, timeout);
3117 static void le_scan_restart_work(struct work_struct *work)
3119 struct hci_dev *hdev = container_of(work, struct hci_dev,
3120 le_scan_restart.work);
3121 struct hci_request req;
3122 struct hci_cp_le_set_scan_enable cp;
3125 BT_DBG("%s", hdev->name);
3127 /* If controller is not scanning we are done. */
3128 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
3131 hci_req_init(&req, hdev);
3133 hci_req_add_le_scan_disable(&req);
3135 memset(&cp, 0, sizeof(cp));
3136 cp.enable = LE_SCAN_ENABLE;
3137 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3138 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
3140 err = hci_req_run(&req, le_scan_restart_work_complete);
3142 BT_ERR("Restart LE scan request failed: err %d", err);
3145 /* Copy the Identity Address of the controller.
3147 * If the controller has a public BD_ADDR, then by default use that one.
3148 * If this is a LE only controller without a public address, default to
3149 * the static random address.
3151 * For debugging purposes it is possible to force controllers with a
3152 * public address to use the static random address instead.
3154 * In case BR/EDR has been disabled on a dual-mode controller and
3155 * userspace has configured a static address, then that address
3156 * becomes the identity address instead of the public BR/EDR address.
3158 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3161 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
3162 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
3163 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3164 bacmp(&hdev->static_addr, BDADDR_ANY))) {
3165 bacpy(bdaddr, &hdev->static_addr);
3166 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3168 bacpy(bdaddr, &hdev->bdaddr);
3169 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3173 /* Alloc HCI device */
3174 struct hci_dev *hci_alloc_dev(void)
3176 struct hci_dev *hdev;
3178 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3182 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3183 hdev->esco_type = (ESCO_HV1);
3184 hdev->link_mode = (HCI_LM_ACCEPT);
3185 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3186 hdev->io_capability = 0x03; /* No Input No Output */
3187 hdev->manufacturer = 0xffff; /* Default to internal use */
3188 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3189 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3190 hdev->adv_instance_cnt = 0;
3191 hdev->cur_adv_instance = 0x00;
3192 hdev->adv_instance_timeout = 0;
3194 hdev->sniff_max_interval = 800;
3195 hdev->sniff_min_interval = 80;
3197 hdev->le_adv_channel_map = 0x07;
3198 hdev->le_adv_min_interval = 0x0800;
3199 hdev->le_adv_max_interval = 0x0800;
3200 hdev->le_scan_interval = 0x0060;
3201 hdev->le_scan_window = 0x0030;
3202 hdev->le_conn_min_interval = 0x0028;
3203 hdev->le_conn_max_interval = 0x0038;
3204 hdev->le_conn_latency = 0x0000;
3205 hdev->le_supv_timeout = 0x002a;
3206 hdev->le_def_tx_len = 0x001b;
3207 hdev->le_def_tx_time = 0x0148;
3208 hdev->le_max_tx_len = 0x001b;
3209 hdev->le_max_tx_time = 0x0148;
3210 hdev->le_max_rx_len = 0x001b;
3211 hdev->le_max_rx_time = 0x0148;
3213 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3214 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3215 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3216 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3218 mutex_init(&hdev->lock);
3219 mutex_init(&hdev->req_lock);
3221 INIT_LIST_HEAD(&hdev->mgmt_pending);
3222 INIT_LIST_HEAD(&hdev->blacklist);
3223 INIT_LIST_HEAD(&hdev->whitelist);
3224 INIT_LIST_HEAD(&hdev->uuids);
3225 INIT_LIST_HEAD(&hdev->link_keys);
3226 INIT_LIST_HEAD(&hdev->long_term_keys);
3227 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3228 INIT_LIST_HEAD(&hdev->remote_oob_data);
3229 INIT_LIST_HEAD(&hdev->le_white_list);
3230 INIT_LIST_HEAD(&hdev->le_conn_params);
3231 INIT_LIST_HEAD(&hdev->pend_le_conns);
3232 INIT_LIST_HEAD(&hdev->pend_le_reports);
3233 INIT_LIST_HEAD(&hdev->conn_hash.list);
3234 INIT_LIST_HEAD(&hdev->adv_instances);
3236 INIT_WORK(&hdev->rx_work, hci_rx_work);
3237 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3238 INIT_WORK(&hdev->tx_work, hci_tx_work);
3239 INIT_WORK(&hdev->power_on, hci_power_on);
3240 INIT_WORK(&hdev->error_reset, hci_error_reset);
3242 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3243 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
3244 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
3245 INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
3246 INIT_DELAYED_WORK(&hdev->adv_instance_expire, hci_adv_timeout_expire);
3248 skb_queue_head_init(&hdev->rx_q);
3249 skb_queue_head_init(&hdev->cmd_q);
3250 skb_queue_head_init(&hdev->raw_q);
3252 init_waitqueue_head(&hdev->req_wait_q);
3254 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3256 hci_init_sysfs(hdev);
3257 discovery_init(hdev);
3261 EXPORT_SYMBOL(hci_alloc_dev);
3263 /* Free HCI device */
3264 void hci_free_dev(struct hci_dev *hdev)
3266 /* will free via device release */
3267 put_device(&hdev->dev);
3269 EXPORT_SYMBOL(hci_free_dev);
3271 /* Register HCI device */
3272 int hci_register_dev(struct hci_dev *hdev)
3276 if (!hdev->open || !hdev->close || !hdev->send)
3279 /* Do not allow HCI_AMP devices to register at index 0,
3280 * so the index can be used as the AMP controller ID.
3282 switch (hdev->dev_type) {
3284 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
3287 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
3296 sprintf(hdev->name, "hci%d", id);
3299 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3301 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3302 WQ_MEM_RECLAIM, 1, hdev->name);
3303 if (!hdev->workqueue) {
3308 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3309 WQ_MEM_RECLAIM, 1, hdev->name);
3310 if (!hdev->req_workqueue) {
3311 destroy_workqueue(hdev->workqueue);
3316 if (!IS_ERR_OR_NULL(bt_debugfs))
3317 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3319 dev_set_name(&hdev->dev, "%s", hdev->name);
3321 error = device_add(&hdev->dev);
3325 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3326 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3329 if (rfkill_register(hdev->rfkill) < 0) {
3330 rfkill_destroy(hdev->rfkill);
3331 hdev->rfkill = NULL;
3335 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3336 hci_dev_set_flag(hdev, HCI_RFKILLED);
3338 hci_dev_set_flag(hdev, HCI_SETUP);
3339 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3341 if (hdev->dev_type == HCI_BREDR) {
3342 /* Assume BR/EDR support until proven otherwise (such as
3343 * through reading supported features during init.
3345 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3348 write_lock(&hci_dev_list_lock);
3349 list_add(&hdev->list, &hci_dev_list);
3350 write_unlock(&hci_dev_list_lock);
3352 /* Devices that are marked for raw-only usage are unconfigured
3353 * and should not be included in normal operation.
3355 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3356 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3358 hci_notify(hdev, HCI_DEV_REG);
3361 queue_work(hdev->req_workqueue, &hdev->power_on);
3366 destroy_workqueue(hdev->workqueue);
3367 destroy_workqueue(hdev->req_workqueue);
3369 ida_simple_remove(&hci_index_ida, hdev->id);
3373 EXPORT_SYMBOL(hci_register_dev);
3375 /* Unregister HCI device */
3376 void hci_unregister_dev(struct hci_dev *hdev)
3380 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3382 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3386 write_lock(&hci_dev_list_lock);
3387 list_del(&hdev->list);
3388 write_unlock(&hci_dev_list_lock);
3390 hci_dev_do_close(hdev);
3392 cancel_work_sync(&hdev->power_on);
3394 if (!test_bit(HCI_INIT, &hdev->flags) &&
3395 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3396 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
3398 mgmt_index_removed(hdev);
3399 hci_dev_unlock(hdev);
3402 /* mgmt_index_removed should take care of emptying the
3404 BUG_ON(!list_empty(&hdev->mgmt_pending));
3406 hci_notify(hdev, HCI_DEV_UNREG);
3409 rfkill_unregister(hdev->rfkill);
3410 rfkill_destroy(hdev->rfkill);
3413 device_del(&hdev->dev);
3415 debugfs_remove_recursive(hdev->debugfs);
3417 destroy_workqueue(hdev->workqueue);
3418 destroy_workqueue(hdev->req_workqueue);
3421 hci_bdaddr_list_clear(&hdev->blacklist);
3422 hci_bdaddr_list_clear(&hdev->whitelist);
3423 hci_uuids_clear(hdev);
3424 hci_link_keys_clear(hdev);
3425 hci_smp_ltks_clear(hdev);
3426 hci_smp_irks_clear(hdev);
3427 hci_remote_oob_data_clear(hdev);
3428 hci_adv_instances_clear(hdev);
3429 hci_bdaddr_list_clear(&hdev->le_white_list);
3430 hci_conn_params_clear_all(hdev);
3431 hci_discovery_filter_clear(hdev);
3432 hci_dev_unlock(hdev);
3436 ida_simple_remove(&hci_index_ida, id);
3438 EXPORT_SYMBOL(hci_unregister_dev);
3440 /* Suspend HCI device */
3441 int hci_suspend_dev(struct hci_dev *hdev)
3443 hci_notify(hdev, HCI_DEV_SUSPEND);
3446 EXPORT_SYMBOL(hci_suspend_dev);
3448 /* Resume HCI device */
3449 int hci_resume_dev(struct hci_dev *hdev)
3451 hci_notify(hdev, HCI_DEV_RESUME);
3454 EXPORT_SYMBOL(hci_resume_dev);
3456 /* Reset HCI device */
3457 int hci_reset_dev(struct hci_dev *hdev)
3459 const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
3460 struct sk_buff *skb;
3462 skb = bt_skb_alloc(3, GFP_ATOMIC);
3466 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3467 memcpy(skb_put(skb, 3), hw_err, 3);
3469 /* Send Hardware Error to upper stack */
3470 return hci_recv_frame(hdev, skb);
3472 EXPORT_SYMBOL(hci_reset_dev);
3474 /* Receive frame from HCI drivers */
3475 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3477 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3478 && !test_bit(HCI_INIT, &hdev->flags))) {
3484 bt_cb(skb)->incoming = 1;
3487 __net_timestamp(skb);
3489 skb_queue_tail(&hdev->rx_q, skb);
3490 queue_work(hdev->workqueue, &hdev->rx_work);
3494 EXPORT_SYMBOL(hci_recv_frame);
3496 /* Receive diagnostic message from HCI drivers */
3497 int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
3500 __net_timestamp(skb);
3502 /* Mark as diagnostic packet and send to monitor */
3503 bt_cb(skb)->pkt_type = HCI_DIAG_PKT;
3504 hci_send_to_monitor(hdev, skb);
3509 EXPORT_SYMBOL(hci_recv_diag);
3511 /* ---- Interface to upper protocols ---- */
3513 int hci_register_cb(struct hci_cb *cb)
3515 BT_DBG("%p name %s", cb, cb->name);
3517 mutex_lock(&hci_cb_list_lock);
3518 list_add_tail(&cb->list, &hci_cb_list);
3519 mutex_unlock(&hci_cb_list_lock);
3523 EXPORT_SYMBOL(hci_register_cb);
3525 int hci_unregister_cb(struct hci_cb *cb)
3527 BT_DBG("%p name %s", cb, cb->name);
3529 mutex_lock(&hci_cb_list_lock);
3530 list_del(&cb->list);
3531 mutex_unlock(&hci_cb_list_lock);
3535 EXPORT_SYMBOL(hci_unregister_cb);
3537 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
3541 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
3544 __net_timestamp(skb);
3546 /* Send copy to monitor */
3547 hci_send_to_monitor(hdev, skb);
3549 if (atomic_read(&hdev->promisc)) {
3550 /* Send copy to the sockets */
3551 hci_send_to_sock(hdev, skb);
3554 /* Get rid of skb owner, prior to sending to the driver. */
3557 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3562 err = hdev->send(hdev, skb);
3564 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
3569 /* Send HCI command */
3570 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3573 struct sk_buff *skb;
3575 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3577 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3579 BT_ERR("%s no memory for command", hdev->name);
3583 /* Stand-alone HCI commands must be flagged as
3584 * single-command requests.
3586 bt_cb(skb)->req.start = true;
3588 skb_queue_tail(&hdev->cmd_q, skb);
3589 queue_work(hdev->workqueue, &hdev->cmd_work);
3594 /* Get data from the previously sent command */
3595 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
3597 struct hci_command_hdr *hdr;
3599 if (!hdev->sent_cmd)
3602 hdr = (void *) hdev->sent_cmd->data;
3604 if (hdr->opcode != cpu_to_le16(opcode))
3607 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3609 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3612 /* Send HCI command and wait for command commplete event */
3613 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
3614 const void *param, u32 timeout)
3616 struct sk_buff *skb;
3618 if (!test_bit(HCI_UP, &hdev->flags))
3619 return ERR_PTR(-ENETDOWN);
3621 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
3624 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
3625 hci_req_unlock(hdev);
3629 EXPORT_SYMBOL(hci_cmd_sync);
3632 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3634 struct hci_acl_hdr *hdr;
3637 skb_push(skb, HCI_ACL_HDR_SIZE);
3638 skb_reset_transport_header(skb);
3639 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
3640 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3641 hdr->dlen = cpu_to_le16(len);
3644 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
3645 struct sk_buff *skb, __u16 flags)
3647 struct hci_conn *conn = chan->conn;
3648 struct hci_dev *hdev = conn->hdev;
3649 struct sk_buff *list;
3651 skb->len = skb_headlen(skb);
3654 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
3656 switch (hdev->dev_type) {
3658 hci_add_acl_hdr(skb, conn->handle, flags);
3661 hci_add_acl_hdr(skb, chan->handle, flags);
3664 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3668 list = skb_shinfo(skb)->frag_list;
3670 /* Non fragmented */
3671 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3673 skb_queue_tail(queue, skb);
3676 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3678 skb_shinfo(skb)->frag_list = NULL;
3680 /* Queue all fragments atomically. We need to use spin_lock_bh
3681 * here because of 6LoWPAN links, as there this function is
3682 * called from softirq and using normal spin lock could cause
3685 spin_lock_bh(&queue->lock);
3687 __skb_queue_tail(queue, skb);
3689 flags &= ~ACL_START;
3692 skb = list; list = list->next;
3694 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
3695 hci_add_acl_hdr(skb, conn->handle, flags);
3697 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3699 __skb_queue_tail(queue, skb);
3702 spin_unlock_bh(&queue->lock);
3706 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3708 struct hci_dev *hdev = chan->conn->hdev;
3710 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
3712 hci_queue_acl(chan, &chan->data_q, skb, flags);
3714 queue_work(hdev->workqueue, &hdev->tx_work);
3718 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
3720 struct hci_dev *hdev = conn->hdev;
3721 struct hci_sco_hdr hdr;
3723 BT_DBG("%s len %d", hdev->name, skb->len);
3725 hdr.handle = cpu_to_le16(conn->handle);
3726 hdr.dlen = skb->len;
3728 skb_push(skb, HCI_SCO_HDR_SIZE);
3729 skb_reset_transport_header(skb);
3730 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
3732 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
3734 skb_queue_tail(&conn->data_q, skb);
3735 queue_work(hdev->workqueue, &hdev->tx_work);
3738 /* ---- HCI TX task (outgoing data) ---- */
3740 /* HCI Connection scheduler */
3741 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3744 struct hci_conn_hash *h = &hdev->conn_hash;
3745 struct hci_conn *conn = NULL, *c;
3746 unsigned int num = 0, min = ~0;
3748 /* We don't have to lock device here. Connections are always
3749 * added and removed with TX task disabled. */
3753 list_for_each_entry_rcu(c, &h->list, list) {
3754 if (c->type != type || skb_queue_empty(&c->data_q))
3757 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3762 if (c->sent < min) {
3767 if (hci_conn_num(hdev, type) == num)
3776 switch (conn->type) {
3778 cnt = hdev->acl_cnt;
3782 cnt = hdev->sco_cnt;
3785 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3789 BT_ERR("Unknown link type");
3797 BT_DBG("conn %p quote %d", conn, *quote);
3801 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
3803 struct hci_conn_hash *h = &hdev->conn_hash;
3806 BT_ERR("%s link tx timeout", hdev->name);
3810 /* Kill stalled connections */
3811 list_for_each_entry_rcu(c, &h->list, list) {
3812 if (c->type == type && c->sent) {
3813 BT_ERR("%s killing stalled connection %pMR",
3814 hdev->name, &c->dst);
3815 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
3822 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3825 struct hci_conn_hash *h = &hdev->conn_hash;
3826 struct hci_chan *chan = NULL;
3827 unsigned int num = 0, min = ~0, cur_prio = 0;
3828 struct hci_conn *conn;
3829 int cnt, q, conn_num = 0;
3831 BT_DBG("%s", hdev->name);
3835 list_for_each_entry_rcu(conn, &h->list, list) {
3836 struct hci_chan *tmp;
3838 if (conn->type != type)
3841 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3846 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
3847 struct sk_buff *skb;
3849 if (skb_queue_empty(&tmp->data_q))
3852 skb = skb_peek(&tmp->data_q);
3853 if (skb->priority < cur_prio)
3856 if (skb->priority > cur_prio) {
3859 cur_prio = skb->priority;
3864 if (conn->sent < min) {
3870 if (hci_conn_num(hdev, type) == conn_num)
3879 switch (chan->conn->type) {
3881 cnt = hdev->acl_cnt;
3884 cnt = hdev->block_cnt;
3888 cnt = hdev->sco_cnt;
3891 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3895 BT_ERR("Unknown link type");
3900 BT_DBG("chan %p quote %d", chan, *quote);
3904 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3906 struct hci_conn_hash *h = &hdev->conn_hash;
3907 struct hci_conn *conn;
3910 BT_DBG("%s", hdev->name);
3914 list_for_each_entry_rcu(conn, &h->list, list) {
3915 struct hci_chan *chan;
3917 if (conn->type != type)
3920 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3925 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3926 struct sk_buff *skb;
3933 if (skb_queue_empty(&chan->data_q))
3936 skb = skb_peek(&chan->data_q);
3937 if (skb->priority >= HCI_PRIO_MAX - 1)
3940 skb->priority = HCI_PRIO_MAX - 1;
3942 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3946 if (hci_conn_num(hdev, type) == num)
3954 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3956 /* Calculate count of blocks used by this packet */
3957 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3960 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3962 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
3963 /* ACL tx timeout must be longer than maximum
3964 * link supervision timeout (40.9 seconds) */
3965 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3966 HCI_ACL_TX_TIMEOUT))
3967 hci_link_tx_to(hdev, ACL_LINK);
3971 static void hci_sched_acl_pkt(struct hci_dev *hdev)
3973 unsigned int cnt = hdev->acl_cnt;
3974 struct hci_chan *chan;
3975 struct sk_buff *skb;
3978 __check_timeout(hdev, cnt);
3980 while (hdev->acl_cnt &&
3981 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
3982 u32 priority = (skb_peek(&chan->data_q))->priority;
3983 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3984 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3985 skb->len, skb->priority);
3987 /* Stop if priority has changed */
3988 if (skb->priority < priority)
3991 skb = skb_dequeue(&chan->data_q);
3993 hci_conn_enter_active_mode(chan->conn,
3994 bt_cb(skb)->force_active);
3996 hci_send_frame(hdev, skb);
3997 hdev->acl_last_tx = jiffies;
4005 if (cnt != hdev->acl_cnt)
4006 hci_prio_recalculate(hdev, ACL_LINK);
4009 static void hci_sched_acl_blk(struct hci_dev *hdev)
4011 unsigned int cnt = hdev->block_cnt;
4012 struct hci_chan *chan;
4013 struct sk_buff *skb;
4017 __check_timeout(hdev, cnt);
4019 BT_DBG("%s", hdev->name);
4021 if (hdev->dev_type == HCI_AMP)
4026 while (hdev->block_cnt > 0 &&
4027 (chan = hci_chan_sent(hdev, type, "e))) {
4028 u32 priority = (skb_peek(&chan->data_q))->priority;
4029 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
4032 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4033 skb->len, skb->priority);
4035 /* Stop if priority has changed */
4036 if (skb->priority < priority)
4039 skb = skb_dequeue(&chan->data_q);
4041 blocks = __get_blocks(hdev, skb);
4042 if (blocks > hdev->block_cnt)
4045 hci_conn_enter_active_mode(chan->conn,
4046 bt_cb(skb)->force_active);
4048 hci_send_frame(hdev, skb);
4049 hdev->acl_last_tx = jiffies;
4051 hdev->block_cnt -= blocks;
4054 chan->sent += blocks;
4055 chan->conn->sent += blocks;
4059 if (cnt != hdev->block_cnt)
4060 hci_prio_recalculate(hdev, type);
4063 static void hci_sched_acl(struct hci_dev *hdev)
4065 BT_DBG("%s", hdev->name);
4067 /* No ACL link over BR/EDR controller */
4068 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
4071 /* No AMP link over AMP controller */
4072 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
4075 switch (hdev->flow_ctl_mode) {
4076 case HCI_FLOW_CTL_MODE_PACKET_BASED:
4077 hci_sched_acl_pkt(hdev);
4080 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
4081 hci_sched_acl_blk(hdev);
4087 static void hci_sched_sco(struct hci_dev *hdev)
4089 struct hci_conn *conn;
4090 struct sk_buff *skb;
4093 BT_DBG("%s", hdev->name);
4095 if (!hci_conn_num(hdev, SCO_LINK))
4098 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
4099 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4100 BT_DBG("skb %p len %d", skb, skb->len);
4101 hci_send_frame(hdev, skb);
4104 if (conn->sent == ~0)
4110 static void hci_sched_esco(struct hci_dev *hdev)
4112 struct hci_conn *conn;
4113 struct sk_buff *skb;
4116 BT_DBG("%s", hdev->name);
4118 if (!hci_conn_num(hdev, ESCO_LINK))
4121 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
4123 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4124 BT_DBG("skb %p len %d", skb, skb->len);
4125 hci_send_frame(hdev, skb);
4128 if (conn->sent == ~0)
4134 static void hci_sched_le(struct hci_dev *hdev)
4136 struct hci_chan *chan;
4137 struct sk_buff *skb;
4138 int quote, cnt, tmp;
4140 BT_DBG("%s", hdev->name);
4142 if (!hci_conn_num(hdev, LE_LINK))
4145 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
4146 /* LE tx timeout must be longer than maximum
4147 * link supervision timeout (40.9 seconds) */
4148 if (!hdev->le_cnt && hdev->le_pkts &&
4149 time_after(jiffies, hdev->le_last_tx + HZ * 45))
4150 hci_link_tx_to(hdev, LE_LINK);
4153 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
4155 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
4156 u32 priority = (skb_peek(&chan->data_q))->priority;
4157 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4158 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4159 skb->len, skb->priority);
4161 /* Stop if priority has changed */
4162 if (skb->priority < priority)
4165 skb = skb_dequeue(&chan->data_q);
4167 hci_send_frame(hdev, skb);
4168 hdev->le_last_tx = jiffies;
4179 hdev->acl_cnt = cnt;
4182 hci_prio_recalculate(hdev, LE_LINK);
4185 static void hci_tx_work(struct work_struct *work)
4187 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4188 struct sk_buff *skb;
4190 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4191 hdev->sco_cnt, hdev->le_cnt);
4193 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4194 /* Schedule queues and send stuff to HCI driver */
4195 hci_sched_acl(hdev);
4196 hci_sched_sco(hdev);
4197 hci_sched_esco(hdev);
4201 /* Send next queued raw (unknown type) packet */
4202 while ((skb = skb_dequeue(&hdev->raw_q)))
4203 hci_send_frame(hdev, skb);
4206 /* ----- HCI RX task (incoming data processing) ----- */
4208 /* ACL data packet */
4209 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4211 struct hci_acl_hdr *hdr = (void *) skb->data;
4212 struct hci_conn *conn;
4213 __u16 handle, flags;
4215 skb_pull(skb, HCI_ACL_HDR_SIZE);
4217 handle = __le16_to_cpu(hdr->handle);
4218 flags = hci_flags(handle);
4219 handle = hci_handle(handle);
4221 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4224 hdev->stat.acl_rx++;
4227 conn = hci_conn_hash_lookup_handle(hdev, handle);
4228 hci_dev_unlock(hdev);
4231 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4233 /* Send to upper protocol */
4234 l2cap_recv_acldata(conn, skb, flags);
4237 BT_ERR("%s ACL packet for unknown connection handle %d",
4238 hdev->name, handle);
4244 /* SCO data packet */
4245 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4247 struct hci_sco_hdr *hdr = (void *) skb->data;
4248 struct hci_conn *conn;
4251 skb_pull(skb, HCI_SCO_HDR_SIZE);
4253 handle = __le16_to_cpu(hdr->handle);
4255 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
4257 hdev->stat.sco_rx++;
4260 conn = hci_conn_hash_lookup_handle(hdev, handle);
4261 hci_dev_unlock(hdev);
4264 /* Send to upper protocol */
4265 sco_recv_scodata(conn, skb);
4268 BT_ERR("%s SCO packet for unknown connection handle %d",
4269 hdev->name, handle);
4275 static bool hci_req_is_complete(struct hci_dev *hdev)
4277 struct sk_buff *skb;
4279 skb = skb_peek(&hdev->cmd_q);
4283 return bt_cb(skb)->req.start;
4286 static void hci_resend_last(struct hci_dev *hdev)
4288 struct hci_command_hdr *sent;
4289 struct sk_buff *skb;
4292 if (!hdev->sent_cmd)
4295 sent = (void *) hdev->sent_cmd->data;
4296 opcode = __le16_to_cpu(sent->opcode);
4297 if (opcode == HCI_OP_RESET)
4300 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4304 skb_queue_head(&hdev->cmd_q, skb);
4305 queue_work(hdev->workqueue, &hdev->cmd_work);
4308 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4309 hci_req_complete_t *req_complete,
4310 hci_req_complete_skb_t *req_complete_skb)
4312 struct sk_buff *skb;
4313 unsigned long flags;
4315 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4317 /* If the completed command doesn't match the last one that was
4318 * sent we need to do special handling of it.
4320 if (!hci_sent_cmd_data(hdev, opcode)) {
4321 /* Some CSR based controllers generate a spontaneous
4322 * reset complete event during init and any pending
4323 * command will never be completed. In such a case we
4324 * need to resend whatever was the last sent
4327 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4328 hci_resend_last(hdev);
4333 /* If the command succeeded and there's still more commands in
4334 * this request the request is not yet complete.
4336 if (!status && !hci_req_is_complete(hdev))
4339 /* If this was the last command in a request the complete
4340 * callback would be found in hdev->sent_cmd instead of the
4341 * command queue (hdev->cmd_q).
4343 if (bt_cb(hdev->sent_cmd)->req.complete) {
4344 *req_complete = bt_cb(hdev->sent_cmd)->req.complete;
4348 if (bt_cb(hdev->sent_cmd)->req.complete_skb) {
4349 *req_complete_skb = bt_cb(hdev->sent_cmd)->req.complete_skb;
4353 /* Remove all pending commands belonging to this request */
4354 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4355 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4356 if (bt_cb(skb)->req.start) {
4357 __skb_queue_head(&hdev->cmd_q, skb);
4361 *req_complete = bt_cb(skb)->req.complete;
4362 *req_complete_skb = bt_cb(skb)->req.complete_skb;
4365 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4368 static void hci_rx_work(struct work_struct *work)
4370 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4371 struct sk_buff *skb;
4373 BT_DBG("%s", hdev->name);
4375 while ((skb = skb_dequeue(&hdev->rx_q))) {
4376 /* Send copy to monitor */
4377 hci_send_to_monitor(hdev, skb);
4379 if (atomic_read(&hdev->promisc)) {
4380 /* Send copy to the sockets */
4381 hci_send_to_sock(hdev, skb);
4384 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4389 if (test_bit(HCI_INIT, &hdev->flags)) {
4390 /* Don't process data packets in this states. */
4391 switch (bt_cb(skb)->pkt_type) {
4392 case HCI_ACLDATA_PKT:
4393 case HCI_SCODATA_PKT:
4400 switch (bt_cb(skb)->pkt_type) {
4402 BT_DBG("%s Event packet", hdev->name);
4403 hci_event_packet(hdev, skb);
4406 case HCI_ACLDATA_PKT:
4407 BT_DBG("%s ACL data packet", hdev->name);
4408 hci_acldata_packet(hdev, skb);
4411 case HCI_SCODATA_PKT:
4412 BT_DBG("%s SCO data packet", hdev->name);
4413 hci_scodata_packet(hdev, skb);
4423 static void hci_cmd_work(struct work_struct *work)
4425 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4426 struct sk_buff *skb;
4428 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4429 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4431 /* Send queued commands */
4432 if (atomic_read(&hdev->cmd_cnt)) {
4433 skb = skb_dequeue(&hdev->cmd_q);
4437 kfree_skb(hdev->sent_cmd);
4439 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4440 if (hdev->sent_cmd) {
4441 atomic_dec(&hdev->cmd_cnt);
4442 hci_send_frame(hdev, skb);
4443 if (test_bit(HCI_RESET, &hdev->flags))
4444 cancel_delayed_work(&hdev->cmd_timer);
4446 schedule_delayed_work(&hdev->cmd_timer,
4449 skb_queue_head(&hdev->cmd_q, skb);
4450 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / cascardo / linux.git / blob