2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI core. */
27 #include <linux/jiffies.h>
28 #include <linux/module.h>
29 #include <linux/kmod.h>
31 #include <linux/types.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/slab.h>
36 #include <linux/poll.h>
37 #include <linux/fcntl.h>
38 #include <linux/init.h>
39 #include <linux/skbuff.h>
40 #include <linux/workqueue.h>
41 #include <linux/interrupt.h>
42 #include <linux/notifier.h>
43 #include <linux/rfkill.h>
44 #include <linux/timer.h>
45 #include <linux/crypto.h>
48 #include <asm/system.h>
49 #include <linux/uaccess.h>
50 #include <asm/unaligned.h>
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
55 #define AUTO_OFF_TIMEOUT 2000
57 static void hci_cmd_task(unsigned long arg);
58 static void hci_rx_task(unsigned long arg);
59 static void hci_tx_task(unsigned long arg);
61 static DEFINE_RWLOCK(hci_task_lock);
64 LIST_HEAD(hci_dev_list);
65 DEFINE_RWLOCK(hci_dev_list_lock);
67 /* HCI callback list */
68 LIST_HEAD(hci_cb_list);
69 DEFINE_RWLOCK(hci_cb_list_lock);
72 #define HCI_MAX_PROTO 2
73 struct hci_proto *hci_proto[HCI_MAX_PROTO];
75 /* HCI notifiers list */
76 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
78 /* ---- HCI notifications ---- */
80 int hci_register_notifier(struct notifier_block *nb)
82 return atomic_notifier_chain_register(&hci_notifier, nb);
85 int hci_unregister_notifier(struct notifier_block *nb)
87 return atomic_notifier_chain_unregister(&hci_notifier, nb);
90 static void hci_notify(struct hci_dev *hdev, int event)
92 atomic_notifier_call_chain(&hci_notifier, event, hdev);
95 /* ---- HCI requests ---- */
97 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
99 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
101 /* If this is the init phase check if the completed command matches
102 * the last init command, and if not just return.
104 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
107 if (hdev->req_status == HCI_REQ_PEND) {
108 hdev->req_result = result;
109 hdev->req_status = HCI_REQ_DONE;
110 wake_up_interruptible(&hdev->req_wait_q);
114 static void hci_req_cancel(struct hci_dev *hdev, int err)
116 BT_DBG("%s err 0x%2.2x", hdev->name, err);
118 if (hdev->req_status == HCI_REQ_PEND) {
119 hdev->req_result = err;
120 hdev->req_status = HCI_REQ_CANCELED;
121 wake_up_interruptible(&hdev->req_wait_q);
125 /* Execute request and wait for completion. */
126 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
127 unsigned long opt, __u32 timeout)
129 DECLARE_WAITQUEUE(wait, current);
132 BT_DBG("%s start", hdev->name);
134 hdev->req_status = HCI_REQ_PEND;
136 add_wait_queue(&hdev->req_wait_q, &wait);
137 set_current_state(TASK_INTERRUPTIBLE);
140 schedule_timeout(timeout);
142 remove_wait_queue(&hdev->req_wait_q, &wait);
144 if (signal_pending(current))
147 switch (hdev->req_status) {
149 err = -bt_to_errno(hdev->req_result);
152 case HCI_REQ_CANCELED:
153 err = -hdev->req_result;
161 hdev->req_status = hdev->req_result = 0;
163 BT_DBG("%s end: err %d", hdev->name, err);
168 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
169 unsigned long opt, __u32 timeout)
173 if (!test_bit(HCI_UP, &hdev->flags))
176 /* Serialize all requests */
178 ret = __hci_request(hdev, req, opt, timeout);
179 hci_req_unlock(hdev);
184 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
186 BT_DBG("%s %ld", hdev->name, opt);
189 set_bit(HCI_RESET, &hdev->flags);
190 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
193 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
195 struct hci_cp_delete_stored_link_key cp;
200 BT_DBG("%s %ld", hdev->name, opt);
202 /* Driver initialization */
204 /* Special commands */
205 while ((skb = skb_dequeue(&hdev->driver_init))) {
206 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
207 skb->dev = (void *) hdev;
209 skb_queue_tail(&hdev->cmd_q, skb);
210 tasklet_schedule(&hdev->cmd_task);
212 skb_queue_purge(&hdev->driver_init);
214 /* Mandatory initialization */
217 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
218 set_bit(HCI_RESET, &hdev->flags);
219 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
222 /* Read Local Supported Features */
223 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
225 /* Read Local Version */
226 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
228 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
229 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
232 /* Host buffer size */
234 struct hci_cp_host_buffer_size cp;
235 cp.acl_mtu = cpu_to_le16(HCI_MAX_ACL_SIZE);
236 cp.sco_mtu = HCI_MAX_SCO_SIZE;
237 cp.acl_max_pkt = cpu_to_le16(0xffff);
238 cp.sco_max_pkt = cpu_to_le16(0xffff);
239 hci_send_cmd(hdev, HCI_OP_HOST_BUFFER_SIZE, sizeof(cp), &cp);
243 /* Read BD Address */
244 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
246 /* Read Class of Device */
247 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
249 /* Read Local Name */
250 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
252 /* Read Voice Setting */
253 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
255 /* Optional initialization */
257 /* Clear Event Filters */
258 flt_type = HCI_FLT_CLEAR_ALL;
259 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
261 /* Connection accept timeout ~20 secs */
262 param = cpu_to_le16(0x7d00);
263 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
265 bacpy(&cp.bdaddr, BDADDR_ANY);
267 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
270 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
272 BT_DBG("%s", hdev->name);
274 /* Read LE buffer size */
275 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
278 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
282 BT_DBG("%s %x", hdev->name, scan);
284 /* Inquiry and Page scans */
285 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
288 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
292 BT_DBG("%s %x", hdev->name, auth);
295 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
298 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
302 BT_DBG("%s %x", hdev->name, encrypt);
305 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
308 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
310 __le16 policy = cpu_to_le16(opt);
312 BT_DBG("%s %x", hdev->name, policy);
314 /* Default link policy */
315 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
318 /* Get HCI device by index.
319 * Device is held on return. */
320 struct hci_dev *hci_dev_get(int index)
322 struct hci_dev *hdev = NULL, *d;
329 read_lock(&hci_dev_list_lock);
330 list_for_each_entry(d, &hci_dev_list, list) {
331 if (d->id == index) {
332 hdev = hci_dev_hold(d);
336 read_unlock(&hci_dev_list_lock);
340 /* ---- Inquiry support ---- */
341 static void inquiry_cache_flush(struct hci_dev *hdev)
343 struct inquiry_cache *cache = &hdev->inq_cache;
344 struct inquiry_entry *next = cache->list, *e;
346 BT_DBG("cache %p", cache);
355 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
357 struct inquiry_cache *cache = &hdev->inq_cache;
358 struct inquiry_entry *e;
360 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
362 for (e = cache->list; e; e = e->next)
363 if (!bacmp(&e->data.bdaddr, bdaddr))
368 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
370 struct inquiry_cache *cache = &hdev->inq_cache;
371 struct inquiry_entry *ie;
373 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
375 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
377 /* Entry not in the cache. Add new one. */
378 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
382 ie->next = cache->list;
386 memcpy(&ie->data, data, sizeof(*data));
387 ie->timestamp = jiffies;
388 cache->timestamp = jiffies;
391 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
393 struct inquiry_cache *cache = &hdev->inq_cache;
394 struct inquiry_info *info = (struct inquiry_info *) buf;
395 struct inquiry_entry *e;
398 for (e = cache->list; e && copied < num; e = e->next, copied++) {
399 struct inquiry_data *data = &e->data;
400 bacpy(&info->bdaddr, &data->bdaddr);
401 info->pscan_rep_mode = data->pscan_rep_mode;
402 info->pscan_period_mode = data->pscan_period_mode;
403 info->pscan_mode = data->pscan_mode;
404 memcpy(info->dev_class, data->dev_class, 3);
405 info->clock_offset = data->clock_offset;
409 BT_DBG("cache %p, copied %d", cache, copied);
413 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
415 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
416 struct hci_cp_inquiry cp;
418 BT_DBG("%s", hdev->name);
420 if (test_bit(HCI_INQUIRY, &hdev->flags))
424 memcpy(&cp.lap, &ir->lap, 3);
425 cp.length = ir->length;
426 cp.num_rsp = ir->num_rsp;
427 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
430 int hci_inquiry(void __user *arg)
432 __u8 __user *ptr = arg;
433 struct hci_inquiry_req ir;
434 struct hci_dev *hdev;
435 int err = 0, do_inquiry = 0, max_rsp;
439 if (copy_from_user(&ir, ptr, sizeof(ir)))
442 hdev = hci_dev_get(ir.dev_id);
446 hci_dev_lock_bh(hdev);
447 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
448 inquiry_cache_empty(hdev) ||
449 ir.flags & IREQ_CACHE_FLUSH) {
450 inquiry_cache_flush(hdev);
453 hci_dev_unlock_bh(hdev);
455 timeo = ir.length * msecs_to_jiffies(2000);
458 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
463 /* for unlimited number of responses we will use buffer with 255 entries */
464 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
466 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
467 * copy it to the user space.
469 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
475 hci_dev_lock_bh(hdev);
476 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
477 hci_dev_unlock_bh(hdev);
479 BT_DBG("num_rsp %d", ir.num_rsp);
481 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
483 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
496 /* ---- HCI ioctl helpers ---- */
498 int hci_dev_open(__u16 dev)
500 struct hci_dev *hdev;
503 hdev = hci_dev_get(dev);
507 BT_DBG("%s %p", hdev->name, hdev);
511 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
516 if (test_bit(HCI_UP, &hdev->flags)) {
521 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
522 set_bit(HCI_RAW, &hdev->flags);
524 /* Treat all non BR/EDR controllers as raw devices for now */
525 if (hdev->dev_type != HCI_BREDR)
526 set_bit(HCI_RAW, &hdev->flags);
528 if (hdev->open(hdev)) {
533 if (!test_bit(HCI_RAW, &hdev->flags)) {
534 atomic_set(&hdev->cmd_cnt, 1);
535 set_bit(HCI_INIT, &hdev->flags);
536 hdev->init_last_cmd = 0;
538 ret = __hci_request(hdev, hci_init_req, 0,
539 msecs_to_jiffies(HCI_INIT_TIMEOUT));
541 if (lmp_host_le_capable(hdev))
542 ret = __hci_request(hdev, hci_le_init_req, 0,
543 msecs_to_jiffies(HCI_INIT_TIMEOUT));
545 clear_bit(HCI_INIT, &hdev->flags);
550 set_bit(HCI_UP, &hdev->flags);
551 hci_notify(hdev, HCI_DEV_UP);
552 if (!test_bit(HCI_SETUP, &hdev->flags))
553 mgmt_powered(hdev, 1);
555 /* Init failed, cleanup */
556 tasklet_kill(&hdev->rx_task);
557 tasklet_kill(&hdev->tx_task);
558 tasklet_kill(&hdev->cmd_task);
560 skb_queue_purge(&hdev->cmd_q);
561 skb_queue_purge(&hdev->rx_q);
566 if (hdev->sent_cmd) {
567 kfree_skb(hdev->sent_cmd);
568 hdev->sent_cmd = NULL;
576 hci_req_unlock(hdev);
581 static int hci_dev_do_close(struct hci_dev *hdev)
583 BT_DBG("%s %p", hdev->name, hdev);
585 hci_req_cancel(hdev, ENODEV);
588 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
589 del_timer_sync(&hdev->cmd_timer);
590 hci_req_unlock(hdev);
594 /* Kill RX and TX tasks */
595 tasklet_kill(&hdev->rx_task);
596 tasklet_kill(&hdev->tx_task);
598 if (hdev->discov_timeout > 0) {
599 cancel_delayed_work_sync(&hdev->discov_off);
600 hdev->discov_timeout = 0;
603 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
604 cancel_delayed_work_sync(&hdev->power_off);
606 hci_dev_lock_bh(hdev);
607 inquiry_cache_flush(hdev);
608 hci_conn_hash_flush(hdev);
609 hci_dev_unlock_bh(hdev);
611 hci_notify(hdev, HCI_DEV_DOWN);
617 skb_queue_purge(&hdev->cmd_q);
618 atomic_set(&hdev->cmd_cnt, 1);
619 if (!test_bit(HCI_RAW, &hdev->flags)) {
620 set_bit(HCI_INIT, &hdev->flags);
621 __hci_request(hdev, hci_reset_req, 0,
622 msecs_to_jiffies(HCI_INIT_TIMEOUT));
623 clear_bit(HCI_INIT, &hdev->flags);
627 tasklet_kill(&hdev->cmd_task);
630 skb_queue_purge(&hdev->rx_q);
631 skb_queue_purge(&hdev->cmd_q);
632 skb_queue_purge(&hdev->raw_q);
634 /* Drop last sent command */
635 if (hdev->sent_cmd) {
636 del_timer_sync(&hdev->cmd_timer);
637 kfree_skb(hdev->sent_cmd);
638 hdev->sent_cmd = NULL;
641 /* After this point our queues are empty
642 * and no tasks are scheduled. */
645 mgmt_powered(hdev, 0);
650 hci_req_unlock(hdev);
656 int hci_dev_close(__u16 dev)
658 struct hci_dev *hdev;
661 hdev = hci_dev_get(dev);
664 err = hci_dev_do_close(hdev);
669 int hci_dev_reset(__u16 dev)
671 struct hci_dev *hdev;
674 hdev = hci_dev_get(dev);
679 tasklet_disable(&hdev->tx_task);
681 if (!test_bit(HCI_UP, &hdev->flags))
685 skb_queue_purge(&hdev->rx_q);
686 skb_queue_purge(&hdev->cmd_q);
688 hci_dev_lock_bh(hdev);
689 inquiry_cache_flush(hdev);
690 hci_conn_hash_flush(hdev);
691 hci_dev_unlock_bh(hdev);
696 atomic_set(&hdev->cmd_cnt, 1);
697 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
699 if (!test_bit(HCI_RAW, &hdev->flags))
700 ret = __hci_request(hdev, hci_reset_req, 0,
701 msecs_to_jiffies(HCI_INIT_TIMEOUT));
704 tasklet_enable(&hdev->tx_task);
705 hci_req_unlock(hdev);
710 int hci_dev_reset_stat(__u16 dev)
712 struct hci_dev *hdev;
715 hdev = hci_dev_get(dev);
719 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
726 int hci_dev_cmd(unsigned int cmd, void __user *arg)
728 struct hci_dev *hdev;
729 struct hci_dev_req dr;
732 if (copy_from_user(&dr, arg, sizeof(dr)))
735 hdev = hci_dev_get(dr.dev_id);
741 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
742 msecs_to_jiffies(HCI_INIT_TIMEOUT));
746 if (!lmp_encrypt_capable(hdev)) {
751 if (!test_bit(HCI_AUTH, &hdev->flags)) {
752 /* Auth must be enabled first */
753 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
754 msecs_to_jiffies(HCI_INIT_TIMEOUT));
759 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
760 msecs_to_jiffies(HCI_INIT_TIMEOUT));
764 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
765 msecs_to_jiffies(HCI_INIT_TIMEOUT));
769 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
770 msecs_to_jiffies(HCI_INIT_TIMEOUT));
774 hdev->link_mode = ((__u16) dr.dev_opt) &
775 (HCI_LM_MASTER | HCI_LM_ACCEPT);
779 hdev->pkt_type = (__u16) dr.dev_opt;
783 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
784 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
788 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
789 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
801 int hci_get_dev_list(void __user *arg)
803 struct hci_dev *hdev;
804 struct hci_dev_list_req *dl;
805 struct hci_dev_req *dr;
806 int n = 0, size, err;
809 if (get_user(dev_num, (__u16 __user *) arg))
812 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
815 size = sizeof(*dl) + dev_num * sizeof(*dr);
817 dl = kzalloc(size, GFP_KERNEL);
823 read_lock_bh(&hci_dev_list_lock);
824 list_for_each_entry(hdev, &hci_dev_list, list) {
825 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
826 cancel_delayed_work_sync(&hdev->power_off);
828 if (!test_bit(HCI_MGMT, &hdev->flags))
829 set_bit(HCI_PAIRABLE, &hdev->flags);
831 (dr + n)->dev_id = hdev->id;
832 (dr + n)->dev_opt = hdev->flags;
837 read_unlock_bh(&hci_dev_list_lock);
840 size = sizeof(*dl) + n * sizeof(*dr);
842 err = copy_to_user(arg, dl, size);
845 return err ? -EFAULT : 0;
848 int hci_get_dev_info(void __user *arg)
850 struct hci_dev *hdev;
851 struct hci_dev_info di;
854 if (copy_from_user(&di, arg, sizeof(di)))
857 hdev = hci_dev_get(di.dev_id);
861 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
862 cancel_delayed_work_sync(&hdev->power_off);
864 if (!test_bit(HCI_MGMT, &hdev->flags))
865 set_bit(HCI_PAIRABLE, &hdev->flags);
867 strcpy(di.name, hdev->name);
868 di.bdaddr = hdev->bdaddr;
869 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
870 di.flags = hdev->flags;
871 di.pkt_type = hdev->pkt_type;
872 di.acl_mtu = hdev->acl_mtu;
873 di.acl_pkts = hdev->acl_pkts;
874 di.sco_mtu = hdev->sco_mtu;
875 di.sco_pkts = hdev->sco_pkts;
876 di.link_policy = hdev->link_policy;
877 di.link_mode = hdev->link_mode;
879 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
880 memcpy(&di.features, &hdev->features, sizeof(di.features));
882 if (copy_to_user(arg, &di, sizeof(di)))
890 /* ---- Interface to HCI drivers ---- */
892 static int hci_rfkill_set_block(void *data, bool blocked)
894 struct hci_dev *hdev = data;
896 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
901 hci_dev_do_close(hdev);
906 static const struct rfkill_ops hci_rfkill_ops = {
907 .set_block = hci_rfkill_set_block,
910 /* Alloc HCI device */
911 struct hci_dev *hci_alloc_dev(void)
913 struct hci_dev *hdev;
915 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
919 hci_init_sysfs(hdev);
920 skb_queue_head_init(&hdev->driver_init);
924 EXPORT_SYMBOL(hci_alloc_dev);
926 /* Free HCI device */
927 void hci_free_dev(struct hci_dev *hdev)
929 skb_queue_purge(&hdev->driver_init);
931 /* will free via device release */
932 put_device(&hdev->dev);
934 EXPORT_SYMBOL(hci_free_dev);
936 static void hci_power_on(struct work_struct *work)
938 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
940 BT_DBG("%s", hdev->name);
942 if (hci_dev_open(hdev->id) < 0)
945 if (test_bit(HCI_AUTO_OFF, &hdev->flags))
946 queue_delayed_work(hdev->workqueue, &hdev->power_off,
947 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
949 if (test_and_clear_bit(HCI_SETUP, &hdev->flags))
950 mgmt_index_added(hdev);
953 static void hci_power_off(struct work_struct *work)
955 struct hci_dev *hdev = container_of(work, struct hci_dev,
958 BT_DBG("%s", hdev->name);
960 clear_bit(HCI_AUTO_OFF, &hdev->flags);
962 hci_dev_close(hdev->id);
965 static void hci_discov_off(struct work_struct *work)
967 struct hci_dev *hdev;
970 hdev = container_of(work, struct hci_dev, discov_off.work);
972 BT_DBG("%s", hdev->name);
974 hci_dev_lock_bh(hdev);
976 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
978 hdev->discov_timeout = 0;
980 hci_dev_unlock_bh(hdev);
983 int hci_uuids_clear(struct hci_dev *hdev)
985 struct list_head *p, *n;
987 list_for_each_safe(p, n, &hdev->uuids) {
988 struct bt_uuid *uuid;
990 uuid = list_entry(p, struct bt_uuid, list);
999 int hci_link_keys_clear(struct hci_dev *hdev)
1001 struct list_head *p, *n;
1003 list_for_each_safe(p, n, &hdev->link_keys) {
1004 struct link_key *key;
1006 key = list_entry(p, struct link_key, list);
1015 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1019 list_for_each_entry(k, &hdev->link_keys, list)
1020 if (bacmp(bdaddr, &k->bdaddr) == 0)
1026 static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1027 u8 key_type, u8 old_key_type)
1030 if (key_type < 0x03)
1033 /* Debug keys are insecure so don't store them persistently */
1034 if (key_type == HCI_LK_DEBUG_COMBINATION)
1037 /* Changed combination key and there's no previous one */
1038 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1041 /* Security mode 3 case */
1045 /* Neither local nor remote side had no-bonding as requirement */
1046 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1049 /* Local side had dedicated bonding as requirement */
1050 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1053 /* Remote side had dedicated bonding as requirement */
1054 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1057 /* If none of the above criteria match, then don't store the key
1062 struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1066 list_for_each_entry(k, &hdev->link_keys, list) {
1067 struct key_master_id *id;
1069 if (k->type != HCI_LK_SMP_LTK)
1072 if (k->dlen != sizeof(*id))
1075 id = (void *) &k->data;
1076 if (id->ediv == ediv &&
1077 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1083 EXPORT_SYMBOL(hci_find_ltk);
1085 struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
1086 bdaddr_t *bdaddr, u8 type)
1090 list_for_each_entry(k, &hdev->link_keys, list)
1091 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0)
1096 EXPORT_SYMBOL(hci_find_link_key_type);
1098 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1099 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1101 struct link_key *key, *old_key;
1102 u8 old_key_type, persistent;
1104 old_key = hci_find_link_key(hdev, bdaddr);
1106 old_key_type = old_key->type;
1109 old_key_type = conn ? conn->key_type : 0xff;
1110 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1113 list_add(&key->list, &hdev->link_keys);
1116 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1118 /* Some buggy controller combinations generate a changed
1119 * combination key for legacy pairing even when there's no
1121 if (type == HCI_LK_CHANGED_COMBINATION &&
1122 (!conn || conn->remote_auth == 0xff) &&
1123 old_key_type == 0xff) {
1124 type = HCI_LK_COMBINATION;
1126 conn->key_type = type;
1129 bacpy(&key->bdaddr, bdaddr);
1130 memcpy(key->val, val, 16);
1131 key->pin_len = pin_len;
1133 if (type == HCI_LK_CHANGED_COMBINATION)
1134 key->type = old_key_type;
1141 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1143 mgmt_new_link_key(hdev, key, persistent);
1146 list_del(&key->list);
1153 int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
1154 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
1156 struct link_key *key, *old_key;
1157 struct key_master_id *id;
1160 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
1162 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK);
1165 old_key_type = old_key->type;
1167 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1170 list_add(&key->list, &hdev->link_keys);
1171 old_key_type = 0xff;
1174 key->dlen = sizeof(*id);
1176 bacpy(&key->bdaddr, bdaddr);
1177 memcpy(key->val, ltk, sizeof(key->val));
1178 key->type = HCI_LK_SMP_LTK;
1179 key->pin_len = key_size;
1181 id = (void *) &key->data;
1183 memcpy(id->rand, rand, sizeof(id->rand));
1186 mgmt_new_link_key(hdev, key, old_key_type);
1191 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1193 struct link_key *key;
1195 key = hci_find_link_key(hdev, bdaddr);
1199 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1201 list_del(&key->list);
1207 /* HCI command timer function */
1208 static void hci_cmd_timer(unsigned long arg)
1210 struct hci_dev *hdev = (void *) arg;
1212 BT_ERR("%s command tx timeout", hdev->name);
1213 atomic_set(&hdev->cmd_cnt, 1);
1214 tasklet_schedule(&hdev->cmd_task);
1217 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1220 struct oob_data *data;
1222 list_for_each_entry(data, &hdev->remote_oob_data, list)
1223 if (bacmp(bdaddr, &data->bdaddr) == 0)
1229 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1231 struct oob_data *data;
1233 data = hci_find_remote_oob_data(hdev, bdaddr);
1237 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1239 list_del(&data->list);
1245 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1247 struct oob_data *data, *n;
1249 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1250 list_del(&data->list);
1257 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1260 struct oob_data *data;
1262 data = hci_find_remote_oob_data(hdev, bdaddr);
1265 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1269 bacpy(&data->bdaddr, bdaddr);
1270 list_add(&data->list, &hdev->remote_oob_data);
1273 memcpy(data->hash, hash, sizeof(data->hash));
1274 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1276 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1281 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
1284 struct bdaddr_list *b;
1286 list_for_each_entry(b, &hdev->blacklist, list)
1287 if (bacmp(bdaddr, &b->bdaddr) == 0)
1293 int hci_blacklist_clear(struct hci_dev *hdev)
1295 struct list_head *p, *n;
1297 list_for_each_safe(p, n, &hdev->blacklist) {
1298 struct bdaddr_list *b;
1300 b = list_entry(p, struct bdaddr_list, list);
1309 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1311 struct bdaddr_list *entry;
1313 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1316 if (hci_blacklist_lookup(hdev, bdaddr))
1319 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1323 bacpy(&entry->bdaddr, bdaddr);
1325 list_add(&entry->list, &hdev->blacklist);
1327 return mgmt_device_blocked(hdev, bdaddr);
1330 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1332 struct bdaddr_list *entry;
1334 if (bacmp(bdaddr, BDADDR_ANY) == 0) {
1335 return hci_blacklist_clear(hdev);
1338 entry = hci_blacklist_lookup(hdev, bdaddr);
1343 list_del(&entry->list);
1346 return mgmt_device_unblocked(hdev, bdaddr);
1349 static void hci_clear_adv_cache(unsigned long arg)
1351 struct hci_dev *hdev = (void *) arg;
1355 hci_adv_entries_clear(hdev);
1357 hci_dev_unlock(hdev);
1360 int hci_adv_entries_clear(struct hci_dev *hdev)
1362 struct adv_entry *entry, *tmp;
1364 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1365 list_del(&entry->list);
1369 BT_DBG("%s adv cache cleared", hdev->name);
1374 struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1376 struct adv_entry *entry;
1378 list_for_each_entry(entry, &hdev->adv_entries, list)
1379 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1385 static inline int is_connectable_adv(u8 evt_type)
1387 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1393 int hci_add_adv_entry(struct hci_dev *hdev,
1394 struct hci_ev_le_advertising_info *ev)
1396 struct adv_entry *entry;
1398 if (!is_connectable_adv(ev->evt_type))
1401 /* Only new entries should be added to adv_entries. So, if
1402 * bdaddr was found, don't add it. */
1403 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1406 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
1410 bacpy(&entry->bdaddr, &ev->bdaddr);
1411 entry->bdaddr_type = ev->bdaddr_type;
1413 list_add(&entry->list, &hdev->adv_entries);
1415 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1416 batostr(&entry->bdaddr), entry->bdaddr_type);
1421 /* Register HCI device */
1422 int hci_register_dev(struct hci_dev *hdev)
1424 struct list_head *head = &hci_dev_list, *p;
1427 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
1428 hdev->bus, hdev->owner);
1430 if (!hdev->open || !hdev->close || !hdev->destruct)
1433 /* Do not allow HCI_AMP devices to register at index 0,
1434 * so the index can be used as the AMP controller ID.
1436 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1438 write_lock_bh(&hci_dev_list_lock);
1440 /* Find first available device id */
1441 list_for_each(p, &hci_dev_list) {
1442 if (list_entry(p, struct hci_dev, list)->id != id)
1447 sprintf(hdev->name, "hci%d", id);
1449 list_add(&hdev->list, head);
1451 atomic_set(&hdev->refcnt, 1);
1452 spin_lock_init(&hdev->lock);
1455 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1456 hdev->esco_type = (ESCO_HV1);
1457 hdev->link_mode = (HCI_LM_ACCEPT);
1458 hdev->io_capability = 0x03; /* No Input No Output */
1460 hdev->idle_timeout = 0;
1461 hdev->sniff_max_interval = 800;
1462 hdev->sniff_min_interval = 80;
1464 tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev);
1465 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
1466 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
1468 skb_queue_head_init(&hdev->rx_q);
1469 skb_queue_head_init(&hdev->cmd_q);
1470 skb_queue_head_init(&hdev->raw_q);
1472 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1474 for (i = 0; i < NUM_REASSEMBLY; i++)
1475 hdev->reassembly[i] = NULL;
1477 init_waitqueue_head(&hdev->req_wait_q);
1478 mutex_init(&hdev->req_lock);
1480 inquiry_cache_init(hdev);
1482 hci_conn_hash_init(hdev);
1484 INIT_LIST_HEAD(&hdev->blacklist);
1486 INIT_LIST_HEAD(&hdev->uuids);
1488 INIT_LIST_HEAD(&hdev->link_keys);
1490 INIT_LIST_HEAD(&hdev->remote_oob_data);
1492 INIT_LIST_HEAD(&hdev->adv_entries);
1493 setup_timer(&hdev->adv_timer, hci_clear_adv_cache,
1494 (unsigned long) hdev);
1496 INIT_WORK(&hdev->power_on, hci_power_on);
1497 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1499 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1501 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1503 atomic_set(&hdev->promisc, 0);
1505 write_unlock_bh(&hci_dev_list_lock);
1507 hdev->workqueue = create_singlethread_workqueue(hdev->name);
1508 if (!hdev->workqueue) {
1513 error = hci_add_sysfs(hdev);
1517 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1518 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1520 if (rfkill_register(hdev->rfkill) < 0) {
1521 rfkill_destroy(hdev->rfkill);
1522 hdev->rfkill = NULL;
1526 set_bit(HCI_AUTO_OFF, &hdev->flags);
1527 set_bit(HCI_SETUP, &hdev->flags);
1528 queue_work(hdev->workqueue, &hdev->power_on);
1530 hci_notify(hdev, HCI_DEV_REG);
1535 destroy_workqueue(hdev->workqueue);
1537 write_lock_bh(&hci_dev_list_lock);
1538 list_del(&hdev->list);
1539 write_unlock_bh(&hci_dev_list_lock);
1543 EXPORT_SYMBOL(hci_register_dev);
1545 /* Unregister HCI device */
1546 void hci_unregister_dev(struct hci_dev *hdev)
1550 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1552 write_lock_bh(&hci_dev_list_lock);
1553 list_del(&hdev->list);
1554 write_unlock_bh(&hci_dev_list_lock);
1556 hci_dev_do_close(hdev);
1558 for (i = 0; i < NUM_REASSEMBLY; i++)
1559 kfree_skb(hdev->reassembly[i]);
1561 if (!test_bit(HCI_INIT, &hdev->flags) &&
1562 !test_bit(HCI_SETUP, &hdev->flags))
1563 mgmt_index_removed(hdev);
1565 hci_notify(hdev, HCI_DEV_UNREG);
1568 rfkill_unregister(hdev->rfkill);
1569 rfkill_destroy(hdev->rfkill);
1572 hci_del_sysfs(hdev);
1574 del_timer(&hdev->adv_timer);
1576 destroy_workqueue(hdev->workqueue);
1578 hci_dev_lock_bh(hdev);
1579 hci_blacklist_clear(hdev);
1580 hci_uuids_clear(hdev);
1581 hci_link_keys_clear(hdev);
1582 hci_remote_oob_data_clear(hdev);
1583 hci_adv_entries_clear(hdev);
1584 hci_dev_unlock_bh(hdev);
1586 __hci_dev_put(hdev);
1588 EXPORT_SYMBOL(hci_unregister_dev);
1590 /* Suspend HCI device */
1591 int hci_suspend_dev(struct hci_dev *hdev)
1593 hci_notify(hdev, HCI_DEV_SUSPEND);
1596 EXPORT_SYMBOL(hci_suspend_dev);
1598 /* Resume HCI device */
1599 int hci_resume_dev(struct hci_dev *hdev)
1601 hci_notify(hdev, HCI_DEV_RESUME);
1604 EXPORT_SYMBOL(hci_resume_dev);
1606 /* Receive frame from HCI drivers */
1607 int hci_recv_frame(struct sk_buff *skb)
1609 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1610 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1611 && !test_bit(HCI_INIT, &hdev->flags))) {
1617 bt_cb(skb)->incoming = 1;
1620 __net_timestamp(skb);
1622 /* Queue frame for rx task */
1623 skb_queue_tail(&hdev->rx_q, skb);
1624 tasklet_schedule(&hdev->rx_task);
1628 EXPORT_SYMBOL(hci_recv_frame);
1630 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1631 int count, __u8 index)
1636 struct sk_buff *skb;
1637 struct bt_skb_cb *scb;
1639 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1640 index >= NUM_REASSEMBLY)
1643 skb = hdev->reassembly[index];
1647 case HCI_ACLDATA_PKT:
1648 len = HCI_MAX_FRAME_SIZE;
1649 hlen = HCI_ACL_HDR_SIZE;
1652 len = HCI_MAX_EVENT_SIZE;
1653 hlen = HCI_EVENT_HDR_SIZE;
1655 case HCI_SCODATA_PKT:
1656 len = HCI_MAX_SCO_SIZE;
1657 hlen = HCI_SCO_HDR_SIZE;
1661 skb = bt_skb_alloc(len, GFP_ATOMIC);
1665 scb = (void *) skb->cb;
1667 scb->pkt_type = type;
1669 skb->dev = (void *) hdev;
1670 hdev->reassembly[index] = skb;
1674 scb = (void *) skb->cb;
1675 len = min(scb->expect, (__u16)count);
1677 memcpy(skb_put(skb, len), data, len);
1686 if (skb->len == HCI_EVENT_HDR_SIZE) {
1687 struct hci_event_hdr *h = hci_event_hdr(skb);
1688 scb->expect = h->plen;
1690 if (skb_tailroom(skb) < scb->expect) {
1692 hdev->reassembly[index] = NULL;
1698 case HCI_ACLDATA_PKT:
1699 if (skb->len == HCI_ACL_HDR_SIZE) {
1700 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1701 scb->expect = __le16_to_cpu(h->dlen);
1703 if (skb_tailroom(skb) < scb->expect) {
1705 hdev->reassembly[index] = NULL;
1711 case HCI_SCODATA_PKT:
1712 if (skb->len == HCI_SCO_HDR_SIZE) {
1713 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1714 scb->expect = h->dlen;
1716 if (skb_tailroom(skb) < scb->expect) {
1718 hdev->reassembly[index] = NULL;
1725 if (scb->expect == 0) {
1726 /* Complete frame */
1728 bt_cb(skb)->pkt_type = type;
1729 hci_recv_frame(skb);
1731 hdev->reassembly[index] = NULL;
1739 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1743 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1747 rem = hci_reassembly(hdev, type, data, count, type - 1);
1751 data += (count - rem);
1757 EXPORT_SYMBOL(hci_recv_fragment);
1759 #define STREAM_REASSEMBLY 0
1761 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1767 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1770 struct { char type; } *pkt;
1772 /* Start of the frame */
1779 type = bt_cb(skb)->pkt_type;
1781 rem = hci_reassembly(hdev, type, data, count,
1786 data += (count - rem);
1792 EXPORT_SYMBOL(hci_recv_stream_fragment);
1794 /* ---- Interface to upper protocols ---- */
1796 /* Register/Unregister protocols.
1797 * hci_task_lock is used to ensure that no tasks are running. */
1798 int hci_register_proto(struct hci_proto *hp)
1802 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1804 if (hp->id >= HCI_MAX_PROTO)
1807 write_lock_bh(&hci_task_lock);
1809 if (!hci_proto[hp->id])
1810 hci_proto[hp->id] = hp;
1814 write_unlock_bh(&hci_task_lock);
1818 EXPORT_SYMBOL(hci_register_proto);
1820 int hci_unregister_proto(struct hci_proto *hp)
1824 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1826 if (hp->id >= HCI_MAX_PROTO)
1829 write_lock_bh(&hci_task_lock);
1831 if (hci_proto[hp->id])
1832 hci_proto[hp->id] = NULL;
1836 write_unlock_bh(&hci_task_lock);
1840 EXPORT_SYMBOL(hci_unregister_proto);
1842 int hci_register_cb(struct hci_cb *cb)
1844 BT_DBG("%p name %s", cb, cb->name);
1846 write_lock_bh(&hci_cb_list_lock);
1847 list_add(&cb->list, &hci_cb_list);
1848 write_unlock_bh(&hci_cb_list_lock);
1852 EXPORT_SYMBOL(hci_register_cb);
1854 int hci_unregister_cb(struct hci_cb *cb)
1856 BT_DBG("%p name %s", cb, cb->name);
1858 write_lock_bh(&hci_cb_list_lock);
1859 list_del(&cb->list);
1860 write_unlock_bh(&hci_cb_list_lock);
1864 EXPORT_SYMBOL(hci_unregister_cb);
1866 static int hci_send_frame(struct sk_buff *skb)
1868 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1875 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1877 if (atomic_read(&hdev->promisc)) {
1879 __net_timestamp(skb);
1881 hci_send_to_sock(hdev, skb, NULL);
1884 /* Get rid of skb owner, prior to sending to the driver. */
1887 return hdev->send(skb);
1890 /* Send HCI command */
1891 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1893 int len = HCI_COMMAND_HDR_SIZE + plen;
1894 struct hci_command_hdr *hdr;
1895 struct sk_buff *skb;
1897 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1899 skb = bt_skb_alloc(len, GFP_ATOMIC);
1901 BT_ERR("%s no memory for command", hdev->name);
1905 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1906 hdr->opcode = cpu_to_le16(opcode);
1910 memcpy(skb_put(skb, plen), param, plen);
1912 BT_DBG("skb len %d", skb->len);
1914 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1915 skb->dev = (void *) hdev;
1917 if (test_bit(HCI_INIT, &hdev->flags))
1918 hdev->init_last_cmd = opcode;
1920 skb_queue_tail(&hdev->cmd_q, skb);
1921 tasklet_schedule(&hdev->cmd_task);
1926 /* Get data from the previously sent command */
1927 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1929 struct hci_command_hdr *hdr;
1931 if (!hdev->sent_cmd)
1934 hdr = (void *) hdev->sent_cmd->data;
1936 if (hdr->opcode != cpu_to_le16(opcode))
1939 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1941 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1945 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1947 struct hci_acl_hdr *hdr;
1950 skb_push(skb, HCI_ACL_HDR_SIZE);
1951 skb_reset_transport_header(skb);
1952 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1953 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1954 hdr->dlen = cpu_to_le16(len);
1957 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
1958 struct sk_buff *skb, __u16 flags)
1960 struct hci_dev *hdev = conn->hdev;
1961 struct sk_buff *list;
1963 list = skb_shinfo(skb)->frag_list;
1965 /* Non fragmented */
1966 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1968 skb_queue_tail(queue, skb);
1971 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1973 skb_shinfo(skb)->frag_list = NULL;
1975 /* Queue all fragments atomically */
1976 spin_lock_bh(&queue->lock);
1978 __skb_queue_tail(queue, skb);
1980 flags &= ~ACL_START;
1983 skb = list; list = list->next;
1985 skb->dev = (void *) hdev;
1986 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1987 hci_add_acl_hdr(skb, conn->handle, flags);
1989 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
1991 __skb_queue_tail(queue, skb);
1994 spin_unlock_bh(&queue->lock);
1998 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2000 struct hci_conn *conn = chan->conn;
2001 struct hci_dev *hdev = conn->hdev;
2003 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
2005 skb->dev = (void *) hdev;
2006 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2007 hci_add_acl_hdr(skb, conn->handle, flags);
2009 hci_queue_acl(conn, &chan->data_q, skb, flags);
2011 tasklet_schedule(&hdev->tx_task);
2013 EXPORT_SYMBOL(hci_send_acl);
2016 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2018 struct hci_dev *hdev = conn->hdev;
2019 struct hci_sco_hdr hdr;
2021 BT_DBG("%s len %d", hdev->name, skb->len);
2023 hdr.handle = cpu_to_le16(conn->handle);
2024 hdr.dlen = skb->len;
2026 skb_push(skb, HCI_SCO_HDR_SIZE);
2027 skb_reset_transport_header(skb);
2028 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2030 skb->dev = (void *) hdev;
2031 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2033 skb_queue_tail(&conn->data_q, skb);
2034 tasklet_schedule(&hdev->tx_task);
2036 EXPORT_SYMBOL(hci_send_sco);
2038 /* ---- HCI TX task (outgoing data) ---- */
2040 /* HCI Connection scheduler */
2041 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2043 struct hci_conn_hash *h = &hdev->conn_hash;
2044 struct hci_conn *conn = NULL, *c;
2045 int num = 0, min = ~0;
2047 /* We don't have to lock device here. Connections are always
2048 * added and removed with TX task disabled. */
2049 list_for_each_entry(c, &h->list, list) {
2050 if (c->type != type || skb_queue_empty(&c->data_q))
2053 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2058 if (c->sent < min) {
2063 if (hci_conn_num(hdev, type) == num)
2070 switch (conn->type) {
2072 cnt = hdev->acl_cnt;
2076 cnt = hdev->sco_cnt;
2079 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2083 BT_ERR("Unknown link type");
2091 BT_DBG("conn %p quote %d", conn, *quote);
2095 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2097 struct hci_conn_hash *h = &hdev->conn_hash;
2100 BT_ERR("%s link tx timeout", hdev->name);
2102 /* Kill stalled connections */
2103 list_for_each_entry(c, &h->list, list) {
2104 if (c->type == type && c->sent) {
2105 BT_ERR("%s killing stalled connection %s",
2106 hdev->name, batostr(&c->dst));
2107 hci_acl_disconn(c, 0x13);
2112 static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2115 struct hci_conn_hash *h = &hdev->conn_hash;
2116 struct hci_chan *chan = NULL;
2117 int num = 0, min = ~0, cur_prio = 0;
2118 struct hci_conn *conn;
2119 int cnt, q, conn_num = 0;
2121 BT_DBG("%s", hdev->name);
2123 list_for_each_entry(conn, &h->list, list) {
2124 struct hci_chan_hash *ch;
2125 struct hci_chan *tmp;
2127 if (conn->type != type)
2130 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2135 ch = &conn->chan_hash;
2137 list_for_each_entry(tmp, &ch->list, list) {
2138 struct sk_buff *skb;
2140 if (skb_queue_empty(&tmp->data_q))
2143 skb = skb_peek(&tmp->data_q);
2144 if (skb->priority < cur_prio)
2147 if (skb->priority > cur_prio) {
2150 cur_prio = skb->priority;
2155 if (conn->sent < min) {
2161 if (hci_conn_num(hdev, type) == conn_num)
2168 switch (chan->conn->type) {
2170 cnt = hdev->acl_cnt;
2174 cnt = hdev->sco_cnt;
2177 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2181 BT_ERR("Unknown link type");
2186 BT_DBG("chan %p quote %d", chan, *quote);
2190 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2192 struct hci_conn_hash *h = &hdev->conn_hash;
2193 struct hci_conn *conn;
2196 BT_DBG("%s", hdev->name);
2198 list_for_each_entry(conn, &h->list, list) {
2199 struct hci_chan_hash *ch;
2200 struct hci_chan *chan;
2202 if (conn->type != type)
2205 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2210 ch = &conn->chan_hash;
2211 list_for_each_entry(chan, &ch->list, list) {
2212 struct sk_buff *skb;
2219 if (skb_queue_empty(&chan->data_q))
2222 skb = skb_peek(&chan->data_q);
2223 if (skb->priority >= HCI_PRIO_MAX - 1)
2226 skb->priority = HCI_PRIO_MAX - 1;
2228 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2232 if (hci_conn_num(hdev, type) == num)
2237 static inline void hci_sched_acl(struct hci_dev *hdev)
2239 struct hci_chan *chan;
2240 struct sk_buff *skb;
2244 BT_DBG("%s", hdev->name);
2246 if (!hci_conn_num(hdev, ACL_LINK))
2249 if (!test_bit(HCI_RAW, &hdev->flags)) {
2250 /* ACL tx timeout must be longer than maximum
2251 * link supervision timeout (40.9 seconds) */
2252 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
2253 hci_link_tx_to(hdev, ACL_LINK);
2256 cnt = hdev->acl_cnt;
2258 while (hdev->acl_cnt &&
2259 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2260 u32 priority = (skb_peek(&chan->data_q))->priority;
2261 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2262 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2263 skb->len, skb->priority);
2265 /* Stop if priority has changed */
2266 if (skb->priority < priority)
2269 skb = skb_dequeue(&chan->data_q);
2271 hci_conn_enter_active_mode(chan->conn,
2272 bt_cb(skb)->force_active);
2274 hci_send_frame(skb);
2275 hdev->acl_last_tx = jiffies;
2283 if (cnt != hdev->acl_cnt)
2284 hci_prio_recalculate(hdev, ACL_LINK);
2288 static inline void hci_sched_sco(struct hci_dev *hdev)
2290 struct hci_conn *conn;
2291 struct sk_buff *skb;
2294 BT_DBG("%s", hdev->name);
2296 if (!hci_conn_num(hdev, SCO_LINK))
2299 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
2300 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2301 BT_DBG("skb %p len %d", skb, skb->len);
2302 hci_send_frame(skb);
2305 if (conn->sent == ~0)
2311 static inline void hci_sched_esco(struct hci_dev *hdev)
2313 struct hci_conn *conn;
2314 struct sk_buff *skb;
2317 BT_DBG("%s", hdev->name);
2319 if (!hci_conn_num(hdev, ESCO_LINK))
2322 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
2323 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2324 BT_DBG("skb %p len %d", skb, skb->len);
2325 hci_send_frame(skb);
2328 if (conn->sent == ~0)
2334 static inline void hci_sched_le(struct hci_dev *hdev)
2336 struct hci_chan *chan;
2337 struct sk_buff *skb;
2338 int quote, cnt, tmp;
2340 BT_DBG("%s", hdev->name);
2342 if (!hci_conn_num(hdev, LE_LINK))
2345 if (!test_bit(HCI_RAW, &hdev->flags)) {
2346 /* LE tx timeout must be longer than maximum
2347 * link supervision timeout (40.9 seconds) */
2348 if (!hdev->le_cnt && hdev->le_pkts &&
2349 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2350 hci_link_tx_to(hdev, LE_LINK);
2353 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2355 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
2356 u32 priority = (skb_peek(&chan->data_q))->priority;
2357 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2358 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2359 skb->len, skb->priority);
2361 /* Stop if priority has changed */
2362 if (skb->priority < priority)
2365 skb = skb_dequeue(&chan->data_q);
2367 hci_send_frame(skb);
2368 hdev->le_last_tx = jiffies;
2379 hdev->acl_cnt = cnt;
2382 hci_prio_recalculate(hdev, LE_LINK);
2385 static void hci_tx_task(unsigned long arg)
2387 struct hci_dev *hdev = (struct hci_dev *) arg;
2388 struct sk_buff *skb;
2390 read_lock(&hci_task_lock);
2392 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2393 hdev->sco_cnt, hdev->le_cnt);
2395 /* Schedule queues and send stuff to HCI driver */
2397 hci_sched_acl(hdev);
2399 hci_sched_sco(hdev);
2401 hci_sched_esco(hdev);
2405 /* Send next queued raw (unknown type) packet */
2406 while ((skb = skb_dequeue(&hdev->raw_q)))
2407 hci_send_frame(skb);
2409 read_unlock(&hci_task_lock);
2412 /* ----- HCI RX task (incoming data processing) ----- */
2414 /* ACL data packet */
2415 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2417 struct hci_acl_hdr *hdr = (void *) skb->data;
2418 struct hci_conn *conn;
2419 __u16 handle, flags;
2421 skb_pull(skb, HCI_ACL_HDR_SIZE);
2423 handle = __le16_to_cpu(hdr->handle);
2424 flags = hci_flags(handle);
2425 handle = hci_handle(handle);
2427 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2429 hdev->stat.acl_rx++;
2432 conn = hci_conn_hash_lookup_handle(hdev, handle);
2433 hci_dev_unlock(hdev);
2436 register struct hci_proto *hp;
2438 hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active);
2440 /* Send to upper protocol */
2441 hp = hci_proto[HCI_PROTO_L2CAP];
2442 if (hp && hp->recv_acldata) {
2443 hp->recv_acldata(conn, skb, flags);
2447 BT_ERR("%s ACL packet for unknown connection handle %d",
2448 hdev->name, handle);
2454 /* SCO data packet */
2455 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2457 struct hci_sco_hdr *hdr = (void *) skb->data;
2458 struct hci_conn *conn;
2461 skb_pull(skb, HCI_SCO_HDR_SIZE);
2463 handle = __le16_to_cpu(hdr->handle);
2465 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2467 hdev->stat.sco_rx++;
2470 conn = hci_conn_hash_lookup_handle(hdev, handle);
2471 hci_dev_unlock(hdev);
2474 register struct hci_proto *hp;
2476 /* Send to upper protocol */
2477 hp = hci_proto[HCI_PROTO_SCO];
2478 if (hp && hp->recv_scodata) {
2479 hp->recv_scodata(conn, skb);
2483 BT_ERR("%s SCO packet for unknown connection handle %d",
2484 hdev->name, handle);
2490 static void hci_rx_task(unsigned long arg)
2492 struct hci_dev *hdev = (struct hci_dev *) arg;
2493 struct sk_buff *skb;
2495 BT_DBG("%s", hdev->name);
2497 read_lock(&hci_task_lock);
2499 while ((skb = skb_dequeue(&hdev->rx_q))) {
2500 if (atomic_read(&hdev->promisc)) {
2501 /* Send copy to the sockets */
2502 hci_send_to_sock(hdev, skb, NULL);
2505 if (test_bit(HCI_RAW, &hdev->flags)) {
2510 if (test_bit(HCI_INIT, &hdev->flags)) {
2511 /* Don't process data packets in this states. */
2512 switch (bt_cb(skb)->pkt_type) {
2513 case HCI_ACLDATA_PKT:
2514 case HCI_SCODATA_PKT:
2521 switch (bt_cb(skb)->pkt_type) {
2523 hci_event_packet(hdev, skb);
2526 case HCI_ACLDATA_PKT:
2527 BT_DBG("%s ACL data packet", hdev->name);
2528 hci_acldata_packet(hdev, skb);
2531 case HCI_SCODATA_PKT:
2532 BT_DBG("%s SCO data packet", hdev->name);
2533 hci_scodata_packet(hdev, skb);
2542 read_unlock(&hci_task_lock);
2545 static void hci_cmd_task(unsigned long arg)
2547 struct hci_dev *hdev = (struct hci_dev *) arg;
2548 struct sk_buff *skb;
2550 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2552 /* Send queued commands */
2553 if (atomic_read(&hdev->cmd_cnt)) {
2554 skb = skb_dequeue(&hdev->cmd_q);
2558 kfree_skb(hdev->sent_cmd);
2560 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2561 if (hdev->sent_cmd) {
2562 atomic_dec(&hdev->cmd_cnt);
2563 hci_send_frame(skb);
2564 if (test_bit(HCI_RESET, &hdev->flags))
2565 del_timer(&hdev->cmd_timer);
2567 mod_timer(&hdev->cmd_timer,
2568 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2570 skb_queue_head(&hdev->cmd_q, skb);
2571 tasklet_schedule(&hdev->cmd_task);
2576 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2578 /* General inquiry access code (GIAC) */
2579 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2580 struct hci_cp_inquiry cp;
2582 BT_DBG("%s", hdev->name);
2584 if (test_bit(HCI_INQUIRY, &hdev->flags))
2585 return -EINPROGRESS;
2587 memset(&cp, 0, sizeof(cp));
2588 memcpy(&cp.lap, lap, sizeof(cp.lap));
2591 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2594 int hci_cancel_inquiry(struct hci_dev *hdev)
2596 BT_DBG("%s", hdev->name);
2598 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2601 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
projects / cascardo / linux.git / blob