2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
42 static void hci_rx_work(struct work_struct *work);
43 static void hci_cmd_work(struct work_struct *work);
44 static void hci_tx_work(struct work_struct *work);
47 LIST_HEAD(hci_dev_list);
48 DEFINE_RWLOCK(hci_dev_list_lock);
50 /* HCI callback list */
51 LIST_HEAD(hci_cb_list);
52 DEFINE_RWLOCK(hci_cb_list_lock);
54 /* HCI ID Numbering */
55 static DEFINE_IDA(hci_index_ida);
57 /* ----- HCI requests ----- */
59 #define HCI_REQ_DONE 0
60 #define HCI_REQ_PEND 1
61 #define HCI_REQ_CANCELED 2
63 #define hci_req_lock(d) mutex_lock(&d->req_lock)
64 #define hci_req_unlock(d) mutex_unlock(&d->req_lock)
66 /* ---- HCI notifications ---- */
68 static void hci_notify(struct hci_dev *hdev, int event)
70 hci_sock_dev_event(hdev, event);
73 /* ---- HCI debugfs entries ---- */
75 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
76 size_t count, loff_t *ppos)
78 struct hci_dev *hdev = file->private_data;
81 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dbg_flags) ? 'Y': 'N';
84 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
87 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
88 size_t count, loff_t *ppos)
90 struct hci_dev *hdev = file->private_data;
93 size_t buf_size = min(count, (sizeof(buf)-1));
97 if (!test_bit(HCI_UP, &hdev->flags))
100 if (copy_from_user(buf, user_buf, buf_size))
103 buf[buf_size] = '\0';
104 if (strtobool(buf, &enable))
107 if (enable == test_bit(HCI_DUT_MODE, &hdev->dbg_flags))
112 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
115 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
117 hci_req_unlock(hdev);
122 err = -bt_to_errno(skb->data[0]);
128 change_bit(HCI_DUT_MODE, &hdev->dbg_flags);
133 static const struct file_operations dut_mode_fops = {
135 .read = dut_mode_read,
136 .write = dut_mode_write,
137 .llseek = default_llseek,
140 static int features_show(struct seq_file *f, void *ptr)
142 struct hci_dev *hdev = f->private;
146 for (p = 0; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
147 seq_printf(f, "%2u: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
148 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", p,
149 hdev->features[p][0], hdev->features[p][1],
150 hdev->features[p][2], hdev->features[p][3],
151 hdev->features[p][4], hdev->features[p][5],
152 hdev->features[p][6], hdev->features[p][7]);
154 if (lmp_le_capable(hdev))
155 seq_printf(f, "LE: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
156 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
157 hdev->le_features[0], hdev->le_features[1],
158 hdev->le_features[2], hdev->le_features[3],
159 hdev->le_features[4], hdev->le_features[5],
160 hdev->le_features[6], hdev->le_features[7]);
161 hci_dev_unlock(hdev);
166 static int features_open(struct inode *inode, struct file *file)
168 return single_open(file, features_show, inode->i_private);
171 static const struct file_operations features_fops = {
172 .open = features_open,
175 .release = single_release,
178 static int blacklist_show(struct seq_file *f, void *p)
180 struct hci_dev *hdev = f->private;
181 struct bdaddr_list *b;
184 list_for_each_entry(b, &hdev->blacklist, list)
185 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
186 hci_dev_unlock(hdev);
191 static int blacklist_open(struct inode *inode, struct file *file)
193 return single_open(file, blacklist_show, inode->i_private);
196 static const struct file_operations blacklist_fops = {
197 .open = blacklist_open,
200 .release = single_release,
203 static int uuids_show(struct seq_file *f, void *p)
205 struct hci_dev *hdev = f->private;
206 struct bt_uuid *uuid;
209 list_for_each_entry(uuid, &hdev->uuids, list) {
212 /* The Bluetooth UUID values are stored in big endian,
213 * but with reversed byte order. So convert them into
214 * the right order for the %pUb modifier.
216 for (i = 0; i < 16; i++)
217 val[i] = uuid->uuid[15 - i];
219 seq_printf(f, "%pUb\n", val);
221 hci_dev_unlock(hdev);
226 static int uuids_open(struct inode *inode, struct file *file)
228 return single_open(file, uuids_show, inode->i_private);
231 static const struct file_operations uuids_fops = {
235 .release = single_release,
238 static int inquiry_cache_show(struct seq_file *f, void *p)
240 struct hci_dev *hdev = f->private;
241 struct discovery_state *cache = &hdev->discovery;
242 struct inquiry_entry *e;
246 list_for_each_entry(e, &cache->all, all) {
247 struct inquiry_data *data = &e->data;
248 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
250 data->pscan_rep_mode, data->pscan_period_mode,
251 data->pscan_mode, data->dev_class[2],
252 data->dev_class[1], data->dev_class[0],
253 __le16_to_cpu(data->clock_offset),
254 data->rssi, data->ssp_mode, e->timestamp);
257 hci_dev_unlock(hdev);
262 static int inquiry_cache_open(struct inode *inode, struct file *file)
264 return single_open(file, inquiry_cache_show, inode->i_private);
267 static const struct file_operations inquiry_cache_fops = {
268 .open = inquiry_cache_open,
271 .release = single_release,
274 static int link_keys_show(struct seq_file *f, void *ptr)
276 struct hci_dev *hdev = f->private;
277 struct link_key *key;
280 list_for_each_entry_rcu(key, &hdev->link_keys, list)
281 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
282 HCI_LINK_KEY_SIZE, key->val, key->pin_len);
288 static int link_keys_open(struct inode *inode, struct file *file)
290 return single_open(file, link_keys_show, inode->i_private);
293 static const struct file_operations link_keys_fops = {
294 .open = link_keys_open,
297 .release = single_release,
300 static int dev_class_show(struct seq_file *f, void *ptr)
302 struct hci_dev *hdev = f->private;
305 seq_printf(f, "0x%.2x%.2x%.2x\n", hdev->dev_class[2],
306 hdev->dev_class[1], hdev->dev_class[0]);
307 hci_dev_unlock(hdev);
312 static int dev_class_open(struct inode *inode, struct file *file)
314 return single_open(file, dev_class_show, inode->i_private);
317 static const struct file_operations dev_class_fops = {
318 .open = dev_class_open,
321 .release = single_release,
324 static int voice_setting_get(void *data, u64 *val)
326 struct hci_dev *hdev = data;
329 *val = hdev->voice_setting;
330 hci_dev_unlock(hdev);
335 DEFINE_SIMPLE_ATTRIBUTE(voice_setting_fops, voice_setting_get,
336 NULL, "0x%4.4llx\n");
338 static int auto_accept_delay_set(void *data, u64 val)
340 struct hci_dev *hdev = data;
343 hdev->auto_accept_delay = val;
344 hci_dev_unlock(hdev);
349 static int auto_accept_delay_get(void *data, u64 *val)
351 struct hci_dev *hdev = data;
354 *val = hdev->auto_accept_delay;
355 hci_dev_unlock(hdev);
360 DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
361 auto_accept_delay_set, "%llu\n");
363 static ssize_t force_sc_support_read(struct file *file, char __user *user_buf,
364 size_t count, loff_t *ppos)
366 struct hci_dev *hdev = file->private_data;
369 buf[0] = test_bit(HCI_FORCE_SC, &hdev->dbg_flags) ? 'Y': 'N';
372 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
375 static ssize_t force_sc_support_write(struct file *file,
376 const char __user *user_buf,
377 size_t count, loff_t *ppos)
379 struct hci_dev *hdev = file->private_data;
381 size_t buf_size = min(count, (sizeof(buf)-1));
384 if (test_bit(HCI_UP, &hdev->flags))
387 if (copy_from_user(buf, user_buf, buf_size))
390 buf[buf_size] = '\0';
391 if (strtobool(buf, &enable))
394 if (enable == test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
397 change_bit(HCI_FORCE_SC, &hdev->dbg_flags);
402 static const struct file_operations force_sc_support_fops = {
404 .read = force_sc_support_read,
405 .write = force_sc_support_write,
406 .llseek = default_llseek,
409 static ssize_t force_lesc_support_read(struct file *file, char __user *user_buf,
410 size_t count, loff_t *ppos)
412 struct hci_dev *hdev = file->private_data;
415 buf[0] = test_bit(HCI_FORCE_LESC, &hdev->dbg_flags) ? 'Y': 'N';
418 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
421 static ssize_t force_lesc_support_write(struct file *file,
422 const char __user *user_buf,
423 size_t count, loff_t *ppos)
425 struct hci_dev *hdev = file->private_data;
427 size_t buf_size = min(count, (sizeof(buf)-1));
430 if (copy_from_user(buf, user_buf, buf_size))
433 buf[buf_size] = '\0';
434 if (strtobool(buf, &enable))
437 if (enable == test_bit(HCI_FORCE_LESC, &hdev->dbg_flags))
440 change_bit(HCI_FORCE_LESC, &hdev->dbg_flags);
445 static const struct file_operations force_lesc_support_fops = {
447 .read = force_lesc_support_read,
448 .write = force_lesc_support_write,
449 .llseek = default_llseek,
452 static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf,
453 size_t count, loff_t *ppos)
455 struct hci_dev *hdev = file->private_data;
458 buf[0] = test_bit(HCI_SC_ONLY, &hdev->dev_flags) ? 'Y': 'N';
461 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
464 static const struct file_operations sc_only_mode_fops = {
466 .read = sc_only_mode_read,
467 .llseek = default_llseek,
470 static int idle_timeout_set(void *data, u64 val)
472 struct hci_dev *hdev = data;
474 if (val != 0 && (val < 500 || val > 3600000))
478 hdev->idle_timeout = val;
479 hci_dev_unlock(hdev);
484 static int idle_timeout_get(void *data, u64 *val)
486 struct hci_dev *hdev = data;
489 *val = hdev->idle_timeout;
490 hci_dev_unlock(hdev);
495 DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
496 idle_timeout_set, "%llu\n");
498 static int rpa_timeout_set(void *data, u64 val)
500 struct hci_dev *hdev = data;
502 /* Require the RPA timeout to be at least 30 seconds and at most
505 if (val < 30 || val > (60 * 60 * 24))
509 hdev->rpa_timeout = val;
510 hci_dev_unlock(hdev);
515 static int rpa_timeout_get(void *data, u64 *val)
517 struct hci_dev *hdev = data;
520 *val = hdev->rpa_timeout;
521 hci_dev_unlock(hdev);
526 DEFINE_SIMPLE_ATTRIBUTE(rpa_timeout_fops, rpa_timeout_get,
527 rpa_timeout_set, "%llu\n");
529 static int sniff_min_interval_set(void *data, u64 val)
531 struct hci_dev *hdev = data;
533 if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
537 hdev->sniff_min_interval = val;
538 hci_dev_unlock(hdev);
543 static int sniff_min_interval_get(void *data, u64 *val)
545 struct hci_dev *hdev = data;
548 *val = hdev->sniff_min_interval;
549 hci_dev_unlock(hdev);
554 DEFINE_SIMPLE_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get,
555 sniff_min_interval_set, "%llu\n");
557 static int sniff_max_interval_set(void *data, u64 val)
559 struct hci_dev *hdev = data;
561 if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
565 hdev->sniff_max_interval = val;
566 hci_dev_unlock(hdev);
571 static int sniff_max_interval_get(void *data, u64 *val)
573 struct hci_dev *hdev = data;
576 *val = hdev->sniff_max_interval;
577 hci_dev_unlock(hdev);
582 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
583 sniff_max_interval_set, "%llu\n");
585 static int conn_info_min_age_set(void *data, u64 val)
587 struct hci_dev *hdev = data;
589 if (val == 0 || val > hdev->conn_info_max_age)
593 hdev->conn_info_min_age = val;
594 hci_dev_unlock(hdev);
599 static int conn_info_min_age_get(void *data, u64 *val)
601 struct hci_dev *hdev = data;
604 *val = hdev->conn_info_min_age;
605 hci_dev_unlock(hdev);
610 DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
611 conn_info_min_age_set, "%llu\n");
613 static int conn_info_max_age_set(void *data, u64 val)
615 struct hci_dev *hdev = data;
617 if (val == 0 || val < hdev->conn_info_min_age)
621 hdev->conn_info_max_age = val;
622 hci_dev_unlock(hdev);
627 static int conn_info_max_age_get(void *data, u64 *val)
629 struct hci_dev *hdev = data;
632 *val = hdev->conn_info_max_age;
633 hci_dev_unlock(hdev);
638 DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get,
639 conn_info_max_age_set, "%llu\n");
641 static int identity_show(struct seq_file *f, void *p)
643 struct hci_dev *hdev = f->private;
649 hci_copy_identity_address(hdev, &addr, &addr_type);
651 seq_printf(f, "%pMR (type %u) %*phN %pMR\n", &addr, addr_type,
652 16, hdev->irk, &hdev->rpa);
654 hci_dev_unlock(hdev);
659 static int identity_open(struct inode *inode, struct file *file)
661 return single_open(file, identity_show, inode->i_private);
664 static const struct file_operations identity_fops = {
665 .open = identity_open,
668 .release = single_release,
671 static int random_address_show(struct seq_file *f, void *p)
673 struct hci_dev *hdev = f->private;
676 seq_printf(f, "%pMR\n", &hdev->random_addr);
677 hci_dev_unlock(hdev);
682 static int random_address_open(struct inode *inode, struct file *file)
684 return single_open(file, random_address_show, inode->i_private);
687 static const struct file_operations random_address_fops = {
688 .open = random_address_open,
691 .release = single_release,
694 static int static_address_show(struct seq_file *f, void *p)
696 struct hci_dev *hdev = f->private;
699 seq_printf(f, "%pMR\n", &hdev->static_addr);
700 hci_dev_unlock(hdev);
705 static int static_address_open(struct inode *inode, struct file *file)
707 return single_open(file, static_address_show, inode->i_private);
710 static const struct file_operations static_address_fops = {
711 .open = static_address_open,
714 .release = single_release,
717 static ssize_t force_static_address_read(struct file *file,
718 char __user *user_buf,
719 size_t count, loff_t *ppos)
721 struct hci_dev *hdev = file->private_data;
724 buf[0] = test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ? 'Y': 'N';
727 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
730 static ssize_t force_static_address_write(struct file *file,
731 const char __user *user_buf,
732 size_t count, loff_t *ppos)
734 struct hci_dev *hdev = file->private_data;
736 size_t buf_size = min(count, (sizeof(buf)-1));
739 if (test_bit(HCI_UP, &hdev->flags))
742 if (copy_from_user(buf, user_buf, buf_size))
745 buf[buf_size] = '\0';
746 if (strtobool(buf, &enable))
749 if (enable == test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags))
752 change_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags);
757 static const struct file_operations force_static_address_fops = {
759 .read = force_static_address_read,
760 .write = force_static_address_write,
761 .llseek = default_llseek,
764 static int white_list_show(struct seq_file *f, void *ptr)
766 struct hci_dev *hdev = f->private;
767 struct bdaddr_list *b;
770 list_for_each_entry(b, &hdev->le_white_list, list)
771 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
772 hci_dev_unlock(hdev);
777 static int white_list_open(struct inode *inode, struct file *file)
779 return single_open(file, white_list_show, inode->i_private);
782 static const struct file_operations white_list_fops = {
783 .open = white_list_open,
786 .release = single_release,
789 static int identity_resolving_keys_show(struct seq_file *f, void *ptr)
791 struct hci_dev *hdev = f->private;
795 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
796 seq_printf(f, "%pMR (type %u) %*phN %pMR\n",
797 &irk->bdaddr, irk->addr_type,
798 16, irk->val, &irk->rpa);
805 static int identity_resolving_keys_open(struct inode *inode, struct file *file)
807 return single_open(file, identity_resolving_keys_show,
811 static const struct file_operations identity_resolving_keys_fops = {
812 .open = identity_resolving_keys_open,
815 .release = single_release,
818 static int long_term_keys_show(struct seq_file *f, void *ptr)
820 struct hci_dev *hdev = f->private;
824 list_for_each_entry_rcu(ltk, &hdev->long_term_keys, list)
825 seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %.16llx %*phN\n",
826 <k->bdaddr, ltk->bdaddr_type, ltk->authenticated,
827 ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
828 __le64_to_cpu(ltk->rand), 16, ltk->val);
834 static int long_term_keys_open(struct inode *inode, struct file *file)
836 return single_open(file, long_term_keys_show, inode->i_private);
839 static const struct file_operations long_term_keys_fops = {
840 .open = long_term_keys_open,
843 .release = single_release,
846 static int conn_min_interval_set(void *data, u64 val)
848 struct hci_dev *hdev = data;
850 if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval)
854 hdev->le_conn_min_interval = val;
855 hci_dev_unlock(hdev);
860 static int conn_min_interval_get(void *data, u64 *val)
862 struct hci_dev *hdev = data;
865 *val = hdev->le_conn_min_interval;
866 hci_dev_unlock(hdev);
871 DEFINE_SIMPLE_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get,
872 conn_min_interval_set, "%llu\n");
874 static int conn_max_interval_set(void *data, u64 val)
876 struct hci_dev *hdev = data;
878 if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval)
882 hdev->le_conn_max_interval = val;
883 hci_dev_unlock(hdev);
888 static int conn_max_interval_get(void *data, u64 *val)
890 struct hci_dev *hdev = data;
893 *val = hdev->le_conn_max_interval;
894 hci_dev_unlock(hdev);
899 DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get,
900 conn_max_interval_set, "%llu\n");
902 static int conn_latency_set(void *data, u64 val)
904 struct hci_dev *hdev = data;
910 hdev->le_conn_latency = val;
911 hci_dev_unlock(hdev);
916 static int conn_latency_get(void *data, u64 *val)
918 struct hci_dev *hdev = data;
921 *val = hdev->le_conn_latency;
922 hci_dev_unlock(hdev);
927 DEFINE_SIMPLE_ATTRIBUTE(conn_latency_fops, conn_latency_get,
928 conn_latency_set, "%llu\n");
930 static int supervision_timeout_set(void *data, u64 val)
932 struct hci_dev *hdev = data;
934 if (val < 0x000a || val > 0x0c80)
938 hdev->le_supv_timeout = val;
939 hci_dev_unlock(hdev);
944 static int supervision_timeout_get(void *data, u64 *val)
946 struct hci_dev *hdev = data;
949 *val = hdev->le_supv_timeout;
950 hci_dev_unlock(hdev);
955 DEFINE_SIMPLE_ATTRIBUTE(supervision_timeout_fops, supervision_timeout_get,
956 supervision_timeout_set, "%llu\n");
958 static int adv_channel_map_set(void *data, u64 val)
960 struct hci_dev *hdev = data;
962 if (val < 0x01 || val > 0x07)
966 hdev->le_adv_channel_map = val;
967 hci_dev_unlock(hdev);
972 static int adv_channel_map_get(void *data, u64 *val)
974 struct hci_dev *hdev = data;
977 *val = hdev->le_adv_channel_map;
978 hci_dev_unlock(hdev);
983 DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get,
984 adv_channel_map_set, "%llu\n");
986 static int adv_min_interval_set(void *data, u64 val)
988 struct hci_dev *hdev = data;
990 if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval)
994 hdev->le_adv_min_interval = val;
995 hci_dev_unlock(hdev);
1000 static int adv_min_interval_get(void *data, u64 *val)
1002 struct hci_dev *hdev = data;
1005 *val = hdev->le_adv_min_interval;
1006 hci_dev_unlock(hdev);
1011 DEFINE_SIMPLE_ATTRIBUTE(adv_min_interval_fops, adv_min_interval_get,
1012 adv_min_interval_set, "%llu\n");
1014 static int adv_max_interval_set(void *data, u64 val)
1016 struct hci_dev *hdev = data;
1018 if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval)
1022 hdev->le_adv_max_interval = val;
1023 hci_dev_unlock(hdev);
1028 static int adv_max_interval_get(void *data, u64 *val)
1030 struct hci_dev *hdev = data;
1033 *val = hdev->le_adv_max_interval;
1034 hci_dev_unlock(hdev);
1039 DEFINE_SIMPLE_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get,
1040 adv_max_interval_set, "%llu\n");
1042 static int device_list_show(struct seq_file *f, void *ptr)
1044 struct hci_dev *hdev = f->private;
1045 struct hci_conn_params *p;
1046 struct bdaddr_list *b;
1049 list_for_each_entry(b, &hdev->whitelist, list)
1050 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
1051 list_for_each_entry(p, &hdev->le_conn_params, list) {
1052 seq_printf(f, "%pMR (type %u) %u\n", &p->addr, p->addr_type,
1055 hci_dev_unlock(hdev);
1060 static int device_list_open(struct inode *inode, struct file *file)
1062 return single_open(file, device_list_show, inode->i_private);
1065 static const struct file_operations device_list_fops = {
1066 .open = device_list_open,
1068 .llseek = seq_lseek,
1069 .release = single_release,
1072 /* ---- HCI requests ---- */
1074 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
1076 BT_DBG("%s result 0x%2.2x", hdev->name, result);
1078 if (hdev->req_status == HCI_REQ_PEND) {
1079 hdev->req_result = result;
1080 hdev->req_status = HCI_REQ_DONE;
1081 wake_up_interruptible(&hdev->req_wait_q);
1085 static void hci_req_cancel(struct hci_dev *hdev, int err)
1087 BT_DBG("%s err 0x%2.2x", hdev->name, err);
1089 if (hdev->req_status == HCI_REQ_PEND) {
1090 hdev->req_result = err;
1091 hdev->req_status = HCI_REQ_CANCELED;
1092 wake_up_interruptible(&hdev->req_wait_q);
1096 static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
1099 struct hci_ev_cmd_complete *ev;
1100 struct hci_event_hdr *hdr;
1101 struct sk_buff *skb;
1105 skb = hdev->recv_evt;
1106 hdev->recv_evt = NULL;
1108 hci_dev_unlock(hdev);
1111 return ERR_PTR(-ENODATA);
1113 if (skb->len < sizeof(*hdr)) {
1114 BT_ERR("Too short HCI event");
1118 hdr = (void *) skb->data;
1119 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1122 if (hdr->evt != event)
1127 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
1128 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
1132 if (skb->len < sizeof(*ev)) {
1133 BT_ERR("Too short cmd_complete event");
1137 ev = (void *) skb->data;
1138 skb_pull(skb, sizeof(*ev));
1140 if (opcode == __le16_to_cpu(ev->opcode))
1143 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
1144 __le16_to_cpu(ev->opcode));
1148 return ERR_PTR(-ENODATA);
1151 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
1152 const void *param, u8 event, u32 timeout)
1154 DECLARE_WAITQUEUE(wait, current);
1155 struct hci_request req;
1158 BT_DBG("%s", hdev->name);
1160 hci_req_init(&req, hdev);
1162 hci_req_add_ev(&req, opcode, plen, param, event);
1164 hdev->req_status = HCI_REQ_PEND;
1166 add_wait_queue(&hdev->req_wait_q, &wait);
1167 set_current_state(TASK_INTERRUPTIBLE);
1169 err = hci_req_run(&req, hci_req_sync_complete);
1171 remove_wait_queue(&hdev->req_wait_q, &wait);
1172 set_current_state(TASK_RUNNING);
1173 return ERR_PTR(err);
1176 schedule_timeout(timeout);
1178 remove_wait_queue(&hdev->req_wait_q, &wait);
1180 if (signal_pending(current))
1181 return ERR_PTR(-EINTR);
1183 switch (hdev->req_status) {
1185 err = -bt_to_errno(hdev->req_result);
1188 case HCI_REQ_CANCELED:
1189 err = -hdev->req_result;
1197 hdev->req_status = hdev->req_result = 0;
1199 BT_DBG("%s end: err %d", hdev->name, err);
1202 return ERR_PTR(err);
1204 return hci_get_cmd_complete(hdev, opcode, event);
1206 EXPORT_SYMBOL(__hci_cmd_sync_ev);
1208 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
1209 const void *param, u32 timeout)
1211 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
1213 EXPORT_SYMBOL(__hci_cmd_sync);
1215 /* Execute request and wait for completion. */
1216 static int __hci_req_sync(struct hci_dev *hdev,
1217 void (*func)(struct hci_request *req,
1219 unsigned long opt, __u32 timeout)
1221 struct hci_request req;
1222 DECLARE_WAITQUEUE(wait, current);
1225 BT_DBG("%s start", hdev->name);
1227 hci_req_init(&req, hdev);
1229 hdev->req_status = HCI_REQ_PEND;
1233 add_wait_queue(&hdev->req_wait_q, &wait);
1234 set_current_state(TASK_INTERRUPTIBLE);
1236 err = hci_req_run(&req, hci_req_sync_complete);
1238 hdev->req_status = 0;
1240 remove_wait_queue(&hdev->req_wait_q, &wait);
1241 set_current_state(TASK_RUNNING);
1243 /* ENODATA means the HCI request command queue is empty.
1244 * This can happen when a request with conditionals doesn't
1245 * trigger any commands to be sent. This is normal behavior
1246 * and should not trigger an error return.
1248 if (err == -ENODATA)
1254 schedule_timeout(timeout);
1256 remove_wait_queue(&hdev->req_wait_q, &wait);
1258 if (signal_pending(current))
1261 switch (hdev->req_status) {
1263 err = -bt_to_errno(hdev->req_result);
1266 case HCI_REQ_CANCELED:
1267 err = -hdev->req_result;
1275 hdev->req_status = hdev->req_result = 0;
1277 BT_DBG("%s end: err %d", hdev->name, err);
1282 static int hci_req_sync(struct hci_dev *hdev,
1283 void (*req)(struct hci_request *req,
1285 unsigned long opt, __u32 timeout)
1289 if (!test_bit(HCI_UP, &hdev->flags))
1292 /* Serialize all requests */
1294 ret = __hci_req_sync(hdev, req, opt, timeout);
1295 hci_req_unlock(hdev);
1300 static void hci_reset_req(struct hci_request *req, unsigned long opt)
1302 BT_DBG("%s %ld", req->hdev->name, opt);
1305 set_bit(HCI_RESET, &req->hdev->flags);
1306 hci_req_add(req, HCI_OP_RESET, 0, NULL);
1309 static void bredr_init(struct hci_request *req)
1311 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
1313 /* Read Local Supported Features */
1314 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1316 /* Read Local Version */
1317 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1319 /* Read BD Address */
1320 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1323 static void amp_init(struct hci_request *req)
1325 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
1327 /* Read Local Version */
1328 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1330 /* Read Local Supported Commands */
1331 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1333 /* Read Local Supported Features */
1334 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1336 /* Read Local AMP Info */
1337 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
1339 /* Read Data Blk size */
1340 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
1342 /* Read Flow Control Mode */
1343 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
1345 /* Read Location Data */
1346 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
1349 static void hci_init1_req(struct hci_request *req, unsigned long opt)
1351 struct hci_dev *hdev = req->hdev;
1353 BT_DBG("%s %ld", hdev->name, opt);
1356 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1357 hci_reset_req(req, 0);
1359 switch (hdev->dev_type) {
1369 BT_ERR("Unknown device type %d", hdev->dev_type);
1374 static void bredr_setup(struct hci_request *req)
1376 struct hci_dev *hdev = req->hdev;
1381 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
1382 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
1384 /* Read Class of Device */
1385 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
1387 /* Read Local Name */
1388 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
1390 /* Read Voice Setting */
1391 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
1393 /* Read Number of Supported IAC */
1394 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
1396 /* Read Current IAC LAP */
1397 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
1399 /* Clear Event Filters */
1400 flt_type = HCI_FLT_CLEAR_ALL;
1401 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
1403 /* Connection accept timeout ~20 secs */
1404 param = cpu_to_le16(0x7d00);
1405 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
1407 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
1408 * but it does not support page scan related HCI commands.
1410 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
1411 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
1412 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
1416 static void le_setup(struct hci_request *req)
1418 struct hci_dev *hdev = req->hdev;
1420 /* Read LE Buffer Size */
1421 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
1423 /* Read LE Local Supported Features */
1424 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
1426 /* Read LE Supported States */
1427 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1429 /* Read LE White List Size */
1430 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
1432 /* Clear LE White List */
1433 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
1435 /* LE-only controllers have LE implicitly enabled */
1436 if (!lmp_bredr_capable(hdev))
1437 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1440 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
1442 if (lmp_ext_inq_capable(hdev))
1445 if (lmp_inq_rssi_capable(hdev))
1448 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
1449 hdev->lmp_subver == 0x0757)
1452 if (hdev->manufacturer == 15) {
1453 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
1455 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
1457 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
1461 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
1462 hdev->lmp_subver == 0x1805)
1468 static void hci_setup_inquiry_mode(struct hci_request *req)
1472 mode = hci_get_inquiry_mode(req->hdev);
1474 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
1477 static void hci_setup_event_mask(struct hci_request *req)
1479 struct hci_dev *hdev = req->hdev;
1481 /* The second byte is 0xff instead of 0x9f (two reserved bits
1482 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
1483 * command otherwise.
1485 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
1487 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
1488 * any event mask for pre 1.2 devices.
1490 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1493 if (lmp_bredr_capable(hdev)) {
1494 events[4] |= 0x01; /* Flow Specification Complete */
1495 events[4] |= 0x02; /* Inquiry Result with RSSI */
1496 events[4] |= 0x04; /* Read Remote Extended Features Complete */
1497 events[5] |= 0x08; /* Synchronous Connection Complete */
1498 events[5] |= 0x10; /* Synchronous Connection Changed */
1500 /* Use a different default for LE-only devices */
1501 memset(events, 0, sizeof(events));
1502 events[0] |= 0x10; /* Disconnection Complete */
1503 events[1] |= 0x08; /* Read Remote Version Information Complete */
1504 events[1] |= 0x20; /* Command Complete */
1505 events[1] |= 0x40; /* Command Status */
1506 events[1] |= 0x80; /* Hardware Error */
1507 events[2] |= 0x04; /* Number of Completed Packets */
1508 events[3] |= 0x02; /* Data Buffer Overflow */
1510 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
1511 events[0] |= 0x80; /* Encryption Change */
1512 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1516 if (lmp_inq_rssi_capable(hdev))
1517 events[4] |= 0x02; /* Inquiry Result with RSSI */
1519 if (lmp_sniffsubr_capable(hdev))
1520 events[5] |= 0x20; /* Sniff Subrating */
1522 if (lmp_pause_enc_capable(hdev))
1523 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1525 if (lmp_ext_inq_capable(hdev))
1526 events[5] |= 0x40; /* Extended Inquiry Result */
1528 if (lmp_no_flush_capable(hdev))
1529 events[7] |= 0x01; /* Enhanced Flush Complete */
1531 if (lmp_lsto_capable(hdev))
1532 events[6] |= 0x80; /* Link Supervision Timeout Changed */
1534 if (lmp_ssp_capable(hdev)) {
1535 events[6] |= 0x01; /* IO Capability Request */
1536 events[6] |= 0x02; /* IO Capability Response */
1537 events[6] |= 0x04; /* User Confirmation Request */
1538 events[6] |= 0x08; /* User Passkey Request */
1539 events[6] |= 0x10; /* Remote OOB Data Request */
1540 events[6] |= 0x20; /* Simple Pairing Complete */
1541 events[7] |= 0x04; /* User Passkey Notification */
1542 events[7] |= 0x08; /* Keypress Notification */
1543 events[7] |= 0x10; /* Remote Host Supported
1544 * Features Notification
1548 if (lmp_le_capable(hdev))
1549 events[7] |= 0x20; /* LE Meta-Event */
1551 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
1554 static void hci_init2_req(struct hci_request *req, unsigned long opt)
1556 struct hci_dev *hdev = req->hdev;
1558 if (lmp_bredr_capable(hdev))
1561 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
1563 if (lmp_le_capable(hdev))
1566 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
1567 * local supported commands HCI command.
1569 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1)
1570 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1572 if (lmp_ssp_capable(hdev)) {
1573 /* When SSP is available, then the host features page
1574 * should also be available as well. However some
1575 * controllers list the max_page as 0 as long as SSP
1576 * has not been enabled. To achieve proper debugging
1577 * output, force the minimum max_page to 1 at least.
1579 hdev->max_page = 0x01;
1581 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1583 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
1584 sizeof(mode), &mode);
1586 struct hci_cp_write_eir cp;
1588 memset(hdev->eir, 0, sizeof(hdev->eir));
1589 memset(&cp, 0, sizeof(cp));
1591 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1595 if (lmp_inq_rssi_capable(hdev))
1596 hci_setup_inquiry_mode(req);
1598 if (lmp_inq_tx_pwr_capable(hdev))
1599 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
1601 if (lmp_ext_feat_capable(hdev)) {
1602 struct hci_cp_read_local_ext_features cp;
1605 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1609 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
1611 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
1616 static void hci_setup_link_policy(struct hci_request *req)
1618 struct hci_dev *hdev = req->hdev;
1619 struct hci_cp_write_def_link_policy cp;
1620 u16 link_policy = 0;
1622 if (lmp_rswitch_capable(hdev))
1623 link_policy |= HCI_LP_RSWITCH;
1624 if (lmp_hold_capable(hdev))
1625 link_policy |= HCI_LP_HOLD;
1626 if (lmp_sniff_capable(hdev))
1627 link_policy |= HCI_LP_SNIFF;
1628 if (lmp_park_capable(hdev))
1629 link_policy |= HCI_LP_PARK;
1631 cp.policy = cpu_to_le16(link_policy);
1632 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
1635 static void hci_set_le_support(struct hci_request *req)
1637 struct hci_dev *hdev = req->hdev;
1638 struct hci_cp_write_le_host_supported cp;
1640 /* LE-only devices do not support explicit enablement */
1641 if (!lmp_bredr_capable(hdev))
1644 memset(&cp, 0, sizeof(cp));
1646 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1651 if (cp.le != lmp_host_le_capable(hdev))
1652 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
1656 static void hci_set_event_mask_page_2(struct hci_request *req)
1658 struct hci_dev *hdev = req->hdev;
1659 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
1661 /* If Connectionless Slave Broadcast master role is supported
1662 * enable all necessary events for it.
1664 if (lmp_csb_master_capable(hdev)) {
1665 events[1] |= 0x40; /* Triggered Clock Capture */
1666 events[1] |= 0x80; /* Synchronization Train Complete */
1667 events[2] |= 0x10; /* Slave Page Response Timeout */
1668 events[2] |= 0x20; /* CSB Channel Map Change */
1671 /* If Connectionless Slave Broadcast slave role is supported
1672 * enable all necessary events for it.
1674 if (lmp_csb_slave_capable(hdev)) {
1675 events[2] |= 0x01; /* Synchronization Train Received */
1676 events[2] |= 0x02; /* CSB Receive */
1677 events[2] |= 0x04; /* CSB Timeout */
1678 events[2] |= 0x08; /* Truncated Page Complete */
1681 /* Enable Authenticated Payload Timeout Expired event if supported */
1682 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
1685 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
1688 static void hci_init3_req(struct hci_request *req, unsigned long opt)
1690 struct hci_dev *hdev = req->hdev;
1693 hci_setup_event_mask(req);
1695 /* Some Broadcom based Bluetooth controllers do not support the
1696 * Delete Stored Link Key command. They are clearly indicating its
1697 * absence in the bit mask of supported commands.
1699 * Check the supported commands and only if the the command is marked
1700 * as supported send it. If not supported assume that the controller
1701 * does not have actual support for stored link keys which makes this
1702 * command redundant anyway.
1704 * Some controllers indicate that they support handling deleting
1705 * stored link keys, but they don't. The quirk lets a driver
1706 * just disable this command.
1708 if (hdev->commands[6] & 0x80 &&
1709 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
1710 struct hci_cp_delete_stored_link_key cp;
1712 bacpy(&cp.bdaddr, BDADDR_ANY);
1713 cp.delete_all = 0x01;
1714 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
1718 if (hdev->commands[5] & 0x10)
1719 hci_setup_link_policy(req);
1721 if (lmp_le_capable(hdev)) {
1724 memset(events, 0, sizeof(events));
1727 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
1728 events[0] |= 0x10; /* LE Long Term Key Request */
1730 /* If controller supports the Connection Parameters Request
1731 * Link Layer Procedure, enable the corresponding event.
1733 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
1734 events[0] |= 0x20; /* LE Remote Connection
1738 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
1741 if (hdev->commands[25] & 0x40) {
1742 /* Read LE Advertising Channel TX Power */
1743 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1746 hci_set_le_support(req);
1749 /* Read features beyond page 1 if available */
1750 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
1751 struct hci_cp_read_local_ext_features cp;
1754 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1759 static void hci_init4_req(struct hci_request *req, unsigned long opt)
1761 struct hci_dev *hdev = req->hdev;
1763 /* Set event mask page 2 if the HCI command for it is supported */
1764 if (hdev->commands[22] & 0x04)
1765 hci_set_event_mask_page_2(req);
1767 /* Read local codec list if the HCI command is supported */
1768 if (hdev->commands[29] & 0x20)
1769 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
1771 /* Get MWS transport configuration if the HCI command is supported */
1772 if (hdev->commands[30] & 0x08)
1773 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
1775 /* Check for Synchronization Train support */
1776 if (lmp_sync_train_capable(hdev))
1777 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1779 /* Enable Secure Connections if supported and configured */
1780 if (bredr_sc_enabled(hdev)) {
1782 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
1783 sizeof(support), &support);
1787 static int __hci_init(struct hci_dev *hdev)
1791 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
1795 /* The Device Under Test (DUT) mode is special and available for
1796 * all controller types. So just create it early on.
1798 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1799 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
1803 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
1804 * BR/EDR/LE type controllers. AMP controllers only need the
1807 if (hdev->dev_type != HCI_BREDR)
1810 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
1814 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
1818 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
1822 /* Only create debugfs entries during the initial setup
1823 * phase and not every time the controller gets powered on.
1825 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
1828 debugfs_create_file("features", 0444, hdev->debugfs, hdev,
1830 debugfs_create_u16("manufacturer", 0444, hdev->debugfs,
1831 &hdev->manufacturer);
1832 debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver);
1833 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
1834 debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
1836 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1838 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1840 debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
1841 &conn_info_min_age_fops);
1842 debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev,
1843 &conn_info_max_age_fops);
1845 if (lmp_bredr_capable(hdev)) {
1846 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
1847 hdev, &inquiry_cache_fops);
1848 debugfs_create_file("link_keys", 0400, hdev->debugfs,
1849 hdev, &link_keys_fops);
1850 debugfs_create_file("dev_class", 0444, hdev->debugfs,
1851 hdev, &dev_class_fops);
1852 debugfs_create_file("voice_setting", 0444, hdev->debugfs,
1853 hdev, &voice_setting_fops);
1856 if (lmp_ssp_capable(hdev)) {
1857 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs,
1858 hdev, &auto_accept_delay_fops);
1859 debugfs_create_file("force_sc_support", 0644, hdev->debugfs,
1860 hdev, &force_sc_support_fops);
1861 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs,
1862 hdev, &sc_only_mode_fops);
1863 if (lmp_le_capable(hdev))
1864 debugfs_create_file("force_lesc_support", 0644,
1865 hdev->debugfs, hdev,
1866 &force_lesc_support_fops);
1869 if (lmp_sniff_capable(hdev)) {
1870 debugfs_create_file("idle_timeout", 0644, hdev->debugfs,
1871 hdev, &idle_timeout_fops);
1872 debugfs_create_file("sniff_min_interval", 0644, hdev->debugfs,
1873 hdev, &sniff_min_interval_fops);
1874 debugfs_create_file("sniff_max_interval", 0644, hdev->debugfs,
1875 hdev, &sniff_max_interval_fops);
1878 if (lmp_le_capable(hdev)) {
1879 debugfs_create_file("identity", 0400, hdev->debugfs,
1880 hdev, &identity_fops);
1881 debugfs_create_file("rpa_timeout", 0644, hdev->debugfs,
1882 hdev, &rpa_timeout_fops);
1883 debugfs_create_file("random_address", 0444, hdev->debugfs,
1884 hdev, &random_address_fops);
1885 debugfs_create_file("static_address", 0444, hdev->debugfs,
1886 hdev, &static_address_fops);
1888 /* For controllers with a public address, provide a debug
1889 * option to force the usage of the configured static
1890 * address. By default the public address is used.
1892 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1893 debugfs_create_file("force_static_address", 0644,
1894 hdev->debugfs, hdev,
1895 &force_static_address_fops);
1897 debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
1898 &hdev->le_white_list_size);
1899 debugfs_create_file("white_list", 0444, hdev->debugfs, hdev,
1901 debugfs_create_file("identity_resolving_keys", 0400,
1902 hdev->debugfs, hdev,
1903 &identity_resolving_keys_fops);
1904 debugfs_create_file("long_term_keys", 0400, hdev->debugfs,
1905 hdev, &long_term_keys_fops);
1906 debugfs_create_file("conn_min_interval", 0644, hdev->debugfs,
1907 hdev, &conn_min_interval_fops);
1908 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs,
1909 hdev, &conn_max_interval_fops);
1910 debugfs_create_file("conn_latency", 0644, hdev->debugfs,
1911 hdev, &conn_latency_fops);
1912 debugfs_create_file("supervision_timeout", 0644, hdev->debugfs,
1913 hdev, &supervision_timeout_fops);
1914 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs,
1915 hdev, &adv_channel_map_fops);
1916 debugfs_create_file("adv_min_interval", 0644, hdev->debugfs,
1917 hdev, &adv_min_interval_fops);
1918 debugfs_create_file("adv_max_interval", 0644, hdev->debugfs,
1919 hdev, &adv_max_interval_fops);
1920 debugfs_create_u16("discov_interleaved_timeout", 0644,
1922 &hdev->discov_interleaved_timeout);
1930 static void hci_init0_req(struct hci_request *req, unsigned long opt)
1932 struct hci_dev *hdev = req->hdev;
1934 BT_DBG("%s %ld", hdev->name, opt);
1937 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1938 hci_reset_req(req, 0);
1940 /* Read Local Version */
1941 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1943 /* Read BD Address */
1944 if (hdev->set_bdaddr)
1945 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1948 static int __hci_unconf_init(struct hci_dev *hdev)
1952 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1955 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT);
1962 static void hci_scan_req(struct hci_request *req, unsigned long opt)
1966 BT_DBG("%s %x", req->hdev->name, scan);
1968 /* Inquiry and Page scans */
1969 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1972 static void hci_auth_req(struct hci_request *req, unsigned long opt)
1976 BT_DBG("%s %x", req->hdev->name, auth);
1978 /* Authentication */
1979 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1982 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
1986 BT_DBG("%s %x", req->hdev->name, encrypt);
1989 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1992 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
1994 __le16 policy = cpu_to_le16(opt);
1996 BT_DBG("%s %x", req->hdev->name, policy);
1998 /* Default link policy */
1999 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
2002 /* Get HCI device by index.
2003 * Device is held on return. */
2004 struct hci_dev *hci_dev_get(int index)
2006 struct hci_dev *hdev = NULL, *d;
2008 BT_DBG("%d", index);
2013 read_lock(&hci_dev_list_lock);
2014 list_for_each_entry(d, &hci_dev_list, list) {
2015 if (d->id == index) {
2016 hdev = hci_dev_hold(d);
2020 read_unlock(&hci_dev_list_lock);
2024 /* ---- Inquiry support ---- */
2026 bool hci_discovery_active(struct hci_dev *hdev)
2028 struct discovery_state *discov = &hdev->discovery;
2030 switch (discov->state) {
2031 case DISCOVERY_FINDING:
2032 case DISCOVERY_RESOLVING:
2040 void hci_discovery_set_state(struct hci_dev *hdev, int state)
2042 int old_state = hdev->discovery.state;
2044 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
2046 if (old_state == state)
2049 hdev->discovery.state = state;
2052 case DISCOVERY_STOPPED:
2053 hci_update_background_scan(hdev);
2055 if (old_state != DISCOVERY_STARTING)
2056 mgmt_discovering(hdev, 0);
2058 case DISCOVERY_STARTING:
2060 case DISCOVERY_FINDING:
2061 mgmt_discovering(hdev, 1);
2063 case DISCOVERY_RESOLVING:
2065 case DISCOVERY_STOPPING:
2070 void hci_inquiry_cache_flush(struct hci_dev *hdev)
2072 struct discovery_state *cache = &hdev->discovery;
2073 struct inquiry_entry *p, *n;
2075 list_for_each_entry_safe(p, n, &cache->all, all) {
2080 INIT_LIST_HEAD(&cache->unknown);
2081 INIT_LIST_HEAD(&cache->resolve);
2084 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
2087 struct discovery_state *cache = &hdev->discovery;
2088 struct inquiry_entry *e;
2090 BT_DBG("cache %p, %pMR", cache, bdaddr);
2092 list_for_each_entry(e, &cache->all, all) {
2093 if (!bacmp(&e->data.bdaddr, bdaddr))
2100 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
2103 struct discovery_state *cache = &hdev->discovery;
2104 struct inquiry_entry *e;
2106 BT_DBG("cache %p, %pMR", cache, bdaddr);
2108 list_for_each_entry(e, &cache->unknown, list) {
2109 if (!bacmp(&e->data.bdaddr, bdaddr))
2116 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
2120 struct discovery_state *cache = &hdev->discovery;
2121 struct inquiry_entry *e;
2123 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
2125 list_for_each_entry(e, &cache->resolve, list) {
2126 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
2128 if (!bacmp(&e->data.bdaddr, bdaddr))
2135 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
2136 struct inquiry_entry *ie)
2138 struct discovery_state *cache = &hdev->discovery;
2139 struct list_head *pos = &cache->resolve;
2140 struct inquiry_entry *p;
2142 list_del(&ie->list);
2144 list_for_each_entry(p, &cache->resolve, list) {
2145 if (p->name_state != NAME_PENDING &&
2146 abs(p->data.rssi) >= abs(ie->data.rssi))
2151 list_add(&ie->list, pos);
2154 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
2157 struct discovery_state *cache = &hdev->discovery;
2158 struct inquiry_entry *ie;
2161 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
2163 hci_remove_remote_oob_data(hdev, &data->bdaddr);
2165 if (!data->ssp_mode)
2166 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2168 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
2170 if (!ie->data.ssp_mode)
2171 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2173 if (ie->name_state == NAME_NEEDED &&
2174 data->rssi != ie->data.rssi) {
2175 ie->data.rssi = data->rssi;
2176 hci_inquiry_cache_update_resolve(hdev, ie);
2182 /* Entry not in the cache. Add new one. */
2183 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
2185 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2189 list_add(&ie->all, &cache->all);
2192 ie->name_state = NAME_KNOWN;
2194 ie->name_state = NAME_NOT_KNOWN;
2195 list_add(&ie->list, &cache->unknown);
2199 if (name_known && ie->name_state != NAME_KNOWN &&
2200 ie->name_state != NAME_PENDING) {
2201 ie->name_state = NAME_KNOWN;
2202 list_del(&ie->list);
2205 memcpy(&ie->data, data, sizeof(*data));
2206 ie->timestamp = jiffies;
2207 cache->timestamp = jiffies;
2209 if (ie->name_state == NAME_NOT_KNOWN)
2210 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2216 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
2218 struct discovery_state *cache = &hdev->discovery;
2219 struct inquiry_info *info = (struct inquiry_info *) buf;
2220 struct inquiry_entry *e;
2223 list_for_each_entry(e, &cache->all, all) {
2224 struct inquiry_data *data = &e->data;
2229 bacpy(&info->bdaddr, &data->bdaddr);
2230 info->pscan_rep_mode = data->pscan_rep_mode;
2231 info->pscan_period_mode = data->pscan_period_mode;
2232 info->pscan_mode = data->pscan_mode;
2233 memcpy(info->dev_class, data->dev_class, 3);
2234 info->clock_offset = data->clock_offset;
2240 BT_DBG("cache %p, copied %d", cache, copied);
2244 static void hci_inq_req(struct hci_request *req, unsigned long opt)
2246 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
2247 struct hci_dev *hdev = req->hdev;
2248 struct hci_cp_inquiry cp;
2250 BT_DBG("%s", hdev->name);
2252 if (test_bit(HCI_INQUIRY, &hdev->flags))
2256 memcpy(&cp.lap, &ir->lap, 3);
2257 cp.length = ir->length;
2258 cp.num_rsp = ir->num_rsp;
2259 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2262 int hci_inquiry(void __user *arg)
2264 __u8 __user *ptr = arg;
2265 struct hci_inquiry_req ir;
2266 struct hci_dev *hdev;
2267 int err = 0, do_inquiry = 0, max_rsp;
2271 if (copy_from_user(&ir, ptr, sizeof(ir)))
2274 hdev = hci_dev_get(ir.dev_id);
2278 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2283 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2288 if (hdev->dev_type != HCI_BREDR) {
2293 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2299 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
2300 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
2301 hci_inquiry_cache_flush(hdev);
2304 hci_dev_unlock(hdev);
2306 timeo = ir.length * msecs_to_jiffies(2000);
2309 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
2314 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
2315 * cleared). If it is interrupted by a signal, return -EINTR.
2317 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
2318 TASK_INTERRUPTIBLE))
2322 /* for unlimited number of responses we will use buffer with
2325 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
2327 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
2328 * copy it to the user space.
2330 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
2337 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
2338 hci_dev_unlock(hdev);
2340 BT_DBG("num_rsp %d", ir.num_rsp);
2342 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
2344 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
2357 static int hci_dev_do_open(struct hci_dev *hdev)
2361 BT_DBG("%s %p", hdev->name, hdev);
2365 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
2370 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2371 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2372 /* Check for rfkill but allow the HCI setup stage to
2373 * proceed (which in itself doesn't cause any RF activity).
2375 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) {
2380 /* Check for valid public address or a configured static
2381 * random adddress, but let the HCI setup proceed to
2382 * be able to determine if there is a public address
2385 * In case of user channel usage, it is not important
2386 * if a public address or static random address is
2389 * This check is only valid for BR/EDR controllers
2390 * since AMP controllers do not have an address.
2392 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2393 hdev->dev_type == HCI_BREDR &&
2394 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2395 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
2396 ret = -EADDRNOTAVAIL;
2401 if (test_bit(HCI_UP, &hdev->flags)) {
2406 if (hdev->open(hdev)) {
2411 atomic_set(&hdev->cmd_cnt, 1);
2412 set_bit(HCI_INIT, &hdev->flags);
2414 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
2416 ret = hdev->setup(hdev);
2418 /* The transport driver can set these quirks before
2419 * creating the HCI device or in its setup callback.
2421 * In case any of them is set, the controller has to
2422 * start up as unconfigured.
2424 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
2425 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
2426 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
2428 /* For an unconfigured controller it is required to
2429 * read at least the version information provided by
2430 * the Read Local Version Information command.
2432 * If the set_bdaddr driver callback is provided, then
2433 * also the original Bluetooth public device address
2434 * will be read using the Read BD Address command.
2436 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
2437 ret = __hci_unconf_init(hdev);
2440 if (test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2441 /* If public address change is configured, ensure that
2442 * the address gets programmed. If the driver does not
2443 * support changing the public address, fail the power
2446 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
2448 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
2450 ret = -EADDRNOTAVAIL;
2454 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2455 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2456 ret = __hci_init(hdev);
2459 clear_bit(HCI_INIT, &hdev->flags);
2463 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2464 set_bit(HCI_UP, &hdev->flags);
2465 hci_notify(hdev, HCI_DEV_UP);
2466 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2467 !test_bit(HCI_CONFIG, &hdev->dev_flags) &&
2468 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2469 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2470 hdev->dev_type == HCI_BREDR) {
2472 mgmt_powered(hdev, 1);
2473 hci_dev_unlock(hdev);
2476 /* Init failed, cleanup */
2477 flush_work(&hdev->tx_work);
2478 flush_work(&hdev->cmd_work);
2479 flush_work(&hdev->rx_work);
2481 skb_queue_purge(&hdev->cmd_q);
2482 skb_queue_purge(&hdev->rx_q);
2487 if (hdev->sent_cmd) {
2488 kfree_skb(hdev->sent_cmd);
2489 hdev->sent_cmd = NULL;
2493 hdev->flags &= BIT(HCI_RAW);
2497 hci_req_unlock(hdev);
2501 /* ---- HCI ioctl helpers ---- */
2503 int hci_dev_open(__u16 dev)
2505 struct hci_dev *hdev;
2508 hdev = hci_dev_get(dev);
2512 /* Devices that are marked as unconfigured can only be powered
2513 * up as user channel. Trying to bring them up as normal devices
2514 * will result into a failure. Only user channel operation is
2517 * When this function is called for a user channel, the flag
2518 * HCI_USER_CHANNEL will be set first before attempting to
2521 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2522 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2527 /* We need to ensure that no other power on/off work is pending
2528 * before proceeding to call hci_dev_do_open. This is
2529 * particularly important if the setup procedure has not yet
2532 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2533 cancel_delayed_work(&hdev->power_off);
2535 /* After this call it is guaranteed that the setup procedure
2536 * has finished. This means that error conditions like RFKILL
2537 * or no valid public or static random address apply.
2539 flush_workqueue(hdev->req_workqueue);
2541 /* For controllers not using the management interface and that
2542 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
2543 * so that pairing works for them. Once the management interface
2544 * is in use this bit will be cleared again and userspace has
2545 * to explicitly enable it.
2547 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2548 !test_bit(HCI_MGMT, &hdev->dev_flags))
2549 set_bit(HCI_BONDABLE, &hdev->dev_flags);
2551 err = hci_dev_do_open(hdev);
2558 /* This function requires the caller holds hdev->lock */
2559 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
2561 struct hci_conn_params *p;
2563 list_for_each_entry(p, &hdev->le_conn_params, list) {
2565 hci_conn_drop(p->conn);
2566 hci_conn_put(p->conn);
2569 list_del_init(&p->action);
2572 BT_DBG("All LE pending actions cleared");
2575 static int hci_dev_do_close(struct hci_dev *hdev)
2577 BT_DBG("%s %p", hdev->name, hdev);
2579 cancel_delayed_work(&hdev->power_off);
2581 hci_req_cancel(hdev, ENODEV);
2584 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
2585 cancel_delayed_work_sync(&hdev->cmd_timer);
2586 hci_req_unlock(hdev);
2590 /* Flush RX and TX works */
2591 flush_work(&hdev->tx_work);
2592 flush_work(&hdev->rx_work);
2594 if (hdev->discov_timeout > 0) {
2595 cancel_delayed_work(&hdev->discov_off);
2596 hdev->discov_timeout = 0;
2597 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2598 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2601 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
2602 cancel_delayed_work(&hdev->service_cache);
2604 cancel_delayed_work_sync(&hdev->le_scan_disable);
2606 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2607 cancel_delayed_work_sync(&hdev->rpa_expired);
2609 /* Avoid potential lockdep warnings from the *_flush() calls by
2610 * ensuring the workqueue is empty up front.
2612 drain_workqueue(hdev->workqueue);
2615 hci_inquiry_cache_flush(hdev);
2616 hci_pend_le_actions_clear(hdev);
2617 hci_conn_hash_flush(hdev);
2618 hci_dev_unlock(hdev);
2620 hci_notify(hdev, HCI_DEV_DOWN);
2626 skb_queue_purge(&hdev->cmd_q);
2627 atomic_set(&hdev->cmd_cnt, 1);
2628 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
2629 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2630 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
2631 set_bit(HCI_INIT, &hdev->flags);
2632 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
2633 clear_bit(HCI_INIT, &hdev->flags);
2636 /* flush cmd work */
2637 flush_work(&hdev->cmd_work);
2640 skb_queue_purge(&hdev->rx_q);
2641 skb_queue_purge(&hdev->cmd_q);
2642 skb_queue_purge(&hdev->raw_q);
2644 /* Drop last sent command */
2645 if (hdev->sent_cmd) {
2646 cancel_delayed_work_sync(&hdev->cmd_timer);
2647 kfree_skb(hdev->sent_cmd);
2648 hdev->sent_cmd = NULL;
2651 kfree_skb(hdev->recv_evt);
2652 hdev->recv_evt = NULL;
2654 /* After this point our queues are empty
2655 * and no tasks are scheduled. */
2659 hdev->flags &= BIT(HCI_RAW);
2660 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2662 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2663 if (hdev->dev_type == HCI_BREDR) {
2665 mgmt_powered(hdev, 0);
2666 hci_dev_unlock(hdev);
2670 /* Controller radio is available but is currently powered down */
2671 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
2673 memset(hdev->eir, 0, sizeof(hdev->eir));
2674 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
2675 bacpy(&hdev->random_addr, BDADDR_ANY);
2677 hci_req_unlock(hdev);
2683 int hci_dev_close(__u16 dev)
2685 struct hci_dev *hdev;
2688 hdev = hci_dev_get(dev);
2692 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2697 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2698 cancel_delayed_work(&hdev->power_off);
2700 err = hci_dev_do_close(hdev);
2707 int hci_dev_reset(__u16 dev)
2709 struct hci_dev *hdev;
2712 hdev = hci_dev_get(dev);
2718 if (!test_bit(HCI_UP, &hdev->flags)) {
2723 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2728 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2734 skb_queue_purge(&hdev->rx_q);
2735 skb_queue_purge(&hdev->cmd_q);
2737 /* Avoid potential lockdep warnings from the *_flush() calls by
2738 * ensuring the workqueue is empty up front.
2740 drain_workqueue(hdev->workqueue);
2743 hci_inquiry_cache_flush(hdev);
2744 hci_conn_hash_flush(hdev);
2745 hci_dev_unlock(hdev);
2750 atomic_set(&hdev->cmd_cnt, 1);
2751 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
2753 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2756 hci_req_unlock(hdev);
2761 int hci_dev_reset_stat(__u16 dev)
2763 struct hci_dev *hdev;
2766 hdev = hci_dev_get(dev);
2770 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2775 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2780 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
2787 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
2789 bool conn_changed, discov_changed;
2791 BT_DBG("%s scan 0x%02x", hdev->name, scan);
2793 if ((scan & SCAN_PAGE))
2794 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
2797 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
2800 if ((scan & SCAN_INQUIRY)) {
2801 discov_changed = !test_and_set_bit(HCI_DISCOVERABLE,
2804 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2805 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
2809 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2812 if (conn_changed || discov_changed) {
2813 /* In case this was disabled through mgmt */
2814 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
2816 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2817 mgmt_update_adv_data(hdev);
2819 mgmt_new_settings(hdev);
2823 int hci_dev_cmd(unsigned int cmd, void __user *arg)
2825 struct hci_dev *hdev;
2826 struct hci_dev_req dr;
2829 if (copy_from_user(&dr, arg, sizeof(dr)))
2832 hdev = hci_dev_get(dr.dev_id);
2836 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2841 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2846 if (hdev->dev_type != HCI_BREDR) {
2851 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2858 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2863 if (!lmp_encrypt_capable(hdev)) {
2868 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2869 /* Auth must be enabled first */
2870 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2876 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2881 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2884 /* Ensure that the connectable and discoverable states
2885 * get correctly modified as this was a non-mgmt change.
2888 hci_update_scan_state(hdev, dr.dev_opt);
2892 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2896 case HCISETLINKMODE:
2897 hdev->link_mode = ((__u16) dr.dev_opt) &
2898 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2902 hdev->pkt_type = (__u16) dr.dev_opt;
2906 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2907 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2911 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2912 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2925 int hci_get_dev_list(void __user *arg)
2927 struct hci_dev *hdev;
2928 struct hci_dev_list_req *dl;
2929 struct hci_dev_req *dr;
2930 int n = 0, size, err;
2933 if (get_user(dev_num, (__u16 __user *) arg))
2936 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2939 size = sizeof(*dl) + dev_num * sizeof(*dr);
2941 dl = kzalloc(size, GFP_KERNEL);
2947 read_lock(&hci_dev_list_lock);
2948 list_for_each_entry(hdev, &hci_dev_list, list) {
2949 unsigned long flags = hdev->flags;
2951 /* When the auto-off is configured it means the transport
2952 * is running, but in that case still indicate that the
2953 * device is actually down.
2955 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2956 flags &= ~BIT(HCI_UP);
2958 (dr + n)->dev_id = hdev->id;
2959 (dr + n)->dev_opt = flags;
2964 read_unlock(&hci_dev_list_lock);
2967 size = sizeof(*dl) + n * sizeof(*dr);
2969 err = copy_to_user(arg, dl, size);
2972 return err ? -EFAULT : 0;
2975 int hci_get_dev_info(void __user *arg)
2977 struct hci_dev *hdev;
2978 struct hci_dev_info di;
2979 unsigned long flags;
2982 if (copy_from_user(&di, arg, sizeof(di)))
2985 hdev = hci_dev_get(di.dev_id);
2989 /* When the auto-off is configured it means the transport
2990 * is running, but in that case still indicate that the
2991 * device is actually down.
2993 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2994 flags = hdev->flags & ~BIT(HCI_UP);
2996 flags = hdev->flags;
2998 strcpy(di.name, hdev->name);
2999 di.bdaddr = hdev->bdaddr;
3000 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
3002 di.pkt_type = hdev->pkt_type;
3003 if (lmp_bredr_capable(hdev)) {
3004 di.acl_mtu = hdev->acl_mtu;
3005 di.acl_pkts = hdev->acl_pkts;
3006 di.sco_mtu = hdev->sco_mtu;
3007 di.sco_pkts = hdev->sco_pkts;
3009 di.acl_mtu = hdev->le_mtu;
3010 di.acl_pkts = hdev->le_pkts;
3014 di.link_policy = hdev->link_policy;
3015 di.link_mode = hdev->link_mode;
3017 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
3018 memcpy(&di.features, &hdev->features, sizeof(di.features));
3020 if (copy_to_user(arg, &di, sizeof(di)))
3028 /* ---- Interface to HCI drivers ---- */
3030 static int hci_rfkill_set_block(void *data, bool blocked)
3032 struct hci_dev *hdev = data;
3034 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
3036 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
3040 set_bit(HCI_RFKILLED, &hdev->dev_flags);
3041 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
3042 !test_bit(HCI_CONFIG, &hdev->dev_flags))
3043 hci_dev_do_close(hdev);
3045 clear_bit(HCI_RFKILLED, &hdev->dev_flags);
3051 static const struct rfkill_ops hci_rfkill_ops = {
3052 .set_block = hci_rfkill_set_block,
3055 static void hci_power_on(struct work_struct *work)
3057 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
3060 BT_DBG("%s", hdev->name);
3062 err = hci_dev_do_open(hdev);
3064 mgmt_set_powered_failed(hdev, err);
3068 /* During the HCI setup phase, a few error conditions are
3069 * ignored and they need to be checked now. If they are still
3070 * valid, it is important to turn the device back off.
3072 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
3073 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
3074 (hdev->dev_type == HCI_BREDR &&
3075 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
3076 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
3077 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
3078 hci_dev_do_close(hdev);
3079 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
3080 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
3081 HCI_AUTO_OFF_TIMEOUT);
3084 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) {
3085 /* For unconfigured devices, set the HCI_RAW flag
3086 * so that userspace can easily identify them.
3088 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3089 set_bit(HCI_RAW, &hdev->flags);
3091 /* For fully configured devices, this will send
3092 * the Index Added event. For unconfigured devices,
3093 * it will send Unconfigued Index Added event.
3095 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
3096 * and no event will be send.
3098 mgmt_index_added(hdev);
3099 } else if (test_and_clear_bit(HCI_CONFIG, &hdev->dev_flags)) {
3100 /* When the controller is now configured, then it
3101 * is important to clear the HCI_RAW flag.
3103 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3104 clear_bit(HCI_RAW, &hdev->flags);
3106 /* Powering on the controller with HCI_CONFIG set only
3107 * happens with the transition from unconfigured to
3108 * configured. This will send the Index Added event.
3110 mgmt_index_added(hdev);
3114 static void hci_power_off(struct work_struct *work)
3116 struct hci_dev *hdev = container_of(work, struct hci_dev,
3119 BT_DBG("%s", hdev->name);
3121 hci_dev_do_close(hdev);
3124 static void hci_discov_off(struct work_struct *work)
3126 struct hci_dev *hdev;
3128 hdev = container_of(work, struct hci_dev, discov_off.work);
3130 BT_DBG("%s", hdev->name);
3132 mgmt_discoverable_timeout(hdev);
3135 void hci_uuids_clear(struct hci_dev *hdev)
3137 struct bt_uuid *uuid, *tmp;
3139 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
3140 list_del(&uuid->list);
3145 void hci_link_keys_clear(struct hci_dev *hdev)
3147 struct link_key *key;
3149 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
3150 list_del_rcu(&key->list);
3151 kfree_rcu(key, rcu);
3155 void hci_smp_ltks_clear(struct hci_dev *hdev)
3159 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
3160 list_del_rcu(&k->list);
3165 void hci_smp_irks_clear(struct hci_dev *hdev)
3169 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
3170 list_del_rcu(&k->list);
3175 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3180 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
3181 if (bacmp(bdaddr, &k->bdaddr) == 0) {
3191 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
3192 u8 key_type, u8 old_key_type)
3195 if (key_type < 0x03)
3198 /* Debug keys are insecure so don't store them persistently */
3199 if (key_type == HCI_LK_DEBUG_COMBINATION)
3202 /* Changed combination key and there's no previous one */
3203 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
3206 /* Security mode 3 case */
3210 /* BR/EDR key derived using SC from an LE link */
3211 if (conn->type == LE_LINK)
3214 /* Neither local nor remote side had no-bonding as requirement */
3215 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
3218 /* Local side had dedicated bonding as requirement */
3219 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
3222 /* Remote side had dedicated bonding as requirement */
3223 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
3226 /* If none of the above criteria match, then don't store the key
3231 static u8 ltk_role(u8 type)
3233 if (type == SMP_LTK)
3234 return HCI_ROLE_MASTER;
3236 return HCI_ROLE_SLAVE;
3239 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3240 u8 addr_type, u8 role)
3245 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
3246 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
3249 if (smp_ltk_is_sc(k)) {
3250 if (k->type == SMP_LTK_P256_DEBUG &&
3251 !test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
3257 if (ltk_role(k->type) == role) {
3267 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
3269 struct smp_irk *irk;
3272 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
3273 if (!bacmp(&irk->rpa, rpa)) {
3279 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
3280 if (smp_irk_matches(hdev, irk->val, rpa)) {
3281 bacpy(&irk->rpa, rpa);
3291 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3294 struct smp_irk *irk;
3296 /* Identity Address must be public or static random */
3297 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
3301 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
3302 if (addr_type == irk->addr_type &&
3303 bacmp(bdaddr, &irk->bdaddr) == 0) {
3313 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
3314 bdaddr_t *bdaddr, u8 *val, u8 type,
3315 u8 pin_len, bool *persistent)
3317 struct link_key *key, *old_key;
3320 old_key = hci_find_link_key(hdev, bdaddr);
3322 old_key_type = old_key->type;
3325 old_key_type = conn ? conn->key_type : 0xff;
3326 key = kzalloc(sizeof(*key), GFP_KERNEL);
3329 list_add_rcu(&key->list, &hdev->link_keys);
3332 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
3334 /* Some buggy controller combinations generate a changed
3335 * combination key for legacy pairing even when there's no
3337 if (type == HCI_LK_CHANGED_COMBINATION &&
3338 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
3339 type = HCI_LK_COMBINATION;
3341 conn->key_type = type;
3344 bacpy(&key->bdaddr, bdaddr);
3345 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
3346 key->pin_len = pin_len;
3348 if (type == HCI_LK_CHANGED_COMBINATION)
3349 key->type = old_key_type;
3354 *persistent = hci_persistent_key(hdev, conn, type,
3360 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3361 u8 addr_type, u8 type, u8 authenticated,
3362 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
3364 struct smp_ltk *key, *old_key;
3365 u8 role = ltk_role(type);
3367 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
3371 key = kzalloc(sizeof(*key), GFP_KERNEL);
3374 list_add_rcu(&key->list, &hdev->long_term_keys);
3377 bacpy(&key->bdaddr, bdaddr);
3378 key->bdaddr_type = addr_type;
3379 memcpy(key->val, tk, sizeof(key->val));
3380 key->authenticated = authenticated;
3383 key->enc_size = enc_size;
3389 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3390 u8 addr_type, u8 val[16], bdaddr_t *rpa)
3392 struct smp_irk *irk;
3394 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
3396 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
3400 bacpy(&irk->bdaddr, bdaddr);
3401 irk->addr_type = addr_type;
3403 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
3406 memcpy(irk->val, val, 16);
3407 bacpy(&irk->rpa, rpa);
3412 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3414 struct link_key *key;
3416 key = hci_find_link_key(hdev, bdaddr);
3420 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3422 list_del_rcu(&key->list);
3423 kfree_rcu(key, rcu);
3428 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
3433 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
3434 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
3437 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3439 list_del_rcu(&k->list);
3444 return removed ? 0 : -ENOENT;
3447 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
3451 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
3452 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
3455 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3457 list_del_rcu(&k->list);
3462 /* HCI command timer function */
3463 static void hci_cmd_timeout(struct work_struct *work)
3465 struct hci_dev *hdev = container_of(work, struct hci_dev,
3468 if (hdev->sent_cmd) {
3469 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
3470 u16 opcode = __le16_to_cpu(sent->opcode);
3472 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
3474 BT_ERR("%s command tx timeout", hdev->name);
3477 atomic_set(&hdev->cmd_cnt, 1);
3478 queue_work(hdev->workqueue, &hdev->cmd_work);
3481 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
3484 struct oob_data *data;
3486 list_for_each_entry(data, &hdev->remote_oob_data, list)
3487 if (bacmp(bdaddr, &data->bdaddr) == 0)
3493 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
3495 struct oob_data *data;
3497 data = hci_find_remote_oob_data(hdev, bdaddr);
3501 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3503 list_del(&data->list);
3509 void hci_remote_oob_data_clear(struct hci_dev *hdev)
3511 struct oob_data *data, *n;
3513 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
3514 list_del(&data->list);
3519 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3520 u8 *hash192, u8 *rand192,
3521 u8 *hash256, u8 *rand256)
3523 struct oob_data *data;
3525 data = hci_find_remote_oob_data(hdev, bdaddr);
3527 data = kmalloc(sizeof(*data), GFP_KERNEL);
3531 bacpy(&data->bdaddr, bdaddr);
3532 list_add(&data->list, &hdev->remote_oob_data);
3535 if (hash192 && rand192) {
3536 memcpy(data->hash192, hash192, sizeof(data->hash192));
3537 memcpy(data->rand192, rand192, sizeof(data->rand192));
3539 memset(data->hash192, 0, sizeof(data->hash192));
3540 memset(data->rand192, 0, sizeof(data->rand192));
3543 if (hash256 && rand256) {
3544 memcpy(data->hash256, hash256, sizeof(data->hash256));
3545 memcpy(data->rand256, rand256, sizeof(data->rand256));
3547 memset(data->hash256, 0, sizeof(data->hash256));
3548 memset(data->rand256, 0, sizeof(data->rand256));
3551 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3556 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3557 bdaddr_t *bdaddr, u8 type)
3559 struct bdaddr_list *b;
3561 list_for_each_entry(b, bdaddr_list, list) {
3562 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3569 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3571 struct list_head *p, *n;
3573 list_for_each_safe(p, n, bdaddr_list) {
3574 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
3581 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3583 struct bdaddr_list *entry;
3585 if (!bacmp(bdaddr, BDADDR_ANY))
3588 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3591 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3595 bacpy(&entry->bdaddr, bdaddr);
3596 entry->bdaddr_type = type;
3598 list_add(&entry->list, list);
3603 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3605 struct bdaddr_list *entry;
3607 if (!bacmp(bdaddr, BDADDR_ANY)) {
3608 hci_bdaddr_list_clear(list);
3612 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3616 list_del(&entry->list);
3622 /* This function requires the caller holds hdev->lock */
3623 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3624 bdaddr_t *addr, u8 addr_type)
3626 struct hci_conn_params *params;
3628 /* The conn params list only contains identity addresses */
3629 if (!hci_is_identity_address(addr, addr_type))
3632 list_for_each_entry(params, &hdev->le_conn_params, list) {
3633 if (bacmp(¶ms->addr, addr) == 0 &&
3634 params->addr_type == addr_type) {
3642 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
3644 struct hci_conn *conn;
3646 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
3650 if (conn->dst_type != type)
3653 if (conn->state != BT_CONNECTED)
3659 /* This function requires the caller holds hdev->lock */
3660 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3661 bdaddr_t *addr, u8 addr_type)
3663 struct hci_conn_params *param;
3665 /* The list only contains identity addresses */
3666 if (!hci_is_identity_address(addr, addr_type))
3669 list_for_each_entry(param, list, action) {
3670 if (bacmp(¶m->addr, addr) == 0 &&
3671 param->addr_type == addr_type)
3678 /* This function requires the caller holds hdev->lock */
3679 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3680 bdaddr_t *addr, u8 addr_type)
3682 struct hci_conn_params *params;
3684 if (!hci_is_identity_address(addr, addr_type))
3687 params = hci_conn_params_lookup(hdev, addr, addr_type);
3691 params = kzalloc(sizeof(*params), GFP_KERNEL);
3693 BT_ERR("Out of memory");
3697 bacpy(¶ms->addr, addr);
3698 params->addr_type = addr_type;
3700 list_add(¶ms->list, &hdev->le_conn_params);
3701 INIT_LIST_HEAD(¶ms->action);
3703 params->conn_min_interval = hdev->le_conn_min_interval;
3704 params->conn_max_interval = hdev->le_conn_max_interval;
3705 params->conn_latency = hdev->le_conn_latency;
3706 params->supervision_timeout = hdev->le_supv_timeout;
3707 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3709 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3714 /* This function requires the caller holds hdev->lock */
3715 int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3718 struct hci_conn_params *params;
3720 params = hci_conn_params_add(hdev, addr, addr_type);
3724 if (params->auto_connect == auto_connect)
3727 list_del_init(¶ms->action);
3729 switch (auto_connect) {
3730 case HCI_AUTO_CONN_DISABLED:
3731 case HCI_AUTO_CONN_LINK_LOSS:
3732 hci_update_background_scan(hdev);
3734 case HCI_AUTO_CONN_REPORT:
3735 list_add(¶ms->action, &hdev->pend_le_reports);
3736 hci_update_background_scan(hdev);
3738 case HCI_AUTO_CONN_DIRECT:
3739 case HCI_AUTO_CONN_ALWAYS:
3740 if (!is_connected(hdev, addr, addr_type)) {
3741 list_add(¶ms->action, &hdev->pend_le_conns);
3742 hci_update_background_scan(hdev);
3747 params->auto_connect = auto_connect;
3749 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
3755 static void hci_conn_params_free(struct hci_conn_params *params)
3758 hci_conn_drop(params->conn);
3759 hci_conn_put(params->conn);
3762 list_del(¶ms->action);
3763 list_del(¶ms->list);
3767 /* This function requires the caller holds hdev->lock */
3768 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3770 struct hci_conn_params *params;
3772 params = hci_conn_params_lookup(hdev, addr, addr_type);
3776 hci_conn_params_free(params);
3778 hci_update_background_scan(hdev);
3780 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3783 /* This function requires the caller holds hdev->lock */
3784 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3786 struct hci_conn_params *params, *tmp;
3788 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3789 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3791 list_del(¶ms->list);
3795 BT_DBG("All LE disabled connection parameters were removed");
3798 /* This function requires the caller holds hdev->lock */
3799 void hci_conn_params_clear_all(struct hci_dev *hdev)
3801 struct hci_conn_params *params, *tmp;
3803 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
3804 hci_conn_params_free(params);
3806 hci_update_background_scan(hdev);
3808 BT_DBG("All LE connection parameters were removed");
3811 static void inquiry_complete(struct hci_dev *hdev, u8 status)
3814 BT_ERR("Failed to start inquiry: status %d", status);
3817 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3818 hci_dev_unlock(hdev);
3823 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status)
3825 /* General inquiry access code (GIAC) */
3826 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3827 struct hci_request req;
3828 struct hci_cp_inquiry cp;
3832 BT_ERR("Failed to disable LE scanning: status %d", status);
3836 switch (hdev->discovery.type) {
3837 case DISCOV_TYPE_LE:
3839 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3840 hci_dev_unlock(hdev);
3843 case DISCOV_TYPE_INTERLEAVED:
3844 hci_req_init(&req, hdev);
3846 memset(&cp, 0, sizeof(cp));
3847 memcpy(&cp.lap, lap, sizeof(cp.lap));
3848 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
3849 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3853 hci_inquiry_cache_flush(hdev);
3855 err = hci_req_run(&req, inquiry_complete);
3857 BT_ERR("Inquiry request failed: err %d", err);
3858 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3861 hci_dev_unlock(hdev);
3866 static void le_scan_disable_work(struct work_struct *work)
3868 struct hci_dev *hdev = container_of(work, struct hci_dev,
3869 le_scan_disable.work);
3870 struct hci_request req;
3873 BT_DBG("%s", hdev->name);
3875 hci_req_init(&req, hdev);
3877 hci_req_add_le_scan_disable(&req);
3879 err = hci_req_run(&req, le_scan_disable_work_complete);
3881 BT_ERR("Disable LE scanning request failed: err %d", err);
3884 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
3886 struct hci_dev *hdev = req->hdev;
3888 /* If we're advertising or initiating an LE connection we can't
3889 * go ahead and change the random address at this time. This is
3890 * because the eventual initiator address used for the
3891 * subsequently created connection will be undefined (some
3892 * controllers use the new address and others the one we had
3893 * when the operation started).
3895 * In this kind of scenario skip the update and let the random
3896 * address be updated at the next cycle.
3898 if (test_bit(HCI_LE_ADV, &hdev->dev_flags) ||
3899 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3900 BT_DBG("Deferring random address update");
3901 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
3905 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
3908 int hci_update_random_address(struct hci_request *req, bool require_privacy,
3911 struct hci_dev *hdev = req->hdev;
3914 /* If privacy is enabled use a resolvable private address. If
3915 * current RPA has expired or there is something else than
3916 * the current RPA in use, then generate a new one.
3918 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3921 *own_addr_type = ADDR_LE_DEV_RANDOM;
3923 if (!test_and_clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags) &&
3924 !bacmp(&hdev->random_addr, &hdev->rpa))
3927 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
3929 BT_ERR("%s failed to generate new RPA", hdev->name);
3933 set_random_addr(req, &hdev->rpa);
3935 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
3936 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
3941 /* In case of required privacy without resolvable private address,
3942 * use an unresolvable private address. This is useful for active
3943 * scanning and non-connectable advertising.
3945 if (require_privacy) {
3948 get_random_bytes(&urpa, 6);
3949 urpa.b[5] &= 0x3f; /* Clear two most significant bits */
3951 *own_addr_type = ADDR_LE_DEV_RANDOM;
3952 set_random_addr(req, &urpa);
3956 /* If forcing static address is in use or there is no public
3957 * address use the static address as random address (but skip
3958 * the HCI command if the current random address is already the
3961 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3962 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3963 *own_addr_type = ADDR_LE_DEV_RANDOM;
3964 if (bacmp(&hdev->static_addr, &hdev->random_addr))
3965 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3966 &hdev->static_addr);
3970 /* Neither privacy nor static address is being used so use a
3973 *own_addr_type = ADDR_LE_DEV_PUBLIC;
3978 /* Copy the Identity Address of the controller.
3980 * If the controller has a public BD_ADDR, then by default use that one.
3981 * If this is a LE only controller without a public address, default to
3982 * the static random address.
3984 * For debugging purposes it is possible to force controllers with a
3985 * public address to use the static random address instead.
3987 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3990 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3991 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3992 bacpy(bdaddr, &hdev->static_addr);
3993 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3995 bacpy(bdaddr, &hdev->bdaddr);
3996 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
4000 /* Alloc HCI device */
4001 struct hci_dev *hci_alloc_dev(void)
4003 struct hci_dev *hdev;
4005 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
4009 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
4010 hdev->esco_type = (ESCO_HV1);
4011 hdev->link_mode = (HCI_LM_ACCEPT);
4012 hdev->num_iac = 0x01; /* One IAC support is mandatory */
4013 hdev->io_capability = 0x03; /* No Input No Output */
4014 hdev->manufacturer = 0xffff; /* Default to internal use */
4015 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
4016 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
4018 hdev->sniff_max_interval = 800;
4019 hdev->sniff_min_interval = 80;
4021 hdev->le_adv_channel_map = 0x07;
4022 hdev->le_adv_min_interval = 0x0800;
4023 hdev->le_adv_max_interval = 0x0800;
4024 hdev->le_scan_interval = 0x0060;
4025 hdev->le_scan_window = 0x0030;
4026 hdev->le_conn_min_interval = 0x0028;
4027 hdev->le_conn_max_interval = 0x0038;
4028 hdev->le_conn_latency = 0x0000;
4029 hdev->le_supv_timeout = 0x002a;
4031 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
4032 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
4033 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
4034 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
4036 mutex_init(&hdev->lock);
4037 mutex_init(&hdev->req_lock);
4039 INIT_LIST_HEAD(&hdev->mgmt_pending);
4040 INIT_LIST_HEAD(&hdev->blacklist);
4041 INIT_LIST_HEAD(&hdev->whitelist);
4042 INIT_LIST_HEAD(&hdev->uuids);
4043 INIT_LIST_HEAD(&hdev->link_keys);
4044 INIT_LIST_HEAD(&hdev->long_term_keys);
4045 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
4046 INIT_LIST_HEAD(&hdev->remote_oob_data);
4047 INIT_LIST_HEAD(&hdev->le_white_list);
4048 INIT_LIST_HEAD(&hdev->le_conn_params);
4049 INIT_LIST_HEAD(&hdev->pend_le_conns);
4050 INIT_LIST_HEAD(&hdev->pend_le_reports);
4051 INIT_LIST_HEAD(&hdev->conn_hash.list);
4053 INIT_WORK(&hdev->rx_work, hci_rx_work);
4054 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
4055 INIT_WORK(&hdev->tx_work, hci_tx_work);
4056 INIT_WORK(&hdev->power_on, hci_power_on);
4058 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
4059 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
4060 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
4062 skb_queue_head_init(&hdev->rx_q);
4063 skb_queue_head_init(&hdev->cmd_q);
4064 skb_queue_head_init(&hdev->raw_q);
4066 init_waitqueue_head(&hdev->req_wait_q);
4068 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
4070 hci_init_sysfs(hdev);
4071 discovery_init(hdev);
4075 EXPORT_SYMBOL(hci_alloc_dev);
4077 /* Free HCI device */
4078 void hci_free_dev(struct hci_dev *hdev)
4080 /* will free via device release */
4081 put_device(&hdev->dev);
4083 EXPORT_SYMBOL(hci_free_dev);
4085 /* Register HCI device */
4086 int hci_register_dev(struct hci_dev *hdev)
4090 if (!hdev->open || !hdev->close || !hdev->send)
4093 /* Do not allow HCI_AMP devices to register at index 0,
4094 * so the index can be used as the AMP controller ID.
4096 switch (hdev->dev_type) {
4098 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
4101 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
4110 sprintf(hdev->name, "hci%d", id);
4113 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4115 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4116 WQ_MEM_RECLAIM, 1, hdev->name);
4117 if (!hdev->workqueue) {
4122 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4123 WQ_MEM_RECLAIM, 1, hdev->name);
4124 if (!hdev->req_workqueue) {
4125 destroy_workqueue(hdev->workqueue);
4130 if (!IS_ERR_OR_NULL(bt_debugfs))
4131 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
4133 dev_set_name(&hdev->dev, "%s", hdev->name);
4135 error = device_add(&hdev->dev);
4139 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
4140 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
4143 if (rfkill_register(hdev->rfkill) < 0) {
4144 rfkill_destroy(hdev->rfkill);
4145 hdev->rfkill = NULL;
4149 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
4150 set_bit(HCI_RFKILLED, &hdev->dev_flags);
4152 set_bit(HCI_SETUP, &hdev->dev_flags);
4153 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
4155 if (hdev->dev_type == HCI_BREDR) {
4156 /* Assume BR/EDR support until proven otherwise (such as
4157 * through reading supported features during init.
4159 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4162 write_lock(&hci_dev_list_lock);
4163 list_add(&hdev->list, &hci_dev_list);
4164 write_unlock(&hci_dev_list_lock);
4166 /* Devices that are marked for raw-only usage are unconfigured
4167 * and should not be included in normal operation.
4169 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
4170 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
4172 hci_notify(hdev, HCI_DEV_REG);
4175 queue_work(hdev->req_workqueue, &hdev->power_on);
4180 destroy_workqueue(hdev->workqueue);
4181 destroy_workqueue(hdev->req_workqueue);
4183 ida_simple_remove(&hci_index_ida, hdev->id);
4187 EXPORT_SYMBOL(hci_register_dev);
4189 /* Unregister HCI device */
4190 void hci_unregister_dev(struct hci_dev *hdev)
4194 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4196 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
4200 write_lock(&hci_dev_list_lock);
4201 list_del(&hdev->list);
4202 write_unlock(&hci_dev_list_lock);
4204 hci_dev_do_close(hdev);
4206 for (i = 0; i < NUM_REASSEMBLY; i++)
4207 kfree_skb(hdev->reassembly[i]);
4209 cancel_work_sync(&hdev->power_on);
4211 if (!test_bit(HCI_INIT, &hdev->flags) &&
4212 !test_bit(HCI_SETUP, &hdev->dev_flags) &&
4213 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
4215 mgmt_index_removed(hdev);
4216 hci_dev_unlock(hdev);
4219 /* mgmt_index_removed should take care of emptying the
4221 BUG_ON(!list_empty(&hdev->mgmt_pending));
4223 hci_notify(hdev, HCI_DEV_UNREG);
4226 rfkill_unregister(hdev->rfkill);
4227 rfkill_destroy(hdev->rfkill);
4230 smp_unregister(hdev);
4232 device_del(&hdev->dev);
4234 debugfs_remove_recursive(hdev->debugfs);
4236 destroy_workqueue(hdev->workqueue);
4237 destroy_workqueue(hdev->req_workqueue);
4240 hci_bdaddr_list_clear(&hdev->blacklist);
4241 hci_bdaddr_list_clear(&hdev->whitelist);
4242 hci_uuids_clear(hdev);
4243 hci_link_keys_clear(hdev);
4244 hci_smp_ltks_clear(hdev);
4245 hci_smp_irks_clear(hdev);
4246 hci_remote_oob_data_clear(hdev);
4247 hci_bdaddr_list_clear(&hdev->le_white_list);
4248 hci_conn_params_clear_all(hdev);
4249 hci_dev_unlock(hdev);
4253 ida_simple_remove(&hci_index_ida, id);
4255 EXPORT_SYMBOL(hci_unregister_dev);
4257 /* Suspend HCI device */
4258 int hci_suspend_dev(struct hci_dev *hdev)
4260 hci_notify(hdev, HCI_DEV_SUSPEND);
4263 EXPORT_SYMBOL(hci_suspend_dev);
4265 /* Resume HCI device */
4266 int hci_resume_dev(struct hci_dev *hdev)
4268 hci_notify(hdev, HCI_DEV_RESUME);
4271 EXPORT_SYMBOL(hci_resume_dev);
4273 /* Reset HCI device */
4274 int hci_reset_dev(struct hci_dev *hdev)
4276 const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
4277 struct sk_buff *skb;
4279 skb = bt_skb_alloc(3, GFP_ATOMIC);
4283 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
4284 memcpy(skb_put(skb, 3), hw_err, 3);
4286 /* Send Hardware Error to upper stack */
4287 return hci_recv_frame(hdev, skb);
4289 EXPORT_SYMBOL(hci_reset_dev);
4291 /* Receive frame from HCI drivers */
4292 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
4294 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
4295 && !test_bit(HCI_INIT, &hdev->flags))) {
4301 bt_cb(skb)->incoming = 1;
4304 __net_timestamp(skb);
4306 skb_queue_tail(&hdev->rx_q, skb);
4307 queue_work(hdev->workqueue, &hdev->rx_work);
4311 EXPORT_SYMBOL(hci_recv_frame);
4313 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
4314 int count, __u8 index)
4319 struct sk_buff *skb;
4320 struct bt_skb_cb *scb;
4322 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
4323 index >= NUM_REASSEMBLY)
4326 skb = hdev->reassembly[index];
4330 case HCI_ACLDATA_PKT:
4331 len = HCI_MAX_FRAME_SIZE;
4332 hlen = HCI_ACL_HDR_SIZE;
4335 len = HCI_MAX_EVENT_SIZE;
4336 hlen = HCI_EVENT_HDR_SIZE;
4338 case HCI_SCODATA_PKT:
4339 len = HCI_MAX_SCO_SIZE;
4340 hlen = HCI_SCO_HDR_SIZE;
4344 skb = bt_skb_alloc(len, GFP_ATOMIC);
4348 scb = (void *) skb->cb;
4350 scb->pkt_type = type;
4352 hdev->reassembly[index] = skb;
4356 scb = (void *) skb->cb;
4357 len = min_t(uint, scb->expect, count);
4359 memcpy(skb_put(skb, len), data, len);
4368 if (skb->len == HCI_EVENT_HDR_SIZE) {
4369 struct hci_event_hdr *h = hci_event_hdr(skb);
4370 scb->expect = h->plen;
4372 if (skb_tailroom(skb) < scb->expect) {
4374 hdev->reassembly[index] = NULL;
4380 case HCI_ACLDATA_PKT:
4381 if (skb->len == HCI_ACL_HDR_SIZE) {
4382 struct hci_acl_hdr *h = hci_acl_hdr(skb);
4383 scb->expect = __le16_to_cpu(h->dlen);
4385 if (skb_tailroom(skb) < scb->expect) {
4387 hdev->reassembly[index] = NULL;
4393 case HCI_SCODATA_PKT:
4394 if (skb->len == HCI_SCO_HDR_SIZE) {
4395 struct hci_sco_hdr *h = hci_sco_hdr(skb);
4396 scb->expect = h->dlen;
4398 if (skb_tailroom(skb) < scb->expect) {
4400 hdev->reassembly[index] = NULL;
4407 if (scb->expect == 0) {
4408 /* Complete frame */
4410 bt_cb(skb)->pkt_type = type;
4411 hci_recv_frame(hdev, skb);
4413 hdev->reassembly[index] = NULL;
4421 #define STREAM_REASSEMBLY 0
4423 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
4429 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
4432 struct { char type; } *pkt;
4434 /* Start of the frame */
4441 type = bt_cb(skb)->pkt_type;
4443 rem = hci_reassembly(hdev, type, data, count,
4448 data += (count - rem);
4454 EXPORT_SYMBOL(hci_recv_stream_fragment);
4456 /* ---- Interface to upper protocols ---- */
4458 int hci_register_cb(struct hci_cb *cb)
4460 BT_DBG("%p name %s", cb, cb->name);
4462 write_lock(&hci_cb_list_lock);
4463 list_add(&cb->list, &hci_cb_list);
4464 write_unlock(&hci_cb_list_lock);
4468 EXPORT_SYMBOL(hci_register_cb);
4470 int hci_unregister_cb(struct hci_cb *cb)
4472 BT_DBG("%p name %s", cb, cb->name);
4474 write_lock(&hci_cb_list_lock);
4475 list_del(&cb->list);
4476 write_unlock(&hci_cb_list_lock);
4480 EXPORT_SYMBOL(hci_unregister_cb);
4482 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4486 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
4489 __net_timestamp(skb);
4491 /* Send copy to monitor */
4492 hci_send_to_monitor(hdev, skb);
4494 if (atomic_read(&hdev->promisc)) {
4495 /* Send copy to the sockets */
4496 hci_send_to_sock(hdev, skb);
4499 /* Get rid of skb owner, prior to sending to the driver. */
4502 err = hdev->send(hdev, skb);
4504 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
4509 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
4511 skb_queue_head_init(&req->cmd_q);
4516 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
4518 struct hci_dev *hdev = req->hdev;
4519 struct sk_buff *skb;
4520 unsigned long flags;
4522 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
4524 /* If an error occurred during request building, remove all HCI
4525 * commands queued on the HCI request queue.
4528 skb_queue_purge(&req->cmd_q);
4532 /* Do not allow empty requests */
4533 if (skb_queue_empty(&req->cmd_q))
4536 skb = skb_peek_tail(&req->cmd_q);
4537 bt_cb(skb)->req.complete = complete;
4539 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4540 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
4541 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4543 queue_work(hdev->workqueue, &hdev->cmd_work);
4548 bool hci_req_pending(struct hci_dev *hdev)
4550 return (hdev->req_status == HCI_REQ_PEND);
4553 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
4554 u32 plen, const void *param)
4556 int len = HCI_COMMAND_HDR_SIZE + plen;
4557 struct hci_command_hdr *hdr;
4558 struct sk_buff *skb;
4560 skb = bt_skb_alloc(len, GFP_ATOMIC);
4564 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
4565 hdr->opcode = cpu_to_le16(opcode);
4569 memcpy(skb_put(skb, plen), param, plen);
4571 BT_DBG("skb len %d", skb->len);
4573 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
4574 bt_cb(skb)->opcode = opcode;
4579 /* Send HCI command */
4580 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
4583 struct sk_buff *skb;
4585 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4587 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4589 BT_ERR("%s no memory for command", hdev->name);
4593 /* Stand-alone HCI commands must be flagged as
4594 * single-command requests.
4596 bt_cb(skb)->req.start = true;
4598 skb_queue_tail(&hdev->cmd_q, skb);
4599 queue_work(hdev->workqueue, &hdev->cmd_work);
4604 /* Queue a command to an asynchronous HCI request */
4605 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
4606 const void *param, u8 event)
4608 struct hci_dev *hdev = req->hdev;
4609 struct sk_buff *skb;
4611 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4613 /* If an error occurred during request building, there is no point in
4614 * queueing the HCI command. We can simply return.
4619 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4621 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
4622 hdev->name, opcode);
4627 if (skb_queue_empty(&req->cmd_q))
4628 bt_cb(skb)->req.start = true;
4630 bt_cb(skb)->req.event = event;
4632 skb_queue_tail(&req->cmd_q, skb);
4635 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
4638 hci_req_add_ev(req, opcode, plen, param, 0);
4641 /* Get data from the previously sent command */
4642 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
4644 struct hci_command_hdr *hdr;
4646 if (!hdev->sent_cmd)
4649 hdr = (void *) hdev->sent_cmd->data;
4651 if (hdr->opcode != cpu_to_le16(opcode))
4654 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
4656 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
4660 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
4662 struct hci_acl_hdr *hdr;
4665 skb_push(skb, HCI_ACL_HDR_SIZE);
4666 skb_reset_transport_header(skb);
4667 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
4668 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
4669 hdr->dlen = cpu_to_le16(len);
4672 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
4673 struct sk_buff *skb, __u16 flags)
4675 struct hci_conn *conn = chan->conn;
4676 struct hci_dev *hdev = conn->hdev;
4677 struct sk_buff *list;
4679 skb->len = skb_headlen(skb);
4682 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4684 switch (hdev->dev_type) {
4686 hci_add_acl_hdr(skb, conn->handle, flags);
4689 hci_add_acl_hdr(skb, chan->handle, flags);
4692 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
4696 list = skb_shinfo(skb)->frag_list;
4698 /* Non fragmented */
4699 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
4701 skb_queue_tail(queue, skb);
4704 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4706 skb_shinfo(skb)->frag_list = NULL;
4708 /* Queue all fragments atomically. We need to use spin_lock_bh
4709 * here because of 6LoWPAN links, as there this function is
4710 * called from softirq and using normal spin lock could cause
4713 spin_lock_bh(&queue->lock);
4715 __skb_queue_tail(queue, skb);
4717 flags &= ~ACL_START;
4720 skb = list; list = list->next;
4722 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4723 hci_add_acl_hdr(skb, conn->handle, flags);
4725 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4727 __skb_queue_tail(queue, skb);
4730 spin_unlock_bh(&queue->lock);
4734 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
4736 struct hci_dev *hdev = chan->conn->hdev;
4738 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
4740 hci_queue_acl(chan, &chan->data_q, skb, flags);
4742 queue_work(hdev->workqueue, &hdev->tx_work);
4746 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
4748 struct hci_dev *hdev = conn->hdev;
4749 struct hci_sco_hdr hdr;
4751 BT_DBG("%s len %d", hdev->name, skb->len);
4753 hdr.handle = cpu_to_le16(conn->handle);
4754 hdr.dlen = skb->len;
4756 skb_push(skb, HCI_SCO_HDR_SIZE);
4757 skb_reset_transport_header(skb);
4758 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
4760 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
4762 skb_queue_tail(&conn->data_q, skb);
4763 queue_work(hdev->workqueue, &hdev->tx_work);
4766 /* ---- HCI TX task (outgoing data) ---- */
4768 /* HCI Connection scheduler */
4769 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
4772 struct hci_conn_hash *h = &hdev->conn_hash;
4773 struct hci_conn *conn = NULL, *c;
4774 unsigned int num = 0, min = ~0;
4776 /* We don't have to lock device here. Connections are always
4777 * added and removed with TX task disabled. */
4781 list_for_each_entry_rcu(c, &h->list, list) {
4782 if (c->type != type || skb_queue_empty(&c->data_q))
4785 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
4790 if (c->sent < min) {
4795 if (hci_conn_num(hdev, type) == num)
4804 switch (conn->type) {
4806 cnt = hdev->acl_cnt;
4810 cnt = hdev->sco_cnt;
4813 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4817 BT_ERR("Unknown link type");
4825 BT_DBG("conn %p quote %d", conn, *quote);
4829 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
4831 struct hci_conn_hash *h = &hdev->conn_hash;
4834 BT_ERR("%s link tx timeout", hdev->name);
4838 /* Kill stalled connections */
4839 list_for_each_entry_rcu(c, &h->list, list) {
4840 if (c->type == type && c->sent) {
4841 BT_ERR("%s killing stalled connection %pMR",
4842 hdev->name, &c->dst);
4843 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
4850 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
4853 struct hci_conn_hash *h = &hdev->conn_hash;
4854 struct hci_chan *chan = NULL;
4855 unsigned int num = 0, min = ~0, cur_prio = 0;
4856 struct hci_conn *conn;
4857 int cnt, q, conn_num = 0;
4859 BT_DBG("%s", hdev->name);
4863 list_for_each_entry_rcu(conn, &h->list, list) {
4864 struct hci_chan *tmp;
4866 if (conn->type != type)
4869 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4874 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
4875 struct sk_buff *skb;
4877 if (skb_queue_empty(&tmp->data_q))
4880 skb = skb_peek(&tmp->data_q);
4881 if (skb->priority < cur_prio)
4884 if (skb->priority > cur_prio) {
4887 cur_prio = skb->priority;
4892 if (conn->sent < min) {
4898 if (hci_conn_num(hdev, type) == conn_num)
4907 switch (chan->conn->type) {
4909 cnt = hdev->acl_cnt;
4912 cnt = hdev->block_cnt;
4916 cnt = hdev->sco_cnt;
4919 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4923 BT_ERR("Unknown link type");
4928 BT_DBG("chan %p quote %d", chan, *quote);
4932 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
4934 struct hci_conn_hash *h = &hdev->conn_hash;
4935 struct hci_conn *conn;
4938 BT_DBG("%s", hdev->name);
4942 list_for_each_entry_rcu(conn, &h->list, list) {
4943 struct hci_chan *chan;
4945 if (conn->type != type)
4948 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4953 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
4954 struct sk_buff *skb;
4961 if (skb_queue_empty(&chan->data_q))
4964 skb = skb_peek(&chan->data_q);
4965 if (skb->priority >= HCI_PRIO_MAX - 1)
4968 skb->priority = HCI_PRIO_MAX - 1;
4970 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
4974 if (hci_conn_num(hdev, type) == num)
4982 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4984 /* Calculate count of blocks used by this packet */
4985 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4988 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
4990 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
4991 /* ACL tx timeout must be longer than maximum
4992 * link supervision timeout (40.9 seconds) */
4993 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
4994 HCI_ACL_TX_TIMEOUT))
4995 hci_link_tx_to(hdev, ACL_LINK);
4999 static void hci_sched_acl_pkt(struct hci_dev *hdev)
5001 unsigned int cnt = hdev->acl_cnt;
5002 struct hci_chan *chan;
5003 struct sk_buff *skb;
5006 __check_timeout(hdev, cnt);
5008 while (hdev->acl_cnt &&
5009 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
5010 u32 priority = (skb_peek(&chan->data_q))->priority;
5011 while (quote-- && (skb = skb_peek(&chan->data_q))) {
5012 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5013 skb->len, skb->priority);
5015 /* Stop if priority has changed */
5016 if (skb->priority < priority)
5019 skb = skb_dequeue(&chan->data_q);
5021 hci_conn_enter_active_mode(chan->conn,
5022 bt_cb(skb)->force_active);
5024 hci_send_frame(hdev, skb);
5025 hdev->acl_last_tx = jiffies;
5033 if (cnt != hdev->acl_cnt)
5034 hci_prio_recalculate(hdev, ACL_LINK);
5037 static void hci_sched_acl_blk(struct hci_dev *hdev)
5039 unsigned int cnt = hdev->block_cnt;
5040 struct hci_chan *chan;
5041 struct sk_buff *skb;
5045 __check_timeout(hdev, cnt);
5047 BT_DBG("%s", hdev->name);
5049 if (hdev->dev_type == HCI_AMP)
5054 while (hdev->block_cnt > 0 &&
5055 (chan = hci_chan_sent(hdev, type, "e))) {
5056 u32 priority = (skb_peek(&chan->data_q))->priority;
5057 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
5060 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5061 skb->len, skb->priority);
5063 /* Stop if priority has changed */
5064 if (skb->priority < priority)
5067 skb = skb_dequeue(&chan->data_q);
5069 blocks = __get_blocks(hdev, skb);
5070 if (blocks > hdev->block_cnt)
5073 hci_conn_enter_active_mode(chan->conn,
5074 bt_cb(skb)->force_active);
5076 hci_send_frame(hdev, skb);
5077 hdev->acl_last_tx = jiffies;
5079 hdev->block_cnt -= blocks;
5082 chan->sent += blocks;
5083 chan->conn->sent += blocks;
5087 if (cnt != hdev->block_cnt)
5088 hci_prio_recalculate(hdev, type);
5091 static void hci_sched_acl(struct hci_dev *hdev)
5093 BT_DBG("%s", hdev->name);
5095 /* No ACL link over BR/EDR controller */
5096 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
5099 /* No AMP link over AMP controller */
5100 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
5103 switch (hdev->flow_ctl_mode) {
5104 case HCI_FLOW_CTL_MODE_PACKET_BASED:
5105 hci_sched_acl_pkt(hdev);
5108 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
5109 hci_sched_acl_blk(hdev);
5115 static void hci_sched_sco(struct hci_dev *hdev)
5117 struct hci_conn *conn;
5118 struct sk_buff *skb;
5121 BT_DBG("%s", hdev->name);
5123 if (!hci_conn_num(hdev, SCO_LINK))
5126 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
5127 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5128 BT_DBG("skb %p len %d", skb, skb->len);
5129 hci_send_frame(hdev, skb);
5132 if (conn->sent == ~0)
5138 static void hci_sched_esco(struct hci_dev *hdev)
5140 struct hci_conn *conn;
5141 struct sk_buff *skb;
5144 BT_DBG("%s", hdev->name);
5146 if (!hci_conn_num(hdev, ESCO_LINK))
5149 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
5151 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5152 BT_DBG("skb %p len %d", skb, skb->len);
5153 hci_send_frame(hdev, skb);
5156 if (conn->sent == ~0)
5162 static void hci_sched_le(struct hci_dev *hdev)
5164 struct hci_chan *chan;
5165 struct sk_buff *skb;
5166 int quote, cnt, tmp;
5168 BT_DBG("%s", hdev->name);
5170 if (!hci_conn_num(hdev, LE_LINK))
5173 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5174 /* LE tx timeout must be longer than maximum
5175 * link supervision timeout (40.9 seconds) */
5176 if (!hdev->le_cnt && hdev->le_pkts &&
5177 time_after(jiffies, hdev->le_last_tx + HZ * 45))
5178 hci_link_tx_to(hdev, LE_LINK);
5181 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
5183 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
5184 u32 priority = (skb_peek(&chan->data_q))->priority;
5185 while (quote-- && (skb = skb_peek(&chan->data_q))) {
5186 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5187 skb->len, skb->priority);
5189 /* Stop if priority has changed */
5190 if (skb->priority < priority)
5193 skb = skb_dequeue(&chan->data_q);
5195 hci_send_frame(hdev, skb);
5196 hdev->le_last_tx = jiffies;
5207 hdev->acl_cnt = cnt;
5210 hci_prio_recalculate(hdev, LE_LINK);
5213 static void hci_tx_work(struct work_struct *work)
5215 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
5216 struct sk_buff *skb;
5218 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
5219 hdev->sco_cnt, hdev->le_cnt);
5221 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5222 /* Schedule queues and send stuff to HCI driver */
5223 hci_sched_acl(hdev);
5224 hci_sched_sco(hdev);
5225 hci_sched_esco(hdev);
5229 /* Send next queued raw (unknown type) packet */
5230 while ((skb = skb_dequeue(&hdev->raw_q)))
5231 hci_send_frame(hdev, skb);
5234 /* ----- HCI RX task (incoming data processing) ----- */
5236 /* ACL data packet */
5237 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5239 struct hci_acl_hdr *hdr = (void *) skb->data;
5240 struct hci_conn *conn;
5241 __u16 handle, flags;
5243 skb_pull(skb, HCI_ACL_HDR_SIZE);
5245 handle = __le16_to_cpu(hdr->handle);
5246 flags = hci_flags(handle);
5247 handle = hci_handle(handle);
5249 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
5252 hdev->stat.acl_rx++;
5255 conn = hci_conn_hash_lookup_handle(hdev, handle);
5256 hci_dev_unlock(hdev);
5259 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
5261 /* Send to upper protocol */
5262 l2cap_recv_acldata(conn, skb, flags);
5265 BT_ERR("%s ACL packet for unknown connection handle %d",
5266 hdev->name, handle);
5272 /* SCO data packet */
5273 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5275 struct hci_sco_hdr *hdr = (void *) skb->data;
5276 struct hci_conn *conn;
5279 skb_pull(skb, HCI_SCO_HDR_SIZE);
5281 handle = __le16_to_cpu(hdr->handle);
5283 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
5285 hdev->stat.sco_rx++;
5288 conn = hci_conn_hash_lookup_handle(hdev, handle);
5289 hci_dev_unlock(hdev);
5292 /* Send to upper protocol */
5293 sco_recv_scodata(conn, skb);
5296 BT_ERR("%s SCO packet for unknown connection handle %d",
5297 hdev->name, handle);
5303 static bool hci_req_is_complete(struct hci_dev *hdev)
5305 struct sk_buff *skb;
5307 skb = skb_peek(&hdev->cmd_q);
5311 return bt_cb(skb)->req.start;
5314 static void hci_resend_last(struct hci_dev *hdev)
5316 struct hci_command_hdr *sent;
5317 struct sk_buff *skb;
5320 if (!hdev->sent_cmd)
5323 sent = (void *) hdev->sent_cmd->data;
5324 opcode = __le16_to_cpu(sent->opcode);
5325 if (opcode == HCI_OP_RESET)
5328 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
5332 skb_queue_head(&hdev->cmd_q, skb);
5333 queue_work(hdev->workqueue, &hdev->cmd_work);
5336 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
5338 hci_req_complete_t req_complete = NULL;
5339 struct sk_buff *skb;
5340 unsigned long flags;
5342 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
5344 /* If the completed command doesn't match the last one that was
5345 * sent we need to do special handling of it.
5347 if (!hci_sent_cmd_data(hdev, opcode)) {
5348 /* Some CSR based controllers generate a spontaneous
5349 * reset complete event during init and any pending
5350 * command will never be completed. In such a case we
5351 * need to resend whatever was the last sent
5354 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
5355 hci_resend_last(hdev);
5360 /* If the command succeeded and there's still more commands in
5361 * this request the request is not yet complete.
5363 if (!status && !hci_req_is_complete(hdev))
5366 /* If this was the last command in a request the complete
5367 * callback would be found in hdev->sent_cmd instead of the
5368 * command queue (hdev->cmd_q).
5370 if (hdev->sent_cmd) {
5371 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
5374 /* We must set the complete callback to NULL to
5375 * avoid calling the callback more than once if
5376 * this function gets called again.
5378 bt_cb(hdev->sent_cmd)->req.complete = NULL;
5384 /* Remove all pending commands belonging to this request */
5385 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
5386 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
5387 if (bt_cb(skb)->req.start) {
5388 __skb_queue_head(&hdev->cmd_q, skb);
5392 req_complete = bt_cb(skb)->req.complete;
5395 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
5399 req_complete(hdev, status);
5402 static void hci_rx_work(struct work_struct *work)
5404 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
5405 struct sk_buff *skb;
5407 BT_DBG("%s", hdev->name);
5409 while ((skb = skb_dequeue(&hdev->rx_q))) {
5410 /* Send copy to monitor */
5411 hci_send_to_monitor(hdev, skb);
5413 if (atomic_read(&hdev->promisc)) {
5414 /* Send copy to the sockets */
5415 hci_send_to_sock(hdev, skb);
5418 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5423 if (test_bit(HCI_INIT, &hdev->flags)) {
5424 /* Don't process data packets in this states. */
5425 switch (bt_cb(skb)->pkt_type) {
5426 case HCI_ACLDATA_PKT:
5427 case HCI_SCODATA_PKT:
5434 switch (bt_cb(skb)->pkt_type) {
5436 BT_DBG("%s Event packet", hdev->name);
5437 hci_event_packet(hdev, skb);
5440 case HCI_ACLDATA_PKT:
5441 BT_DBG("%s ACL data packet", hdev->name);
5442 hci_acldata_packet(hdev, skb);
5445 case HCI_SCODATA_PKT:
5446 BT_DBG("%s SCO data packet", hdev->name);
5447 hci_scodata_packet(hdev, skb);
5457 static void hci_cmd_work(struct work_struct *work)
5459 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
5460 struct sk_buff *skb;
5462 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
5463 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
5465 /* Send queued commands */
5466 if (atomic_read(&hdev->cmd_cnt)) {
5467 skb = skb_dequeue(&hdev->cmd_q);
5471 kfree_skb(hdev->sent_cmd);
5473 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
5474 if (hdev->sent_cmd) {
5475 atomic_dec(&hdev->cmd_cnt);
5476 hci_send_frame(hdev, skb);
5477 if (test_bit(HCI_RESET, &hdev->flags))
5478 cancel_delayed_work(&hdev->cmd_timer);
5480 schedule_delayed_work(&hdev->cmd_timer,
5483 skb_queue_head(&hdev->cmd_q, skb);
5484 queue_work(hdev->workqueue, &hdev->cmd_work);
5489 void hci_req_add_le_scan_disable(struct hci_request *req)
5491 struct hci_cp_le_set_scan_enable cp;
5493 memset(&cp, 0, sizeof(cp));
5494 cp.enable = LE_SCAN_DISABLE;
5495 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
5498 static void add_to_white_list(struct hci_request *req,
5499 struct hci_conn_params *params)
5501 struct hci_cp_le_add_to_white_list cp;
5503 cp.bdaddr_type = params->addr_type;
5504 bacpy(&cp.bdaddr, ¶ms->addr);
5506 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
5509 static u8 update_white_list(struct hci_request *req)
5511 struct hci_dev *hdev = req->hdev;
5512 struct hci_conn_params *params;
5513 struct bdaddr_list *b;
5514 uint8_t white_list_entries = 0;
5516 /* Go through the current white list programmed into the
5517 * controller one by one and check if that address is still
5518 * in the list of pending connections or list of devices to
5519 * report. If not present in either list, then queue the
5520 * command to remove it from the controller.
5522 list_for_each_entry(b, &hdev->le_white_list, list) {
5523 struct hci_cp_le_del_from_white_list cp;
5525 if (hci_pend_le_action_lookup(&hdev->pend_le_conns,
5526 &b->bdaddr, b->bdaddr_type) ||
5527 hci_pend_le_action_lookup(&hdev->pend_le_reports,
5528 &b->bdaddr, b->bdaddr_type)) {
5529 white_list_entries++;
5533 cp.bdaddr_type = b->bdaddr_type;
5534 bacpy(&cp.bdaddr, &b->bdaddr);
5536 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
5540 /* Since all no longer valid white list entries have been
5541 * removed, walk through the list of pending connections
5542 * and ensure that any new device gets programmed into
5545 * If the list of the devices is larger than the list of
5546 * available white list entries in the controller, then
5547 * just abort and return filer policy value to not use the
5550 list_for_each_entry(params, &hdev->pend_le_conns, action) {
5551 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5552 ¶ms->addr, params->addr_type))
5555 if (white_list_entries >= hdev->le_white_list_size) {
5556 /* Select filter policy to accept all advertising */
5560 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
5561 params->addr_type)) {
5562 /* White list can not be used with RPAs */
5566 white_list_entries++;
5567 add_to_white_list(req, params);
5570 /* After adding all new pending connections, walk through
5571 * the list of pending reports and also add these to the
5572 * white list if there is still space.
5574 list_for_each_entry(params, &hdev->pend_le_reports, action) {
5575 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5576 ¶ms->addr, params->addr_type))
5579 if (white_list_entries >= hdev->le_white_list_size) {
5580 /* Select filter policy to accept all advertising */
5584 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
5585 params->addr_type)) {
5586 /* White list can not be used with RPAs */
5590 white_list_entries++;
5591 add_to_white_list(req, params);
5594 /* Select filter policy to use white list */
5598 void hci_req_add_le_passive_scan(struct hci_request *req)
5600 struct hci_cp_le_set_scan_param param_cp;
5601 struct hci_cp_le_set_scan_enable enable_cp;
5602 struct hci_dev *hdev = req->hdev;
5606 /* Set require_privacy to false since no SCAN_REQ are send
5607 * during passive scanning. Not using an unresolvable address
5608 * here is important so that peer devices using direct
5609 * advertising with our address will be correctly reported
5610 * by the controller.
5612 if (hci_update_random_address(req, false, &own_addr_type))
5615 /* Adding or removing entries from the white list must
5616 * happen before enabling scanning. The controller does
5617 * not allow white list modification while scanning.
5619 filter_policy = update_white_list(req);
5621 memset(¶m_cp, 0, sizeof(param_cp));
5622 param_cp.type = LE_SCAN_PASSIVE;
5623 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5624 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5625 param_cp.own_address_type = own_addr_type;
5626 param_cp.filter_policy = filter_policy;
5627 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5630 memset(&enable_cp, 0, sizeof(enable_cp));
5631 enable_cp.enable = LE_SCAN_ENABLE;
5632 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
5633 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5637 static void update_background_scan_complete(struct hci_dev *hdev, u8 status)
5640 BT_DBG("HCI request failed to update background scanning: "
5641 "status 0x%2.2x", status);
5644 /* This function controls the background scanning based on hdev->pend_le_conns
5645 * list. If there are pending LE connection we start the background scanning,
5646 * otherwise we stop it.
5648 * This function requires the caller holds hdev->lock.
5650 void hci_update_background_scan(struct hci_dev *hdev)
5652 struct hci_request req;
5653 struct hci_conn *conn;
5656 if (!test_bit(HCI_UP, &hdev->flags) ||
5657 test_bit(HCI_INIT, &hdev->flags) ||
5658 test_bit(HCI_SETUP, &hdev->dev_flags) ||
5659 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5660 test_bit(HCI_AUTO_OFF, &hdev->dev_flags) ||
5661 test_bit(HCI_UNREGISTER, &hdev->dev_flags))
5664 /* No point in doing scanning if LE support hasn't been enabled */
5665 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5668 /* If discovery is active don't interfere with it */
5669 if (hdev->discovery.state != DISCOVERY_STOPPED)
5672 hci_req_init(&req, hdev);
5674 if (list_empty(&hdev->pend_le_conns) &&
5675 list_empty(&hdev->pend_le_reports)) {
5676 /* If there is no pending LE connections or devices
5677 * to be scanned for, we should stop the background
5681 /* If controller is not scanning we are done. */
5682 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5685 hci_req_add_le_scan_disable(&req);
5687 BT_DBG("%s stopping background scanning", hdev->name);
5689 /* If there is at least one pending LE connection, we should
5690 * keep the background scan running.
5693 /* If controller is connecting, we should not start scanning
5694 * since some controllers are not able to scan and connect at
5697 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
5701 /* If controller is currently scanning, we stop it to ensure we
5702 * don't miss any advertising (due to duplicates filter).
5704 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5705 hci_req_add_le_scan_disable(&req);
5707 hci_req_add_le_passive_scan(&req);
5709 BT_DBG("%s starting background scanning", hdev->name);
5712 err = hci_req_run(&req, update_background_scan_complete);
5714 BT_ERR("Failed to run HCI request: err %d", err);
5717 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
5719 struct bdaddr_list *b;
5721 list_for_each_entry(b, &hdev->whitelist, list) {
5722 struct hci_conn *conn;
5724 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
5728 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
5735 void hci_update_page_scan(struct hci_dev *hdev, struct hci_request *req)
5739 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5742 if (!hdev_is_powered(hdev))
5745 if (mgmt_powering_down(hdev))
5748 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) ||
5749 disconnected_whitelist_entries(hdev))
5752 scan = SCAN_DISABLED;
5754 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE))
5757 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
5758 scan |= SCAN_INQUIRY;
5761 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
5763 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
projects / cascardo / linux.git / blob