tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI core. */
27
28#include <linux/export.h>
29#include <linux/idr.h>
30#include <linux/rfkill.h>
31#include <linux/debugfs.h>
32#include <asm/unaligned.h>
33
34#include <net/bluetooth/bluetooth.h>
35#include <net/bluetooth/hci_core.h>
36
37static void hci_rx_work(struct work_struct *work);
38static void hci_cmd_work(struct work_struct *work);
39static void hci_tx_work(struct work_struct *work);
40
41/* HCI device list */
42LIST_HEAD(hci_dev_list);
43DEFINE_RWLOCK(hci_dev_list_lock);
44
45/* HCI callback list */
46LIST_HEAD(hci_cb_list);
47DEFINE_RWLOCK(hci_cb_list_lock);
48
49/* HCI ID Numbering */
50static DEFINE_IDA(hci_index_ida);
51
52/* ---- HCI notifications ---- */
53
54static void hci_notify(struct hci_dev *hdev, int event)
55{
56 hci_sock_dev_event(hdev, event);
57}
58
59/* ---- HCI debugfs entries ---- */
60
61static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
62 size_t count, loff_t *ppos)
63{
64 struct hci_dev *hdev = file->private_data;
65 char buf[3];
66
67 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dev_flags) ? 'Y': 'N';
68 buf[1] = '\n';
69 buf[2] = '\0';
70 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
71}
72
73static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
74 size_t count, loff_t *ppos)
75{
76 struct hci_dev *hdev = file->private_data;
77 struct sk_buff *skb;
78 char buf[32];
79 size_t buf_size = min(count, (sizeof(buf)-1));
80 bool enable;
81 int err;
82
83 if (!test_bit(HCI_UP, &hdev->flags))
84 return -ENETDOWN;
85
86 if (copy_from_user(buf, user_buf, buf_size))
87 return -EFAULT;
88
89 buf[buf_size] = '\0';
90 if (strtobool(buf, &enable))
91 return -EINVAL;
92
93 if (enable == test_bit(HCI_DUT_MODE, &hdev->dev_flags))
94 return -EALREADY;
95
96 hci_req_lock(hdev);
97 if (enable)
98 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
99 HCI_CMD_TIMEOUT);
100 else
101 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
102 HCI_CMD_TIMEOUT);
103 hci_req_unlock(hdev);
104
105 if (IS_ERR(skb))
106 return PTR_ERR(skb);
107
108 err = -bt_to_errno(skb->data[0]);
109 kfree_skb(skb);
110
111 if (err < 0)
112 return err;
113
114 change_bit(HCI_DUT_MODE, &hdev->dev_flags);
115
116 return count;
117}
118
119static const struct file_operations dut_mode_fops = {
120 .open = simple_open,
121 .read = dut_mode_read,
122 .write = dut_mode_write,
123 .llseek = default_llseek,
124};
125
126static int features_show(struct seq_file *f, void *ptr)
127{
128 struct hci_dev *hdev = f->private;
129 u8 p;
130
131 hci_dev_lock(hdev);
132 for (p = 0; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
133 seq_printf(f, "%2u: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
134 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", p,
135 hdev->features[p][0], hdev->features[p][1],
136 hdev->features[p][2], hdev->features[p][3],
137 hdev->features[p][4], hdev->features[p][5],
138 hdev->features[p][6], hdev->features[p][7]);
139 }
140 if (lmp_le_capable(hdev))
141 seq_printf(f, "LE: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
142 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
143 hdev->le_features[0], hdev->le_features[1],
144 hdev->le_features[2], hdev->le_features[3],
145 hdev->le_features[4], hdev->le_features[5],
146 hdev->le_features[6], hdev->le_features[7]);
147 hci_dev_unlock(hdev);
148
149 return 0;
150}
151
152static int features_open(struct inode *inode, struct file *file)
153{
154 return single_open(file, features_show, inode->i_private);
155}
156
157static const struct file_operations features_fops = {
158 .open = features_open,
159 .read = seq_read,
160 .llseek = seq_lseek,
161 .release = single_release,
162};
163
164static int blacklist_show(struct seq_file *f, void *p)
165{
166 struct hci_dev *hdev = f->private;
167 struct bdaddr_list *b;
168
169 hci_dev_lock(hdev);
170 list_for_each_entry(b, &hdev->blacklist, list)
171 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
172 hci_dev_unlock(hdev);
173
174 return 0;
175}
176
177static int blacklist_open(struct inode *inode, struct file *file)
178{
179 return single_open(file, blacklist_show, inode->i_private);
180}
181
182static const struct file_operations blacklist_fops = {
183 .open = blacklist_open,
184 .read = seq_read,
185 .llseek = seq_lseek,
186 .release = single_release,
187};
188
189static int uuids_show(struct seq_file *f, void *p)
190{
191 struct hci_dev *hdev = f->private;
192 struct bt_uuid *uuid;
193
194 hci_dev_lock(hdev);
195 list_for_each_entry(uuid, &hdev->uuids, list) {
196 u8 i, val[16];
197
198 /* The Bluetooth UUID values are stored in big endian,
199 * but with reversed byte order. So convert them into
200 * the right order for the %pUb modifier.
201 */
202 for (i = 0; i < 16; i++)
203 val[i] = uuid->uuid[15 - i];
204
205 seq_printf(f, "%pUb\n", val);
206 }
207 hci_dev_unlock(hdev);
208
209 return 0;
210}
211
212static int uuids_open(struct inode *inode, struct file *file)
213{
214 return single_open(file, uuids_show, inode->i_private);
215}
216
217static const struct file_operations uuids_fops = {
218 .open = uuids_open,
219 .read = seq_read,
220 .llseek = seq_lseek,
221 .release = single_release,
222};
223
224static int inquiry_cache_show(struct seq_file *f, void *p)
225{
226 struct hci_dev *hdev = f->private;
227 struct discovery_state *cache = &hdev->discovery;
228 struct inquiry_entry *e;
229
230 hci_dev_lock(hdev);
231
232 list_for_each_entry(e, &cache->all, all) {
233 struct inquiry_data *data = &e->data;
234 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
235 &data->bdaddr,
236 data->pscan_rep_mode, data->pscan_period_mode,
237 data->pscan_mode, data->dev_class[2],
238 data->dev_class[1], data->dev_class[0],
239 __le16_to_cpu(data->clock_offset),
240 data->rssi, data->ssp_mode, e->timestamp);
241 }
242
243 hci_dev_unlock(hdev);
244
245 return 0;
246}
247
248static int inquiry_cache_open(struct inode *inode, struct file *file)
249{
250 return single_open(file, inquiry_cache_show, inode->i_private);
251}
252
253static const struct file_operations inquiry_cache_fops = {
254 .open = inquiry_cache_open,
255 .read = seq_read,
256 .llseek = seq_lseek,
257 .release = single_release,
258};
259
260static int link_keys_show(struct seq_file *f, void *ptr)
261{
262 struct hci_dev *hdev = f->private;
263 struct list_head *p, *n;
264
265 hci_dev_lock(hdev);
266 list_for_each_safe(p, n, &hdev->link_keys) {
267 struct link_key *key = list_entry(p, struct link_key, list);
268 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
269 HCI_LINK_KEY_SIZE, key->val, key->pin_len);
270 }
271 hci_dev_unlock(hdev);
272
273 return 0;
274}
275
276static int link_keys_open(struct inode *inode, struct file *file)
277{
278 return single_open(file, link_keys_show, inode->i_private);
279}
280
281static const struct file_operations link_keys_fops = {
282 .open = link_keys_open,
283 .read = seq_read,
284 .llseek = seq_lseek,
285 .release = single_release,
286};
287
288static ssize_t use_debug_keys_read(struct file *file, char __user *user_buf,
289 size_t count, loff_t *ppos)
290{
291 struct hci_dev *hdev = file->private_data;
292 char buf[3];
293
294 buf[0] = test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) ? 'Y': 'N';
295 buf[1] = '\n';
296 buf[2] = '\0';
297 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
298}
299
300static const struct file_operations use_debug_keys_fops = {
301 .open = simple_open,
302 .read = use_debug_keys_read,
303 .llseek = default_llseek,
304};
305
306static int dev_class_show(struct seq_file *f, void *ptr)
307{
308 struct hci_dev *hdev = f->private;
309
310 hci_dev_lock(hdev);
311 seq_printf(f, "0x%.2x%.2x%.2x\n", hdev->dev_class[2],
312 hdev->dev_class[1], hdev->dev_class[0]);
313 hci_dev_unlock(hdev);
314
315 return 0;
316}
317
318static int dev_class_open(struct inode *inode, struct file *file)
319{
320 return single_open(file, dev_class_show, inode->i_private);
321}
322
323static const struct file_operations dev_class_fops = {
324 .open = dev_class_open,
325 .read = seq_read,
326 .llseek = seq_lseek,
327 .release = single_release,
328};
329
330static int voice_setting_get(void *data, u64 *val)
331{
332 struct hci_dev *hdev = data;
333
334 hci_dev_lock(hdev);
335 *val = hdev->voice_setting;
336 hci_dev_unlock(hdev);
337
338 return 0;
339}
340
341DEFINE_SIMPLE_ATTRIBUTE(voice_setting_fops, voice_setting_get,
342 NULL, "0x%4.4llx\n");
343
344static int auto_accept_delay_set(void *data, u64 val)
345{
346 struct hci_dev *hdev = data;
347
348 hci_dev_lock(hdev);
349 hdev->auto_accept_delay = val;
350 hci_dev_unlock(hdev);
351
352 return 0;
353}
354
355static int auto_accept_delay_get(void *data, u64 *val)
356{
357 struct hci_dev *hdev = data;
358
359 hci_dev_lock(hdev);
360 *val = hdev->auto_accept_delay;
361 hci_dev_unlock(hdev);
362
363 return 0;
364}
365
366DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
367 auto_accept_delay_set, "%llu\n");
368
369static int ssp_debug_mode_set(void *data, u64 val)
370{
371 struct hci_dev *hdev = data;
372 struct sk_buff *skb;
373 __u8 mode;
374 int err;
375
376 if (val != 0 && val != 1)
377 return -EINVAL;
378
379 if (!test_bit(HCI_UP, &hdev->flags))
380 return -ENETDOWN;
381
382 hci_req_lock(hdev);
383 mode = val;
384 skb = __hci_cmd_sync(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE, sizeof(mode),
385 &mode, HCI_CMD_TIMEOUT);
386 hci_req_unlock(hdev);
387
388 if (IS_ERR(skb))
389 return PTR_ERR(skb);
390
391 err = -bt_to_errno(skb->data[0]);
392 kfree_skb(skb);
393
394 if (err < 0)
395 return err;
396
397 hci_dev_lock(hdev);
398 hdev->ssp_debug_mode = val;
399 hci_dev_unlock(hdev);
400
401 return 0;
402}
403
404static int ssp_debug_mode_get(void *data, u64 *val)
405{
406 struct hci_dev *hdev = data;
407
408 hci_dev_lock(hdev);
409 *val = hdev->ssp_debug_mode;
410 hci_dev_unlock(hdev);
411
412 return 0;
413}
414
415DEFINE_SIMPLE_ATTRIBUTE(ssp_debug_mode_fops, ssp_debug_mode_get,
416 ssp_debug_mode_set, "%llu\n");
417
418static int idle_timeout_set(void *data, u64 val)
419{
420 struct hci_dev *hdev = data;
421
422 if (val != 0 && (val < 500 || val > 3600000))
423 return -EINVAL;
424
425 hci_dev_lock(hdev);
426 hdev->idle_timeout = val;
427 hci_dev_unlock(hdev);
428
429 return 0;
430}
431
432static int idle_timeout_get(void *data, u64 *val)
433{
434 struct hci_dev *hdev = data;
435
436 hci_dev_lock(hdev);
437 *val = hdev->idle_timeout;
438 hci_dev_unlock(hdev);
439
440 return 0;
441}
442
443DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
444 idle_timeout_set, "%llu\n");
445
446static int sniff_min_interval_set(void *data, u64 val)
447{
448 struct hci_dev *hdev = data;
449
450 if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
451 return -EINVAL;
452
453 hci_dev_lock(hdev);
454 hdev->sniff_min_interval = val;
455 hci_dev_unlock(hdev);
456
457 return 0;
458}
459
460static int sniff_min_interval_get(void *data, u64 *val)
461{
462 struct hci_dev *hdev = data;
463
464 hci_dev_lock(hdev);
465 *val = hdev->sniff_min_interval;
466 hci_dev_unlock(hdev);
467
468 return 0;
469}
470
471DEFINE_SIMPLE_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get,
472 sniff_min_interval_set, "%llu\n");
473
474static int sniff_max_interval_set(void *data, u64 val)
475{
476 struct hci_dev *hdev = data;
477
478 if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
479 return -EINVAL;
480
481 hci_dev_lock(hdev);
482 hdev->sniff_max_interval = val;
483 hci_dev_unlock(hdev);
484
485 return 0;
486}
487
488static int sniff_max_interval_get(void *data, u64 *val)
489{
490 struct hci_dev *hdev = data;
491
492 hci_dev_lock(hdev);
493 *val = hdev->sniff_max_interval;
494 hci_dev_unlock(hdev);
495
496 return 0;
497}
498
499DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
500 sniff_max_interval_set, "%llu\n");
501
502static int static_address_show(struct seq_file *f, void *p)
503{
504 struct hci_dev *hdev = f->private;
505
506 hci_dev_lock(hdev);
507 seq_printf(f, "%pMR\n", &hdev->static_addr);
508 hci_dev_unlock(hdev);
509
510 return 0;
511}
512
513static int static_address_open(struct inode *inode, struct file *file)
514{
515 return single_open(file, static_address_show, inode->i_private);
516}
517
518static const struct file_operations static_address_fops = {
519 .open = static_address_open,
520 .read = seq_read,
521 .llseek = seq_lseek,
522 .release = single_release,
523};
524
525static int own_address_type_set(void *data, u64 val)
526{
527 struct hci_dev *hdev = data;
528
529 if (val != 0 && val != 1)
530 return -EINVAL;
531
532 hci_dev_lock(hdev);
533 hdev->own_addr_type = val;
534 hci_dev_unlock(hdev);
535
536 return 0;
537}
538
539static int own_address_type_get(void *data, u64 *val)
540{
541 struct hci_dev *hdev = data;
542
543 hci_dev_lock(hdev);
544 *val = hdev->own_addr_type;
545 hci_dev_unlock(hdev);
546
547 return 0;
548}
549
550DEFINE_SIMPLE_ATTRIBUTE(own_address_type_fops, own_address_type_get,
551 own_address_type_set, "%llu\n");
552
553static int long_term_keys_show(struct seq_file *f, void *ptr)
554{
555 struct hci_dev *hdev = f->private;
556 struct list_head *p, *n;
557
558 hci_dev_lock(hdev);
559 list_for_each_safe(p, n, &hdev->link_keys) {
560 struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list);
561 seq_printf(f, "%pMR (type %u) %u %u %u %.4x %*phN %*phN\\n",
562 <k->bdaddr, ltk->bdaddr_type, ltk->authenticated,
563 ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
564 8, ltk->rand, 16, ltk->val);
565 }
566 hci_dev_unlock(hdev);
567
568 return 0;
569}
570
571static int long_term_keys_open(struct inode *inode, struct file *file)
572{
573 return single_open(file, long_term_keys_show, inode->i_private);
574}
575
576static const struct file_operations long_term_keys_fops = {
577 .open = long_term_keys_open,
578 .read = seq_read,
579 .llseek = seq_lseek,
580 .release = single_release,
581};
582
583static int conn_min_interval_set(void *data, u64 val)
584{
585 struct hci_dev *hdev = data;
586
587 if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval)
588 return -EINVAL;
589
590 hci_dev_lock(hdev);
591 hdev->le_conn_min_interval = val;
592 hci_dev_unlock(hdev);
593
594 return 0;
595}
596
597static int conn_min_interval_get(void *data, u64 *val)
598{
599 struct hci_dev *hdev = data;
600
601 hci_dev_lock(hdev);
602 *val = hdev->le_conn_min_interval;
603 hci_dev_unlock(hdev);
604
605 return 0;
606}
607
608DEFINE_SIMPLE_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get,
609 conn_min_interval_set, "%llu\n");
610
611static int conn_max_interval_set(void *data, u64 val)
612{
613 struct hci_dev *hdev = data;
614
615 if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval)
616 return -EINVAL;
617
618 hci_dev_lock(hdev);
619 hdev->le_conn_max_interval = val;
620 hci_dev_unlock(hdev);
621
622 return 0;
623}
624
625static int conn_max_interval_get(void *data, u64 *val)
626{
627 struct hci_dev *hdev = data;
628
629 hci_dev_lock(hdev);
630 *val = hdev->le_conn_max_interval;
631 hci_dev_unlock(hdev);
632
633 return 0;
634}
635
636DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get,
637 conn_max_interval_set, "%llu\n");
638
639static ssize_t lowpan_read(struct file *file, char __user *user_buf,
640 size_t count, loff_t *ppos)
641{
642 struct hci_dev *hdev = file->private_data;
643 char buf[3];
644
645 buf[0] = test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags) ? 'Y' : 'N';
646 buf[1] = '\n';
647 buf[2] = '\0';
648 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
649}
650
651static ssize_t lowpan_write(struct file *fp, const char __user *user_buffer,
652 size_t count, loff_t *position)
653{
654 struct hci_dev *hdev = fp->private_data;
655 bool enable;
656 char buf[32];
657 size_t buf_size = min(count, (sizeof(buf)-1));
658
659 if (copy_from_user(buf, user_buffer, buf_size))
660 return -EFAULT;
661
662 buf[buf_size] = '\0';
663
664 if (strtobool(buf, &enable) < 0)
665 return -EINVAL;
666
667 if (enable == test_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags))
668 return -EALREADY;
669
670 change_bit(HCI_6LOWPAN_ENABLED, &hdev->dev_flags);
671
672 return count;
673}
674
675static const struct file_operations lowpan_debugfs_fops = {
676 .open = simple_open,
677 .read = lowpan_read,
678 .write = lowpan_write,
679 .llseek = default_llseek,
680};
681
682/* ---- HCI requests ---- */
683
684static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
685{
686 BT_DBG("%s result 0x%2.2x", hdev->name, result);
687
688 if (hdev->req_status == HCI_REQ_PEND) {
689 hdev->req_result = result;
690 hdev->req_status = HCI_REQ_DONE;
691 wake_up_interruptible(&hdev->req_wait_q);
692 }
693}
694
695static void hci_req_cancel(struct hci_dev *hdev, int err)
696{
697 BT_DBG("%s err 0x%2.2x", hdev->name, err);
698
699 if (hdev->req_status == HCI_REQ_PEND) {
700 hdev->req_result = err;
701 hdev->req_status = HCI_REQ_CANCELED;
702 wake_up_interruptible(&hdev->req_wait_q);
703 }
704}
705
706static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
707 u8 event)
708{
709 struct hci_ev_cmd_complete *ev;
710 struct hci_event_hdr *hdr;
711 struct sk_buff *skb;
712
713 hci_dev_lock(hdev);
714
715 skb = hdev->recv_evt;
716 hdev->recv_evt = NULL;
717
718 hci_dev_unlock(hdev);
719
720 if (!skb)
721 return ERR_PTR(-ENODATA);
722
723 if (skb->len < sizeof(*hdr)) {
724 BT_ERR("Too short HCI event");
725 goto failed;
726 }
727
728 hdr = (void *) skb->data;
729 skb_pull(skb, HCI_EVENT_HDR_SIZE);
730
731 if (event) {
732 if (hdr->evt != event)
733 goto failed;
734 return skb;
735 }
736
737 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
738 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
739 goto failed;
740 }
741
742 if (skb->len < sizeof(*ev)) {
743 BT_ERR("Too short cmd_complete event");
744 goto failed;
745 }
746
747 ev = (void *) skb->data;
748 skb_pull(skb, sizeof(*ev));
749
750 if (opcode == __le16_to_cpu(ev->opcode))
751 return skb;
752
753 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
754 __le16_to_cpu(ev->opcode));
755
756failed:
757 kfree_skb(skb);
758 return ERR_PTR(-ENODATA);
759}
760
761struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
762 const void *param, u8 event, u32 timeout)
763{
764 DECLARE_WAITQUEUE(wait, current);
765 struct hci_request req;
766 int err = 0;
767
768 BT_DBG("%s", hdev->name);
769
770 hci_req_init(&req, hdev);
771
772 hci_req_add_ev(&req, opcode, plen, param, event);
773
774 hdev->req_status = HCI_REQ_PEND;
775
776 err = hci_req_run(&req, hci_req_sync_complete);
777 if (err < 0)
778 return ERR_PTR(err);
779
780 add_wait_queue(&hdev->req_wait_q, &wait);
781 set_current_state(TASK_INTERRUPTIBLE);
782
783 schedule_timeout(timeout);
784
785 remove_wait_queue(&hdev->req_wait_q, &wait);
786
787 if (signal_pending(current))
788 return ERR_PTR(-EINTR);
789
790 switch (hdev->req_status) {
791 case HCI_REQ_DONE:
792 err = -bt_to_errno(hdev->req_result);
793 break;
794
795 case HCI_REQ_CANCELED:
796 err = -hdev->req_result;
797 break;
798
799 default:
800 err = -ETIMEDOUT;
801 break;
802 }
803
804 hdev->req_status = hdev->req_result = 0;
805
806 BT_DBG("%s end: err %d", hdev->name, err);
807
808 if (err < 0)
809 return ERR_PTR(err);
810
811 return hci_get_cmd_complete(hdev, opcode, event);
812}
813EXPORT_SYMBOL(__hci_cmd_sync_ev);
814
815struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
816 const void *param, u32 timeout)
817{
818 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
819}
820EXPORT_SYMBOL(__hci_cmd_sync);
821
822/* Execute request and wait for completion. */
823static int __hci_req_sync(struct hci_dev *hdev,
824 void (*func)(struct hci_request *req,
825 unsigned long opt),
826 unsigned long opt, __u32 timeout)
827{
828 struct hci_request req;
829 DECLARE_WAITQUEUE(wait, current);
830 int err = 0;
831
832 BT_DBG("%s start", hdev->name);
833
834 hci_req_init(&req, hdev);
835
836 hdev->req_status = HCI_REQ_PEND;
837
838 func(&req, opt);
839
840 err = hci_req_run(&req, hci_req_sync_complete);
841 if (err < 0) {
842 hdev->req_status = 0;
843
844 /* ENODATA means the HCI request command queue is empty.
845 * This can happen when a request with conditionals doesn't
846 * trigger any commands to be sent. This is normal behavior
847 * and should not trigger an error return.
848 */
849 if (err == -ENODATA)
850 return 0;
851
852 return err;
853 }
854
855 add_wait_queue(&hdev->req_wait_q, &wait);
856 set_current_state(TASK_INTERRUPTIBLE);
857
858 schedule_timeout(timeout);
859
860 remove_wait_queue(&hdev->req_wait_q, &wait);
861
862 if (signal_pending(current))
863 return -EINTR;
864
865 switch (hdev->req_status) {
866 case HCI_REQ_DONE:
867 err = -bt_to_errno(hdev->req_result);
868 break;
869
870 case HCI_REQ_CANCELED:
871 err = -hdev->req_result;
872 break;
873
874 default:
875 err = -ETIMEDOUT;
876 break;
877 }
878
879 hdev->req_status = hdev->req_result = 0;
880
881 BT_DBG("%s end: err %d", hdev->name, err);
882
883 return err;
884}
885
886static int hci_req_sync(struct hci_dev *hdev,
887 void (*req)(struct hci_request *req,
888 unsigned long opt),
889 unsigned long opt, __u32 timeout)
890{
891 int ret;
892
893 if (!test_bit(HCI_UP, &hdev->flags))
894 return -ENETDOWN;
895
896 /* Serialize all requests */
897 hci_req_lock(hdev);
898 ret = __hci_req_sync(hdev, req, opt, timeout);
899 hci_req_unlock(hdev);
900
901 return ret;
902}
903
904static void hci_reset_req(struct hci_request *req, unsigned long opt)
905{
906 BT_DBG("%s %ld", req->hdev->name, opt);
907
908 /* Reset device */
909 set_bit(HCI_RESET, &req->hdev->flags);
910 hci_req_add(req, HCI_OP_RESET, 0, NULL);
911}
912
913static void bredr_init(struct hci_request *req)
914{
915 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
916
917 /* Read Local Supported Features */
918 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
919
920 /* Read Local Version */
921 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
922
923 /* Read BD Address */
924 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
925}
926
927static void amp_init(struct hci_request *req)
928{
929 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
930
931 /* Read Local Version */
932 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
933
934 /* Read Local Supported Commands */
935 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
936
937 /* Read Local Supported Features */
938 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
939
940 /* Read Local AMP Info */
941 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
942
943 /* Read Data Blk size */
944 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
945
946 /* Read Flow Control Mode */
947 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
948
949 /* Read Location Data */
950 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
951}
952
953static void hci_init1_req(struct hci_request *req, unsigned long opt)
954{
955 struct hci_dev *hdev = req->hdev;
956
957 BT_DBG("%s %ld", hdev->name, opt);
958
959 /* Reset */
960 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
961 hci_reset_req(req, 0);
962
963 switch (hdev->dev_type) {
964 case HCI_BREDR:
965 bredr_init(req);
966 break;
967
968 case HCI_AMP:
969 amp_init(req);
970 break;
971
972 default:
973 BT_ERR("Unknown device type %d", hdev->dev_type);
974 break;
975 }
976}
977
978static void bredr_setup(struct hci_request *req)
979{
980 struct hci_dev *hdev = req->hdev;
981
982 __le16 param;
983 __u8 flt_type;
984
985 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
986 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
987
988 /* Read Class of Device */
989 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
990
991 /* Read Local Name */
992 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
993
994 /* Read Voice Setting */
995 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
996
997 /* Read Number of Supported IAC */
998 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
999
1000 /* Read Current IAC LAP */
1001 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
1002
1003 /* Clear Event Filters */
1004 flt_type = HCI_FLT_CLEAR_ALL;
1005 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
1006
1007 /* Connection accept timeout ~20 secs */
1008 param = __constant_cpu_to_le16(0x7d00);
1009 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
1010
1011 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
1012 * but it does not support page scan related HCI commands.
1013 */
1014 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
1015 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
1016 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
1017 }
1018}
1019
1020static void le_setup(struct hci_request *req)
1021{
1022 struct hci_dev *hdev = req->hdev;
1023
1024 /* Read LE Buffer Size */
1025 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
1026
1027 /* Read LE Local Supported Features */
1028 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
1029
1030 /* Read LE Advertising Channel TX Power */
1031 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1032
1033 /* Read LE White List Size */
1034 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
1035
1036 /* Read LE Supported States */
1037 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1038
1039 /* LE-only controllers have LE implicitly enabled */
1040 if (!lmp_bredr_capable(hdev))
1041 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1042}
1043
1044static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
1045{
1046 if (lmp_ext_inq_capable(hdev))
1047 return 0x02;
1048
1049 if (lmp_inq_rssi_capable(hdev))
1050 return 0x01;
1051
1052 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
1053 hdev->lmp_subver == 0x0757)
1054 return 0x01;
1055
1056 if (hdev->manufacturer == 15) {
1057 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
1058 return 0x01;
1059 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
1060 return 0x01;
1061 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
1062 return 0x01;
1063 }
1064
1065 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
1066 hdev->lmp_subver == 0x1805)
1067 return 0x01;
1068
1069 return 0x00;
1070}
1071
1072static void hci_setup_inquiry_mode(struct hci_request *req)
1073{
1074 u8 mode;
1075
1076 mode = hci_get_inquiry_mode(req->hdev);
1077
1078 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
1079}
1080
1081static void hci_setup_event_mask(struct hci_request *req)
1082{
1083 struct hci_dev *hdev = req->hdev;
1084
1085 /* The second byte is 0xff instead of 0x9f (two reserved bits
1086 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
1087 * command otherwise.
1088 */
1089 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
1090
1091 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
1092 * any event mask for pre 1.2 devices.
1093 */
1094 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1095 return;
1096
1097 if (lmp_bredr_capable(hdev)) {
1098 events[4] |= 0x01; /* Flow Specification Complete */
1099 events[4] |= 0x02; /* Inquiry Result with RSSI */
1100 events[4] |= 0x04; /* Read Remote Extended Features Complete */
1101 events[5] |= 0x08; /* Synchronous Connection Complete */
1102 events[5] |= 0x10; /* Synchronous Connection Changed */
1103 } else {
1104 /* Use a different default for LE-only devices */
1105 memset(events, 0, sizeof(events));
1106 events[0] |= 0x10; /* Disconnection Complete */
1107 events[0] |= 0x80; /* Encryption Change */
1108 events[1] |= 0x08; /* Read Remote Version Information Complete */
1109 events[1] |= 0x20; /* Command Complete */
1110 events[1] |= 0x40; /* Command Status */
1111 events[1] |= 0x80; /* Hardware Error */
1112 events[2] |= 0x04; /* Number of Completed Packets */
1113 events[3] |= 0x02; /* Data Buffer Overflow */
1114 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1115 }
1116
1117 if (lmp_inq_rssi_capable(hdev))
1118 events[4] |= 0x02; /* Inquiry Result with RSSI */
1119
1120 if (lmp_sniffsubr_capable(hdev))
1121 events[5] |= 0x20; /* Sniff Subrating */
1122
1123 if (lmp_pause_enc_capable(hdev))
1124 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1125
1126 if (lmp_ext_inq_capable(hdev))
1127 events[5] |= 0x40; /* Extended Inquiry Result */
1128
1129 if (lmp_no_flush_capable(hdev))
1130 events[7] |= 0x01; /* Enhanced Flush Complete */
1131
1132 if (lmp_lsto_capable(hdev))
1133 events[6] |= 0x80; /* Link Supervision Timeout Changed */
1134
1135 if (lmp_ssp_capable(hdev)) {
1136 events[6] |= 0x01; /* IO Capability Request */
1137 events[6] |= 0x02; /* IO Capability Response */
1138 events[6] |= 0x04; /* User Confirmation Request */
1139 events[6] |= 0x08; /* User Passkey Request */
1140 events[6] |= 0x10; /* Remote OOB Data Request */
1141 events[6] |= 0x20; /* Simple Pairing Complete */
1142 events[7] |= 0x04; /* User Passkey Notification */
1143 events[7] |= 0x08; /* Keypress Notification */
1144 events[7] |= 0x10; /* Remote Host Supported
1145 * Features Notification
1146 */
1147 }
1148
1149 if (lmp_le_capable(hdev))
1150 events[7] |= 0x20; /* LE Meta-Event */
1151
1152 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
1153
1154 if (lmp_le_capable(hdev)) {
1155 memset(events, 0, sizeof(events));
1156 events[0] = 0x1f;
1157 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK,
1158 sizeof(events), events);
1159 }
1160}
1161
1162static void hci_init2_req(struct hci_request *req, unsigned long opt)
1163{
1164 struct hci_dev *hdev = req->hdev;
1165
1166 if (lmp_bredr_capable(hdev))
1167 bredr_setup(req);
1168 else
1169 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
1170
1171 if (lmp_le_capable(hdev))
1172 le_setup(req);
1173
1174 hci_setup_event_mask(req);
1175
1176 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
1177 * local supported commands HCI command.
1178 */
1179 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1)
1180 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1181
1182 if (lmp_ssp_capable(hdev)) {
1183 /* When SSP is available, then the host features page
1184 * should also be available as well. However some
1185 * controllers list the max_page as 0 as long as SSP
1186 * has not been enabled. To achieve proper debugging
1187 * output, force the minimum max_page to 1 at least.
1188 */
1189 hdev->max_page = 0x01;
1190
1191 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1192 u8 mode = 0x01;
1193 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
1194 sizeof(mode), &mode);
1195 } else {
1196 struct hci_cp_write_eir cp;
1197
1198 memset(hdev->eir, 0, sizeof(hdev->eir));
1199 memset(&cp, 0, sizeof(cp));
1200
1201 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1202 }
1203 }
1204
1205 if (lmp_inq_rssi_capable(hdev))
1206 hci_setup_inquiry_mode(req);
1207
1208 if (lmp_inq_tx_pwr_capable(hdev))
1209 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
1210
1211 if (lmp_ext_feat_capable(hdev)) {
1212 struct hci_cp_read_local_ext_features cp;
1213
1214 cp.page = 0x01;
1215 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1216 sizeof(cp), &cp);
1217 }
1218
1219 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
1220 u8 enable = 1;
1221 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
1222 &enable);
1223 }
1224}
1225
1226static void hci_setup_link_policy(struct hci_request *req)
1227{
1228 struct hci_dev *hdev = req->hdev;
1229 struct hci_cp_write_def_link_policy cp;
1230 u16 link_policy = 0;
1231
1232 if (lmp_rswitch_capable(hdev))
1233 link_policy |= HCI_LP_RSWITCH;
1234 if (lmp_hold_capable(hdev))
1235 link_policy |= HCI_LP_HOLD;
1236 if (lmp_sniff_capable(hdev))
1237 link_policy |= HCI_LP_SNIFF;
1238 if (lmp_park_capable(hdev))
1239 link_policy |= HCI_LP_PARK;
1240
1241 cp.policy = cpu_to_le16(link_policy);
1242 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
1243}
1244
1245static void hci_set_le_support(struct hci_request *req)
1246{
1247 struct hci_dev *hdev = req->hdev;
1248 struct hci_cp_write_le_host_supported cp;
1249
1250 /* LE-only devices do not support explicit enablement */
1251 if (!lmp_bredr_capable(hdev))
1252 return;
1253
1254 memset(&cp, 0, sizeof(cp));
1255
1256 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1257 cp.le = 0x01;
1258 cp.simul = lmp_le_br_capable(hdev);
1259 }
1260
1261 if (cp.le != lmp_host_le_capable(hdev))
1262 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
1263 &cp);
1264}
1265
1266static void hci_set_event_mask_page_2(struct hci_request *req)
1267{
1268 struct hci_dev *hdev = req->hdev;
1269 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
1270
1271 /* If Connectionless Slave Broadcast master role is supported
1272 * enable all necessary events for it.
1273 */
1274 if (lmp_csb_master_capable(hdev)) {
1275 events[1] |= 0x40; /* Triggered Clock Capture */
1276 events[1] |= 0x80; /* Synchronization Train Complete */
1277 events[2] |= 0x10; /* Slave Page Response Timeout */
1278 events[2] |= 0x20; /* CSB Channel Map Change */
1279 }
1280
1281 /* If Connectionless Slave Broadcast slave role is supported
1282 * enable all necessary events for it.
1283 */
1284 if (lmp_csb_slave_capable(hdev)) {
1285 events[2] |= 0x01; /* Synchronization Train Received */
1286 events[2] |= 0x02; /* CSB Receive */
1287 events[2] |= 0x04; /* CSB Timeout */
1288 events[2] |= 0x08; /* Truncated Page Complete */
1289 }
1290
1291 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
1292}
1293
1294static void hci_init3_req(struct hci_request *req, unsigned long opt)
1295{
1296 struct hci_dev *hdev = req->hdev;
1297 u8 p;
1298
1299 /* Some Broadcom based Bluetooth controllers do not support the
1300 * Delete Stored Link Key command. They are clearly indicating its
1301 * absence in the bit mask of supported commands.
1302 *
1303 * Check the supported commands and only if the the command is marked
1304 * as supported send it. If not supported assume that the controller
1305 * does not have actual support for stored link keys which makes this
1306 * command redundant anyway.
1307 *
1308 * Some controllers indicate that they support handling deleting
1309 * stored link keys, but they don't. The quirk lets a driver
1310 * just disable this command.
1311 */
1312 if (hdev->commands[6] & 0x80 &&
1313 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
1314 struct hci_cp_delete_stored_link_key cp;
1315
1316 bacpy(&cp.bdaddr, BDADDR_ANY);
1317 cp.delete_all = 0x01;
1318 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
1319 sizeof(cp), &cp);
1320 }
1321
1322 if (hdev->commands[5] & 0x10)
1323 hci_setup_link_policy(req);
1324
1325 if (lmp_le_capable(hdev)) {
1326 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1327 /* If the controller has a public BD_ADDR, then
1328 * by default use that one. If this is a LE only
1329 * controller without a public address, default
1330 * to the random address.
1331 */
1332 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1333 hdev->own_addr_type = ADDR_LE_DEV_PUBLIC;
1334 else
1335 hdev->own_addr_type = ADDR_LE_DEV_RANDOM;
1336 }
1337
1338 hci_set_le_support(req);
1339 }
1340
1341 /* Read features beyond page 1 if available */
1342 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
1343 struct hci_cp_read_local_ext_features cp;
1344
1345 cp.page = p;
1346 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1347 sizeof(cp), &cp);
1348 }
1349}
1350
1351static void hci_init4_req(struct hci_request *req, unsigned long opt)
1352{
1353 struct hci_dev *hdev = req->hdev;
1354
1355 /* Set event mask page 2 if the HCI command for it is supported */
1356 if (hdev->commands[22] & 0x04)
1357 hci_set_event_mask_page_2(req);
1358
1359 /* Check for Synchronization Train support */
1360 if (lmp_sync_train_capable(hdev))
1361 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1362}
1363
1364static int __hci_init(struct hci_dev *hdev)
1365{
1366 int err;
1367
1368 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
1369 if (err < 0)
1370 return err;
1371
1372 /* The Device Under Test (DUT) mode is special and available for
1373 * all controller types. So just create it early on.
1374 */
1375 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1376 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
1377 &dut_mode_fops);
1378 }
1379
1380 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
1381 * BR/EDR/LE type controllers. AMP controllers only need the
1382 * first stage init.
1383 */
1384 if (hdev->dev_type != HCI_BREDR)
1385 return 0;
1386
1387 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
1388 if (err < 0)
1389 return err;
1390
1391 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
1392 if (err < 0)
1393 return err;
1394
1395 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
1396 if (err < 0)
1397 return err;
1398
1399 /* Only create debugfs entries during the initial setup
1400 * phase and not every time the controller gets powered on.
1401 */
1402 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
1403 return 0;
1404
1405 debugfs_create_file("features", 0444, hdev->debugfs, hdev,
1406 &features_fops);
1407 debugfs_create_u16("manufacturer", 0444, hdev->debugfs,
1408 &hdev->manufacturer);
1409 debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver);
1410 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
1411 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1412 &blacklist_fops);
1413 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1414
1415 if (lmp_bredr_capable(hdev)) {
1416 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
1417 hdev, &inquiry_cache_fops);
1418 debugfs_create_file("link_keys", 0400, hdev->debugfs,
1419 hdev, &link_keys_fops);
1420 debugfs_create_file("use_debug_keys", 0444, hdev->debugfs,
1421 hdev, &use_debug_keys_fops);
1422 debugfs_create_file("dev_class", 0444, hdev->debugfs,
1423 hdev, &dev_class_fops);
1424 debugfs_create_file("voice_setting", 0444, hdev->debugfs,
1425 hdev, &voice_setting_fops);
1426 }
1427
1428 if (lmp_ssp_capable(hdev)) {
1429 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs,
1430 hdev, &auto_accept_delay_fops);
1431 debugfs_create_file("ssp_debug_mode", 0644, hdev->debugfs,
1432 hdev, &ssp_debug_mode_fops);
1433 }
1434
1435 if (lmp_sniff_capable(hdev)) {
1436 debugfs_create_file("idle_timeout", 0644, hdev->debugfs,
1437 hdev, &idle_timeout_fops);
1438 debugfs_create_file("sniff_min_interval", 0644, hdev->debugfs,
1439 hdev, &sniff_min_interval_fops);
1440 debugfs_create_file("sniff_max_interval", 0644, hdev->debugfs,
1441 hdev, &sniff_max_interval_fops);
1442 }
1443
1444 if (lmp_le_capable(hdev)) {
1445 debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
1446 &hdev->le_white_list_size);
1447 debugfs_create_file("static_address", 0444, hdev->debugfs,
1448 hdev, &static_address_fops);
1449 debugfs_create_file("own_address_type", 0644, hdev->debugfs,
1450 hdev, &own_address_type_fops);
1451 debugfs_create_file("long_term_keys", 0400, hdev->debugfs,
1452 hdev, &long_term_keys_fops);
1453 debugfs_create_file("conn_min_interval", 0644, hdev->debugfs,
1454 hdev, &conn_min_interval_fops);
1455 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs,
1456 hdev, &conn_max_interval_fops);
1457 debugfs_create_file("6lowpan", 0644, hdev->debugfs, hdev,
1458 &lowpan_debugfs_fops);
1459 }
1460
1461 return 0;
1462}
1463
1464static void hci_scan_req(struct hci_request *req, unsigned long opt)
1465{
1466 __u8 scan = opt;
1467
1468 BT_DBG("%s %x", req->hdev->name, scan);
1469
1470 /* Inquiry and Page scans */
1471 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1472}
1473
1474static void hci_auth_req(struct hci_request *req, unsigned long opt)
1475{
1476 __u8 auth = opt;
1477
1478 BT_DBG("%s %x", req->hdev->name, auth);
1479
1480 /* Authentication */
1481 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1482}
1483
1484static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
1485{
1486 __u8 encrypt = opt;
1487
1488 BT_DBG("%s %x", req->hdev->name, encrypt);
1489
1490 /* Encryption */
1491 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1492}
1493
1494static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
1495{
1496 __le16 policy = cpu_to_le16(opt);
1497
1498 BT_DBG("%s %x", req->hdev->name, policy);
1499
1500 /* Default link policy */
1501 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1502}
1503
1504/* Get HCI device by index.
1505 * Device is held on return. */
1506struct hci_dev *hci_dev_get(int index)
1507{
1508 struct hci_dev *hdev = NULL, *d;
1509
1510 BT_DBG("%d", index);
1511
1512 if (index < 0)
1513 return NULL;
1514
1515 read_lock(&hci_dev_list_lock);
1516 list_for_each_entry(d, &hci_dev_list, list) {
1517 if (d->id == index) {
1518 hdev = hci_dev_hold(d);
1519 break;
1520 }
1521 }
1522 read_unlock(&hci_dev_list_lock);
1523 return hdev;
1524}
1525
1526/* ---- Inquiry support ---- */
1527
1528bool hci_discovery_active(struct hci_dev *hdev)
1529{
1530 struct discovery_state *discov = &hdev->discovery;
1531
1532 switch (discov->state) {
1533 case DISCOVERY_FINDING:
1534 case DISCOVERY_RESOLVING:
1535 return true;
1536
1537 default:
1538 return false;
1539 }
1540}
1541
1542void hci_discovery_set_state(struct hci_dev *hdev, int state)
1543{
1544 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1545
1546 if (hdev->discovery.state == state)
1547 return;
1548
1549 switch (state) {
1550 case DISCOVERY_STOPPED:
1551 if (hdev->discovery.state != DISCOVERY_STARTING)
1552 mgmt_discovering(hdev, 0);
1553 break;
1554 case DISCOVERY_STARTING:
1555 break;
1556 case DISCOVERY_FINDING:
1557 mgmt_discovering(hdev, 1);
1558 break;
1559 case DISCOVERY_RESOLVING:
1560 break;
1561 case DISCOVERY_STOPPING:
1562 break;
1563 }
1564
1565 hdev->discovery.state = state;
1566}
1567
1568void hci_inquiry_cache_flush(struct hci_dev *hdev)
1569{
1570 struct discovery_state *cache = &hdev->discovery;
1571 struct inquiry_entry *p, *n;
1572
1573 list_for_each_entry_safe(p, n, &cache->all, all) {
1574 list_del(&p->all);
1575 kfree(p);
1576 }
1577
1578 INIT_LIST_HEAD(&cache->unknown);
1579 INIT_LIST_HEAD(&cache->resolve);
1580}
1581
1582struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1583 bdaddr_t *bdaddr)
1584{
1585 struct discovery_state *cache = &hdev->discovery;
1586 struct inquiry_entry *e;
1587
1588 BT_DBG("cache %p, %pMR", cache, bdaddr);
1589
1590 list_for_each_entry(e, &cache->all, all) {
1591 if (!bacmp(&e->data.bdaddr, bdaddr))
1592 return e;
1593 }
1594
1595 return NULL;
1596}
1597
1598struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1599 bdaddr_t *bdaddr)
1600{
1601 struct discovery_state *cache = &hdev->discovery;
1602 struct inquiry_entry *e;
1603
1604 BT_DBG("cache %p, %pMR", cache, bdaddr);
1605
1606 list_for_each_entry(e, &cache->unknown, list) {
1607 if (!bacmp(&e->data.bdaddr, bdaddr))
1608 return e;
1609 }
1610
1611 return NULL;
1612}
1613
1614struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1615 bdaddr_t *bdaddr,
1616 int state)
1617{
1618 struct discovery_state *cache = &hdev->discovery;
1619 struct inquiry_entry *e;
1620
1621 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1622
1623 list_for_each_entry(e, &cache->resolve, list) {
1624 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1625 return e;
1626 if (!bacmp(&e->data.bdaddr, bdaddr))
1627 return e;
1628 }
1629
1630 return NULL;
1631}
1632
1633void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1634 struct inquiry_entry *ie)
1635{
1636 struct discovery_state *cache = &hdev->discovery;
1637 struct list_head *pos = &cache->resolve;
1638 struct inquiry_entry *p;
1639
1640 list_del(&ie->list);
1641
1642 list_for_each_entry(p, &cache->resolve, list) {
1643 if (p->name_state != NAME_PENDING &&
1644 abs(p->data.rssi) >= abs(ie->data.rssi))
1645 break;
1646 pos = &p->list;
1647 }
1648
1649 list_add(&ie->list, pos);
1650}
1651
1652bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1653 bool name_known, bool *ssp)
1654{
1655 struct discovery_state *cache = &hdev->discovery;
1656 struct inquiry_entry *ie;
1657
1658 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1659
1660 hci_remove_remote_oob_data(hdev, &data->bdaddr);
1661
1662 if (ssp)
1663 *ssp = data->ssp_mode;
1664
1665 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1666 if (ie) {
1667 if (ie->data.ssp_mode && ssp)
1668 *ssp = true;
1669
1670 if (ie->name_state == NAME_NEEDED &&
1671 data->rssi != ie->data.rssi) {
1672 ie->data.rssi = data->rssi;
1673 hci_inquiry_cache_update_resolve(hdev, ie);
1674 }
1675
1676 goto update;
1677 }
1678
1679 /* Entry not in the cache. Add new one. */
1680 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
1681 if (!ie)
1682 return false;
1683
1684 list_add(&ie->all, &cache->all);
1685
1686 if (name_known) {
1687 ie->name_state = NAME_KNOWN;
1688 } else {
1689 ie->name_state = NAME_NOT_KNOWN;
1690 list_add(&ie->list, &cache->unknown);
1691 }
1692
1693update:
1694 if (name_known && ie->name_state != NAME_KNOWN &&
1695 ie->name_state != NAME_PENDING) {
1696 ie->name_state = NAME_KNOWN;
1697 list_del(&ie->list);
1698 }
1699
1700 memcpy(&ie->data, data, sizeof(*data));
1701 ie->timestamp = jiffies;
1702 cache->timestamp = jiffies;
1703
1704 if (ie->name_state == NAME_NOT_KNOWN)
1705 return false;
1706
1707 return true;
1708}
1709
1710static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1711{
1712 struct discovery_state *cache = &hdev->discovery;
1713 struct inquiry_info *info = (struct inquiry_info *) buf;
1714 struct inquiry_entry *e;
1715 int copied = 0;
1716
1717 list_for_each_entry(e, &cache->all, all) {
1718 struct inquiry_data *data = &e->data;
1719
1720 if (copied >= num)
1721 break;
1722
1723 bacpy(&info->bdaddr, &data->bdaddr);
1724 info->pscan_rep_mode = data->pscan_rep_mode;
1725 info->pscan_period_mode = data->pscan_period_mode;
1726 info->pscan_mode = data->pscan_mode;
1727 memcpy(info->dev_class, data->dev_class, 3);
1728 info->clock_offset = data->clock_offset;
1729
1730 info++;
1731 copied++;
1732 }
1733
1734 BT_DBG("cache %p, copied %d", cache, copied);
1735 return copied;
1736}
1737
1738static void hci_inq_req(struct hci_request *req, unsigned long opt)
1739{
1740 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1741 struct hci_dev *hdev = req->hdev;
1742 struct hci_cp_inquiry cp;
1743
1744 BT_DBG("%s", hdev->name);
1745
1746 if (test_bit(HCI_INQUIRY, &hdev->flags))
1747 return;
1748
1749 /* Start Inquiry */
1750 memcpy(&cp.lap, &ir->lap, 3);
1751 cp.length = ir->length;
1752 cp.num_rsp = ir->num_rsp;
1753 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1754}
1755
1756static int wait_inquiry(void *word)
1757{
1758 schedule();
1759 return signal_pending(current);
1760}
1761
1762int hci_inquiry(void __user *arg)
1763{
1764 __u8 __user *ptr = arg;
1765 struct hci_inquiry_req ir;
1766 struct hci_dev *hdev;
1767 int err = 0, do_inquiry = 0, max_rsp;
1768 long timeo;
1769 __u8 *buf;
1770
1771 if (copy_from_user(&ir, ptr, sizeof(ir)))
1772 return -EFAULT;
1773
1774 hdev = hci_dev_get(ir.dev_id);
1775 if (!hdev)
1776 return -ENODEV;
1777
1778 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
1779 err = -EBUSY;
1780 goto done;
1781 }
1782
1783 if (hdev->dev_type != HCI_BREDR) {
1784 err = -EOPNOTSUPP;
1785 goto done;
1786 }
1787
1788 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1789 err = -EOPNOTSUPP;
1790 goto done;
1791 }
1792
1793 hci_dev_lock(hdev);
1794 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1795 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1796 hci_inquiry_cache_flush(hdev);
1797 do_inquiry = 1;
1798 }
1799 hci_dev_unlock(hdev);
1800
1801 timeo = ir.length * msecs_to_jiffies(2000);
1802
1803 if (do_inquiry) {
1804 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1805 timeo);
1806 if (err < 0)
1807 goto done;
1808
1809 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1810 * cleared). If it is interrupted by a signal, return -EINTR.
1811 */
1812 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry,
1813 TASK_INTERRUPTIBLE))
1814 return -EINTR;
1815 }
1816
1817 /* for unlimited number of responses we will use buffer with
1818 * 255 entries
1819 */
1820 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1821
1822 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1823 * copy it to the user space.
1824 */
1825 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
1826 if (!buf) {
1827 err = -ENOMEM;
1828 goto done;
1829 }
1830
1831 hci_dev_lock(hdev);
1832 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1833 hci_dev_unlock(hdev);
1834
1835 BT_DBG("num_rsp %d", ir.num_rsp);
1836
1837 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1838 ptr += sizeof(ir);
1839 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1840 ir.num_rsp))
1841 err = -EFAULT;
1842 } else
1843 err = -EFAULT;
1844
1845 kfree(buf);
1846
1847done:
1848 hci_dev_put(hdev);
1849 return err;
1850}
1851
1852static int hci_dev_do_open(struct hci_dev *hdev)
1853{
1854 int ret = 0;
1855
1856 BT_DBG("%s %p", hdev->name, hdev);
1857
1858 hci_req_lock(hdev);
1859
1860 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
1861 ret = -ENODEV;
1862 goto done;
1863 }
1864
1865 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
1866 /* Check for rfkill but allow the HCI setup stage to
1867 * proceed (which in itself doesn't cause any RF activity).
1868 */
1869 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) {
1870 ret = -ERFKILL;
1871 goto done;
1872 }
1873
1874 /* Check for valid public address or a configured static
1875 * random adddress, but let the HCI setup proceed to
1876 * be able to determine if there is a public address
1877 * or not.
1878 *
1879 * This check is only valid for BR/EDR controllers
1880 * since AMP controllers do not have an address.
1881 */
1882 if (hdev->dev_type == HCI_BREDR &&
1883 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1884 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1885 ret = -EADDRNOTAVAIL;
1886 goto done;
1887 }
1888 }
1889
1890 if (test_bit(HCI_UP, &hdev->flags)) {
1891 ret = -EALREADY;
1892 goto done;
1893 }
1894
1895 if (hdev->open(hdev)) {
1896 ret = -EIO;
1897 goto done;
1898 }
1899
1900 atomic_set(&hdev->cmd_cnt, 1);
1901 set_bit(HCI_INIT, &hdev->flags);
1902
1903 if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags))
1904 ret = hdev->setup(hdev);
1905
1906 if (!ret) {
1907 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1908 set_bit(HCI_RAW, &hdev->flags);
1909
1910 if (!test_bit(HCI_RAW, &hdev->flags) &&
1911 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
1912 ret = __hci_init(hdev);
1913 }
1914
1915 clear_bit(HCI_INIT, &hdev->flags);
1916
1917 if (!ret) {
1918 hci_dev_hold(hdev);
1919 set_bit(HCI_UP, &hdev->flags);
1920 hci_notify(hdev, HCI_DEV_UP);
1921 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
1922 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
1923 hdev->dev_type == HCI_BREDR) {
1924 hci_dev_lock(hdev);
1925 mgmt_powered(hdev, 1);
1926 hci_dev_unlock(hdev);
1927 }
1928 } else {
1929 /* Init failed, cleanup */
1930 flush_work(&hdev->tx_work);
1931 flush_work(&hdev->cmd_work);
1932 flush_work(&hdev->rx_work);
1933
1934 skb_queue_purge(&hdev->cmd_q);
1935 skb_queue_purge(&hdev->rx_q);
1936
1937 if (hdev->flush)
1938 hdev->flush(hdev);
1939
1940 if (hdev->sent_cmd) {
1941 kfree_skb(hdev->sent_cmd);
1942 hdev->sent_cmd = NULL;
1943 }
1944
1945 hdev->close(hdev);
1946 hdev->flags = 0;
1947 }
1948
1949done:
1950 hci_req_unlock(hdev);
1951 return ret;
1952}
1953
1954/* ---- HCI ioctl helpers ---- */
1955
1956int hci_dev_open(__u16 dev)
1957{
1958 struct hci_dev *hdev;
1959 int err;
1960
1961 hdev = hci_dev_get(dev);
1962 if (!hdev)
1963 return -ENODEV;
1964
1965 /* We need to ensure that no other power on/off work is pending
1966 * before proceeding to call hci_dev_do_open. This is
1967 * particularly important if the setup procedure has not yet
1968 * completed.
1969 */
1970 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1971 cancel_delayed_work(&hdev->power_off);
1972
1973 /* After this call it is guaranteed that the setup procedure
1974 * has finished. This means that error conditions like RFKILL
1975 * or no valid public or static random address apply.
1976 */
1977 flush_workqueue(hdev->req_workqueue);
1978
1979 err = hci_dev_do_open(hdev);
1980
1981 hci_dev_put(hdev);
1982
1983 return err;
1984}
1985
1986static int hci_dev_do_close(struct hci_dev *hdev)
1987{
1988 BT_DBG("%s %p", hdev->name, hdev);
1989
1990 cancel_delayed_work(&hdev->power_off);
1991
1992 hci_req_cancel(hdev, ENODEV);
1993 hci_req_lock(hdev);
1994
1995 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1996 del_timer_sync(&hdev->cmd_timer);
1997 hci_req_unlock(hdev);
1998 return 0;
1999 }
2000
2001 /* Flush RX and TX works */
2002 flush_work(&hdev->tx_work);
2003 flush_work(&hdev->rx_work);
2004
2005 if (hdev->discov_timeout > 0) {
2006 cancel_delayed_work(&hdev->discov_off);
2007 hdev->discov_timeout = 0;
2008 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2009 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2010 }
2011
2012 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
2013 cancel_delayed_work(&hdev->service_cache);
2014
2015 cancel_delayed_work_sync(&hdev->le_scan_disable);
2016
2017 hci_dev_lock(hdev);
2018 hci_inquiry_cache_flush(hdev);
2019 hci_conn_hash_flush(hdev);
2020 hci_dev_unlock(hdev);
2021
2022 hci_notify(hdev, HCI_DEV_DOWN);
2023
2024 if (hdev->flush)
2025 hdev->flush(hdev);
2026
2027 /* Reset device */
2028 skb_queue_purge(&hdev->cmd_q);
2029 atomic_set(&hdev->cmd_cnt, 1);
2030 if (!test_bit(HCI_RAW, &hdev->flags) &&
2031 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
2032 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
2033 set_bit(HCI_INIT, &hdev->flags);
2034 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
2035 clear_bit(HCI_INIT, &hdev->flags);
2036 }
2037
2038 /* flush cmd work */
2039 flush_work(&hdev->cmd_work);
2040
2041 /* Drop queues */
2042 skb_queue_purge(&hdev->rx_q);
2043 skb_queue_purge(&hdev->cmd_q);
2044 skb_queue_purge(&hdev->raw_q);
2045
2046 /* Drop last sent command */
2047 if (hdev->sent_cmd) {
2048 del_timer_sync(&hdev->cmd_timer);
2049 kfree_skb(hdev->sent_cmd);
2050 hdev->sent_cmd = NULL;
2051 }
2052
2053 kfree_skb(hdev->recv_evt);
2054 hdev->recv_evt = NULL;
2055
2056 /* After this point our queues are empty
2057 * and no tasks are scheduled. */
2058 hdev->close(hdev);
2059
2060 /* Clear flags */
2061 hdev->flags = 0;
2062 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2063
2064 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2065 if (hdev->dev_type == HCI_BREDR) {
2066 hci_dev_lock(hdev);
2067 mgmt_powered(hdev, 0);
2068 hci_dev_unlock(hdev);
2069 }
2070 }
2071
2072 /* Controller radio is available but is currently powered down */
2073 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
2074
2075 memset(hdev->eir, 0, sizeof(hdev->eir));
2076 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
2077
2078 hci_req_unlock(hdev);
2079
2080 hci_dev_put(hdev);
2081 return 0;
2082}
2083
2084int hci_dev_close(__u16 dev)
2085{
2086 struct hci_dev *hdev;
2087 int err;
2088
2089 hdev = hci_dev_get(dev);
2090 if (!hdev)
2091 return -ENODEV;
2092
2093 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2094 err = -EBUSY;
2095 goto done;
2096 }
2097
2098 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2099 cancel_delayed_work(&hdev->power_off);
2100
2101 err = hci_dev_do_close(hdev);
2102
2103done:
2104 hci_dev_put(hdev);
2105 return err;
2106}
2107
2108int hci_dev_reset(__u16 dev)
2109{
2110 struct hci_dev *hdev;
2111 int ret = 0;
2112
2113 hdev = hci_dev_get(dev);
2114 if (!hdev)
2115 return -ENODEV;
2116
2117 hci_req_lock(hdev);
2118
2119 if (!test_bit(HCI_UP, &hdev->flags)) {
2120 ret = -ENETDOWN;
2121 goto done;
2122 }
2123
2124 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2125 ret = -EBUSY;
2126 goto done;
2127 }
2128
2129 /* Drop queues */
2130 skb_queue_purge(&hdev->rx_q);
2131 skb_queue_purge(&hdev->cmd_q);
2132
2133 hci_dev_lock(hdev);
2134 hci_inquiry_cache_flush(hdev);
2135 hci_conn_hash_flush(hdev);
2136 hci_dev_unlock(hdev);
2137
2138 if (hdev->flush)
2139 hdev->flush(hdev);
2140
2141 atomic_set(&hdev->cmd_cnt, 1);
2142 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
2143
2144 if (!test_bit(HCI_RAW, &hdev->flags))
2145 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2146
2147done:
2148 hci_req_unlock(hdev);
2149 hci_dev_put(hdev);
2150 return ret;
2151}
2152
2153int hci_dev_reset_stat(__u16 dev)
2154{
2155 struct hci_dev *hdev;
2156 int ret = 0;
2157
2158 hdev = hci_dev_get(dev);
2159 if (!hdev)
2160 return -ENODEV;
2161
2162 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2163 ret = -EBUSY;
2164 goto done;
2165 }
2166
2167 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
2168
2169done:
2170 hci_dev_put(hdev);
2171 return ret;
2172}
2173
2174int hci_dev_cmd(unsigned int cmd, void __user *arg)
2175{
2176 struct hci_dev *hdev;
2177 struct hci_dev_req dr;
2178 int err = 0;
2179
2180 if (copy_from_user(&dr, arg, sizeof(dr)))
2181 return -EFAULT;
2182
2183 hdev = hci_dev_get(dr.dev_id);
2184 if (!hdev)
2185 return -ENODEV;
2186
2187 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2188 err = -EBUSY;
2189 goto done;
2190 }
2191
2192 if (hdev->dev_type != HCI_BREDR) {
2193 err = -EOPNOTSUPP;
2194 goto done;
2195 }
2196
2197 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2198 err = -EOPNOTSUPP;
2199 goto done;
2200 }
2201
2202 switch (cmd) {
2203 case HCISETAUTH:
2204 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2205 HCI_INIT_TIMEOUT);
2206 break;
2207
2208 case HCISETENCRYPT:
2209 if (!lmp_encrypt_capable(hdev)) {
2210 err = -EOPNOTSUPP;
2211 break;
2212 }
2213
2214 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2215 /* Auth must be enabled first */
2216 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2217 HCI_INIT_TIMEOUT);
2218 if (err)
2219 break;
2220 }
2221
2222 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2223 HCI_INIT_TIMEOUT);
2224 break;
2225
2226 case HCISETSCAN:
2227 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2228 HCI_INIT_TIMEOUT);
2229 break;
2230
2231 case HCISETLINKPOL:
2232 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2233 HCI_INIT_TIMEOUT);
2234 break;
2235
2236 case HCISETLINKMODE:
2237 hdev->link_mode = ((__u16) dr.dev_opt) &
2238 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2239 break;
2240
2241 case HCISETPTYPE:
2242 hdev->pkt_type = (__u16) dr.dev_opt;
2243 break;
2244
2245 case HCISETACLMTU:
2246 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2247 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2248 break;
2249
2250 case HCISETSCOMTU:
2251 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2252 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2253 break;
2254
2255 default:
2256 err = -EINVAL;
2257 break;
2258 }
2259
2260done:
2261 hci_dev_put(hdev);
2262 return err;
2263}
2264
2265int hci_get_dev_list(void __user *arg)
2266{
2267 struct hci_dev *hdev;
2268 struct hci_dev_list_req *dl;
2269 struct hci_dev_req *dr;
2270 int n = 0, size, err;
2271 __u16 dev_num;
2272
2273 if (get_user(dev_num, (__u16 __user *) arg))
2274 return -EFAULT;
2275
2276 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2277 return -EINVAL;
2278
2279 size = sizeof(*dl) + dev_num * sizeof(*dr);
2280
2281 dl = kzalloc(size, GFP_KERNEL);
2282 if (!dl)
2283 return -ENOMEM;
2284
2285 dr = dl->dev_req;
2286
2287 read_lock(&hci_dev_list_lock);
2288 list_for_each_entry(hdev, &hci_dev_list, list) {
2289 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2290 cancel_delayed_work(&hdev->power_off);
2291
2292 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2293 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
2294
2295 (dr + n)->dev_id = hdev->id;
2296 (dr + n)->dev_opt = hdev->flags;
2297
2298 if (++n >= dev_num)
2299 break;
2300 }
2301 read_unlock(&hci_dev_list_lock);
2302
2303 dl->dev_num = n;
2304 size = sizeof(*dl) + n * sizeof(*dr);
2305
2306 err = copy_to_user(arg, dl, size);
2307 kfree(dl);
2308
2309 return err ? -EFAULT : 0;
2310}
2311
2312int hci_get_dev_info(void __user *arg)
2313{
2314 struct hci_dev *hdev;
2315 struct hci_dev_info di;
2316 int err = 0;
2317
2318 if (copy_from_user(&di, arg, sizeof(di)))
2319 return -EFAULT;
2320
2321 hdev = hci_dev_get(di.dev_id);
2322 if (!hdev)
2323 return -ENODEV;
2324
2325 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2326 cancel_delayed_work_sync(&hdev->power_off);
2327
2328 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2329 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
2330
2331 strcpy(di.name, hdev->name);
2332 di.bdaddr = hdev->bdaddr;
2333 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2334 di.flags = hdev->flags;
2335 di.pkt_type = hdev->pkt_type;
2336 if (lmp_bredr_capable(hdev)) {
2337 di.acl_mtu = hdev->acl_mtu;
2338 di.acl_pkts = hdev->acl_pkts;
2339 di.sco_mtu = hdev->sco_mtu;
2340 di.sco_pkts = hdev->sco_pkts;
2341 } else {
2342 di.acl_mtu = hdev->le_mtu;
2343 di.acl_pkts = hdev->le_pkts;
2344 di.sco_mtu = 0;
2345 di.sco_pkts = 0;
2346 }
2347 di.link_policy = hdev->link_policy;
2348 di.link_mode = hdev->link_mode;
2349
2350 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2351 memcpy(&di.features, &hdev->features, sizeof(di.features));
2352
2353 if (copy_to_user(arg, &di, sizeof(di)))
2354 err = -EFAULT;
2355
2356 hci_dev_put(hdev);
2357
2358 return err;
2359}
2360
2361/* ---- Interface to HCI drivers ---- */
2362
2363static int hci_rfkill_set_block(void *data, bool blocked)
2364{
2365 struct hci_dev *hdev = data;
2366
2367 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2368
2369 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2370 return -EBUSY;
2371
2372 if (blocked) {
2373 set_bit(HCI_RFKILLED, &hdev->dev_flags);
2374 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
2375 hci_dev_do_close(hdev);
2376 } else {
2377 clear_bit(HCI_RFKILLED, &hdev->dev_flags);
2378 }
2379
2380 return 0;
2381}
2382
2383static const struct rfkill_ops hci_rfkill_ops = {
2384 .set_block = hci_rfkill_set_block,
2385};
2386
2387static void hci_power_on(struct work_struct *work)
2388{
2389 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2390 int err;
2391
2392 BT_DBG("%s", hdev->name);
2393
2394 err = hci_dev_do_open(hdev);
2395 if (err < 0) {
2396 mgmt_set_powered_failed(hdev, err);
2397 return;
2398 }
2399
2400 /* During the HCI setup phase, a few error conditions are
2401 * ignored and they need to be checked now. If they are still
2402 * valid, it is important to turn the device back off.
2403 */
2404 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
2405 (hdev->dev_type == HCI_BREDR &&
2406 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2407 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2408 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2409 hci_dev_do_close(hdev);
2410 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2411 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2412 HCI_AUTO_OFF_TIMEOUT);
2413 }
2414
2415 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
2416 mgmt_index_added(hdev);
2417}
2418
2419static void hci_power_off(struct work_struct *work)
2420{
2421 struct hci_dev *hdev = container_of(work, struct hci_dev,
2422 power_off.work);
2423
2424 BT_DBG("%s", hdev->name);
2425
2426 hci_dev_do_close(hdev);
2427}
2428
2429static void hci_discov_off(struct work_struct *work)
2430{
2431 struct hci_dev *hdev;
2432
2433 hdev = container_of(work, struct hci_dev, discov_off.work);
2434
2435 BT_DBG("%s", hdev->name);
2436
2437 mgmt_discoverable_timeout(hdev);
2438}
2439
2440int hci_uuids_clear(struct hci_dev *hdev)
2441{
2442 struct bt_uuid *uuid, *tmp;
2443
2444 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2445 list_del(&uuid->list);
2446 kfree(uuid);
2447 }
2448
2449 return 0;
2450}
2451
2452int hci_link_keys_clear(struct hci_dev *hdev)
2453{
2454 struct list_head *p, *n;
2455
2456 list_for_each_safe(p, n, &hdev->link_keys) {
2457 struct link_key *key;
2458
2459 key = list_entry(p, struct link_key, list);
2460
2461 list_del(p);
2462 kfree(key);
2463 }
2464
2465 return 0;
2466}
2467
2468int hci_smp_ltks_clear(struct hci_dev *hdev)
2469{
2470 struct smp_ltk *k, *tmp;
2471
2472 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
2473 list_del(&k->list);
2474 kfree(k);
2475 }
2476
2477 return 0;
2478}
2479
2480struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2481{
2482 struct link_key *k;
2483
2484 list_for_each_entry(k, &hdev->link_keys, list)
2485 if (bacmp(bdaddr, &k->bdaddr) == 0)
2486 return k;
2487
2488 return NULL;
2489}
2490
2491static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2492 u8 key_type, u8 old_key_type)
2493{
2494 /* Legacy key */
2495 if (key_type < 0x03)
2496 return true;
2497
2498 /* Debug keys are insecure so don't store them persistently */
2499 if (key_type == HCI_LK_DEBUG_COMBINATION)
2500 return false;
2501
2502 /* Changed combination key and there's no previous one */
2503 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2504 return false;
2505
2506 /* Security mode 3 case */
2507 if (!conn)
2508 return true;
2509
2510 /* Neither local nor remote side had no-bonding as requirement */
2511 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2512 return true;
2513
2514 /* Local side had dedicated bonding as requirement */
2515 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2516 return true;
2517
2518 /* Remote side had dedicated bonding as requirement */
2519 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2520 return true;
2521
2522 /* If none of the above criteria match, then don't store the key
2523 * persistently */
2524 return false;
2525}
2526
2527struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
2528{
2529 struct smp_ltk *k;
2530
2531 list_for_each_entry(k, &hdev->long_term_keys, list) {
2532 if (k->ediv != ediv ||
2533 memcmp(rand, k->rand, sizeof(k->rand)))
2534 continue;
2535
2536 return k;
2537 }
2538
2539 return NULL;
2540}
2541
2542struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2543 u8 addr_type)
2544{
2545 struct smp_ltk *k;
2546
2547 list_for_each_entry(k, &hdev->long_term_keys, list)
2548 if (addr_type == k->bdaddr_type &&
2549 bacmp(bdaddr, &k->bdaddr) == 0)
2550 return k;
2551
2552 return NULL;
2553}
2554
2555int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
2556 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
2557{
2558 struct link_key *key, *old_key;
2559 u8 old_key_type;
2560 bool persistent;
2561
2562 old_key = hci_find_link_key(hdev, bdaddr);
2563 if (old_key) {
2564 old_key_type = old_key->type;
2565 key = old_key;
2566 } else {
2567 old_key_type = conn ? conn->key_type : 0xff;
2568 key = kzalloc(sizeof(*key), GFP_ATOMIC);
2569 if (!key)
2570 return -ENOMEM;
2571 list_add(&key->list, &hdev->link_keys);
2572 }
2573
2574 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2575
2576 /* Some buggy controller combinations generate a changed
2577 * combination key for legacy pairing even when there's no
2578 * previous key */
2579 if (type == HCI_LK_CHANGED_COMBINATION &&
2580 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2581 type = HCI_LK_COMBINATION;
2582 if (conn)
2583 conn->key_type = type;
2584 }
2585
2586 bacpy(&key->bdaddr, bdaddr);
2587 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2588 key->pin_len = pin_len;
2589
2590 if (type == HCI_LK_CHANGED_COMBINATION)
2591 key->type = old_key_type;
2592 else
2593 key->type = type;
2594
2595 if (!new_key)
2596 return 0;
2597
2598 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
2599
2600 mgmt_new_link_key(hdev, key, persistent);
2601
2602 if (conn)
2603 conn->flush_key = !persistent;
2604
2605 return 0;
2606}
2607
2608int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
2609 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
2610 ediv, u8 rand[8])
2611{
2612 struct smp_ltk *key, *old_key;
2613
2614 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
2615 return 0;
2616
2617 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
2618 if (old_key)
2619 key = old_key;
2620 else {
2621 key = kzalloc(sizeof(*key), GFP_ATOMIC);
2622 if (!key)
2623 return -ENOMEM;
2624 list_add(&key->list, &hdev->long_term_keys);
2625 }
2626
2627 bacpy(&key->bdaddr, bdaddr);
2628 key->bdaddr_type = addr_type;
2629 memcpy(key->val, tk, sizeof(key->val));
2630 key->authenticated = authenticated;
2631 key->ediv = ediv;
2632 key->enc_size = enc_size;
2633 key->type = type;
2634 memcpy(key->rand, rand, sizeof(key->rand));
2635
2636 if (!new_key)
2637 return 0;
2638
2639 if (type & HCI_SMP_LTK)
2640 mgmt_new_ltk(hdev, key, 1);
2641
2642 return 0;
2643}
2644
2645int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2646{
2647 struct link_key *key;
2648
2649 key = hci_find_link_key(hdev, bdaddr);
2650 if (!key)
2651 return -ENOENT;
2652
2653 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2654
2655 list_del(&key->list);
2656 kfree(key);
2657
2658 return 0;
2659}
2660
2661int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
2662{
2663 struct smp_ltk *k, *tmp;
2664
2665 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
2666 if (bacmp(bdaddr, &k->bdaddr))
2667 continue;
2668
2669 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2670
2671 list_del(&k->list);
2672 kfree(k);
2673 }
2674
2675 return 0;
2676}
2677
2678/* HCI command timer function */
2679static void hci_cmd_timeout(unsigned long arg)
2680{
2681 struct hci_dev *hdev = (void *) arg;
2682
2683 if (hdev->sent_cmd) {
2684 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2685 u16 opcode = __le16_to_cpu(sent->opcode);
2686
2687 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
2688 } else {
2689 BT_ERR("%s command tx timeout", hdev->name);
2690 }
2691
2692 atomic_set(&hdev->cmd_cnt, 1);
2693 queue_work(hdev->workqueue, &hdev->cmd_work);
2694}
2695
2696struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2697 bdaddr_t *bdaddr)
2698{
2699 struct oob_data *data;
2700
2701 list_for_each_entry(data, &hdev->remote_oob_data, list)
2702 if (bacmp(bdaddr, &data->bdaddr) == 0)
2703 return data;
2704
2705 return NULL;
2706}
2707
2708int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
2709{
2710 struct oob_data *data;
2711
2712 data = hci_find_remote_oob_data(hdev, bdaddr);
2713 if (!data)
2714 return -ENOENT;
2715
2716 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2717
2718 list_del(&data->list);
2719 kfree(data);
2720
2721 return 0;
2722}
2723
2724int hci_remote_oob_data_clear(struct hci_dev *hdev)
2725{
2726 struct oob_data *data, *n;
2727
2728 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2729 list_del(&data->list);
2730 kfree(data);
2731 }
2732
2733 return 0;
2734}
2735
2736int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
2737 u8 *randomizer)
2738{
2739 struct oob_data *data;
2740
2741 data = hci_find_remote_oob_data(hdev, bdaddr);
2742
2743 if (!data) {
2744 data = kmalloc(sizeof(*data), GFP_ATOMIC);
2745 if (!data)
2746 return -ENOMEM;
2747
2748 bacpy(&data->bdaddr, bdaddr);
2749 list_add(&data->list, &hdev->remote_oob_data);
2750 }
2751
2752 memcpy(data->hash, hash, sizeof(data->hash));
2753 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
2754
2755 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2756
2757 return 0;
2758}
2759
2760struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
2761 bdaddr_t *bdaddr, u8 type)
2762{
2763 struct bdaddr_list *b;
2764
2765 list_for_each_entry(b, &hdev->blacklist, list) {
2766 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2767 return b;
2768 }
2769
2770 return NULL;
2771}
2772
2773int hci_blacklist_clear(struct hci_dev *hdev)
2774{
2775 struct list_head *p, *n;
2776
2777 list_for_each_safe(p, n, &hdev->blacklist) {
2778 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
2779
2780 list_del(p);
2781 kfree(b);
2782 }
2783
2784 return 0;
2785}
2786
2787int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2788{
2789 struct bdaddr_list *entry;
2790
2791 if (!bacmp(bdaddr, BDADDR_ANY))
2792 return -EBADF;
2793
2794 if (hci_blacklist_lookup(hdev, bdaddr, type))
2795 return -EEXIST;
2796
2797 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
2798 if (!entry)
2799 return -ENOMEM;
2800
2801 bacpy(&entry->bdaddr, bdaddr);
2802 entry->bdaddr_type = type;
2803
2804 list_add(&entry->list, &hdev->blacklist);
2805
2806 return mgmt_device_blocked(hdev, bdaddr, type);
2807}
2808
2809int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2810{
2811 struct bdaddr_list *entry;
2812
2813 if (!bacmp(bdaddr, BDADDR_ANY))
2814 return hci_blacklist_clear(hdev);
2815
2816 entry = hci_blacklist_lookup(hdev, bdaddr, type);
2817 if (!entry)
2818 return -ENOENT;
2819
2820 list_del(&entry->list);
2821 kfree(entry);
2822
2823 return mgmt_device_unblocked(hdev, bdaddr, type);
2824}
2825
2826static void inquiry_complete(struct hci_dev *hdev, u8 status)
2827{
2828 if (status) {
2829 BT_ERR("Failed to start inquiry: status %d", status);
2830
2831 hci_dev_lock(hdev);
2832 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2833 hci_dev_unlock(hdev);
2834 return;
2835 }
2836}
2837
2838static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status)
2839{
2840 /* General inquiry access code (GIAC) */
2841 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2842 struct hci_request req;
2843 struct hci_cp_inquiry cp;
2844 int err;
2845
2846 if (status) {
2847 BT_ERR("Failed to disable LE scanning: status %d", status);
2848 return;
2849 }
2850
2851 switch (hdev->discovery.type) {
2852 case DISCOV_TYPE_LE:
2853 hci_dev_lock(hdev);
2854 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2855 hci_dev_unlock(hdev);
2856 break;
2857
2858 case DISCOV_TYPE_INTERLEAVED:
2859 hci_req_init(&req, hdev);
2860
2861 memset(&cp, 0, sizeof(cp));
2862 memcpy(&cp.lap, lap, sizeof(cp.lap));
2863 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
2864 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2865
2866 hci_dev_lock(hdev);
2867
2868 hci_inquiry_cache_flush(hdev);
2869
2870 err = hci_req_run(&req, inquiry_complete);
2871 if (err) {
2872 BT_ERR("Inquiry request failed: err %d", err);
2873 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2874 }
2875
2876 hci_dev_unlock(hdev);
2877 break;
2878 }
2879}
2880
2881static void le_scan_disable_work(struct work_struct *work)
2882{
2883 struct hci_dev *hdev = container_of(work, struct hci_dev,
2884 le_scan_disable.work);
2885 struct hci_cp_le_set_scan_enable cp;
2886 struct hci_request req;
2887 int err;
2888
2889 BT_DBG("%s", hdev->name);
2890
2891 hci_req_init(&req, hdev);
2892
2893 memset(&cp, 0, sizeof(cp));
2894 cp.enable = LE_SCAN_DISABLE;
2895 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
2896
2897 err = hci_req_run(&req, le_scan_disable_work_complete);
2898 if (err)
2899 BT_ERR("Disable LE scanning request failed: err %d", err);
2900}
2901
2902/* Alloc HCI device */
2903struct hci_dev *hci_alloc_dev(void)
2904{
2905 struct hci_dev *hdev;
2906
2907 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
2908 if (!hdev)
2909 return NULL;
2910
2911 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
2912 hdev->esco_type = (ESCO_HV1);
2913 hdev->link_mode = (HCI_LM_ACCEPT);
2914 hdev->num_iac = 0x01; /* One IAC support is mandatory */
2915 hdev->io_capability = 0x03; /* No Input No Output */
2916 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
2917 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
2918
2919 hdev->sniff_max_interval = 800;
2920 hdev->sniff_min_interval = 80;
2921
2922 hdev->le_scan_interval = 0x0060;
2923 hdev->le_scan_window = 0x0030;
2924 hdev->le_conn_min_interval = 0x0028;
2925 hdev->le_conn_max_interval = 0x0038;
2926
2927 mutex_init(&hdev->lock);
2928 mutex_init(&hdev->req_lock);
2929
2930 INIT_LIST_HEAD(&hdev->mgmt_pending);
2931 INIT_LIST_HEAD(&hdev->blacklist);
2932 INIT_LIST_HEAD(&hdev->uuids);
2933 INIT_LIST_HEAD(&hdev->link_keys);
2934 INIT_LIST_HEAD(&hdev->long_term_keys);
2935 INIT_LIST_HEAD(&hdev->remote_oob_data);
2936 INIT_LIST_HEAD(&hdev->conn_hash.list);
2937
2938 INIT_WORK(&hdev->rx_work, hci_rx_work);
2939 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
2940 INIT_WORK(&hdev->tx_work, hci_tx_work);
2941 INIT_WORK(&hdev->power_on, hci_power_on);
2942
2943 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
2944 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
2945 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2946
2947 skb_queue_head_init(&hdev->rx_q);
2948 skb_queue_head_init(&hdev->cmd_q);
2949 skb_queue_head_init(&hdev->raw_q);
2950
2951 init_waitqueue_head(&hdev->req_wait_q);
2952
2953 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
2954
2955 hci_init_sysfs(hdev);
2956 discovery_init(hdev);
2957
2958 return hdev;
2959}
2960EXPORT_SYMBOL(hci_alloc_dev);
2961
2962/* Free HCI device */
2963void hci_free_dev(struct hci_dev *hdev)
2964{
2965 /* will free via device release */
2966 put_device(&hdev->dev);
2967}
2968EXPORT_SYMBOL(hci_free_dev);
2969
2970/* Register HCI device */
2971int hci_register_dev(struct hci_dev *hdev)
2972{
2973 int id, error;
2974
2975 if (!hdev->open || !hdev->close)
2976 return -EINVAL;
2977
2978 /* Do not allow HCI_AMP devices to register at index 0,
2979 * so the index can be used as the AMP controller ID.
2980 */
2981 switch (hdev->dev_type) {
2982 case HCI_BREDR:
2983 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
2984 break;
2985 case HCI_AMP:
2986 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
2987 break;
2988 default:
2989 return -EINVAL;
2990 }
2991
2992 if (id < 0)
2993 return id;
2994
2995 sprintf(hdev->name, "hci%d", id);
2996 hdev->id = id;
2997
2998 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2999
3000 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3001 WQ_MEM_RECLAIM, 1, hdev->name);
3002 if (!hdev->workqueue) {
3003 error = -ENOMEM;
3004 goto err;
3005 }
3006
3007 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3008 WQ_MEM_RECLAIM, 1, hdev->name);
3009 if (!hdev->req_workqueue) {
3010 destroy_workqueue(hdev->workqueue);
3011 error = -ENOMEM;
3012 goto err;
3013 }
3014
3015 if (!IS_ERR_OR_NULL(bt_debugfs))
3016 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3017
3018 dev_set_name(&hdev->dev, "%s", hdev->name);
3019
3020 error = device_add(&hdev->dev);
3021 if (error < 0)
3022 goto err_wqueue;
3023
3024 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3025 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3026 hdev);
3027 if (hdev->rfkill) {
3028 if (rfkill_register(hdev->rfkill) < 0) {
3029 rfkill_destroy(hdev->rfkill);
3030 hdev->rfkill = NULL;
3031 }
3032 }
3033
3034 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3035 set_bit(HCI_RFKILLED, &hdev->dev_flags);
3036
3037 set_bit(HCI_SETUP, &hdev->dev_flags);
3038 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
3039
3040 if (hdev->dev_type == HCI_BREDR) {
3041 /* Assume BR/EDR support until proven otherwise (such as
3042 * through reading supported features during init.
3043 */
3044 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3045 }
3046
3047 write_lock(&hci_dev_list_lock);
3048 list_add(&hdev->list, &hci_dev_list);
3049 write_unlock(&hci_dev_list_lock);
3050
3051 hci_notify(hdev, HCI_DEV_REG);
3052 hci_dev_hold(hdev);
3053
3054 queue_work(hdev->req_workqueue, &hdev->power_on);
3055
3056 return id;
3057
3058err_wqueue:
3059 destroy_workqueue(hdev->workqueue);
3060 destroy_workqueue(hdev->req_workqueue);
3061err:
3062 ida_simple_remove(&hci_index_ida, hdev->id);
3063
3064 return error;
3065}
3066EXPORT_SYMBOL(hci_register_dev);
3067
3068/* Unregister HCI device */
3069void hci_unregister_dev(struct hci_dev *hdev)
3070{
3071 int i, id;
3072
3073 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3074
3075 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
3076
3077 id = hdev->id;
3078
3079 write_lock(&hci_dev_list_lock);
3080 list_del(&hdev->list);
3081 write_unlock(&hci_dev_list_lock);
3082
3083 hci_dev_do_close(hdev);
3084
3085 for (i = 0; i < NUM_REASSEMBLY; i++)
3086 kfree_skb(hdev->reassembly[i]);
3087
3088 cancel_work_sync(&hdev->power_on);
3089
3090 if (!test_bit(HCI_INIT, &hdev->flags) &&
3091 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
3092 hci_dev_lock(hdev);
3093 mgmt_index_removed(hdev);
3094 hci_dev_unlock(hdev);
3095 }
3096
3097 /* mgmt_index_removed should take care of emptying the
3098 * pending list */
3099 BUG_ON(!list_empty(&hdev->mgmt_pending));
3100
3101 hci_notify(hdev, HCI_DEV_UNREG);
3102
3103 if (hdev->rfkill) {
3104 rfkill_unregister(hdev->rfkill);
3105 rfkill_destroy(hdev->rfkill);
3106 }
3107
3108 device_del(&hdev->dev);
3109
3110 debugfs_remove_recursive(hdev->debugfs);
3111
3112 destroy_workqueue(hdev->workqueue);
3113 destroy_workqueue(hdev->req_workqueue);
3114
3115 hci_dev_lock(hdev);
3116 hci_blacklist_clear(hdev);
3117 hci_uuids_clear(hdev);
3118 hci_link_keys_clear(hdev);
3119 hci_smp_ltks_clear(hdev);
3120 hci_remote_oob_data_clear(hdev);
3121 hci_dev_unlock(hdev);
3122
3123 hci_dev_put(hdev);
3124
3125 ida_simple_remove(&hci_index_ida, id);
3126}
3127EXPORT_SYMBOL(hci_unregister_dev);
3128
3129/* Suspend HCI device */
3130int hci_suspend_dev(struct hci_dev *hdev)
3131{
3132 hci_notify(hdev, HCI_DEV_SUSPEND);
3133 return 0;
3134}
3135EXPORT_SYMBOL(hci_suspend_dev);
3136
3137/* Resume HCI device */
3138int hci_resume_dev(struct hci_dev *hdev)
3139{
3140 hci_notify(hdev, HCI_DEV_RESUME);
3141 return 0;
3142}
3143EXPORT_SYMBOL(hci_resume_dev);
3144
3145/* Receive frame from HCI drivers */
3146int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3147{
3148 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3149 && !test_bit(HCI_INIT, &hdev->flags))) {
3150 kfree_skb(skb);
3151 return -ENXIO;
3152 }
3153
3154 /* Incoming skb */
3155 bt_cb(skb)->incoming = 1;
3156
3157 /* Time stamp */
3158 __net_timestamp(skb);
3159
3160 skb_queue_tail(&hdev->rx_q, skb);
3161 queue_work(hdev->workqueue, &hdev->rx_work);
3162
3163 return 0;
3164}
3165EXPORT_SYMBOL(hci_recv_frame);
3166
3167static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
3168 int count, __u8 index)
3169{
3170 int len = 0;
3171 int hlen = 0;
3172 int remain = count;
3173 struct sk_buff *skb;
3174 struct bt_skb_cb *scb;
3175
3176 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
3177 index >= NUM_REASSEMBLY)
3178 return -EILSEQ;
3179
3180 skb = hdev->reassembly[index];
3181
3182 if (!skb) {
3183 switch (type) {
3184 case HCI_ACLDATA_PKT:
3185 len = HCI_MAX_FRAME_SIZE;
3186 hlen = HCI_ACL_HDR_SIZE;
3187 break;
3188 case HCI_EVENT_PKT:
3189 len = HCI_MAX_EVENT_SIZE;
3190 hlen = HCI_EVENT_HDR_SIZE;
3191 break;
3192 case HCI_SCODATA_PKT:
3193 len = HCI_MAX_SCO_SIZE;
3194 hlen = HCI_SCO_HDR_SIZE;
3195 break;
3196 }
3197
3198 skb = bt_skb_alloc(len, GFP_ATOMIC);
3199 if (!skb)
3200 return -ENOMEM;
3201
3202 scb = (void *) skb->cb;
3203 scb->expect = hlen;
3204 scb->pkt_type = type;
3205
3206 hdev->reassembly[index] = skb;
3207 }
3208
3209 while (count) {
3210 scb = (void *) skb->cb;
3211 len = min_t(uint, scb->expect, count);
3212
3213 memcpy(skb_put(skb, len), data, len);
3214
3215 count -= len;
3216 data += len;
3217 scb->expect -= len;
3218 remain = count;
3219
3220 switch (type) {
3221 case HCI_EVENT_PKT:
3222 if (skb->len == HCI_EVENT_HDR_SIZE) {
3223 struct hci_event_hdr *h = hci_event_hdr(skb);
3224 scb->expect = h->plen;
3225
3226 if (skb_tailroom(skb) < scb->expect) {
3227 kfree_skb(skb);
3228 hdev->reassembly[index] = NULL;
3229 return -ENOMEM;
3230 }
3231 }
3232 break;
3233
3234 case HCI_ACLDATA_PKT:
3235 if (skb->len == HCI_ACL_HDR_SIZE) {
3236 struct hci_acl_hdr *h = hci_acl_hdr(skb);
3237 scb->expect = __le16_to_cpu(h->dlen);
3238
3239 if (skb_tailroom(skb) < scb->expect) {
3240 kfree_skb(skb);
3241 hdev->reassembly[index] = NULL;
3242 return -ENOMEM;
3243 }
3244 }
3245 break;
3246
3247 case HCI_SCODATA_PKT:
3248 if (skb->len == HCI_SCO_HDR_SIZE) {
3249 struct hci_sco_hdr *h = hci_sco_hdr(skb);
3250 scb->expect = h->dlen;
3251
3252 if (skb_tailroom(skb) < scb->expect) {
3253 kfree_skb(skb);
3254 hdev->reassembly[index] = NULL;
3255 return -ENOMEM;
3256 }
3257 }
3258 break;
3259 }
3260
3261 if (scb->expect == 0) {
3262 /* Complete frame */
3263
3264 bt_cb(skb)->pkt_type = type;
3265 hci_recv_frame(hdev, skb);
3266
3267 hdev->reassembly[index] = NULL;
3268 return remain;
3269 }
3270 }
3271
3272 return remain;
3273}
3274
3275int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
3276{
3277 int rem = 0;
3278
3279 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
3280 return -EILSEQ;
3281
3282 while (count) {
3283 rem = hci_reassembly(hdev, type, data, count, type - 1);
3284 if (rem < 0)
3285 return rem;
3286
3287 data += (count - rem);
3288 count = rem;
3289 }
3290
3291 return rem;
3292}
3293EXPORT_SYMBOL(hci_recv_fragment);
3294
3295#define STREAM_REASSEMBLY 0
3296
3297int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
3298{
3299 int type;
3300 int rem = 0;
3301
3302 while (count) {
3303 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
3304
3305 if (!skb) {
3306 struct { char type; } *pkt;
3307
3308 /* Start of the frame */
3309 pkt = data;
3310 type = pkt->type;
3311
3312 data++;
3313 count--;
3314 } else
3315 type = bt_cb(skb)->pkt_type;
3316
3317 rem = hci_reassembly(hdev, type, data, count,
3318 STREAM_REASSEMBLY);
3319 if (rem < 0)
3320 return rem;
3321
3322 data += (count - rem);
3323 count = rem;
3324 }
3325
3326 return rem;
3327}
3328EXPORT_SYMBOL(hci_recv_stream_fragment);
3329
3330/* ---- Interface to upper protocols ---- */
3331
3332int hci_register_cb(struct hci_cb *cb)
3333{
3334 BT_DBG("%p name %s", cb, cb->name);
3335
3336 write_lock(&hci_cb_list_lock);
3337 list_add(&cb->list, &hci_cb_list);
3338 write_unlock(&hci_cb_list_lock);
3339
3340 return 0;
3341}
3342EXPORT_SYMBOL(hci_register_cb);
3343
3344int hci_unregister_cb(struct hci_cb *cb)
3345{
3346 BT_DBG("%p name %s", cb, cb->name);
3347
3348 write_lock(&hci_cb_list_lock);
3349 list_del(&cb->list);
3350 write_unlock(&hci_cb_list_lock);
3351
3352 return 0;
3353}
3354EXPORT_SYMBOL(hci_unregister_cb);
3355
3356static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
3357{
3358 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
3359
3360 /* Time stamp */
3361 __net_timestamp(skb);
3362
3363 /* Send copy to monitor */
3364 hci_send_to_monitor(hdev, skb);
3365
3366 if (atomic_read(&hdev->promisc)) {
3367 /* Send copy to the sockets */
3368 hci_send_to_sock(hdev, skb);
3369 }
3370
3371 /* Get rid of skb owner, prior to sending to the driver. */
3372 skb_orphan(skb);
3373
3374 if (hdev->send(hdev, skb) < 0)
3375 BT_ERR("%s sending frame failed", hdev->name);
3376}
3377
3378void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
3379{
3380 skb_queue_head_init(&req->cmd_q);
3381 req->hdev = hdev;
3382 req->err = 0;
3383}
3384
3385int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
3386{
3387 struct hci_dev *hdev = req->hdev;
3388 struct sk_buff *skb;
3389 unsigned long flags;
3390
3391 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
3392
3393 /* If an error occured during request building, remove all HCI
3394 * commands queued on the HCI request queue.
3395 */
3396 if (req->err) {
3397 skb_queue_purge(&req->cmd_q);
3398 return req->err;
3399 }
3400
3401 /* Do not allow empty requests */
3402 if (skb_queue_empty(&req->cmd_q))
3403 return -ENODATA;
3404
3405 skb = skb_peek_tail(&req->cmd_q);
3406 bt_cb(skb)->req.complete = complete;
3407
3408 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
3409 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
3410 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
3411
3412 queue_work(hdev->workqueue, &hdev->cmd_work);
3413
3414 return 0;
3415}
3416
3417static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
3418 u32 plen, const void *param)
3419{
3420 int len = HCI_COMMAND_HDR_SIZE + plen;
3421 struct hci_command_hdr *hdr;
3422 struct sk_buff *skb;
3423
3424 skb = bt_skb_alloc(len, GFP_ATOMIC);
3425 if (!skb)
3426 return NULL;
3427
3428 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
3429 hdr->opcode = cpu_to_le16(opcode);
3430 hdr->plen = plen;
3431
3432 if (plen)
3433 memcpy(skb_put(skb, plen), param, plen);
3434
3435 BT_DBG("skb len %d", skb->len);
3436
3437 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
3438
3439 return skb;
3440}
3441
3442/* Send HCI command */
3443int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3444 const void *param)
3445{
3446 struct sk_buff *skb;
3447
3448 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3449
3450 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3451 if (!skb) {
3452 BT_ERR("%s no memory for command", hdev->name);
3453 return -ENOMEM;
3454 }
3455
3456 /* Stand-alone HCI commands must be flaged as
3457 * single-command requests.
3458 */
3459 bt_cb(skb)->req.start = true;
3460
3461 skb_queue_tail(&hdev->cmd_q, skb);
3462 queue_work(hdev->workqueue, &hdev->cmd_work);
3463
3464 return 0;
3465}
3466
3467/* Queue a command to an asynchronous HCI request */
3468void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
3469 const void *param, u8 event)
3470{
3471 struct hci_dev *hdev = req->hdev;
3472 struct sk_buff *skb;
3473
3474 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3475
3476 /* If an error occured during request building, there is no point in
3477 * queueing the HCI command. We can simply return.
3478 */
3479 if (req->err)
3480 return;
3481
3482 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3483 if (!skb) {
3484 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
3485 hdev->name, opcode);
3486 req->err = -ENOMEM;
3487 return;
3488 }
3489
3490 if (skb_queue_empty(&req->cmd_q))
3491 bt_cb(skb)->req.start = true;
3492
3493 bt_cb(skb)->req.event = event;
3494
3495 skb_queue_tail(&req->cmd_q, skb);
3496}
3497
3498void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
3499 const void *param)
3500{
3501 hci_req_add_ev(req, opcode, plen, param, 0);
3502}
3503
3504/* Get data from the previously sent command */
3505void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
3506{
3507 struct hci_command_hdr *hdr;
3508
3509 if (!hdev->sent_cmd)
3510 return NULL;
3511
3512 hdr = (void *) hdev->sent_cmd->data;
3513
3514 if (hdr->opcode != cpu_to_le16(opcode))
3515 return NULL;
3516
3517 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3518
3519 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3520}
3521
3522/* Send ACL data */
3523static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3524{
3525 struct hci_acl_hdr *hdr;
3526 int len = skb->len;
3527
3528 skb_push(skb, HCI_ACL_HDR_SIZE);
3529 skb_reset_transport_header(skb);
3530 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
3531 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3532 hdr->dlen = cpu_to_le16(len);
3533}
3534
3535static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
3536 struct sk_buff *skb, __u16 flags)
3537{
3538 struct hci_conn *conn = chan->conn;
3539 struct hci_dev *hdev = conn->hdev;
3540 struct sk_buff *list;
3541
3542 skb->len = skb_headlen(skb);
3543 skb->data_len = 0;
3544
3545 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
3546
3547 switch (hdev->dev_type) {
3548 case HCI_BREDR:
3549 hci_add_acl_hdr(skb, conn->handle, flags);
3550 break;
3551 case HCI_AMP:
3552 hci_add_acl_hdr(skb, chan->handle, flags);
3553 break;
3554 default:
3555 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3556 return;
3557 }
3558
3559 list = skb_shinfo(skb)->frag_list;
3560 if (!list) {
3561 /* Non fragmented */
3562 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3563
3564 skb_queue_tail(queue, skb);
3565 } else {
3566 /* Fragmented */
3567 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3568
3569 skb_shinfo(skb)->frag_list = NULL;
3570
3571 /* Queue all fragments atomically */
3572 spin_lock(&queue->lock);
3573
3574 __skb_queue_tail(queue, skb);
3575
3576 flags &= ~ACL_START;
3577 flags |= ACL_CONT;
3578 do {
3579 skb = list; list = list->next;
3580
3581 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
3582 hci_add_acl_hdr(skb, conn->handle, flags);
3583
3584 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3585
3586 __skb_queue_tail(queue, skb);
3587 } while (list);
3588
3589 spin_unlock(&queue->lock);
3590 }
3591}
3592
3593void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3594{
3595 struct hci_dev *hdev = chan->conn->hdev;
3596
3597 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
3598
3599 hci_queue_acl(chan, &chan->data_q, skb, flags);
3600
3601 queue_work(hdev->workqueue, &hdev->tx_work);
3602}
3603
3604/* Send SCO data */
3605void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
3606{
3607 struct hci_dev *hdev = conn->hdev;
3608 struct hci_sco_hdr hdr;
3609
3610 BT_DBG("%s len %d", hdev->name, skb->len);
3611
3612 hdr.handle = cpu_to_le16(conn->handle);
3613 hdr.dlen = skb->len;
3614
3615 skb_push(skb, HCI_SCO_HDR_SIZE);
3616 skb_reset_transport_header(skb);
3617 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
3618
3619 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
3620
3621 skb_queue_tail(&conn->data_q, skb);
3622 queue_work(hdev->workqueue, &hdev->tx_work);
3623}
3624
3625/* ---- HCI TX task (outgoing data) ---- */
3626
3627/* HCI Connection scheduler */
3628static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3629 int *quote)
3630{
3631 struct hci_conn_hash *h = &hdev->conn_hash;
3632 struct hci_conn *conn = NULL, *c;
3633 unsigned int num = 0, min = ~0;
3634
3635 /* We don't have to lock device here. Connections are always
3636 * added and removed with TX task disabled. */
3637
3638 rcu_read_lock();
3639
3640 list_for_each_entry_rcu(c, &h->list, list) {
3641 if (c->type != type || skb_queue_empty(&c->data_q))
3642 continue;
3643
3644 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3645 continue;
3646
3647 num++;
3648
3649 if (c->sent < min) {
3650 min = c->sent;
3651 conn = c;
3652 }
3653
3654 if (hci_conn_num(hdev, type) == num)
3655 break;
3656 }
3657
3658 rcu_read_unlock();
3659
3660 if (conn) {
3661 int cnt, q;
3662
3663 switch (conn->type) {
3664 case ACL_LINK:
3665 cnt = hdev->acl_cnt;
3666 break;
3667 case SCO_LINK:
3668 case ESCO_LINK:
3669 cnt = hdev->sco_cnt;
3670 break;
3671 case LE_LINK:
3672 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3673 break;
3674 default:
3675 cnt = 0;
3676 BT_ERR("Unknown link type");
3677 }
3678
3679 q = cnt / num;
3680 *quote = q ? q : 1;
3681 } else
3682 *quote = 0;
3683
3684 BT_DBG("conn %p quote %d", conn, *quote);
3685 return conn;
3686}
3687
3688static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
3689{
3690 struct hci_conn_hash *h = &hdev->conn_hash;
3691 struct hci_conn *c;
3692
3693 BT_ERR("%s link tx timeout", hdev->name);
3694
3695 rcu_read_lock();
3696
3697 /* Kill stalled connections */
3698 list_for_each_entry_rcu(c, &h->list, list) {
3699 if (c->type == type && c->sent) {
3700 BT_ERR("%s killing stalled connection %pMR",
3701 hdev->name, &c->dst);
3702 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
3703 }
3704 }
3705
3706 rcu_read_unlock();
3707}
3708
3709static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3710 int *quote)
3711{
3712 struct hci_conn_hash *h = &hdev->conn_hash;
3713 struct hci_chan *chan = NULL;
3714 unsigned int num = 0, min = ~0, cur_prio = 0;
3715 struct hci_conn *conn;
3716 int cnt, q, conn_num = 0;
3717
3718 BT_DBG("%s", hdev->name);
3719
3720 rcu_read_lock();
3721
3722 list_for_each_entry_rcu(conn, &h->list, list) {
3723 struct hci_chan *tmp;
3724
3725 if (conn->type != type)
3726 continue;
3727
3728 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3729 continue;
3730
3731 conn_num++;
3732
3733 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
3734 struct sk_buff *skb;
3735
3736 if (skb_queue_empty(&tmp->data_q))
3737 continue;
3738
3739 skb = skb_peek(&tmp->data_q);
3740 if (skb->priority < cur_prio)
3741 continue;
3742
3743 if (skb->priority > cur_prio) {
3744 num = 0;
3745 min = ~0;
3746 cur_prio = skb->priority;
3747 }
3748
3749 num++;
3750
3751 if (conn->sent < min) {
3752 min = conn->sent;
3753 chan = tmp;
3754 }
3755 }
3756
3757 if (hci_conn_num(hdev, type) == conn_num)
3758 break;
3759 }
3760
3761 rcu_read_unlock();
3762
3763 if (!chan)
3764 return NULL;
3765
3766 switch (chan->conn->type) {
3767 case ACL_LINK:
3768 cnt = hdev->acl_cnt;
3769 break;
3770 case AMP_LINK:
3771 cnt = hdev->block_cnt;
3772 break;
3773 case SCO_LINK:
3774 case ESCO_LINK:
3775 cnt = hdev->sco_cnt;
3776 break;
3777 case LE_LINK:
3778 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3779 break;
3780 default:
3781 cnt = 0;
3782 BT_ERR("Unknown link type");
3783 }
3784
3785 q = cnt / num;
3786 *quote = q ? q : 1;
3787 BT_DBG("chan %p quote %d", chan, *quote);
3788 return chan;
3789}
3790
3791static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3792{
3793 struct hci_conn_hash *h = &hdev->conn_hash;
3794 struct hci_conn *conn;
3795 int num = 0;
3796
3797 BT_DBG("%s", hdev->name);
3798
3799 rcu_read_lock();
3800
3801 list_for_each_entry_rcu(conn, &h->list, list) {
3802 struct hci_chan *chan;
3803
3804 if (conn->type != type)
3805 continue;
3806
3807 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3808 continue;
3809
3810 num++;
3811
3812 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3813 struct sk_buff *skb;
3814
3815 if (chan->sent) {
3816 chan->sent = 0;
3817 continue;
3818 }
3819
3820 if (skb_queue_empty(&chan->data_q))
3821 continue;
3822
3823 skb = skb_peek(&chan->data_q);
3824 if (skb->priority >= HCI_PRIO_MAX - 1)
3825 continue;
3826
3827 skb->priority = HCI_PRIO_MAX - 1;
3828
3829 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3830 skb->priority);
3831 }
3832
3833 if (hci_conn_num(hdev, type) == num)
3834 break;
3835 }
3836
3837 rcu_read_unlock();
3838
3839}
3840
3841static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3842{
3843 /* Calculate count of blocks used by this packet */
3844 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3845}
3846
3847static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3848{
3849 if (!test_bit(HCI_RAW, &hdev->flags)) {
3850 /* ACL tx timeout must be longer than maximum
3851 * link supervision timeout (40.9 seconds) */
3852 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3853 HCI_ACL_TX_TIMEOUT))
3854 hci_link_tx_to(hdev, ACL_LINK);
3855 }
3856}
3857
3858static void hci_sched_acl_pkt(struct hci_dev *hdev)
3859{
3860 unsigned int cnt = hdev->acl_cnt;
3861 struct hci_chan *chan;
3862 struct sk_buff *skb;
3863 int quote;
3864
3865 __check_timeout(hdev, cnt);
3866
3867 while (hdev->acl_cnt &&
3868 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
3869 u32 priority = (skb_peek(&chan->data_q))->priority;
3870 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3871 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3872 skb->len, skb->priority);
3873
3874 /* Stop if priority has changed */
3875 if (skb->priority < priority)
3876 break;
3877
3878 skb = skb_dequeue(&chan->data_q);
3879
3880 hci_conn_enter_active_mode(chan->conn,
3881 bt_cb(skb)->force_active);
3882
3883 hci_send_frame(hdev, skb);
3884 hdev->acl_last_tx = jiffies;
3885
3886 hdev->acl_cnt--;
3887 chan->sent++;
3888 chan->conn->sent++;
3889 }
3890 }
3891
3892 if (cnt != hdev->acl_cnt)
3893 hci_prio_recalculate(hdev, ACL_LINK);
3894}
3895
3896static void hci_sched_acl_blk(struct hci_dev *hdev)
3897{
3898 unsigned int cnt = hdev->block_cnt;
3899 struct hci_chan *chan;
3900 struct sk_buff *skb;
3901 int quote;
3902 u8 type;
3903
3904 __check_timeout(hdev, cnt);
3905
3906 BT_DBG("%s", hdev->name);
3907
3908 if (hdev->dev_type == HCI_AMP)
3909 type = AMP_LINK;
3910 else
3911 type = ACL_LINK;
3912
3913 while (hdev->block_cnt > 0 &&
3914 (chan = hci_chan_sent(hdev, type, "e))) {
3915 u32 priority = (skb_peek(&chan->data_q))->priority;
3916 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
3917 int blocks;
3918
3919 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3920 skb->len, skb->priority);
3921
3922 /* Stop if priority has changed */
3923 if (skb->priority < priority)
3924 break;
3925
3926 skb = skb_dequeue(&chan->data_q);
3927
3928 blocks = __get_blocks(hdev, skb);
3929 if (blocks > hdev->block_cnt)
3930 return;
3931
3932 hci_conn_enter_active_mode(chan->conn,
3933 bt_cb(skb)->force_active);
3934
3935 hci_send_frame(hdev, skb);
3936 hdev->acl_last_tx = jiffies;
3937
3938 hdev->block_cnt -= blocks;
3939 quote -= blocks;
3940
3941 chan->sent += blocks;
3942 chan->conn->sent += blocks;
3943 }
3944 }
3945
3946 if (cnt != hdev->block_cnt)
3947 hci_prio_recalculate(hdev, type);
3948}
3949
3950static void hci_sched_acl(struct hci_dev *hdev)
3951{
3952 BT_DBG("%s", hdev->name);
3953
3954 /* No ACL link over BR/EDR controller */
3955 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
3956 return;
3957
3958 /* No AMP link over AMP controller */
3959 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
3960 return;
3961
3962 switch (hdev->flow_ctl_mode) {
3963 case HCI_FLOW_CTL_MODE_PACKET_BASED:
3964 hci_sched_acl_pkt(hdev);
3965 break;
3966
3967 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
3968 hci_sched_acl_blk(hdev);
3969 break;
3970 }
3971}
3972
3973/* Schedule SCO */
3974static void hci_sched_sco(struct hci_dev *hdev)
3975{
3976 struct hci_conn *conn;
3977 struct sk_buff *skb;
3978 int quote;
3979
3980 BT_DBG("%s", hdev->name);
3981
3982 if (!hci_conn_num(hdev, SCO_LINK))
3983 return;
3984
3985 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
3986 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3987 BT_DBG("skb %p len %d", skb, skb->len);
3988 hci_send_frame(hdev, skb);
3989
3990 conn->sent++;
3991 if (conn->sent == ~0)
3992 conn->sent = 0;
3993 }
3994 }
3995}
3996
3997static void hci_sched_esco(struct hci_dev *hdev)
3998{
3999 struct hci_conn *conn;
4000 struct sk_buff *skb;
4001 int quote;
4002
4003 BT_DBG("%s", hdev->name);
4004
4005 if (!hci_conn_num(hdev, ESCO_LINK))
4006 return;
4007
4008 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
4009 "e))) {
4010 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4011 BT_DBG("skb %p len %d", skb, skb->len);
4012 hci_send_frame(hdev, skb);
4013
4014 conn->sent++;
4015 if (conn->sent == ~0)
4016 conn->sent = 0;
4017 }
4018 }
4019}
4020
4021static void hci_sched_le(struct hci_dev *hdev)
4022{
4023 struct hci_chan *chan;
4024 struct sk_buff *skb;
4025 int quote, cnt, tmp;
4026
4027 BT_DBG("%s", hdev->name);
4028
4029 if (!hci_conn_num(hdev, LE_LINK))
4030 return;
4031
4032 if (!test_bit(HCI_RAW, &hdev->flags)) {
4033 /* LE tx timeout must be longer than maximum
4034 * link supervision timeout (40.9 seconds) */
4035 if (!hdev->le_cnt && hdev->le_pkts &&
4036 time_after(jiffies, hdev->le_last_tx + HZ * 45))
4037 hci_link_tx_to(hdev, LE_LINK);
4038 }
4039
4040 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
4041 tmp = cnt;
4042 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
4043 u32 priority = (skb_peek(&chan->data_q))->priority;
4044 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4045 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4046 skb->len, skb->priority);
4047
4048 /* Stop if priority has changed */
4049 if (skb->priority < priority)
4050 break;
4051
4052 skb = skb_dequeue(&chan->data_q);
4053
4054 hci_send_frame(hdev, skb);
4055 hdev->le_last_tx = jiffies;
4056
4057 cnt--;
4058 chan->sent++;
4059 chan->conn->sent++;
4060 }
4061 }
4062
4063 if (hdev->le_pkts)
4064 hdev->le_cnt = cnt;
4065 else
4066 hdev->acl_cnt = cnt;
4067
4068 if (cnt != tmp)
4069 hci_prio_recalculate(hdev, LE_LINK);
4070}
4071
4072static void hci_tx_work(struct work_struct *work)
4073{
4074 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4075 struct sk_buff *skb;
4076
4077 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4078 hdev->sco_cnt, hdev->le_cnt);
4079
4080 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4081 /* Schedule queues and send stuff to HCI driver */
4082 hci_sched_acl(hdev);
4083 hci_sched_sco(hdev);
4084 hci_sched_esco(hdev);
4085 hci_sched_le(hdev);
4086 }
4087
4088 /* Send next queued raw (unknown type) packet */
4089 while ((skb = skb_dequeue(&hdev->raw_q)))
4090 hci_send_frame(hdev, skb);
4091}
4092
4093/* ----- HCI RX task (incoming data processing) ----- */
4094
4095/* ACL data packet */
4096static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4097{
4098 struct hci_acl_hdr *hdr = (void *) skb->data;
4099 struct hci_conn *conn;
4100 __u16 handle, flags;
4101
4102 skb_pull(skb, HCI_ACL_HDR_SIZE);
4103
4104 handle = __le16_to_cpu(hdr->handle);
4105 flags = hci_flags(handle);
4106 handle = hci_handle(handle);
4107
4108 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4109 handle, flags);
4110
4111 hdev->stat.acl_rx++;
4112
4113 hci_dev_lock(hdev);
4114 conn = hci_conn_hash_lookup_handle(hdev, handle);
4115 hci_dev_unlock(hdev);
4116
4117 if (conn) {
4118 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4119
4120 /* Send to upper protocol */
4121 l2cap_recv_acldata(conn, skb, flags);
4122 return;
4123 } else {
4124 BT_ERR("%s ACL packet for unknown connection handle %d",
4125 hdev->name, handle);
4126 }
4127
4128 kfree_skb(skb);
4129}
4130
4131/* SCO data packet */
4132static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4133{
4134 struct hci_sco_hdr *hdr = (void *) skb->data;
4135 struct hci_conn *conn;
4136 __u16 handle;
4137
4138 skb_pull(skb, HCI_SCO_HDR_SIZE);
4139
4140 handle = __le16_to_cpu(hdr->handle);
4141
4142 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
4143
4144 hdev->stat.sco_rx++;
4145
4146 hci_dev_lock(hdev);
4147 conn = hci_conn_hash_lookup_handle(hdev, handle);
4148 hci_dev_unlock(hdev);
4149
4150 if (conn) {
4151 /* Send to upper protocol */
4152 sco_recv_scodata(conn, skb);
4153 return;
4154 } else {
4155 BT_ERR("%s SCO packet for unknown connection handle %d",
4156 hdev->name, handle);
4157 }
4158
4159 kfree_skb(skb);
4160}
4161
4162static bool hci_req_is_complete(struct hci_dev *hdev)
4163{
4164 struct sk_buff *skb;
4165
4166 skb = skb_peek(&hdev->cmd_q);
4167 if (!skb)
4168 return true;
4169
4170 return bt_cb(skb)->req.start;
4171}
4172
4173static void hci_resend_last(struct hci_dev *hdev)
4174{
4175 struct hci_command_hdr *sent;
4176 struct sk_buff *skb;
4177 u16 opcode;
4178
4179 if (!hdev->sent_cmd)
4180 return;
4181
4182 sent = (void *) hdev->sent_cmd->data;
4183 opcode = __le16_to_cpu(sent->opcode);
4184 if (opcode == HCI_OP_RESET)
4185 return;
4186
4187 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4188 if (!skb)
4189 return;
4190
4191 skb_queue_head(&hdev->cmd_q, skb);
4192 queue_work(hdev->workqueue, &hdev->cmd_work);
4193}
4194
4195void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
4196{
4197 hci_req_complete_t req_complete = NULL;
4198 struct sk_buff *skb;
4199 unsigned long flags;
4200
4201 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4202
4203 /* If the completed command doesn't match the last one that was
4204 * sent we need to do special handling of it.
4205 */
4206 if (!hci_sent_cmd_data(hdev, opcode)) {
4207 /* Some CSR based controllers generate a spontaneous
4208 * reset complete event during init and any pending
4209 * command will never be completed. In such a case we
4210 * need to resend whatever was the last sent
4211 * command.
4212 */
4213 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4214 hci_resend_last(hdev);
4215
4216 return;
4217 }
4218
4219 /* If the command succeeded and there's still more commands in
4220 * this request the request is not yet complete.
4221 */
4222 if (!status && !hci_req_is_complete(hdev))
4223 return;
4224
4225 /* If this was the last command in a request the complete
4226 * callback would be found in hdev->sent_cmd instead of the
4227 * command queue (hdev->cmd_q).
4228 */
4229 if (hdev->sent_cmd) {
4230 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
4231
4232 if (req_complete) {
4233 /* We must set the complete callback to NULL to
4234 * avoid calling the callback more than once if
4235 * this function gets called again.
4236 */
4237 bt_cb(hdev->sent_cmd)->req.complete = NULL;
4238
4239 goto call_complete;
4240 }
4241 }
4242
4243 /* Remove all pending commands belonging to this request */
4244 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4245 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4246 if (bt_cb(skb)->req.start) {
4247 __skb_queue_head(&hdev->cmd_q, skb);
4248 break;
4249 }
4250
4251 req_complete = bt_cb(skb)->req.complete;
4252 kfree_skb(skb);
4253 }
4254 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4255
4256call_complete:
4257 if (req_complete)
4258 req_complete(hdev, status);
4259}
4260
4261static void hci_rx_work(struct work_struct *work)
4262{
4263 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4264 struct sk_buff *skb;
4265
4266 BT_DBG("%s", hdev->name);
4267
4268 while ((skb = skb_dequeue(&hdev->rx_q))) {
4269 /* Send copy to monitor */
4270 hci_send_to_monitor(hdev, skb);
4271
4272 if (atomic_read(&hdev->promisc)) {
4273 /* Send copy to the sockets */
4274 hci_send_to_sock(hdev, skb);
4275 }
4276
4277 if (test_bit(HCI_RAW, &hdev->flags) ||
4278 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4279 kfree_skb(skb);
4280 continue;
4281 }
4282
4283 if (test_bit(HCI_INIT, &hdev->flags)) {
4284 /* Don't process data packets in this states. */
4285 switch (bt_cb(skb)->pkt_type) {
4286 case HCI_ACLDATA_PKT:
4287 case HCI_SCODATA_PKT:
4288 kfree_skb(skb);
4289 continue;
4290 }
4291 }
4292
4293 /* Process frame */
4294 switch (bt_cb(skb)->pkt_type) {
4295 case HCI_EVENT_PKT:
4296 BT_DBG("%s Event packet", hdev->name);
4297 hci_event_packet(hdev, skb);
4298 break;
4299
4300 case HCI_ACLDATA_PKT:
4301 BT_DBG("%s ACL data packet", hdev->name);
4302 hci_acldata_packet(hdev, skb);
4303 break;
4304
4305 case HCI_SCODATA_PKT:
4306 BT_DBG("%s SCO data packet", hdev->name);
4307 hci_scodata_packet(hdev, skb);
4308 break;
4309
4310 default:
4311 kfree_skb(skb);
4312 break;
4313 }
4314 }
4315}
4316
4317static void hci_cmd_work(struct work_struct *work)
4318{
4319 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4320 struct sk_buff *skb;
4321
4322 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4323 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4324
4325 /* Send queued commands */
4326 if (atomic_read(&hdev->cmd_cnt)) {
4327 skb = skb_dequeue(&hdev->cmd_q);
4328 if (!skb)
4329 return;
4330
4331 kfree_skb(hdev->sent_cmd);
4332
4333 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4334 if (hdev->sent_cmd) {
4335 atomic_dec(&hdev->cmd_cnt);
4336 hci_send_frame(hdev, skb);
4337 if (test_bit(HCI_RESET, &hdev->flags))
4338 del_timer(&hdev->cmd_timer);
4339 else
4340 mod_timer(&hdev->cmd_timer,
4341 jiffies + HCI_CMD_TIMEOUT);
4342 } else {
4343 skb_queue_head(&hdev->cmd_q, skb);
4344 queue_work(hdev->workqueue, &hdev->cmd_work);
4345 }
4346 }
4347}