1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28#include <linux/export.h>
29#include <linux/idr.h>
30
31#include <linux/rfkill.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35
36static void hci_rx_work(struct work_struct *work);
37static void hci_cmd_work(struct work_struct *work);
38static void hci_tx_work(struct work_struct *work);
39
40
41LIST_HEAD(hci_dev_list);
42DEFINE_RWLOCK(hci_dev_list_lock);
43
44
45LIST_HEAD(hci_cb_list);
46DEFINE_RWLOCK(hci_cb_list_lock);
47
48
49static DEFINE_IDA(hci_index_ida);
50
51
52
53static void hci_notify(struct hci_dev *hdev, int event)
54{
55 hci_sock_dev_event(hdev, event);
56}
57
58
59
60static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
61{
62 BT_DBG("%s result 0x%2.2x", hdev->name, result);
63
64 if (hdev->req_status == HCI_REQ_PEND) {
65 hdev->req_result = result;
66 hdev->req_status = HCI_REQ_DONE;
67 wake_up_interruptible(&hdev->req_wait_q);
68 }
69}
70
71static void hci_req_cancel(struct hci_dev *hdev, int err)
72{
73 BT_DBG("%s err 0x%2.2x", hdev->name, err);
74
75 if (hdev->req_status == HCI_REQ_PEND) {
76 hdev->req_result = err;
77 hdev->req_status = HCI_REQ_CANCELED;
78 wake_up_interruptible(&hdev->req_wait_q);
79 }
80}
81
82static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
83 u8 event)
84{
85 struct hci_ev_cmd_complete *ev;
86 struct hci_event_hdr *hdr;
87 struct sk_buff *skb;
88
89 hci_dev_lock(hdev);
90
91 skb = hdev->recv_evt;
92 hdev->recv_evt = NULL;
93
94 hci_dev_unlock(hdev);
95
96 if (!skb)
97 return ERR_PTR(-ENODATA);
98
99 if (skb->len < sizeof(*hdr)) {
100 BT_ERR("Too short HCI event");
101 goto failed;
102 }
103
104 hdr = (void *) skb->data;
105 skb_pull(skb, HCI_EVENT_HDR_SIZE);
106
107 if (event) {
108 if (hdr->evt != event)
109 goto failed;
110 return skb;
111 }
112
113 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
114 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
115 goto failed;
116 }
117
118 if (skb->len < sizeof(*ev)) {
119 BT_ERR("Too short cmd_complete event");
120 goto failed;
121 }
122
123 ev = (void *) skb->data;
124 skb_pull(skb, sizeof(*ev));
125
126 if (opcode == __le16_to_cpu(ev->opcode))
127 return skb;
128
129 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
130 __le16_to_cpu(ev->opcode));
131
132failed:
133 kfree_skb(skb);
134 return ERR_PTR(-ENODATA);
135}
136
137struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
138 const void *param, u8 event, u32 timeout)
139{
140 DECLARE_WAITQUEUE(wait, current);
141 struct hci_request req;
142 int err = 0;
143
144 BT_DBG("%s", hdev->name);
145
146 hci_req_init(&req, hdev);
147
148 hci_req_add_ev(&req, opcode, plen, param, event);
149
150 hdev->req_status = HCI_REQ_PEND;
151
152 err = hci_req_run(&req, hci_req_sync_complete);
153 if (err < 0)
154 return ERR_PTR(err);
155
156 add_wait_queue(&hdev->req_wait_q, &wait);
157 set_current_state(TASK_INTERRUPTIBLE);
158
159 schedule_timeout(timeout);
160
161 remove_wait_queue(&hdev->req_wait_q, &wait);
162
163 if (signal_pending(current))
164 return ERR_PTR(-EINTR);
165
166 switch (hdev->req_status) {
167 case HCI_REQ_DONE:
168 err = -bt_to_errno(hdev->req_result);
169 break;
170
171 case HCI_REQ_CANCELED:
172 err = -hdev->req_result;
173 break;
174
175 default:
176 err = -ETIMEDOUT;
177 break;
178 }
179
180 hdev->req_status = hdev->req_result = 0;
181
182 BT_DBG("%s end: err %d", hdev->name, err);
183
184 if (err < 0)
185 return ERR_PTR(err);
186
187 return hci_get_cmd_complete(hdev, opcode, event);
188}
189EXPORT_SYMBOL(__hci_cmd_sync_ev);
190
191struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
192 const void *param, u32 timeout)
193{
194 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
195}
196EXPORT_SYMBOL(__hci_cmd_sync);
197
198
199static int __hci_req_sync(struct hci_dev *hdev,
200 void (*func)(struct hci_request *req,
201 unsigned long opt),
202 unsigned long opt, __u32 timeout)
203{
204 struct hci_request req;
205 DECLARE_WAITQUEUE(wait, current);
206 int err = 0;
207
208 BT_DBG("%s start", hdev->name);
209
210 hci_req_init(&req, hdev);
211
212 hdev->req_status = HCI_REQ_PEND;
213
214 func(&req, opt);
215
216 err = hci_req_run(&req, hci_req_sync_complete);
217 if (err < 0) {
218 hdev->req_status = 0;
219
220
221
222
223
224
225 if (err == -ENODATA)
226 return 0;
227
228 return err;
229 }
230
231 add_wait_queue(&hdev->req_wait_q, &wait);
232 set_current_state(TASK_INTERRUPTIBLE);
233
234 schedule_timeout(timeout);
235
236 remove_wait_queue(&hdev->req_wait_q, &wait);
237
238 if (signal_pending(current))
239 return -EINTR;
240
241 switch (hdev->req_status) {
242 case HCI_REQ_DONE:
243 err = -bt_to_errno(hdev->req_result);
244 break;
245
246 case HCI_REQ_CANCELED:
247 err = -hdev->req_result;
248 break;
249
250 default:
251 err = -ETIMEDOUT;
252 break;
253 }
254
255 hdev->req_status = hdev->req_result = 0;
256
257 BT_DBG("%s end: err %d", hdev->name, err);
258
259 return err;
260}
261
262static int hci_req_sync(struct hci_dev *hdev,
263 void (*req)(struct hci_request *req,
264 unsigned long opt),
265 unsigned long opt, __u32 timeout)
266{
267 int ret;
268
269 if (!test_bit(HCI_UP, &hdev->flags))
270 return -ENETDOWN;
271
272
273 hci_req_lock(hdev);
274 ret = __hci_req_sync(hdev, req, opt, timeout);
275 hci_req_unlock(hdev);
276
277 return ret;
278}
279
280static void hci_reset_req(struct hci_request *req, unsigned long opt)
281{
282 BT_DBG("%s %ld", req->hdev->name, opt);
283
284
285 set_bit(HCI_RESET, &req->hdev->flags);
286 hci_req_add(req, HCI_OP_RESET, 0, NULL);
287}
288
289static void bredr_init(struct hci_request *req)
290{
291 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
292
293
294 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
295
296
297 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
298
299
300 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
301}
302
303static void amp_init(struct hci_request *req)
304{
305 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
306
307
308 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
309
310
311 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
312
313
314 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
315}
316
317static void hci_init1_req(struct hci_request *req, unsigned long opt)
318{
319 struct hci_dev *hdev = req->hdev;
320
321 BT_DBG("%s %ld", hdev->name, opt);
322
323
324 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
325 hci_reset_req(req, 0);
326
327 switch (hdev->dev_type) {
328 case HCI_BREDR:
329 bredr_init(req);
330 break;
331
332 case HCI_AMP:
333 amp_init(req);
334 break;
335
336 default:
337 BT_ERR("Unknown device type %d", hdev->dev_type);
338 break;
339 }
340}
341
342static void bredr_setup(struct hci_request *req)
343{
344 __le16 param;
345 __u8 flt_type;
346
347
348 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
349
350
351 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
352
353
354 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
355
356
357 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
358
359
360 flt_type = HCI_FLT_CLEAR_ALL;
361 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
362
363
364 param = __constant_cpu_to_le16(0x7d00);
365 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
366
367
368 if (req->hdev->hci_ver > BLUETOOTH_VER_1_1) {
369 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
370 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
371 }
372}
373
374static void le_setup(struct hci_request *req)
375{
376 struct hci_dev *hdev = req->hdev;
377
378
379 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
380
381
382 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
383
384
385 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
386
387
388 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
389
390
391 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
392
393
394 if (!lmp_bredr_capable(hdev))
395 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
396}
397
398static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
399{
400 if (lmp_ext_inq_capable(hdev))
401 return 0x02;
402
403 if (lmp_inq_rssi_capable(hdev))
404 return 0x01;
405
406 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
407 hdev->lmp_subver == 0x0757)
408 return 0x01;
409
410 if (hdev->manufacturer == 15) {
411 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
412 return 0x01;
413 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
414 return 0x01;
415 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
416 return 0x01;
417 }
418
419 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
420 hdev->lmp_subver == 0x1805)
421 return 0x01;
422
423 return 0x00;
424}
425
426static void hci_setup_inquiry_mode(struct hci_request *req)
427{
428 u8 mode;
429
430 mode = hci_get_inquiry_mode(req->hdev);
431
432 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
433}
434
435static void hci_setup_event_mask(struct hci_request *req)
436{
437 struct hci_dev *hdev = req->hdev;
438
439
440
441
442
443 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
444
445
446
447
448 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
449 return;
450
451 if (lmp_bredr_capable(hdev)) {
452 events[4] |= 0x01;
453 events[4] |= 0x02;
454 events[4] |= 0x04;
455 events[5] |= 0x08;
456 events[5] |= 0x10;
457 }
458
459 if (lmp_inq_rssi_capable(hdev))
460 events[4] |= 0x02;
461
462 if (lmp_sniffsubr_capable(hdev))
463 events[5] |= 0x20;
464
465 if (lmp_pause_enc_capable(hdev))
466 events[5] |= 0x80;
467
468 if (lmp_ext_inq_capable(hdev))
469 events[5] |= 0x40;
470
471 if (lmp_no_flush_capable(hdev))
472 events[7] |= 0x01;
473
474 if (lmp_lsto_capable(hdev))
475 events[6] |= 0x80;
476
477 if (lmp_ssp_capable(hdev)) {
478 events[6] |= 0x01;
479 events[6] |= 0x02;
480 events[6] |= 0x04;
481 events[6] |= 0x08;
482 events[6] |= 0x10;
483 events[6] |= 0x20;
484 events[7] |= 0x04;
485 events[7] |= 0x08;
486 events[7] |= 0x10;
487
488
489 }
490
491 if (lmp_le_capable(hdev))
492 events[7] |= 0x20;
493
494 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
495
496 if (lmp_le_capable(hdev)) {
497 memset(events, 0, sizeof(events));
498 events[0] = 0x1f;
499 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK,
500 sizeof(events), events);
501 }
502}
503
504static void hci_init2_req(struct hci_request *req, unsigned long opt)
505{
506 struct hci_dev *hdev = req->hdev;
507
508 if (lmp_bredr_capable(hdev))
509 bredr_setup(req);
510
511 if (lmp_le_capable(hdev))
512 le_setup(req);
513
514 hci_setup_event_mask(req);
515
516 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
517 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
518
519 if (lmp_ssp_capable(hdev)) {
520 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
521 u8 mode = 0x01;
522 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
523 sizeof(mode), &mode);
524 } else {
525 struct hci_cp_write_eir cp;
526
527 memset(hdev->eir, 0, sizeof(hdev->eir));
528 memset(&cp, 0, sizeof(cp));
529
530 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
531 }
532 }
533
534 if (lmp_inq_rssi_capable(hdev))
535 hci_setup_inquiry_mode(req);
536
537 if (lmp_inq_tx_pwr_capable(hdev))
538 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
539
540 if (lmp_ext_feat_capable(hdev)) {
541 struct hci_cp_read_local_ext_features cp;
542
543 cp.page = 0x01;
544 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
545 sizeof(cp), &cp);
546 }
547
548 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
549 u8 enable = 1;
550 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
551 &enable);
552 }
553}
554
555static void hci_setup_link_policy(struct hci_request *req)
556{
557 struct hci_dev *hdev = req->hdev;
558 struct hci_cp_write_def_link_policy cp;
559 u16 link_policy = 0;
560
561 if (lmp_rswitch_capable(hdev))
562 link_policy |= HCI_LP_RSWITCH;
563 if (lmp_hold_capable(hdev))
564 link_policy |= HCI_LP_HOLD;
565 if (lmp_sniff_capable(hdev))
566 link_policy |= HCI_LP_SNIFF;
567 if (lmp_park_capable(hdev))
568 link_policy |= HCI_LP_PARK;
569
570 cp.policy = cpu_to_le16(link_policy);
571 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
572}
573
574static void hci_set_le_support(struct hci_request *req)
575{
576 struct hci_dev *hdev = req->hdev;
577 struct hci_cp_write_le_host_supported cp;
578
579
580 if (!lmp_bredr_capable(hdev))
581 return;
582
583 memset(&cp, 0, sizeof(cp));
584
585 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
586 cp.le = 0x01;
587 cp.simul = lmp_le_br_capable(hdev);
588 }
589
590 if (cp.le != lmp_host_le_capable(hdev))
591 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
592 &cp);
593}
594
595static void hci_init3_req(struct hci_request *req, unsigned long opt)
596{
597 struct hci_dev *hdev = req->hdev;
598 u8 p;
599
600
601 if (hdev->commands[6] & 0x80) {
602 struct hci_cp_delete_stored_link_key cp;
603
604 bacpy(&cp.bdaddr, BDADDR_ANY);
605 cp.delete_all = 0x01;
606 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
607 sizeof(cp), &cp);
608 }
609
610 if (hdev->commands[5] & 0x10)
611 hci_setup_link_policy(req);
612
613 if (lmp_le_capable(hdev)) {
614 hci_set_le_support(req);
615 hci_update_ad(req);
616 }
617
618
619 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
620 struct hci_cp_read_local_ext_features cp;
621
622 cp.page = p;
623 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
624 sizeof(cp), &cp);
625 }
626}
627
628static int __hci_init(struct hci_dev *hdev)
629{
630 int err;
631
632 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
633 if (err < 0)
634 return err;
635
636
637
638
639
640 if (hdev->dev_type != HCI_BREDR)
641 return 0;
642
643 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
644 if (err < 0)
645 return err;
646
647 return __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
648}
649
650static void hci_scan_req(struct hci_request *req, unsigned long opt)
651{
652 __u8 scan = opt;
653
654 BT_DBG("%s %x", req->hdev->name, scan);
655
656
657 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
658}
659
660static void hci_auth_req(struct hci_request *req, unsigned long opt)
661{
662 __u8 auth = opt;
663
664 BT_DBG("%s %x", req->hdev->name, auth);
665
666
667 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
668}
669
670static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
671{
672 __u8 encrypt = opt;
673
674 BT_DBG("%s %x", req->hdev->name, encrypt);
675
676
677 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
678}
679
680static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
681{
682 __le16 policy = cpu_to_le16(opt);
683
684 BT_DBG("%s %x", req->hdev->name, policy);
685
686
687 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
688}
689
690
691
692struct hci_dev *hci_dev_get(int index)
693{
694 struct hci_dev *hdev = NULL, *d;
695
696 BT_DBG("%d", index);
697
698 if (index < 0)
699 return NULL;
700
701 read_lock(&hci_dev_list_lock);
702 list_for_each_entry(d, &hci_dev_list, list) {
703 if (d->id == index) {
704 hdev = hci_dev_hold(d);
705 break;
706 }
707 }
708 read_unlock(&hci_dev_list_lock);
709 return hdev;
710}
711
712
713
714bool hci_discovery_active(struct hci_dev *hdev)
715{
716 struct discovery_state *discov = &hdev->discovery;
717
718 switch (discov->state) {
719 case DISCOVERY_FINDING:
720 case DISCOVERY_RESOLVING:
721 return true;
722
723 default:
724 return false;
725 }
726}
727
728void hci_discovery_set_state(struct hci_dev *hdev, int state)
729{
730 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
731
732 if (hdev->discovery.state == state)
733 return;
734
735 switch (state) {
736 case DISCOVERY_STOPPED:
737 if (hdev->discovery.state != DISCOVERY_STARTING)
738 mgmt_discovering(hdev, 0);
739 break;
740 case DISCOVERY_STARTING:
741 break;
742 case DISCOVERY_FINDING:
743 mgmt_discovering(hdev, 1);
744 break;
745 case DISCOVERY_RESOLVING:
746 break;
747 case DISCOVERY_STOPPING:
748 break;
749 }
750
751 hdev->discovery.state = state;
752}
753
754static void inquiry_cache_flush(struct hci_dev *hdev)
755{
756 struct discovery_state *cache = &hdev->discovery;
757 struct inquiry_entry *p, *n;
758
759 list_for_each_entry_safe(p, n, &cache->all, all) {
760 list_del(&p->all);
761 kfree(p);
762 }
763
764 INIT_LIST_HEAD(&cache->unknown);
765 INIT_LIST_HEAD(&cache->resolve);
766}
767
768struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
769 bdaddr_t *bdaddr)
770{
771 struct discovery_state *cache = &hdev->discovery;
772 struct inquiry_entry *e;
773
774 BT_DBG("cache %p, %pMR", cache, bdaddr);
775
776 list_for_each_entry(e, &cache->all, all) {
777 if (!bacmp(&e->data.bdaddr, bdaddr))
778 return e;
779 }
780
781 return NULL;
782}
783
784struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
785 bdaddr_t *bdaddr)
786{
787 struct discovery_state *cache = &hdev->discovery;
788 struct inquiry_entry *e;
789
790 BT_DBG("cache %p, %pMR", cache, bdaddr);
791
792 list_for_each_entry(e, &cache->unknown, list) {
793 if (!bacmp(&e->data.bdaddr, bdaddr))
794 return e;
795 }
796
797 return NULL;
798}
799
800struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
801 bdaddr_t *bdaddr,
802 int state)
803{
804 struct discovery_state *cache = &hdev->discovery;
805 struct inquiry_entry *e;
806
807 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
808
809 list_for_each_entry(e, &cache->resolve, list) {
810 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
811 return e;
812 if (!bacmp(&e->data.bdaddr, bdaddr))
813 return e;
814 }
815
816 return NULL;
817}
818
819void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
820 struct inquiry_entry *ie)
821{
822 struct discovery_state *cache = &hdev->discovery;
823 struct list_head *pos = &cache->resolve;
824 struct inquiry_entry *p;
825
826 list_del(&ie->list);
827
828 list_for_each_entry(p, &cache->resolve, list) {
829 if (p->name_state != NAME_PENDING &&
830 abs(p->data.rssi) >= abs(ie->data.rssi))
831 break;
832 pos = &p->list;
833 }
834
835 list_add(&ie->list, pos);
836}
837
838bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
839 bool name_known, bool *ssp)
840{
841 struct discovery_state *cache = &hdev->discovery;
842 struct inquiry_entry *ie;
843
844 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
845
846 hci_remove_remote_oob_data(hdev, &data->bdaddr);
847
848 if (ssp)
849 *ssp = data->ssp_mode;
850
851 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
852 if (ie) {
853 if (ie->data.ssp_mode && ssp)
854 *ssp = true;
855
856 if (ie->name_state == NAME_NEEDED &&
857 data->rssi != ie->data.rssi) {
858 ie->data.rssi = data->rssi;
859 hci_inquiry_cache_update_resolve(hdev, ie);
860 }
861
862 goto update;
863 }
864
865
866 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
867 if (!ie)
868 return false;
869
870 list_add(&ie->all, &cache->all);
871
872 if (name_known) {
873 ie->name_state = NAME_KNOWN;
874 } else {
875 ie->name_state = NAME_NOT_KNOWN;
876 list_add(&ie->list, &cache->unknown);
877 }
878
879update:
880 if (name_known && ie->name_state != NAME_KNOWN &&
881 ie->name_state != NAME_PENDING) {
882 ie->name_state = NAME_KNOWN;
883 list_del(&ie->list);
884 }
885
886 memcpy(&ie->data, data, sizeof(*data));
887 ie->timestamp = jiffies;
888 cache->timestamp = jiffies;
889
890 if (ie->name_state == NAME_NOT_KNOWN)
891 return false;
892
893 return true;
894}
895
896static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
897{
898 struct discovery_state *cache = &hdev->discovery;
899 struct inquiry_info *info = (struct inquiry_info *) buf;
900 struct inquiry_entry *e;
901 int copied = 0;
902
903 list_for_each_entry(e, &cache->all, all) {
904 struct inquiry_data *data = &e->data;
905
906 if (copied >= num)
907 break;
908
909 bacpy(&info->bdaddr, &data->bdaddr);
910 info->pscan_rep_mode = data->pscan_rep_mode;
911 info->pscan_period_mode = data->pscan_period_mode;
912 info->pscan_mode = data->pscan_mode;
913 memcpy(info->dev_class, data->dev_class, 3);
914 info->clock_offset = data->clock_offset;
915
916 info++;
917 copied++;
918 }
919
920 BT_DBG("cache %p, copied %d", cache, copied);
921 return copied;
922}
923
924static void hci_inq_req(struct hci_request *req, unsigned long opt)
925{
926 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
927 struct hci_dev *hdev = req->hdev;
928 struct hci_cp_inquiry cp;
929
930 BT_DBG("%s", hdev->name);
931
932 if (test_bit(HCI_INQUIRY, &hdev->flags))
933 return;
934
935
936 memcpy(&cp.lap, &ir->lap, 3);
937 cp.length = ir->length;
938 cp.num_rsp = ir->num_rsp;
939 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
940}
941
942static int wait_inquiry(void *word)
943{
944 schedule();
945 return signal_pending(current);
946}
947
948int hci_inquiry(void __user *arg)
949{
950 __u8 __user *ptr = arg;
951 struct hci_inquiry_req ir;
952 struct hci_dev *hdev;
953 int err = 0, do_inquiry = 0, max_rsp;
954 long timeo;
955 __u8 *buf;
956
957 if (copy_from_user(&ir, ptr, sizeof(ir)))
958 return -EFAULT;
959
960 hdev = hci_dev_get(ir.dev_id);
961 if (!hdev)
962 return -ENODEV;
963
964 hci_dev_lock(hdev);
965 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
966 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
967 inquiry_cache_flush(hdev);
968 do_inquiry = 1;
969 }
970 hci_dev_unlock(hdev);
971
972 timeo = ir.length * msecs_to_jiffies(2000);
973
974 if (do_inquiry) {
975 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
976 timeo);
977 if (err < 0)
978 goto done;
979
980
981
982
983 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry,
984 TASK_INTERRUPTIBLE))
985 return -EINTR;
986 }
987
988
989
990
991 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
992
993
994
995
996 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
997 if (!buf) {
998 err = -ENOMEM;
999 goto done;
1000 }
1001
1002 hci_dev_lock(hdev);
1003 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1004 hci_dev_unlock(hdev);
1005
1006 BT_DBG("num_rsp %d", ir.num_rsp);
1007
1008 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1009 ptr += sizeof(ir);
1010 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1011 ir.num_rsp))
1012 err = -EFAULT;
1013 } else
1014 err = -EFAULT;
1015
1016 kfree(buf);
1017
1018done:
1019 hci_dev_put(hdev);
1020 return err;
1021}
1022
1023static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
1024{
1025 u8 ad_len = 0, flags = 0;
1026 size_t name_len;
1027
1028 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
1029 flags |= LE_AD_GENERAL;
1030
1031 if (!lmp_bredr_capable(hdev))
1032 flags |= LE_AD_NO_BREDR;
1033
1034 if (lmp_le_br_capable(hdev))
1035 flags |= LE_AD_SIM_LE_BREDR_CTRL;
1036
1037 if (lmp_host_le_br_capable(hdev))
1038 flags |= LE_AD_SIM_LE_BREDR_HOST;
1039
1040 if (flags) {
1041 BT_DBG("adv flags 0x%02x", flags);
1042
1043 ptr[0] = 2;
1044 ptr[1] = EIR_FLAGS;
1045 ptr[2] = flags;
1046
1047 ad_len += 3;
1048 ptr += 3;
1049 }
1050
1051 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
1052 ptr[0] = 2;
1053 ptr[1] = EIR_TX_POWER;
1054 ptr[2] = (u8) hdev->adv_tx_power;
1055
1056 ad_len += 3;
1057 ptr += 3;
1058 }
1059
1060 name_len = strlen(hdev->dev_name);
1061 if (name_len > 0) {
1062 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
1063
1064 if (name_len > max_len) {
1065 name_len = max_len;
1066 ptr[1] = EIR_NAME_SHORT;
1067 } else
1068 ptr[1] = EIR_NAME_COMPLETE;
1069
1070 ptr[0] = name_len + 1;
1071
1072 memcpy(ptr + 2, hdev->dev_name, name_len);
1073
1074 ad_len += (name_len + 2);
1075 ptr += (name_len + 2);
1076 }
1077
1078 return ad_len;
1079}
1080
1081void hci_update_ad(struct hci_request *req)
1082{
1083 struct hci_dev *hdev = req->hdev;
1084 struct hci_cp_le_set_adv_data cp;
1085 u8 len;
1086
1087 if (!lmp_le_capable(hdev))
1088 return;
1089
1090 memset(&cp, 0, sizeof(cp));
1091
1092 len = create_ad(hdev, cp.data);
1093
1094 if (hdev->adv_data_len == len &&
1095 memcmp(cp.data, hdev->adv_data, len) == 0)
1096 return;
1097
1098 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1099 hdev->adv_data_len = len;
1100
1101 cp.length = len;
1102
1103 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1104}
1105
1106
1107
1108int hci_dev_open(__u16 dev)
1109{
1110 struct hci_dev *hdev;
1111 int ret = 0;
1112
1113 hdev = hci_dev_get(dev);
1114 if (!hdev)
1115 return -ENODEV;
1116
1117 BT_DBG("%s %p", hdev->name, hdev);
1118
1119 hci_req_lock(hdev);
1120
1121 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
1122 ret = -ENODEV;
1123 goto done;
1124 }
1125
1126 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
1127 ret = -ERFKILL;
1128 goto done;
1129 }
1130
1131 if (test_bit(HCI_UP, &hdev->flags)) {
1132 ret = -EALREADY;
1133 goto done;
1134 }
1135
1136 if (hdev->open(hdev)) {
1137 ret = -EIO;
1138 goto done;
1139 }
1140
1141 atomic_set(&hdev->cmd_cnt, 1);
1142 set_bit(HCI_INIT, &hdev->flags);
1143
1144 if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags))
1145 ret = hdev->setup(hdev);
1146
1147 if (!ret) {
1148
1149
1150
1151 if (hdev->dev_type != HCI_BREDR && !enable_hs)
1152 set_bit(HCI_RAW, &hdev->flags);
1153
1154 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1155 set_bit(HCI_RAW, &hdev->flags);
1156
1157 if (!test_bit(HCI_RAW, &hdev->flags))
1158 ret = __hci_init(hdev);
1159 }
1160
1161 clear_bit(HCI_INIT, &hdev->flags);
1162
1163 if (!ret) {
1164 hci_dev_hold(hdev);
1165 set_bit(HCI_UP, &hdev->flags);
1166 hci_notify(hdev, HCI_DEV_UP);
1167 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
1168 mgmt_valid_hdev(hdev)) {
1169 hci_dev_lock(hdev);
1170 mgmt_powered(hdev, 1);
1171 hci_dev_unlock(hdev);
1172 }
1173 } else {
1174
1175 flush_work(&hdev->tx_work);
1176 flush_work(&hdev->cmd_work);
1177 flush_work(&hdev->rx_work);
1178
1179 skb_queue_purge(&hdev->cmd_q);
1180 skb_queue_purge(&hdev->rx_q);
1181
1182 if (hdev->flush)
1183 hdev->flush(hdev);
1184
1185 if (hdev->sent_cmd) {
1186 kfree_skb(hdev->sent_cmd);
1187 hdev->sent_cmd = NULL;
1188 }
1189
1190 hdev->close(hdev);
1191 hdev->flags = 0;
1192 }
1193
1194done:
1195 hci_req_unlock(hdev);
1196 hci_dev_put(hdev);
1197 return ret;
1198}
1199
1200static int hci_dev_do_close(struct hci_dev *hdev)
1201{
1202 BT_DBG("%s %p", hdev->name, hdev);
1203
1204 cancel_work_sync(&hdev->le_scan);
1205
1206 cancel_delayed_work(&hdev->power_off);
1207
1208 hci_req_cancel(hdev, ENODEV);
1209 hci_req_lock(hdev);
1210
1211 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1212 del_timer_sync(&hdev->cmd_timer);
1213 hci_req_unlock(hdev);
1214 return 0;
1215 }
1216
1217
1218 flush_work(&hdev->tx_work);
1219 flush_work(&hdev->rx_work);
1220
1221 if (hdev->discov_timeout > 0) {
1222 cancel_delayed_work(&hdev->discov_off);
1223 hdev->discov_timeout = 0;
1224 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1225 }
1226
1227 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1228 cancel_delayed_work(&hdev->service_cache);
1229
1230 cancel_delayed_work_sync(&hdev->le_scan_disable);
1231
1232 hci_dev_lock(hdev);
1233 inquiry_cache_flush(hdev);
1234 hci_conn_hash_flush(hdev);
1235 hci_dev_unlock(hdev);
1236
1237 hci_notify(hdev, HCI_DEV_DOWN);
1238
1239 if (hdev->flush)
1240 hdev->flush(hdev);
1241
1242
1243 skb_queue_purge(&hdev->cmd_q);
1244 atomic_set(&hdev->cmd_cnt, 1);
1245 if (!test_bit(HCI_RAW, &hdev->flags) &&
1246 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
1247 set_bit(HCI_INIT, &hdev->flags);
1248 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
1249 clear_bit(HCI_INIT, &hdev->flags);
1250 }
1251
1252
1253 flush_work(&hdev->cmd_work);
1254
1255
1256 skb_queue_purge(&hdev->rx_q);
1257 skb_queue_purge(&hdev->cmd_q);
1258 skb_queue_purge(&hdev->raw_q);
1259
1260
1261 if (hdev->sent_cmd) {
1262 del_timer_sync(&hdev->cmd_timer);
1263 kfree_skb(hdev->sent_cmd);
1264 hdev->sent_cmd = NULL;
1265 }
1266
1267 kfree_skb(hdev->recv_evt);
1268 hdev->recv_evt = NULL;
1269
1270
1271
1272 hdev->close(hdev);
1273
1274
1275 hdev->flags = 0;
1276 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
1277
1278 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
1279 mgmt_valid_hdev(hdev)) {
1280 hci_dev_lock(hdev);
1281 mgmt_powered(hdev, 0);
1282 hci_dev_unlock(hdev);
1283 }
1284
1285
1286 hdev->amp_status = 0;
1287
1288 memset(hdev->eir, 0, sizeof(hdev->eir));
1289 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1290
1291 hci_req_unlock(hdev);
1292
1293 hci_dev_put(hdev);
1294 return 0;
1295}
1296
1297int hci_dev_close(__u16 dev)
1298{
1299 struct hci_dev *hdev;
1300 int err;
1301
1302 hdev = hci_dev_get(dev);
1303 if (!hdev)
1304 return -ENODEV;
1305
1306 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1307 cancel_delayed_work(&hdev->power_off);
1308
1309 err = hci_dev_do_close(hdev);
1310
1311 hci_dev_put(hdev);
1312 return err;
1313}
1314
1315int hci_dev_reset(__u16 dev)
1316{
1317 struct hci_dev *hdev;
1318 int ret = 0;
1319
1320 hdev = hci_dev_get(dev);
1321 if (!hdev)
1322 return -ENODEV;
1323
1324 hci_req_lock(hdev);
1325
1326 if (!test_bit(HCI_UP, &hdev->flags))
1327 goto done;
1328
1329
1330 skb_queue_purge(&hdev->rx_q);
1331 skb_queue_purge(&hdev->cmd_q);
1332
1333 hci_dev_lock(hdev);
1334 inquiry_cache_flush(hdev);
1335 hci_conn_hash_flush(hdev);
1336 hci_dev_unlock(hdev);
1337
1338 if (hdev->flush)
1339 hdev->flush(hdev);
1340
1341 atomic_set(&hdev->cmd_cnt, 1);
1342 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1343
1344 if (!test_bit(HCI_RAW, &hdev->flags))
1345 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
1346
1347done:
1348 hci_req_unlock(hdev);
1349 hci_dev_put(hdev);
1350 return ret;
1351}
1352
1353int hci_dev_reset_stat(__u16 dev)
1354{
1355 struct hci_dev *hdev;
1356 int ret = 0;
1357
1358 hdev = hci_dev_get(dev);
1359 if (!hdev)
1360 return -ENODEV;
1361
1362 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1363
1364 hci_dev_put(hdev);
1365
1366 return ret;
1367}
1368
1369int hci_dev_cmd(unsigned int cmd, void __user *arg)
1370{
1371 struct hci_dev *hdev;
1372 struct hci_dev_req dr;
1373 int err = 0;
1374
1375 if (copy_from_user(&dr, arg, sizeof(dr)))
1376 return -EFAULT;
1377
1378 hdev = hci_dev_get(dr.dev_id);
1379 if (!hdev)
1380 return -ENODEV;
1381
1382 switch (cmd) {
1383 case HCISETAUTH:
1384 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1385 HCI_INIT_TIMEOUT);
1386 break;
1387
1388 case HCISETENCRYPT:
1389 if (!lmp_encrypt_capable(hdev)) {
1390 err = -EOPNOTSUPP;
1391 break;
1392 }
1393
1394 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1395
1396 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1397 HCI_INIT_TIMEOUT);
1398 if (err)
1399 break;
1400 }
1401
1402 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1403 HCI_INIT_TIMEOUT);
1404 break;
1405
1406 case HCISETSCAN:
1407 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1408 HCI_INIT_TIMEOUT);
1409 break;
1410
1411 case HCISETLINKPOL:
1412 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1413 HCI_INIT_TIMEOUT);
1414 break;
1415
1416 case HCISETLINKMODE:
1417 hdev->link_mode = ((__u16) dr.dev_opt) &
1418 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1419 break;
1420
1421 case HCISETPTYPE:
1422 hdev->pkt_type = (__u16) dr.dev_opt;
1423 break;
1424
1425 case HCISETACLMTU:
1426 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1427 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1428 break;
1429
1430 case HCISETSCOMTU:
1431 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1432 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1433 break;
1434
1435 default:
1436 err = -EINVAL;
1437 break;
1438 }
1439
1440 hci_dev_put(hdev);
1441 return err;
1442}
1443
1444int hci_get_dev_list(void __user *arg)
1445{
1446 struct hci_dev *hdev;
1447 struct hci_dev_list_req *dl;
1448 struct hci_dev_req *dr;
1449 int n = 0, size, err;
1450 __u16 dev_num;
1451
1452 if (get_user(dev_num, (__u16 __user *) arg))
1453 return -EFAULT;
1454
1455 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1456 return -EINVAL;
1457
1458 size = sizeof(*dl) + dev_num * sizeof(*dr);
1459
1460 dl = kzalloc(size, GFP_KERNEL);
1461 if (!dl)
1462 return -ENOMEM;
1463
1464 dr = dl->dev_req;
1465
1466 read_lock(&hci_dev_list_lock);
1467 list_for_each_entry(hdev, &hci_dev_list, list) {
1468 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1469 cancel_delayed_work(&hdev->power_off);
1470
1471 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1472 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1473
1474 (dr + n)->dev_id = hdev->id;
1475 (dr + n)->dev_opt = hdev->flags;
1476
1477 if (++n >= dev_num)
1478 break;
1479 }
1480 read_unlock(&hci_dev_list_lock);
1481
1482 dl->dev_num = n;
1483 size = sizeof(*dl) + n * sizeof(*dr);
1484
1485 err = copy_to_user(arg, dl, size);
1486 kfree(dl);
1487
1488 return err ? -EFAULT : 0;
1489}
1490
1491int hci_get_dev_info(void __user *arg)
1492{
1493 struct hci_dev *hdev;
1494 struct hci_dev_info di;
1495 int err = 0;
1496
1497 if (copy_from_user(&di, arg, sizeof(di)))
1498 return -EFAULT;
1499
1500 hdev = hci_dev_get(di.dev_id);
1501 if (!hdev)
1502 return -ENODEV;
1503
1504 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1505 cancel_delayed_work_sync(&hdev->power_off);
1506
1507 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1508 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1509
1510 strcpy(di.name, hdev->name);
1511 di.bdaddr = hdev->bdaddr;
1512 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1513 di.flags = hdev->flags;
1514 di.pkt_type = hdev->pkt_type;
1515 if (lmp_bredr_capable(hdev)) {
1516 di.acl_mtu = hdev->acl_mtu;
1517 di.acl_pkts = hdev->acl_pkts;
1518 di.sco_mtu = hdev->sco_mtu;
1519 di.sco_pkts = hdev->sco_pkts;
1520 } else {
1521 di.acl_mtu = hdev->le_mtu;
1522 di.acl_pkts = hdev->le_pkts;
1523 di.sco_mtu = 0;
1524 di.sco_pkts = 0;
1525 }
1526 di.link_policy = hdev->link_policy;
1527 di.link_mode = hdev->link_mode;
1528
1529 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1530 memcpy(&di.features, &hdev->features, sizeof(di.features));
1531
1532 if (copy_to_user(arg, &di, sizeof(di)))
1533 err = -EFAULT;
1534
1535 hci_dev_put(hdev);
1536
1537 return err;
1538}
1539
1540
1541
1542static int hci_rfkill_set_block(void *data, bool blocked)
1543{
1544 struct hci_dev *hdev = data;
1545
1546 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1547
1548 if (!blocked)
1549 return 0;
1550
1551 hci_dev_do_close(hdev);
1552
1553 return 0;
1554}
1555
1556static const struct rfkill_ops hci_rfkill_ops = {
1557 .set_block = hci_rfkill_set_block,
1558};
1559
1560static void hci_power_on(struct work_struct *work)
1561{
1562 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1563 int err;
1564
1565 BT_DBG("%s", hdev->name);
1566
1567 err = hci_dev_open(hdev->id);
1568 if (err < 0) {
1569 mgmt_set_powered_failed(hdev, err);
1570 return;
1571 }
1572
1573 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1574 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1575 HCI_AUTO_OFF_TIMEOUT);
1576
1577 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1578 mgmt_index_added(hdev);
1579}
1580
1581static void hci_power_off(struct work_struct *work)
1582{
1583 struct hci_dev *hdev = container_of(work, struct hci_dev,
1584 power_off.work);
1585
1586 BT_DBG("%s", hdev->name);
1587
1588 hci_dev_do_close(hdev);
1589}
1590
1591static void hci_discov_off(struct work_struct *work)
1592{
1593 struct hci_dev *hdev;
1594 u8 scan = SCAN_PAGE;
1595
1596 hdev = container_of(work, struct hci_dev, discov_off.work);
1597
1598 BT_DBG("%s", hdev->name);
1599
1600 hci_dev_lock(hdev);
1601
1602 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1603
1604 hdev->discov_timeout = 0;
1605
1606 hci_dev_unlock(hdev);
1607}
1608
1609int hci_uuids_clear(struct hci_dev *hdev)
1610{
1611 struct bt_uuid *uuid, *tmp;
1612
1613 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
1614 list_del(&uuid->list);
1615 kfree(uuid);
1616 }
1617
1618 return 0;
1619}
1620
1621int hci_link_keys_clear(struct hci_dev *hdev)
1622{
1623 struct list_head *p, *n;
1624
1625 list_for_each_safe(p, n, &hdev->link_keys) {
1626 struct link_key *key;
1627
1628 key = list_entry(p, struct link_key, list);
1629
1630 list_del(p);
1631 kfree(key);
1632 }
1633
1634 return 0;
1635}
1636
1637int hci_smp_ltks_clear(struct hci_dev *hdev)
1638{
1639 struct smp_ltk *k, *tmp;
1640
1641 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1642 list_del(&k->list);
1643 kfree(k);
1644 }
1645
1646 return 0;
1647}
1648
1649struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1650{
1651 struct link_key *k;
1652
1653 list_for_each_entry(k, &hdev->link_keys, list)
1654 if (bacmp(bdaddr, &k->bdaddr) == 0)
1655 return k;
1656
1657 return NULL;
1658}
1659
1660static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1661 u8 key_type, u8 old_key_type)
1662{
1663
1664 if (key_type < 0x03)
1665 return true;
1666
1667
1668 if (key_type == HCI_LK_DEBUG_COMBINATION)
1669 return false;
1670
1671
1672 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1673 return false;
1674
1675
1676 if (!conn)
1677 return true;
1678
1679
1680 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1681 return true;
1682
1683
1684 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1685 return true;
1686
1687
1688 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1689 return true;
1690
1691
1692
1693 return false;
1694}
1695
1696struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1697{
1698 struct smp_ltk *k;
1699
1700 list_for_each_entry(k, &hdev->long_term_keys, list) {
1701 if (k->ediv != ediv ||
1702 memcmp(rand, k->rand, sizeof(k->rand)))
1703 continue;
1704
1705 return k;
1706 }
1707
1708 return NULL;
1709}
1710
1711struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1712 u8 addr_type)
1713{
1714 struct smp_ltk *k;
1715
1716 list_for_each_entry(k, &hdev->long_term_keys, list)
1717 if (addr_type == k->bdaddr_type &&
1718 bacmp(bdaddr, &k->bdaddr) == 0)
1719 return k;
1720
1721 return NULL;
1722}
1723
1724int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1725 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1726{
1727 struct link_key *key, *old_key;
1728 u8 old_key_type;
1729 bool persistent;
1730
1731 old_key = hci_find_link_key(hdev, bdaddr);
1732 if (old_key) {
1733 old_key_type = old_key->type;
1734 key = old_key;
1735 } else {
1736 old_key_type = conn ? conn->key_type : 0xff;
1737 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1738 if (!key)
1739 return -ENOMEM;
1740 list_add(&key->list, &hdev->link_keys);
1741 }
1742
1743 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
1744
1745
1746
1747
1748 if (type == HCI_LK_CHANGED_COMBINATION &&
1749 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
1750 type = HCI_LK_COMBINATION;
1751 if (conn)
1752 conn->key_type = type;
1753 }
1754
1755 bacpy(&key->bdaddr, bdaddr);
1756 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
1757 key->pin_len = pin_len;
1758
1759 if (type == HCI_LK_CHANGED_COMBINATION)
1760 key->type = old_key_type;
1761 else
1762 key->type = type;
1763
1764 if (!new_key)
1765 return 0;
1766
1767 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1768
1769 mgmt_new_link_key(hdev, key, persistent);
1770
1771 if (conn)
1772 conn->flush_key = !persistent;
1773
1774 return 0;
1775}
1776
1777int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1778 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
1779 ediv, u8 rand[8])
1780{
1781 struct smp_ltk *key, *old_key;
1782
1783 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1784 return 0;
1785
1786 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1787 if (old_key)
1788 key = old_key;
1789 else {
1790 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1791 if (!key)
1792 return -ENOMEM;
1793 list_add(&key->list, &hdev->long_term_keys);
1794 }
1795
1796 bacpy(&key->bdaddr, bdaddr);
1797 key->bdaddr_type = addr_type;
1798 memcpy(key->val, tk, sizeof(key->val));
1799 key->authenticated = authenticated;
1800 key->ediv = ediv;
1801 key->enc_size = enc_size;
1802 key->type = type;
1803 memcpy(key->rand, rand, sizeof(key->rand));
1804
1805 if (!new_key)
1806 return 0;
1807
1808 if (type & HCI_SMP_LTK)
1809 mgmt_new_ltk(hdev, key, 1);
1810
1811 return 0;
1812}
1813
1814int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1815{
1816 struct link_key *key;
1817
1818 key = hci_find_link_key(hdev, bdaddr);
1819 if (!key)
1820 return -ENOENT;
1821
1822 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1823
1824 list_del(&key->list);
1825 kfree(key);
1826
1827 return 0;
1828}
1829
1830int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1831{
1832 struct smp_ltk *k, *tmp;
1833
1834 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1835 if (bacmp(bdaddr, &k->bdaddr))
1836 continue;
1837
1838 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1839
1840 list_del(&k->list);
1841 kfree(k);
1842 }
1843
1844 return 0;
1845}
1846
1847
1848static void hci_cmd_timeout(unsigned long arg)
1849{
1850 struct hci_dev *hdev = (void *) arg;
1851
1852 if (hdev->sent_cmd) {
1853 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1854 u16 opcode = __le16_to_cpu(sent->opcode);
1855
1856 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1857 } else {
1858 BT_ERR("%s command tx timeout", hdev->name);
1859 }
1860
1861 atomic_set(&hdev->cmd_cnt, 1);
1862 queue_work(hdev->workqueue, &hdev->cmd_work);
1863}
1864
1865struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1866 bdaddr_t *bdaddr)
1867{
1868 struct oob_data *data;
1869
1870 list_for_each_entry(data, &hdev->remote_oob_data, list)
1871 if (bacmp(bdaddr, &data->bdaddr) == 0)
1872 return data;
1873
1874 return NULL;
1875}
1876
1877int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1878{
1879 struct oob_data *data;
1880
1881 data = hci_find_remote_oob_data(hdev, bdaddr);
1882 if (!data)
1883 return -ENOENT;
1884
1885 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
1886
1887 list_del(&data->list);
1888 kfree(data);
1889
1890 return 0;
1891}
1892
1893int hci_remote_oob_data_clear(struct hci_dev *hdev)
1894{
1895 struct oob_data *data, *n;
1896
1897 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1898 list_del(&data->list);
1899 kfree(data);
1900 }
1901
1902 return 0;
1903}
1904
1905int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1906 u8 *randomizer)
1907{
1908 struct oob_data *data;
1909
1910 data = hci_find_remote_oob_data(hdev, bdaddr);
1911
1912 if (!data) {
1913 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1914 if (!data)
1915 return -ENOMEM;
1916
1917 bacpy(&data->bdaddr, bdaddr);
1918 list_add(&data->list, &hdev->remote_oob_data);
1919 }
1920
1921 memcpy(data->hash, hash, sizeof(data->hash));
1922 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1923
1924 BT_DBG("%s for %pMR", hdev->name, bdaddr);
1925
1926 return 0;
1927}
1928
1929struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1930{
1931 struct bdaddr_list *b;
1932
1933 list_for_each_entry(b, &hdev->blacklist, list)
1934 if (bacmp(bdaddr, &b->bdaddr) == 0)
1935 return b;
1936
1937 return NULL;
1938}
1939
1940int hci_blacklist_clear(struct hci_dev *hdev)
1941{
1942 struct list_head *p, *n;
1943
1944 list_for_each_safe(p, n, &hdev->blacklist) {
1945 struct bdaddr_list *b;
1946
1947 b = list_entry(p, struct bdaddr_list, list);
1948
1949 list_del(p);
1950 kfree(b);
1951 }
1952
1953 return 0;
1954}
1955
1956int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1957{
1958 struct bdaddr_list *entry;
1959
1960 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1961 return -EBADF;
1962
1963 if (hci_blacklist_lookup(hdev, bdaddr))
1964 return -EEXIST;
1965
1966 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1967 if (!entry)
1968 return -ENOMEM;
1969
1970 bacpy(&entry->bdaddr, bdaddr);
1971
1972 list_add(&entry->list, &hdev->blacklist);
1973
1974 return mgmt_device_blocked(hdev, bdaddr, type);
1975}
1976
1977int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1978{
1979 struct bdaddr_list *entry;
1980
1981 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1982 return hci_blacklist_clear(hdev);
1983
1984 entry = hci_blacklist_lookup(hdev, bdaddr);
1985 if (!entry)
1986 return -ENOENT;
1987
1988 list_del(&entry->list);
1989 kfree(entry);
1990
1991 return mgmt_device_unblocked(hdev, bdaddr, type);
1992}
1993
1994static void le_scan_param_req(struct hci_request *req, unsigned long opt)
1995{
1996 struct le_scan_params *param = (struct le_scan_params *) opt;
1997 struct hci_cp_le_set_scan_param cp;
1998
1999 memset(&cp, 0, sizeof(cp));
2000 cp.type = param->type;
2001 cp.interval = cpu_to_le16(param->interval);
2002 cp.window = cpu_to_le16(param->window);
2003
2004 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
2005}
2006
2007static void le_scan_enable_req(struct hci_request *req, unsigned long opt)
2008{
2009 struct hci_cp_le_set_scan_enable cp;
2010
2011 memset(&cp, 0, sizeof(cp));
2012 cp.enable = LE_SCAN_ENABLE;
2013 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2014
2015 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
2016}
2017
2018static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
2019 u16 window, int timeout)
2020{
2021 long timeo = msecs_to_jiffies(3000);
2022 struct le_scan_params param;
2023 int err;
2024
2025 BT_DBG("%s", hdev->name);
2026
2027 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
2028 return -EINPROGRESS;
2029
2030 param.type = type;
2031 param.interval = interval;
2032 param.window = window;
2033
2034 hci_req_lock(hdev);
2035
2036 err = __hci_req_sync(hdev, le_scan_param_req, (unsigned long) ¶m,
2037 timeo);
2038 if (!err)
2039 err = __hci_req_sync(hdev, le_scan_enable_req, 0, timeo);
2040
2041 hci_req_unlock(hdev);
2042
2043 if (err < 0)
2044 return err;
2045
2046 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2047 timeout);
2048
2049 return 0;
2050}
2051
2052int hci_cancel_le_scan(struct hci_dev *hdev)
2053{
2054 BT_DBG("%s", hdev->name);
2055
2056 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
2057 return -EALREADY;
2058
2059 if (cancel_delayed_work(&hdev->le_scan_disable)) {
2060 struct hci_cp_le_set_scan_enable cp;
2061
2062
2063 memset(&cp, 0, sizeof(cp));
2064 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
2065 }
2066
2067 return 0;
2068}
2069
2070static void le_scan_disable_work(struct work_struct *work)
2071{
2072 struct hci_dev *hdev = container_of(work, struct hci_dev,
2073 le_scan_disable.work);
2074 struct hci_cp_le_set_scan_enable cp;
2075
2076 BT_DBG("%s", hdev->name);
2077
2078 memset(&cp, 0, sizeof(cp));
2079
2080 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
2081}
2082
2083static void le_scan_work(struct work_struct *work)
2084{
2085 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
2086 struct le_scan_params *param = &hdev->le_scan_params;
2087
2088 BT_DBG("%s", hdev->name);
2089
2090 hci_do_le_scan(hdev, param->type, param->interval, param->window,
2091 param->timeout);
2092}
2093
2094int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
2095 int timeout)
2096{
2097 struct le_scan_params *param = &hdev->le_scan_params;
2098
2099 BT_DBG("%s", hdev->name);
2100
2101 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
2102 return -ENOTSUPP;
2103
2104 if (work_busy(&hdev->le_scan))
2105 return -EINPROGRESS;
2106
2107 param->type = type;
2108 param->interval = interval;
2109 param->window = window;
2110 param->timeout = timeout;
2111
2112 queue_work(system_long_wq, &hdev->le_scan);
2113
2114 return 0;
2115}
2116
2117
2118struct hci_dev *hci_alloc_dev(void)
2119{
2120 struct hci_dev *hdev;
2121
2122 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
2123 if (!hdev)
2124 return NULL;
2125
2126 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
2127 hdev->esco_type = (ESCO_HV1);
2128 hdev->link_mode = (HCI_LM_ACCEPT);
2129 hdev->io_capability = 0x03;
2130 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
2131 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
2132
2133 hdev->sniff_max_interval = 800;
2134 hdev->sniff_min_interval = 80;
2135
2136 mutex_init(&hdev->lock);
2137 mutex_init(&hdev->req_lock);
2138
2139 INIT_LIST_HEAD(&hdev->mgmt_pending);
2140 INIT_LIST_HEAD(&hdev->blacklist);
2141 INIT_LIST_HEAD(&hdev->uuids);
2142 INIT_LIST_HEAD(&hdev->link_keys);
2143 INIT_LIST_HEAD(&hdev->long_term_keys);
2144 INIT_LIST_HEAD(&hdev->remote_oob_data);
2145 INIT_LIST_HEAD(&hdev->conn_hash.list);
2146
2147 INIT_WORK(&hdev->rx_work, hci_rx_work);
2148 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
2149 INIT_WORK(&hdev->tx_work, hci_tx_work);
2150 INIT_WORK(&hdev->power_on, hci_power_on);
2151 INIT_WORK(&hdev->le_scan, le_scan_work);
2152
2153 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
2154 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
2155 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2156
2157 skb_queue_head_init(&hdev->rx_q);
2158 skb_queue_head_init(&hdev->cmd_q);
2159 skb_queue_head_init(&hdev->raw_q);
2160
2161 init_waitqueue_head(&hdev->req_wait_q);
2162
2163 setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
2164
2165 hci_init_sysfs(hdev);
2166 discovery_init(hdev);
2167
2168 return hdev;
2169}
2170EXPORT_SYMBOL(hci_alloc_dev);
2171
2172
2173void hci_free_dev(struct hci_dev *hdev)
2174{
2175
2176 put_device(&hdev->dev);
2177}
2178EXPORT_SYMBOL(hci_free_dev);
2179
2180
2181int hci_register_dev(struct hci_dev *hdev)
2182{
2183 int id, error;
2184
2185 if (!hdev->open || !hdev->close)
2186 return -EINVAL;
2187
2188
2189
2190
2191 switch (hdev->dev_type) {
2192 case HCI_BREDR:
2193 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
2194 break;
2195 case HCI_AMP:
2196 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
2197 break;
2198 default:
2199 return -EINVAL;
2200 }
2201
2202 if (id < 0)
2203 return id;
2204
2205 sprintf(hdev->name, "hci%d", id);
2206 hdev->id = id;
2207
2208 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2209
2210 write_lock(&hci_dev_list_lock);
2211 list_add(&hdev->list, &hci_dev_list);
2212 write_unlock(&hci_dev_list_lock);
2213
2214 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
2215 WQ_MEM_RECLAIM, 1);
2216 if (!hdev->workqueue) {
2217 error = -ENOMEM;
2218 goto err;
2219 }
2220
2221 hdev->req_workqueue = alloc_workqueue(hdev->name,
2222 WQ_HIGHPRI | WQ_UNBOUND |
2223 WQ_MEM_RECLAIM, 1);
2224 if (!hdev->req_workqueue) {
2225 destroy_workqueue(hdev->workqueue);
2226 error = -ENOMEM;
2227 goto err;
2228 }
2229
2230 error = hci_add_sysfs(hdev);
2231 if (error < 0)
2232 goto err_wqueue;
2233
2234 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
2235 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
2236 hdev);
2237 if (hdev->rfkill) {
2238 if (rfkill_register(hdev->rfkill) < 0) {
2239 rfkill_destroy(hdev->rfkill);
2240 hdev->rfkill = NULL;
2241 }
2242 }
2243
2244 set_bit(HCI_SETUP, &hdev->dev_flags);
2245
2246 if (hdev->dev_type != HCI_AMP)
2247 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
2248
2249 hci_notify(hdev, HCI_DEV_REG);
2250 hci_dev_hold(hdev);
2251
2252 queue_work(hdev->req_workqueue, &hdev->power_on);
2253
2254 return id;
2255
2256err_wqueue:
2257 destroy_workqueue(hdev->workqueue);
2258 destroy_workqueue(hdev->req_workqueue);
2259err:
2260 ida_simple_remove(&hci_index_ida, hdev->id);
2261 write_lock(&hci_dev_list_lock);
2262 list_del(&hdev->list);
2263 write_unlock(&hci_dev_list_lock);
2264
2265 return error;
2266}
2267EXPORT_SYMBOL(hci_register_dev);
2268
2269
2270void hci_unregister_dev(struct hci_dev *hdev)
2271{
2272 int i, id;
2273
2274 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
2275
2276 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
2277
2278 id = hdev->id;
2279
2280 write_lock(&hci_dev_list_lock);
2281 list_del(&hdev->list);
2282 write_unlock(&hci_dev_list_lock);
2283
2284 hci_dev_do_close(hdev);
2285
2286 for (i = 0; i < NUM_REASSEMBLY; i++)
2287 kfree_skb(hdev->reassembly[i]);
2288
2289 cancel_work_sync(&hdev->power_on);
2290
2291 if (!test_bit(HCI_INIT, &hdev->flags) &&
2292 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
2293 hci_dev_lock(hdev);
2294 mgmt_index_removed(hdev);
2295 hci_dev_unlock(hdev);
2296 }
2297
2298
2299
2300 BUG_ON(!list_empty(&hdev->mgmt_pending));
2301
2302 hci_notify(hdev, HCI_DEV_UNREG);
2303
2304 if (hdev->rfkill) {
2305 rfkill_unregister(hdev->rfkill);
2306 rfkill_destroy(hdev->rfkill);
2307 }
2308
2309 hci_del_sysfs(hdev);
2310
2311 destroy_workqueue(hdev->workqueue);
2312 destroy_workqueue(hdev->req_workqueue);
2313
2314 hci_dev_lock(hdev);
2315 hci_blacklist_clear(hdev);
2316 hci_uuids_clear(hdev);
2317 hci_link_keys_clear(hdev);
2318 hci_smp_ltks_clear(hdev);
2319 hci_remote_oob_data_clear(hdev);
2320 hci_dev_unlock(hdev);
2321
2322 hci_dev_put(hdev);
2323
2324 ida_simple_remove(&hci_index_ida, id);
2325}
2326EXPORT_SYMBOL(hci_unregister_dev);
2327
2328
2329int hci_suspend_dev(struct hci_dev *hdev)
2330{
2331 hci_notify(hdev, HCI_DEV_SUSPEND);
2332 return 0;
2333}
2334EXPORT_SYMBOL(hci_suspend_dev);
2335
2336
2337int hci_resume_dev(struct hci_dev *hdev)
2338{
2339 hci_notify(hdev, HCI_DEV_RESUME);
2340 return 0;
2341}
2342EXPORT_SYMBOL(hci_resume_dev);
2343
2344
2345int hci_recv_frame(struct sk_buff *skb)
2346{
2347 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2348 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
2349 && !test_bit(HCI_INIT, &hdev->flags))) {
2350 kfree_skb(skb);
2351 return -ENXIO;
2352 }
2353
2354
2355 bt_cb(skb)->incoming = 1;
2356
2357
2358 __net_timestamp(skb);
2359
2360 skb_queue_tail(&hdev->rx_q, skb);
2361 queue_work(hdev->workqueue, &hdev->rx_work);
2362
2363 return 0;
2364}
2365EXPORT_SYMBOL(hci_recv_frame);
2366
2367static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
2368 int count, __u8 index)
2369{
2370 int len = 0;
2371 int hlen = 0;
2372 int remain = count;
2373 struct sk_buff *skb;
2374 struct bt_skb_cb *scb;
2375
2376 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
2377 index >= NUM_REASSEMBLY)
2378 return -EILSEQ;
2379
2380 skb = hdev->reassembly[index];
2381
2382 if (!skb) {
2383 switch (type) {
2384 case HCI_ACLDATA_PKT:
2385 len = HCI_MAX_FRAME_SIZE;
2386 hlen = HCI_ACL_HDR_SIZE;
2387 break;
2388 case HCI_EVENT_PKT:
2389 len = HCI_MAX_EVENT_SIZE;
2390 hlen = HCI_EVENT_HDR_SIZE;
2391 break;
2392 case HCI_SCODATA_PKT:
2393 len = HCI_MAX_SCO_SIZE;
2394 hlen = HCI_SCO_HDR_SIZE;
2395 break;
2396 }
2397
2398 skb = bt_skb_alloc(len, GFP_ATOMIC);
2399 if (!skb)
2400 return -ENOMEM;
2401
2402 scb = (void *) skb->cb;
2403 scb->expect = hlen;
2404 scb->pkt_type = type;
2405
2406 skb->dev = (void *) hdev;
2407 hdev->reassembly[index] = skb;
2408 }
2409
2410 while (count) {
2411 scb = (void *) skb->cb;
2412 len = min_t(uint, scb->expect, count);
2413
2414 memcpy(skb_put(skb, len), data, len);
2415
2416 count -= len;
2417 data += len;
2418 scb->expect -= len;
2419 remain = count;
2420
2421 switch (type) {
2422 case HCI_EVENT_PKT:
2423 if (skb->len == HCI_EVENT_HDR_SIZE) {
2424 struct hci_event_hdr *h = hci_event_hdr(skb);
2425 scb->expect = h->plen;
2426
2427 if (skb_tailroom(skb) < scb->expect) {
2428 kfree_skb(skb);
2429 hdev->reassembly[index] = NULL;
2430 return -ENOMEM;
2431 }
2432 }
2433 break;
2434
2435 case HCI_ACLDATA_PKT:
2436 if (skb->len == HCI_ACL_HDR_SIZE) {
2437 struct hci_acl_hdr *h = hci_acl_hdr(skb);
2438 scb->expect = __le16_to_cpu(h->dlen);
2439
2440 if (skb_tailroom(skb) < scb->expect) {
2441 kfree_skb(skb);
2442 hdev->reassembly[index] = NULL;
2443 return -ENOMEM;
2444 }
2445 }
2446 break;
2447
2448 case HCI_SCODATA_PKT:
2449 if (skb->len == HCI_SCO_HDR_SIZE) {
2450 struct hci_sco_hdr *h = hci_sco_hdr(skb);
2451 scb->expect = h->dlen;
2452
2453 if (skb_tailroom(skb) < scb->expect) {
2454 kfree_skb(skb);
2455 hdev->reassembly[index] = NULL;
2456 return -ENOMEM;
2457 }
2458 }
2459 break;
2460 }
2461
2462 if (scb->expect == 0) {
2463
2464
2465 bt_cb(skb)->pkt_type = type;
2466 hci_recv_frame(skb);
2467
2468 hdev->reassembly[index] = NULL;
2469 return remain;
2470 }
2471 }
2472
2473 return remain;
2474}
2475
2476int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
2477{
2478 int rem = 0;
2479
2480 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
2481 return -EILSEQ;
2482
2483 while (count) {
2484 rem = hci_reassembly(hdev, type, data, count, type - 1);
2485 if (rem < 0)
2486 return rem;
2487
2488 data += (count - rem);
2489 count = rem;
2490 }
2491
2492 return rem;
2493}
2494EXPORT_SYMBOL(hci_recv_fragment);
2495
2496#define STREAM_REASSEMBLY 0
2497
2498int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
2499{
2500 int type;
2501 int rem = 0;
2502
2503 while (count) {
2504 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2505
2506 if (!skb) {
2507 struct { char type; } *pkt;
2508
2509
2510 pkt = data;
2511 type = pkt->type;
2512
2513 data++;
2514 count--;
2515 } else
2516 type = bt_cb(skb)->pkt_type;
2517
2518 rem = hci_reassembly(hdev, type, data, count,
2519 STREAM_REASSEMBLY);
2520 if (rem < 0)
2521 return rem;
2522
2523 data += (count - rem);
2524 count = rem;
2525 }
2526
2527 return rem;
2528}
2529EXPORT_SYMBOL(hci_recv_stream_fragment);
2530
2531
2532
2533int hci_register_cb(struct hci_cb *cb)
2534{
2535 BT_DBG("%p name %s", cb, cb->name);
2536
2537 write_lock(&hci_cb_list_lock);
2538 list_add(&cb->list, &hci_cb_list);
2539 write_unlock(&hci_cb_list_lock);
2540
2541 return 0;
2542}
2543EXPORT_SYMBOL(hci_register_cb);
2544
2545int hci_unregister_cb(struct hci_cb *cb)
2546{
2547 BT_DBG("%p name %s", cb, cb->name);
2548
2549 write_lock(&hci_cb_list_lock);
2550 list_del(&cb->list);
2551 write_unlock(&hci_cb_list_lock);
2552
2553 return 0;
2554}
2555EXPORT_SYMBOL(hci_unregister_cb);
2556
2557static int hci_send_frame(struct sk_buff *skb)
2558{
2559 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2560
2561 if (!hdev) {
2562 kfree_skb(skb);
2563 return -ENODEV;
2564 }
2565
2566 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2567
2568
2569 __net_timestamp(skb);
2570
2571
2572 hci_send_to_monitor(hdev, skb);
2573
2574 if (atomic_read(&hdev->promisc)) {
2575
2576 hci_send_to_sock(hdev, skb);
2577 }
2578
2579
2580 skb_orphan(skb);
2581
2582 return hdev->send(skb);
2583}
2584
2585void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
2586{
2587 skb_queue_head_init(&req->cmd_q);
2588 req->hdev = hdev;
2589 req->err = 0;
2590}
2591
2592int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
2593{
2594 struct hci_dev *hdev = req->hdev;
2595 struct sk_buff *skb;
2596 unsigned long flags;
2597
2598 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
2599
2600
2601
2602
2603 if (req->err) {
2604 skb_queue_purge(&req->cmd_q);
2605 return req->err;
2606 }
2607
2608
2609 if (skb_queue_empty(&req->cmd_q))
2610 return -ENODATA;
2611
2612 skb = skb_peek_tail(&req->cmd_q);
2613 bt_cb(skb)->req.complete = complete;
2614
2615 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
2616 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
2617 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
2618
2619 queue_work(hdev->workqueue, &hdev->cmd_work);
2620
2621 return 0;
2622}
2623
2624static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
2625 u32 plen, const void *param)
2626{
2627 int len = HCI_COMMAND_HDR_SIZE + plen;
2628 struct hci_command_hdr *hdr;
2629 struct sk_buff *skb;
2630
2631 skb = bt_skb_alloc(len, GFP_ATOMIC);
2632 if (!skb)
2633 return NULL;
2634
2635 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2636 hdr->opcode = cpu_to_le16(opcode);
2637 hdr->plen = plen;
2638
2639 if (plen)
2640 memcpy(skb_put(skb, plen), param, plen);
2641
2642 BT_DBG("skb len %d", skb->len);
2643
2644 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2645 skb->dev = (void *) hdev;
2646
2647 return skb;
2648}
2649
2650
2651int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
2652 const void *param)
2653{
2654 struct sk_buff *skb;
2655
2656 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2657
2658 skb = hci_prepare_cmd(hdev, opcode, plen, param);
2659 if (!skb) {
2660 BT_ERR("%s no memory for command", hdev->name);
2661 return -ENOMEM;
2662 }
2663
2664
2665
2666
2667 bt_cb(skb)->req.start = true;
2668
2669 skb_queue_tail(&hdev->cmd_q, skb);
2670 queue_work(hdev->workqueue, &hdev->cmd_work);
2671
2672 return 0;
2673}
2674
2675
2676void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
2677 const void *param, u8 event)
2678{
2679 struct hci_dev *hdev = req->hdev;
2680 struct sk_buff *skb;
2681
2682 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2683
2684
2685
2686
2687 if (req->err)
2688 return;
2689
2690 skb = hci_prepare_cmd(hdev, opcode, plen, param);
2691 if (!skb) {
2692 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
2693 hdev->name, opcode);
2694 req->err = -ENOMEM;
2695 return;
2696 }
2697
2698 if (skb_queue_empty(&req->cmd_q))
2699 bt_cb(skb)->req.start = true;
2700
2701 bt_cb(skb)->req.event = event;
2702
2703 skb_queue_tail(&req->cmd_q, skb);
2704}
2705
2706void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
2707 const void *param)
2708{
2709 hci_req_add_ev(req, opcode, plen, param, 0);
2710}
2711
2712
2713void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2714{
2715 struct hci_command_hdr *hdr;
2716
2717 if (!hdev->sent_cmd)
2718 return NULL;
2719
2720 hdr = (void *) hdev->sent_cmd->data;
2721
2722 if (hdr->opcode != cpu_to_le16(opcode))
2723 return NULL;
2724
2725 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2726
2727 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2728}
2729
2730
2731static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2732{
2733 struct hci_acl_hdr *hdr;
2734 int len = skb->len;
2735
2736 skb_push(skb, HCI_ACL_HDR_SIZE);
2737 skb_reset_transport_header(skb);
2738 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2739 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2740 hdr->dlen = cpu_to_le16(len);
2741}
2742
2743static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
2744 struct sk_buff *skb, __u16 flags)
2745{
2746 struct hci_conn *conn = chan->conn;
2747 struct hci_dev *hdev = conn->hdev;
2748 struct sk_buff *list;
2749
2750 skb->len = skb_headlen(skb);
2751 skb->data_len = 0;
2752
2753 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2754
2755 switch (hdev->dev_type) {
2756 case HCI_BREDR:
2757 hci_add_acl_hdr(skb, conn->handle, flags);
2758 break;
2759 case HCI_AMP:
2760 hci_add_acl_hdr(skb, chan->handle, flags);
2761 break;
2762 default:
2763 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2764 return;
2765 }
2766
2767 list = skb_shinfo(skb)->frag_list;
2768 if (!list) {
2769
2770 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2771
2772 skb_queue_tail(queue, skb);
2773 } else {
2774
2775 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2776
2777 skb_shinfo(skb)->frag_list = NULL;
2778
2779
2780 spin_lock(&queue->lock);
2781
2782 __skb_queue_tail(queue, skb);
2783
2784 flags &= ~ACL_START;
2785 flags |= ACL_CONT;
2786 do {
2787 skb = list; list = list->next;
2788
2789 skb->dev = (void *) hdev;
2790 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2791 hci_add_acl_hdr(skb, conn->handle, flags);
2792
2793 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2794
2795 __skb_queue_tail(queue, skb);
2796 } while (list);
2797
2798 spin_unlock(&queue->lock);
2799 }
2800}
2801
2802void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2803{
2804 struct hci_dev *hdev = chan->conn->hdev;
2805
2806 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2807
2808 skb->dev = (void *) hdev;
2809
2810 hci_queue_acl(chan, &chan->data_q, skb, flags);
2811
2812 queue_work(hdev->workqueue, &hdev->tx_work);
2813}
2814
2815
2816void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2817{
2818 struct hci_dev *hdev = conn->hdev;
2819 struct hci_sco_hdr hdr;
2820
2821 BT_DBG("%s len %d", hdev->name, skb->len);
2822
2823 hdr.handle = cpu_to_le16(conn->handle);
2824 hdr.dlen = skb->len;
2825
2826 skb_push(skb, HCI_SCO_HDR_SIZE);
2827 skb_reset_transport_header(skb);
2828 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2829
2830 skb->dev = (void *) hdev;
2831 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2832
2833 skb_queue_tail(&conn->data_q, skb);
2834 queue_work(hdev->workqueue, &hdev->tx_work);
2835}
2836
2837
2838
2839
2840static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
2841 int *quote)
2842{
2843 struct hci_conn_hash *h = &hdev->conn_hash;
2844 struct hci_conn *conn = NULL, *c;
2845 unsigned int num = 0, min = ~0;
2846
2847
2848
2849
2850 rcu_read_lock();
2851
2852 list_for_each_entry_rcu(c, &h->list, list) {
2853 if (c->type != type || skb_queue_empty(&c->data_q))
2854 continue;
2855
2856 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2857 continue;
2858
2859 num++;
2860
2861 if (c->sent < min) {
2862 min = c->sent;
2863 conn = c;
2864 }
2865
2866 if (hci_conn_num(hdev, type) == num)
2867 break;
2868 }
2869
2870 rcu_read_unlock();
2871
2872 if (conn) {
2873 int cnt, q;
2874
2875 switch (conn->type) {
2876 case ACL_LINK:
2877 cnt = hdev->acl_cnt;
2878 break;
2879 case SCO_LINK:
2880 case ESCO_LINK:
2881 cnt = hdev->sco_cnt;
2882 break;
2883 case LE_LINK:
2884 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2885 break;
2886 default:
2887 cnt = 0;
2888 BT_ERR("Unknown link type");
2889 }
2890
2891 q = cnt / num;
2892 *quote = q ? q : 1;
2893 } else
2894 *quote = 0;
2895
2896 BT_DBG("conn %p quote %d", conn, *quote);
2897 return conn;
2898}
2899
2900static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2901{
2902 struct hci_conn_hash *h = &hdev->conn_hash;
2903 struct hci_conn *c;
2904
2905 BT_ERR("%s link tx timeout", hdev->name);
2906
2907 rcu_read_lock();
2908
2909
2910 list_for_each_entry_rcu(c, &h->list, list) {
2911 if (c->type == type && c->sent) {
2912 BT_ERR("%s killing stalled connection %pMR",
2913 hdev->name, &c->dst);
2914 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
2915 }
2916 }
2917
2918 rcu_read_unlock();
2919}
2920
2921static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2922 int *quote)
2923{
2924 struct hci_conn_hash *h = &hdev->conn_hash;
2925 struct hci_chan *chan = NULL;
2926 unsigned int num = 0, min = ~0, cur_prio = 0;
2927 struct hci_conn *conn;
2928 int cnt, q, conn_num = 0;
2929
2930 BT_DBG("%s", hdev->name);
2931
2932 rcu_read_lock();
2933
2934 list_for_each_entry_rcu(conn, &h->list, list) {
2935 struct hci_chan *tmp;
2936
2937 if (conn->type != type)
2938 continue;
2939
2940 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2941 continue;
2942
2943 conn_num++;
2944
2945 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2946 struct sk_buff *skb;
2947
2948 if (skb_queue_empty(&tmp->data_q))
2949 continue;
2950
2951 skb = skb_peek(&tmp->data_q);
2952 if (skb->priority < cur_prio)
2953 continue;
2954
2955 if (skb->priority > cur_prio) {
2956 num = 0;
2957 min = ~0;
2958 cur_prio = skb->priority;
2959 }
2960
2961 num++;
2962
2963 if (conn->sent < min) {
2964 min = conn->sent;
2965 chan = tmp;
2966 }
2967 }
2968
2969 if (hci_conn_num(hdev, type) == conn_num)
2970 break;
2971 }
2972
2973 rcu_read_unlock();
2974
2975 if (!chan)
2976 return NULL;
2977
2978 switch (chan->conn->type) {
2979 case ACL_LINK:
2980 cnt = hdev->acl_cnt;
2981 break;
2982 case AMP_LINK:
2983 cnt = hdev->block_cnt;
2984 break;
2985 case SCO_LINK:
2986 case ESCO_LINK:
2987 cnt = hdev->sco_cnt;
2988 break;
2989 case LE_LINK:
2990 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2991 break;
2992 default:
2993 cnt = 0;
2994 BT_ERR("Unknown link type");
2995 }
2996
2997 q = cnt / num;
2998 *quote = q ? q : 1;
2999 BT_DBG("chan %p quote %d", chan, *quote);
3000 return chan;
3001}
3002
3003static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3004{
3005 struct hci_conn_hash *h = &hdev->conn_hash;
3006 struct hci_conn *conn;
3007 int num = 0;
3008
3009 BT_DBG("%s", hdev->name);
3010
3011 rcu_read_lock();
3012
3013 list_for_each_entry_rcu(conn, &h->list, list) {
3014 struct hci_chan *chan;
3015
3016 if (conn->type != type)
3017 continue;
3018
3019 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3020 continue;
3021
3022 num++;
3023
3024 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3025 struct sk_buff *skb;
3026
3027 if (chan->sent) {
3028 chan->sent = 0;
3029 continue;
3030 }
3031
3032 if (skb_queue_empty(&chan->data_q))
3033 continue;
3034
3035 skb = skb_peek(&chan->data_q);
3036 if (skb->priority >= HCI_PRIO_MAX - 1)
3037 continue;
3038
3039 skb->priority = HCI_PRIO_MAX - 1;
3040
3041 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3042 skb->priority);
3043 }
3044
3045 if (hci_conn_num(hdev, type) == num)
3046 break;
3047 }
3048
3049 rcu_read_unlock();
3050
3051}
3052
3053static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3054{
3055
3056 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3057}
3058
3059static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3060{
3061 if (!test_bit(HCI_RAW, &hdev->flags)) {
3062
3063
3064 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3065 HCI_ACL_TX_TIMEOUT))
3066 hci_link_tx_to(hdev, ACL_LINK);
3067 }
3068}
3069
3070static void hci_sched_acl_pkt(struct hci_dev *hdev)
3071{
3072 unsigned int cnt = hdev->acl_cnt;
3073 struct hci_chan *chan;
3074 struct sk_buff *skb;
3075 int quote;
3076
3077 __check_timeout(hdev, cnt);
3078
3079 while (hdev->acl_cnt &&
3080 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
3081 u32 priority = (skb_peek(&chan->data_q))->priority;
3082 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3083 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3084 skb->len, skb->priority);
3085
3086
3087 if (skb->priority < priority)
3088 break;
3089
3090 skb = skb_dequeue(&chan->data_q);
3091
3092 hci_conn_enter_active_mode(chan->conn,
3093 bt_cb(skb)->force_active);
3094
3095 hci_send_frame(skb);
3096 hdev->acl_last_tx = jiffies;
3097
3098 hdev->acl_cnt--;
3099 chan->sent++;
3100 chan->conn->sent++;
3101 }
3102 }
3103
3104 if (cnt != hdev->acl_cnt)
3105 hci_prio_recalculate(hdev, ACL_LINK);
3106}
3107
3108static void hci_sched_acl_blk(struct hci_dev *hdev)
3109{
3110 unsigned int cnt = hdev->block_cnt;
3111 struct hci_chan *chan;
3112 struct sk_buff *skb;
3113 int quote;
3114 u8 type;
3115
3116 __check_timeout(hdev, cnt);
3117
3118 BT_DBG("%s", hdev->name);
3119
3120 if (hdev->dev_type == HCI_AMP)
3121 type = AMP_LINK;
3122 else
3123 type = ACL_LINK;
3124
3125 while (hdev->block_cnt > 0 &&
3126 (chan = hci_chan_sent(hdev, type, "e))) {
3127 u32 priority = (skb_peek(&chan->data_q))->priority;
3128 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
3129 int blocks;
3130
3131 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3132 skb->len, skb->priority);
3133
3134
3135 if (skb->priority < priority)
3136 break;
3137
3138 skb = skb_dequeue(&chan->data_q);
3139
3140 blocks = __get_blocks(hdev, skb);
3141 if (blocks > hdev->block_cnt)
3142 return;
3143
3144 hci_conn_enter_active_mode(chan->conn,
3145 bt_cb(skb)->force_active);
3146
3147 hci_send_frame(skb);
3148 hdev->acl_last_tx = jiffies;
3149
3150 hdev->block_cnt -= blocks;
3151 quote -= blocks;
3152
3153 chan->sent += blocks;
3154 chan->conn->sent += blocks;
3155 }
3156 }
3157
3158 if (cnt != hdev->block_cnt)
3159 hci_prio_recalculate(hdev, type);
3160}
3161
3162static void hci_sched_acl(struct hci_dev *hdev)
3163{
3164 BT_DBG("%s", hdev->name);
3165
3166
3167 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
3168 return;
3169
3170
3171 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
3172 return;
3173
3174 switch (hdev->flow_ctl_mode) {
3175 case HCI_FLOW_CTL_MODE_PACKET_BASED:
3176 hci_sched_acl_pkt(hdev);
3177 break;
3178
3179 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
3180 hci_sched_acl_blk(hdev);
3181 break;
3182 }
3183}
3184
3185
3186static void hci_sched_sco(struct hci_dev *hdev)
3187{
3188 struct hci_conn *conn;
3189 struct sk_buff *skb;
3190 int quote;
3191
3192 BT_DBG("%s", hdev->name);
3193
3194 if (!hci_conn_num(hdev, SCO_LINK))
3195 return;
3196
3197 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
3198 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3199 BT_DBG("skb %p len %d", skb, skb->len);
3200 hci_send_frame(skb);
3201
3202 conn->sent++;
3203 if (conn->sent == ~0)
3204 conn->sent = 0;
3205 }
3206 }
3207}
3208
3209static void hci_sched_esco(struct hci_dev *hdev)
3210{
3211 struct hci_conn *conn;
3212 struct sk_buff *skb;
3213 int quote;
3214
3215 BT_DBG("%s", hdev->name);
3216
3217 if (!hci_conn_num(hdev, ESCO_LINK))
3218 return;
3219
3220 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
3221 "e))) {
3222 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3223 BT_DBG("skb %p len %d", skb, skb->len);
3224 hci_send_frame(skb);
3225
3226 conn->sent++;
3227 if (conn->sent == ~0)
3228 conn->sent = 0;
3229 }
3230 }
3231}
3232
3233static void hci_sched_le(struct hci_dev *hdev)
3234{
3235 struct hci_chan *chan;
3236 struct sk_buff *skb;
3237 int quote, cnt, tmp;
3238
3239 BT_DBG("%s", hdev->name);
3240
3241 if (!hci_conn_num(hdev, LE_LINK))
3242 return;
3243
3244 if (!test_bit(HCI_RAW, &hdev->flags)) {
3245
3246
3247 if (!hdev->le_cnt && hdev->le_pkts &&
3248 time_after(jiffies, hdev->le_last_tx + HZ * 45))
3249 hci_link_tx_to(hdev, LE_LINK);
3250 }
3251
3252 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
3253 tmp = cnt;
3254 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
3255 u32 priority = (skb_peek(&chan->data_q))->priority;
3256 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3257 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3258 skb->len, skb->priority);
3259
3260
3261 if (skb->priority < priority)
3262 break;
3263
3264 skb = skb_dequeue(&chan->data_q);
3265
3266 hci_send_frame(skb);
3267 hdev->le_last_tx = jiffies;
3268
3269 cnt--;
3270 chan->sent++;
3271 chan->conn->sent++;
3272 }
3273 }
3274
3275 if (hdev->le_pkts)
3276 hdev->le_cnt = cnt;
3277 else
3278 hdev->acl_cnt = cnt;
3279
3280 if (cnt != tmp)
3281 hci_prio_recalculate(hdev, LE_LINK);
3282}
3283
3284static void hci_tx_work(struct work_struct *work)
3285{
3286 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
3287 struct sk_buff *skb;
3288
3289 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
3290 hdev->sco_cnt, hdev->le_cnt);
3291
3292
3293
3294 hci_sched_acl(hdev);
3295
3296 hci_sched_sco(hdev);
3297
3298 hci_sched_esco(hdev);
3299
3300 hci_sched_le(hdev);
3301
3302
3303 while ((skb = skb_dequeue(&hdev->raw_q)))
3304 hci_send_frame(skb);
3305}
3306
3307
3308
3309
3310static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3311{
3312 struct hci_acl_hdr *hdr = (void *) skb->data;
3313 struct hci_conn *conn;
3314 __u16 handle, flags;
3315
3316 skb_pull(skb, HCI_ACL_HDR_SIZE);
3317
3318 handle = __le16_to_cpu(hdr->handle);
3319 flags = hci_flags(handle);
3320 handle = hci_handle(handle);
3321
3322 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
3323 handle, flags);
3324
3325 hdev->stat.acl_rx++;
3326
3327 hci_dev_lock(hdev);
3328 conn = hci_conn_hash_lookup_handle(hdev, handle);
3329 hci_dev_unlock(hdev);
3330
3331 if (conn) {
3332 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
3333
3334
3335 l2cap_recv_acldata(conn, skb, flags);
3336 return;
3337 } else {
3338 BT_ERR("%s ACL packet for unknown connection handle %d",
3339 hdev->name, handle);
3340 }
3341
3342 kfree_skb(skb);
3343}
3344
3345
3346static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
3347{
3348 struct hci_sco_hdr *hdr = (void *) skb->data;
3349 struct hci_conn *conn;
3350 __u16 handle;
3351
3352 skb_pull(skb, HCI_SCO_HDR_SIZE);
3353
3354 handle = __le16_to_cpu(hdr->handle);
3355
3356 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
3357
3358 hdev->stat.sco_rx++;
3359
3360 hci_dev_lock(hdev);
3361 conn = hci_conn_hash_lookup_handle(hdev, handle);
3362 hci_dev_unlock(hdev);
3363
3364 if (conn) {
3365
3366 sco_recv_scodata(conn, skb);
3367 return;
3368 } else {
3369 BT_ERR("%s SCO packet for unknown connection handle %d",
3370 hdev->name, handle);
3371 }
3372
3373 kfree_skb(skb);
3374}
3375
3376static bool hci_req_is_complete(struct hci_dev *hdev)
3377{
3378 struct sk_buff *skb;
3379
3380 skb = skb_peek(&hdev->cmd_q);
3381 if (!skb)
3382 return true;
3383
3384 return bt_cb(skb)->req.start;
3385}
3386
3387static void hci_resend_last(struct hci_dev *hdev)
3388{
3389 struct hci_command_hdr *sent;
3390 struct sk_buff *skb;
3391 u16 opcode;
3392
3393 if (!hdev->sent_cmd)
3394 return;
3395
3396 sent = (void *) hdev->sent_cmd->data;
3397 opcode = __le16_to_cpu(sent->opcode);
3398 if (opcode == HCI_OP_RESET)
3399 return;
3400
3401 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
3402 if (!skb)
3403 return;
3404
3405 skb_queue_head(&hdev->cmd_q, skb);
3406 queue_work(hdev->workqueue, &hdev->cmd_work);
3407}
3408
3409void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
3410{
3411 hci_req_complete_t req_complete = NULL;
3412 struct sk_buff *skb;
3413 unsigned long flags;
3414
3415 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
3416
3417
3418
3419
3420 if (!hci_sent_cmd_data(hdev, opcode)) {
3421
3422
3423
3424
3425
3426
3427 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
3428 hci_resend_last(hdev);
3429
3430 return;
3431 }
3432
3433
3434
3435
3436 if (!status && !hci_req_is_complete(hdev))
3437 return;
3438
3439
3440
3441
3442
3443 if (hdev->sent_cmd) {
3444 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
3445 if (req_complete)
3446 goto call_complete;
3447 }
3448
3449
3450 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
3451 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
3452 if (bt_cb(skb)->req.start) {
3453 __skb_queue_head(&hdev->cmd_q, skb);
3454 break;
3455 }
3456
3457 req_complete = bt_cb(skb)->req.complete;
3458 kfree_skb(skb);
3459 }
3460 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
3461
3462call_complete:
3463 if (req_complete)
3464 req_complete(hdev, status);
3465}
3466
3467static void hci_rx_work(struct work_struct *work)
3468{
3469 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
3470 struct sk_buff *skb;
3471
3472 BT_DBG("%s", hdev->name);
3473
3474 while ((skb = skb_dequeue(&hdev->rx_q))) {
3475
3476 hci_send_to_monitor(hdev, skb);
3477
3478 if (atomic_read(&hdev->promisc)) {
3479
3480 hci_send_to_sock(hdev, skb);
3481 }
3482
3483 if (test_bit(HCI_RAW, &hdev->flags)) {
3484 kfree_skb(skb);
3485 continue;
3486 }
3487
3488 if (test_bit(HCI_INIT, &hdev->flags)) {
3489
3490 switch (bt_cb(skb)->pkt_type) {
3491 case HCI_ACLDATA_PKT:
3492 case HCI_SCODATA_PKT:
3493 kfree_skb(skb);
3494 continue;
3495 }
3496 }
3497
3498
3499 switch (bt_cb(skb)->pkt_type) {
3500 case HCI_EVENT_PKT:
3501 BT_DBG("%s Event packet", hdev->name);
3502 hci_event_packet(hdev, skb);
3503 break;
3504
3505 case HCI_ACLDATA_PKT:
3506 BT_DBG("%s ACL data packet", hdev->name);
3507 hci_acldata_packet(hdev, skb);
3508 break;
3509
3510 case HCI_SCODATA_PKT:
3511 BT_DBG("%s SCO data packet", hdev->name);
3512 hci_scodata_packet(hdev, skb);
3513 break;
3514
3515 default:
3516 kfree_skb(skb);
3517 break;
3518 }
3519 }
3520}
3521
3522static void hci_cmd_work(struct work_struct *work)
3523{
3524 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
3525 struct sk_buff *skb;
3526
3527 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
3528 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
3529
3530
3531 if (atomic_read(&hdev->cmd_cnt)) {
3532 skb = skb_dequeue(&hdev->cmd_q);
3533 if (!skb)
3534 return;
3535
3536 kfree_skb(hdev->sent_cmd);
3537
3538 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
3539 if (hdev->sent_cmd) {
3540 atomic_dec(&hdev->cmd_cnt);
3541 hci_send_frame(skb);
3542 if (test_bit(HCI_RESET, &hdev->flags))
3543 del_timer(&hdev->cmd_timer);
3544 else
3545 mod_timer(&hdev->cmd_timer,
3546 jiffies + HCI_CMD_TIMEOUT);
3547 } else {
3548 skb_queue_head(&hdev->cmd_q, skb);
3549 queue_work(hdev->workqueue, &hdev->cmd_work);
3550 }
3551 }
3552}
3553
3554int hci_do_inquiry(struct hci_dev *hdev, u8 length)
3555{
3556
3557 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3558 struct hci_cp_inquiry cp;
3559
3560 BT_DBG("%s", hdev->name);
3561
3562 if (test_bit(HCI_INQUIRY, &hdev->flags))
3563 return -EINPROGRESS;
3564
3565 inquiry_cache_flush(hdev);
3566
3567 memset(&cp, 0, sizeof(cp));
3568 memcpy(&cp.lap, lap, sizeof(cp.lap));
3569 cp.length = length;
3570
3571 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
3572}
3573
3574int hci_cancel_inquiry(struct hci_dev *hdev)
3575{
3576 BT_DBG("%s", hdev->name);
3577
3578 if (!test_bit(HCI_INQUIRY, &hdev->flags))
3579 return -EALREADY;
3580
3581 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3582}
3583
3584u8 bdaddr_to_le(u8 bdaddr_type)
3585{
3586 switch (bdaddr_type) {
3587 case BDADDR_LE_PUBLIC:
3588 return ADDR_LE_DEV_PUBLIC;
3589
3590 default:
3591
3592 return ADDR_LE_DEV_RANDOM;
3593 }
3594}
3595
