2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI core. */
27 #include <linux/jiffies.h>
28 #include <linux/module.h>
29 #include <linux/kmod.h>
31 #include <linux/types.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/slab.h>
36 #include <linux/poll.h>
37 #include <linux/fcntl.h>
38 #include <linux/init.h>
39 #include <linux/skbuff.h>
40 #include <linux/workqueue.h>
41 #include <linux/interrupt.h>
42 #include <linux/notifier.h>
43 #include <linux/rfkill.h>
44 #include <linux/timer.h>
45 #include <linux/crypto.h>
48 #include <asm/system.h>
49 #include <linux/uaccess.h>
50 #include <asm/unaligned.h>
52 #include <net/bluetooth/bluetooth.h>
53 #include <net/bluetooth/hci_core.h>
55 #define AUTO_OFF_TIMEOUT 2000
57 static void hci_cmd_task(unsigned long arg);
58 static void hci_rx_task(unsigned long arg);
59 static void hci_tx_task(unsigned long arg);
61 static DEFINE_RWLOCK(hci_task_lock);
64 LIST_HEAD(hci_dev_list);
65 DEFINE_RWLOCK(hci_dev_list_lock);
67 /* HCI callback list */
68 LIST_HEAD(hci_cb_list);
69 DEFINE_RWLOCK(hci_cb_list_lock);
72 #define HCI_MAX_PROTO 2
73 struct hci_proto *hci_proto[HCI_MAX_PROTO];
75 /* HCI notifiers list */
76 static ATOMIC_NOTIFIER_HEAD(hci_notifier);
78 /* ---- HCI notifications ---- */
80 int hci_register_notifier(struct notifier_block *nb)
82 return atomic_notifier_chain_register(&hci_notifier, nb);
85 int hci_unregister_notifier(struct notifier_block *nb)
87 return atomic_notifier_chain_unregister(&hci_notifier, nb);
90 static void hci_notify(struct hci_dev *hdev, int event)
92 atomic_notifier_call_chain(&hci_notifier, event, hdev);
95 /* ---- HCI requests ---- */
97 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
99 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
101 /* If this is the init phase check if the completed command matches
102 * the last init command, and if not just return.
104 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd)
107 if (hdev->req_status == HCI_REQ_PEND) {
108 hdev->req_result = result;
109 hdev->req_status = HCI_REQ_DONE;
110 wake_up_interruptible(&hdev->req_wait_q);
114 static void hci_req_cancel(struct hci_dev *hdev, int err)
116 BT_DBG("%s err 0x%2.2x", hdev->name, err);
118 if (hdev->req_status == HCI_REQ_PEND) {
119 hdev->req_result = err;
120 hdev->req_status = HCI_REQ_CANCELED;
121 wake_up_interruptible(&hdev->req_wait_q);
125 /* Execute request and wait for completion. */
126 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
127 unsigned long opt, __u32 timeout)
129 DECLARE_WAITQUEUE(wait, current);
132 BT_DBG("%s start", hdev->name);
134 hdev->req_status = HCI_REQ_PEND;
136 add_wait_queue(&hdev->req_wait_q, &wait);
137 set_current_state(TASK_INTERRUPTIBLE);
140 schedule_timeout(timeout);
142 remove_wait_queue(&hdev->req_wait_q, &wait);
144 if (signal_pending(current))
147 switch (hdev->req_status) {
149 err = -bt_to_errno(hdev->req_result);
152 case HCI_REQ_CANCELED:
153 err = -hdev->req_result;
161 hdev->req_status = hdev->req_result = 0;
163 BT_DBG("%s end: err %d", hdev->name, err);
168 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
169 unsigned long opt, __u32 timeout)
173 if (!test_bit(HCI_UP, &hdev->flags))
176 /* Serialize all requests */
178 ret = __hci_request(hdev, req, opt, timeout);
179 hci_req_unlock(hdev);
184 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
186 BT_DBG("%s %ld", hdev->name, opt);
189 set_bit(HCI_RESET, &hdev->flags);
190 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
193 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
195 struct hci_cp_delete_stored_link_key cp;
200 BT_DBG("%s %ld", hdev->name, opt);
202 /* Driver initialization */
204 /* Special commands */
205 while ((skb = skb_dequeue(&hdev->driver_init))) {
206 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
207 skb->dev = (void *) hdev;
209 skb_queue_tail(&hdev->cmd_q, skb);
210 tasklet_schedule(&hdev->cmd_task);
212 skb_queue_purge(&hdev->driver_init);
214 /* Mandatory initialization */
217 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
218 set_bit(HCI_RESET, &hdev->flags);
219 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
222 /* Read Local Supported Features */
223 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
225 /* Read Local Version */
226 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
228 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
229 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
232 /* Host buffer size */
234 struct hci_cp_host_buffer_size cp;
235 cp.acl_mtu = cpu_to_le16(HCI_MAX_ACL_SIZE);
236 cp.sco_mtu = HCI_MAX_SCO_SIZE;
237 cp.acl_max_pkt = cpu_to_le16(0xffff);
238 cp.sco_max_pkt = cpu_to_le16(0xffff);
239 hci_send_cmd(hdev, HCI_OP_HOST_BUFFER_SIZE, sizeof(cp), &cp);
243 /* Read BD Address */
244 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
246 /* Read Class of Device */
247 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
249 /* Read Local Name */
250 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
252 /* Read Voice Setting */
253 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
255 /* Optional initialization */
257 /* Clear Event Filters */
258 flt_type = HCI_FLT_CLEAR_ALL;
259 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
261 /* Connection accept timeout ~20 secs */
262 param = cpu_to_le16(0x7d00);
263 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
265 bacpy(&cp.bdaddr, BDADDR_ANY);
267 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
270 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
272 BT_DBG("%s", hdev->name);
274 /* Read LE buffer size */
275 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
278 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
282 BT_DBG("%s %x", hdev->name, scan);
284 /* Inquiry and Page scans */
285 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
288 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
292 BT_DBG("%s %x", hdev->name, auth);
295 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
298 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
302 BT_DBG("%s %x", hdev->name, encrypt);
305 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
308 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
310 __le16 policy = cpu_to_le16(opt);
312 BT_DBG("%s %x", hdev->name, policy);
314 /* Default link policy */
315 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
318 /* Get HCI device by index.
319 * Device is held on return. */
320 struct hci_dev *hci_dev_get(int index)
322 struct hci_dev *hdev = NULL;
330 read_lock(&hci_dev_list_lock);
331 list_for_each(p, &hci_dev_list) {
332 struct hci_dev *d = list_entry(p, struct hci_dev, list);
333 if (d->id == index) {
334 hdev = hci_dev_hold(d);
338 read_unlock(&hci_dev_list_lock);
342 /* ---- Inquiry support ---- */
343 static void inquiry_cache_flush(struct hci_dev *hdev)
345 struct inquiry_cache *cache = &hdev->inq_cache;
346 struct inquiry_entry *next = cache->list, *e;
348 BT_DBG("cache %p", cache);
357 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
359 struct inquiry_cache *cache = &hdev->inq_cache;
360 struct inquiry_entry *e;
362 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
364 for (e = cache->list; e; e = e->next)
365 if (!bacmp(&e->data.bdaddr, bdaddr))
370 void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
372 struct inquiry_cache *cache = &hdev->inq_cache;
373 struct inquiry_entry *ie;
375 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
377 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
379 /* Entry not in the cache. Add new one. */
380 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
384 ie->next = cache->list;
388 memcpy(&ie->data, data, sizeof(*data));
389 ie->timestamp = jiffies;
390 cache->timestamp = jiffies;
393 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
395 struct inquiry_cache *cache = &hdev->inq_cache;
396 struct inquiry_info *info = (struct inquiry_info *) buf;
397 struct inquiry_entry *e;
400 for (e = cache->list; e && copied < num; e = e->next, copied++) {
401 struct inquiry_data *data = &e->data;
402 bacpy(&info->bdaddr, &data->bdaddr);
403 info->pscan_rep_mode = data->pscan_rep_mode;
404 info->pscan_period_mode = data->pscan_period_mode;
405 info->pscan_mode = data->pscan_mode;
406 memcpy(info->dev_class, data->dev_class, 3);
407 info->clock_offset = data->clock_offset;
411 BT_DBG("cache %p, copied %d", cache, copied);
415 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
417 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
418 struct hci_cp_inquiry cp;
420 BT_DBG("%s", hdev->name);
422 if (test_bit(HCI_INQUIRY, &hdev->flags))
426 memcpy(&cp.lap, &ir->lap, 3);
427 cp.length = ir->length;
428 cp.num_rsp = ir->num_rsp;
429 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
432 int hci_inquiry(void __user *arg)
434 __u8 __user *ptr = arg;
435 struct hci_inquiry_req ir;
436 struct hci_dev *hdev;
437 int err = 0, do_inquiry = 0, max_rsp;
441 if (copy_from_user(&ir, ptr, sizeof(ir)))
444 hdev = hci_dev_get(ir.dev_id);
448 hci_dev_lock_bh(hdev);
449 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
450 inquiry_cache_empty(hdev) ||
451 ir.flags & IREQ_CACHE_FLUSH) {
452 inquiry_cache_flush(hdev);
455 hci_dev_unlock_bh(hdev);
457 timeo = ir.length * msecs_to_jiffies(2000);
460 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
465 /* for unlimited number of responses we will use buffer with 255 entries */
466 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
468 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
469 * copy it to the user space.
471 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
477 hci_dev_lock_bh(hdev);
478 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
479 hci_dev_unlock_bh(hdev);
481 BT_DBG("num_rsp %d", ir.num_rsp);
483 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
485 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
498 /* ---- HCI ioctl helpers ---- */
500 int hci_dev_open(__u16 dev)
502 struct hci_dev *hdev;
505 hdev = hci_dev_get(dev);
509 BT_DBG("%s %p", hdev->name, hdev);
513 if (test_bit(HCI_UNREGISTER, &hdev->flags)) {
518 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
523 if (test_bit(HCI_UP, &hdev->flags)) {
528 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
529 set_bit(HCI_RAW, &hdev->flags);
531 /* Treat all non BR/EDR controllers as raw devices for now */
532 if (hdev->dev_type != HCI_BREDR)
533 set_bit(HCI_RAW, &hdev->flags);
535 if (hdev->open(hdev)) {
540 if (!test_bit(HCI_RAW, &hdev->flags)) {
541 atomic_set(&hdev->cmd_cnt, 1);
542 set_bit(HCI_INIT, &hdev->flags);
543 hdev->init_last_cmd = 0;
545 ret = __hci_request(hdev, hci_init_req, 0,
546 msecs_to_jiffies(HCI_INIT_TIMEOUT));
548 if (lmp_host_le_capable(hdev))
549 ret = __hci_request(hdev, hci_le_init_req, 0,
550 msecs_to_jiffies(HCI_INIT_TIMEOUT));
552 clear_bit(HCI_INIT, &hdev->flags);
557 set_bit(HCI_UP, &hdev->flags);
558 hci_notify(hdev, HCI_DEV_UP);
559 if (!test_bit(HCI_SETUP, &hdev->flags))
560 mgmt_powered(hdev->id, 1);
562 /* Init failed, cleanup */
563 tasklet_kill(&hdev->rx_task);
564 tasklet_kill(&hdev->tx_task);
565 tasklet_kill(&hdev->cmd_task);
567 skb_queue_purge(&hdev->cmd_q);
568 skb_queue_purge(&hdev->rx_q);
573 if (hdev->sent_cmd) {
574 kfree_skb(hdev->sent_cmd);
575 hdev->sent_cmd = NULL;
583 hci_req_unlock(hdev);
588 static int hci_dev_do_close(struct hci_dev *hdev)
590 BT_DBG("%s %p", hdev->name, hdev);
592 hci_req_cancel(hdev, ENODEV);
595 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
596 del_timer_sync(&hdev->cmd_timer);
597 hci_req_unlock(hdev);
601 /* Kill RX and TX tasks */
602 tasklet_kill(&hdev->rx_task);
603 tasklet_kill(&hdev->tx_task);
605 hci_dev_lock_bh(hdev);
606 inquiry_cache_flush(hdev);
607 hci_conn_hash_flush(hdev);
608 hci_dev_unlock_bh(hdev);
610 hci_notify(hdev, HCI_DEV_DOWN);
616 skb_queue_purge(&hdev->cmd_q);
617 atomic_set(&hdev->cmd_cnt, 1);
618 if (!test_bit(HCI_RAW, &hdev->flags)) {
619 set_bit(HCI_INIT, &hdev->flags);
620 __hci_request(hdev, hci_reset_req, 0,
621 msecs_to_jiffies(250));
622 clear_bit(HCI_INIT, &hdev->flags);
626 tasklet_kill(&hdev->cmd_task);
629 skb_queue_purge(&hdev->rx_q);
630 skb_queue_purge(&hdev->cmd_q);
631 skb_queue_purge(&hdev->raw_q);
633 /* Drop last sent command */
634 if (hdev->sent_cmd) {
635 del_timer_sync(&hdev->cmd_timer);
636 kfree_skb(hdev->sent_cmd);
637 hdev->sent_cmd = NULL;
640 /* After this point our queues are empty
641 * and no tasks are scheduled. */
644 mgmt_powered(hdev->id, 0);
649 hci_req_unlock(hdev);
655 int hci_dev_close(__u16 dev)
657 struct hci_dev *hdev;
660 hdev = hci_dev_get(dev);
663 err = hci_dev_do_close(hdev);
668 int hci_dev_reset(__u16 dev)
670 struct hci_dev *hdev;
673 hdev = hci_dev_get(dev);
678 tasklet_disable(&hdev->tx_task);
680 if (!test_bit(HCI_UP, &hdev->flags))
684 skb_queue_purge(&hdev->rx_q);
685 skb_queue_purge(&hdev->cmd_q);
687 hci_dev_lock_bh(hdev);
688 inquiry_cache_flush(hdev);
689 hci_conn_hash_flush(hdev);
690 hci_dev_unlock_bh(hdev);
695 atomic_set(&hdev->cmd_cnt, 1);
696 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
698 if (!test_bit(HCI_RAW, &hdev->flags))
699 ret = __hci_request(hdev, hci_reset_req, 0,
700 msecs_to_jiffies(HCI_INIT_TIMEOUT));
703 tasklet_enable(&hdev->tx_task);
704 hci_req_unlock(hdev);
709 int hci_dev_reset_stat(__u16 dev)
711 struct hci_dev *hdev;
714 hdev = hci_dev_get(dev);
718 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
725 int hci_dev_cmd(unsigned int cmd, void __user *arg)
727 struct hci_dev *hdev;
728 struct hci_dev_req dr;
731 if (copy_from_user(&dr, arg, sizeof(dr)))
734 hdev = hci_dev_get(dr.dev_id);
740 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
741 msecs_to_jiffies(HCI_INIT_TIMEOUT));
745 if (!lmp_encrypt_capable(hdev)) {
750 if (!test_bit(HCI_AUTH, &hdev->flags)) {
751 /* Auth must be enabled first */
752 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
753 msecs_to_jiffies(HCI_INIT_TIMEOUT));
758 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
759 msecs_to_jiffies(HCI_INIT_TIMEOUT));
763 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
764 msecs_to_jiffies(HCI_INIT_TIMEOUT));
768 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
769 msecs_to_jiffies(HCI_INIT_TIMEOUT));
773 hdev->link_mode = ((__u16) dr.dev_opt) &
774 (HCI_LM_MASTER | HCI_LM_ACCEPT);
778 hdev->pkt_type = (__u16) dr.dev_opt;
782 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
783 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
787 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
788 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
800 int hci_get_dev_list(void __user *arg)
802 struct hci_dev_list_req *dl;
803 struct hci_dev_req *dr;
805 int n = 0, size, err;
808 if (get_user(dev_num, (__u16 __user *) arg))
811 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
814 size = sizeof(*dl) + dev_num * sizeof(*dr);
816 dl = kzalloc(size, GFP_KERNEL);
822 read_lock_bh(&hci_dev_list_lock);
823 list_for_each(p, &hci_dev_list) {
824 struct hci_dev *hdev;
826 hdev = list_entry(p, struct hci_dev, list);
828 hci_del_off_timer(hdev);
830 if (!test_bit(HCI_MGMT, &hdev->flags))
831 set_bit(HCI_PAIRABLE, &hdev->flags);
833 (dr + n)->dev_id = hdev->id;
834 (dr + n)->dev_opt = hdev->flags;
839 read_unlock_bh(&hci_dev_list_lock);
842 size = sizeof(*dl) + n * sizeof(*dr);
844 err = copy_to_user(arg, dl, size);
847 return err ? -EFAULT : 0;
850 int hci_get_dev_info(void __user *arg)
852 struct hci_dev *hdev;
853 struct hci_dev_info di;
856 if (copy_from_user(&di, arg, sizeof(di)))
859 hdev = hci_dev_get(di.dev_id);
863 hci_del_off_timer(hdev);
865 if (!test_bit(HCI_MGMT, &hdev->flags))
866 set_bit(HCI_PAIRABLE, &hdev->flags);
868 strcpy(di.name, hdev->name);
869 di.bdaddr = hdev->bdaddr;
870 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
871 di.flags = hdev->flags;
872 di.pkt_type = hdev->pkt_type;
873 di.acl_mtu = hdev->acl_mtu;
874 di.acl_pkts = hdev->acl_pkts;
875 di.sco_mtu = hdev->sco_mtu;
876 di.sco_pkts = hdev->sco_pkts;
877 di.link_policy = hdev->link_policy;
878 di.link_mode = hdev->link_mode;
880 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
881 memcpy(&di.features, &hdev->features, sizeof(di.features));
883 if (copy_to_user(arg, &di, sizeof(di)))
891 /* ---- Interface to HCI drivers ---- */
893 static int hci_rfkill_set_block(void *data, bool blocked)
895 struct hci_dev *hdev = data;
897 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
902 hci_dev_do_close(hdev);
907 static const struct rfkill_ops hci_rfkill_ops = {
908 .set_block = hci_rfkill_set_block,
911 /* Alloc HCI device */
912 struct hci_dev *hci_alloc_dev(void)
914 struct hci_dev *hdev;
916 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
920 skb_queue_head_init(&hdev->driver_init);
924 EXPORT_SYMBOL(hci_alloc_dev);
926 /* Free HCI device */
927 void hci_free_dev(struct hci_dev *hdev)
929 skb_queue_purge(&hdev->driver_init);
931 /* will free via device release */
932 put_device(&hdev->dev);
934 EXPORT_SYMBOL(hci_free_dev);
936 static void hci_power_on(struct work_struct *work)
938 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
940 BT_DBG("%s", hdev->name);
942 if (hci_dev_open(hdev->id) < 0)
945 if (test_bit(HCI_AUTO_OFF, &hdev->flags))
946 mod_timer(&hdev->off_timer,
947 jiffies + msecs_to_jiffies(AUTO_OFF_TIMEOUT));
949 if (test_and_clear_bit(HCI_SETUP, &hdev->flags))
950 mgmt_index_added(hdev->id);
953 static void hci_power_off(struct work_struct *work)
955 struct hci_dev *hdev = container_of(work, struct hci_dev, power_off);
957 BT_DBG("%s", hdev->name);
959 hci_dev_close(hdev->id);
962 static void hci_auto_off(unsigned long data)
964 struct hci_dev *hdev = (struct hci_dev *) data;
966 BT_DBG("%s", hdev->name);
968 clear_bit(HCI_AUTO_OFF, &hdev->flags);
970 queue_work(hdev->workqueue, &hdev->power_off);
973 void hci_del_off_timer(struct hci_dev *hdev)
975 BT_DBG("%s", hdev->name);
977 clear_bit(HCI_AUTO_OFF, &hdev->flags);
978 del_timer(&hdev->off_timer);
981 int hci_uuids_clear(struct hci_dev *hdev)
983 struct list_head *p, *n;
985 list_for_each_safe(p, n, &hdev->uuids) {
986 struct bt_uuid *uuid;
988 uuid = list_entry(p, struct bt_uuid, list);
997 int hci_link_keys_clear(struct hci_dev *hdev)
999 struct list_head *p, *n;
1001 list_for_each_safe(p, n, &hdev->link_keys) {
1002 struct link_key *key;
1004 key = list_entry(p, struct link_key, list);
1013 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1015 struct list_head *p;
1017 list_for_each(p, &hdev->link_keys) {
1020 k = list_entry(p, struct link_key, list);
1022 if (bacmp(bdaddr, &k->bdaddr) == 0)
1029 static int hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1030 u8 key_type, u8 old_key_type)
1033 if (key_type < 0x03)
1036 /* Debug keys are insecure so don't store them persistently */
1037 if (key_type == HCI_LK_DEBUG_COMBINATION)
1040 /* Changed combination key and there's no previous one */
1041 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1044 /* Security mode 3 case */
1048 /* Neither local nor remote side had no-bonding as requirement */
1049 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1052 /* Local side had dedicated bonding as requirement */
1053 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1056 /* Remote side had dedicated bonding as requirement */
1057 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1060 /* If none of the above criteria match, then don't store the key
1065 struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1069 list_for_each_entry(k, &hdev->link_keys, list) {
1070 struct key_master_id *id;
1072 if (k->type != HCI_LK_SMP_LTK)
1075 if (k->dlen != sizeof(*id))
1078 id = (void *) &k->data;
1079 if (id->ediv == ediv &&
1080 (memcmp(rand, id->rand, sizeof(id->rand)) == 0))
1086 EXPORT_SYMBOL(hci_find_ltk);
1088 struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
1089 bdaddr_t *bdaddr, u8 type)
1093 list_for_each_entry(k, &hdev->link_keys, list)
1094 if (k->type == type && bacmp(bdaddr, &k->bdaddr) == 0)
1099 EXPORT_SYMBOL(hci_find_link_key_type);
1101 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1102 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1104 struct link_key *key, *old_key;
1105 u8 old_key_type, persistent;
1107 old_key = hci_find_link_key(hdev, bdaddr);
1109 old_key_type = old_key->type;
1112 old_key_type = conn ? conn->key_type : 0xff;
1113 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1116 list_add(&key->list, &hdev->link_keys);
1119 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1121 /* Some buggy controller combinations generate a changed
1122 * combination key for legacy pairing even when there's no
1124 if (type == HCI_LK_CHANGED_COMBINATION &&
1125 (!conn || conn->remote_auth == 0xff) &&
1126 old_key_type == 0xff) {
1127 type = HCI_LK_COMBINATION;
1129 conn->key_type = type;
1132 bacpy(&key->bdaddr, bdaddr);
1133 memcpy(key->val, val, 16);
1134 key->pin_len = pin_len;
1136 if (type == HCI_LK_CHANGED_COMBINATION)
1137 key->type = old_key_type;
1144 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1146 mgmt_new_key(hdev->id, key, persistent);
1149 list_del(&key->list);
1156 int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
1157 u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16])
1159 struct link_key *key, *old_key;
1160 struct key_master_id *id;
1163 BT_DBG("%s addr %s", hdev->name, batostr(bdaddr));
1165 old_key = hci_find_link_key_type(hdev, bdaddr, HCI_LK_SMP_LTK);
1168 old_key_type = old_key->type;
1170 key = kzalloc(sizeof(*key) + sizeof(*id), GFP_ATOMIC);
1173 list_add(&key->list, &hdev->link_keys);
1174 old_key_type = 0xff;
1177 key->dlen = sizeof(*id);
1179 bacpy(&key->bdaddr, bdaddr);
1180 memcpy(key->val, ltk, sizeof(key->val));
1181 key->type = HCI_LK_SMP_LTK;
1182 key->pin_len = key_size;
1184 id = (void *) &key->data;
1186 memcpy(id->rand, rand, sizeof(id->rand));
1189 mgmt_new_key(hdev->id, key, old_key_type);
1194 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1196 struct link_key *key;
1198 key = hci_find_link_key(hdev, bdaddr);
1202 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1204 list_del(&key->list);
1210 /* HCI command timer function */
1211 static void hci_cmd_timer(unsigned long arg)
1213 struct hci_dev *hdev = (void *) arg;
1215 BT_ERR("%s command tx timeout", hdev->name);
1216 atomic_set(&hdev->cmd_cnt, 1);
1217 tasklet_schedule(&hdev->cmd_task);
1220 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1223 struct oob_data *data;
1225 list_for_each_entry(data, &hdev->remote_oob_data, list)
1226 if (bacmp(bdaddr, &data->bdaddr) == 0)
1232 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1234 struct oob_data *data;
1236 data = hci_find_remote_oob_data(hdev, bdaddr);
1240 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1242 list_del(&data->list);
1248 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1250 struct oob_data *data, *n;
1252 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1253 list_del(&data->list);
1260 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1263 struct oob_data *data;
1265 data = hci_find_remote_oob_data(hdev, bdaddr);
1268 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1272 bacpy(&data->bdaddr, bdaddr);
1273 list_add(&data->list, &hdev->remote_oob_data);
1276 memcpy(data->hash, hash, sizeof(data->hash));
1277 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1279 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1284 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev,
1287 struct list_head *p;
1289 list_for_each(p, &hdev->blacklist) {
1290 struct bdaddr_list *b;
1292 b = list_entry(p, struct bdaddr_list, list);
1294 if (bacmp(bdaddr, &b->bdaddr) == 0)
1301 int hci_blacklist_clear(struct hci_dev *hdev)
1303 struct list_head *p, *n;
1305 list_for_each_safe(p, n, &hdev->blacklist) {
1306 struct bdaddr_list *b;
1308 b = list_entry(p, struct bdaddr_list, list);
1317 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr)
1319 struct bdaddr_list *entry;
1322 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1325 hci_dev_lock_bh(hdev);
1327 if (hci_blacklist_lookup(hdev, bdaddr)) {
1332 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1338 bacpy(&entry->bdaddr, bdaddr);
1340 list_add(&entry->list, &hdev->blacklist);
1345 hci_dev_unlock_bh(hdev);
1349 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr)
1351 struct bdaddr_list *entry;
1354 hci_dev_lock_bh(hdev);
1356 if (bacmp(bdaddr, BDADDR_ANY) == 0) {
1357 hci_blacklist_clear(hdev);
1361 entry = hci_blacklist_lookup(hdev, bdaddr);
1367 list_del(&entry->list);
1371 hci_dev_unlock_bh(hdev);
1375 static void hci_clear_adv_cache(unsigned long arg)
1377 struct hci_dev *hdev = (void *) arg;
1381 hci_adv_entries_clear(hdev);
1383 hci_dev_unlock(hdev);
1386 int hci_adv_entries_clear(struct hci_dev *hdev)
1388 struct adv_entry *entry, *tmp;
1390 list_for_each_entry_safe(entry, tmp, &hdev->adv_entries, list) {
1391 list_del(&entry->list);
1395 BT_DBG("%s adv cache cleared", hdev->name);
1400 struct adv_entry *hci_find_adv_entry(struct hci_dev *hdev, bdaddr_t *bdaddr)
1402 struct adv_entry *entry;
1404 list_for_each_entry(entry, &hdev->adv_entries, list)
1405 if (bacmp(bdaddr, &entry->bdaddr) == 0)
1411 static inline int is_connectable_adv(u8 evt_type)
1413 if (evt_type == ADV_IND || evt_type == ADV_DIRECT_IND)
1419 int hci_add_adv_entry(struct hci_dev *hdev,
1420 struct hci_ev_le_advertising_info *ev)
1422 struct adv_entry *entry;
1424 if (!is_connectable_adv(ev->evt_type))
1427 /* Only new entries should be added to adv_entries. So, if
1428 * bdaddr was found, don't add it. */
1429 if (hci_find_adv_entry(hdev, &ev->bdaddr))
1432 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
1436 bacpy(&entry->bdaddr, &ev->bdaddr);
1437 entry->bdaddr_type = ev->bdaddr_type;
1439 list_add(&entry->list, &hdev->adv_entries);
1441 BT_DBG("%s adv entry added: address %s type %u", hdev->name,
1442 batostr(&entry->bdaddr), entry->bdaddr_type);
1447 /* Register HCI device */
1448 int hci_register_dev(struct hci_dev *hdev)
1450 struct list_head *head = &hci_dev_list, *p;
1453 BT_DBG("%p name %s bus %d owner %p", hdev, hdev->name,
1454 hdev->bus, hdev->owner);
1456 if (!hdev->open || !hdev->close || !hdev->destruct)
1459 write_lock_bh(&hci_dev_list_lock);
1461 /* Find first available device id */
1462 list_for_each(p, &hci_dev_list) {
1463 if (list_entry(p, struct hci_dev, list)->id != id)
1468 sprintf(hdev->name, "hci%d", id);
1470 list_add(&hdev->list, head);
1472 atomic_set(&hdev->refcnt, 1);
1473 spin_lock_init(&hdev->lock);
1476 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1477 hdev->esco_type = (ESCO_HV1);
1478 hdev->link_mode = (HCI_LM_ACCEPT);
1479 hdev->io_capability = 0x03; /* No Input No Output */
1481 hdev->idle_timeout = 0;
1482 hdev->sniff_max_interval = 800;
1483 hdev->sniff_min_interval = 80;
1485 tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev);
1486 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
1487 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
1489 skb_queue_head_init(&hdev->rx_q);
1490 skb_queue_head_init(&hdev->cmd_q);
1491 skb_queue_head_init(&hdev->raw_q);
1493 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1495 for (i = 0; i < NUM_REASSEMBLY; i++)
1496 hdev->reassembly[i] = NULL;
1498 init_waitqueue_head(&hdev->req_wait_q);
1499 mutex_init(&hdev->req_lock);
1501 inquiry_cache_init(hdev);
1503 hci_conn_hash_init(hdev);
1505 INIT_LIST_HEAD(&hdev->blacklist);
1507 INIT_LIST_HEAD(&hdev->uuids);
1509 INIT_LIST_HEAD(&hdev->link_keys);
1511 INIT_LIST_HEAD(&hdev->remote_oob_data);
1513 INIT_LIST_HEAD(&hdev->adv_entries);
1514 setup_timer(&hdev->adv_timer, hci_clear_adv_cache,
1515 (unsigned long) hdev);
1517 INIT_WORK(&hdev->power_on, hci_power_on);
1518 INIT_WORK(&hdev->power_off, hci_power_off);
1519 setup_timer(&hdev->off_timer, hci_auto_off, (unsigned long) hdev);
1521 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1523 atomic_set(&hdev->promisc, 0);
1525 write_unlock_bh(&hci_dev_list_lock);
1527 hdev->workqueue = create_singlethread_workqueue(hdev->name);
1528 if (!hdev->workqueue)
1531 hdev->tfm = crypto_alloc_blkcipher("ecb(aes)", 0, CRYPTO_ALG_ASYNC);
1532 if (IS_ERR(hdev->tfm))
1533 BT_INFO("Failed to load transform for ecb(aes): %ld",
1534 PTR_ERR(hdev->tfm));
1536 hci_register_sysfs(hdev);
1538 #if !defined(CONFIG_MT6620)
1539 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1540 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1542 if (rfkill_register(hdev->rfkill) < 0) {
1543 rfkill_destroy(hdev->rfkill);
1544 hdev->rfkill = NULL;
1548 set_bit(HCI_AUTO_OFF, &hdev->flags);
1549 set_bit(HCI_SETUP, &hdev->flags);
1550 queue_work(hdev->workqueue, &hdev->power_on);
1553 hci_notify(hdev, HCI_DEV_REG);
1558 write_lock_bh(&hci_dev_list_lock);
1559 list_del(&hdev->list);
1560 write_unlock_bh(&hci_dev_list_lock);
1564 EXPORT_SYMBOL(hci_register_dev);
1566 /* Unregister HCI device */
1567 int hci_unregister_dev(struct hci_dev *hdev)
1571 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1573 set_bit(HCI_UNREGISTER, &hdev->flags);
1575 write_lock_bh(&hci_dev_list_lock);
1576 list_del(&hdev->list);
1577 write_unlock_bh(&hci_dev_list_lock);
1579 hci_dev_do_close(hdev);
1581 for (i = 0; i < NUM_REASSEMBLY; i++)
1582 kfree_skb(hdev->reassembly[i]);
1584 if (!test_bit(HCI_INIT, &hdev->flags) &&
1585 !test_bit(HCI_SETUP, &hdev->flags))
1586 mgmt_index_removed(hdev->id);
1588 if (!IS_ERR(hdev->tfm))
1589 crypto_free_blkcipher(hdev->tfm);
1591 hci_notify(hdev, HCI_DEV_UNREG);
1594 rfkill_unregister(hdev->rfkill);
1595 rfkill_destroy(hdev->rfkill);
1598 hci_unregister_sysfs(hdev);
1600 hci_del_off_timer(hdev);
1601 del_timer(&hdev->adv_timer);
1603 destroy_workqueue(hdev->workqueue);
1605 hci_dev_lock_bh(hdev);
1606 hci_blacklist_clear(hdev);
1607 hci_uuids_clear(hdev);
1608 hci_link_keys_clear(hdev);
1609 hci_remote_oob_data_clear(hdev);
1610 hci_adv_entries_clear(hdev);
1611 hci_dev_unlock_bh(hdev);
1613 __hci_dev_put(hdev);
1617 EXPORT_SYMBOL(hci_unregister_dev);
1619 /* Suspend HCI device */
1620 int hci_suspend_dev(struct hci_dev *hdev)
1622 hci_notify(hdev, HCI_DEV_SUSPEND);
1625 EXPORT_SYMBOL(hci_suspend_dev);
1627 /* Resume HCI device */
1628 int hci_resume_dev(struct hci_dev *hdev)
1630 hci_notify(hdev, HCI_DEV_RESUME);
1633 EXPORT_SYMBOL(hci_resume_dev);
1635 /* Receive frame from HCI drivers */
1636 int hci_recv_frame(struct sk_buff *skb)
1638 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1639 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1640 && !test_bit(HCI_INIT, &hdev->flags))) {
1646 bt_cb(skb)->incoming = 1;
1649 __net_timestamp(skb);
1651 /* Queue frame for rx task */
1652 skb_queue_tail(&hdev->rx_q, skb);
1653 tasklet_schedule(&hdev->rx_task);
1657 EXPORT_SYMBOL(hci_recv_frame);
1659 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1660 int count, __u8 index)
1665 struct sk_buff *skb;
1666 struct bt_skb_cb *scb;
1668 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1669 index >= NUM_REASSEMBLY)
1672 skb = hdev->reassembly[index];
1676 case HCI_ACLDATA_PKT:
1677 len = HCI_MAX_FRAME_SIZE;
1678 hlen = HCI_ACL_HDR_SIZE;
1681 len = HCI_MAX_EVENT_SIZE;
1682 hlen = HCI_EVENT_HDR_SIZE;
1684 case HCI_SCODATA_PKT:
1685 len = HCI_MAX_SCO_SIZE;
1686 hlen = HCI_SCO_HDR_SIZE;
1690 skb = bt_skb_alloc(len, GFP_ATOMIC);
1694 scb = (void *) skb->cb;
1696 scb->pkt_type = type;
1698 skb->dev = (void *) hdev;
1699 hdev->reassembly[index] = skb;
1703 scb = (void *) skb->cb;
1704 len = min(scb->expect, (__u16)count);
1706 memcpy(skb_put(skb, len), data, len);
1715 if (skb->len == HCI_EVENT_HDR_SIZE) {
1716 struct hci_event_hdr *h = hci_event_hdr(skb);
1717 scb->expect = h->plen;
1719 if (skb_tailroom(skb) < scb->expect) {
1721 hdev->reassembly[index] = NULL;
1727 case HCI_ACLDATA_PKT:
1728 if (skb->len == HCI_ACL_HDR_SIZE) {
1729 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1730 scb->expect = __le16_to_cpu(h->dlen);
1732 if (skb_tailroom(skb) < scb->expect) {
1734 hdev->reassembly[index] = NULL;
1740 case HCI_SCODATA_PKT:
1741 if (skb->len == HCI_SCO_HDR_SIZE) {
1742 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1743 scb->expect = h->dlen;
1745 if (skb_tailroom(skb) < scb->expect) {
1747 hdev->reassembly[index] = NULL;
1754 if (scb->expect == 0) {
1755 /* Complete frame */
1757 bt_cb(skb)->pkt_type = type;
1758 hci_recv_frame(skb);
1760 hdev->reassembly[index] = NULL;
1768 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1772 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1776 rem = hci_reassembly(hdev, type, data, count, type - 1);
1780 data += (count - rem);
1786 EXPORT_SYMBOL(hci_recv_fragment);
1788 #define STREAM_REASSEMBLY 0
1790 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1796 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
1799 struct { char type; } *pkt;
1801 /* Start of the frame */
1808 type = bt_cb(skb)->pkt_type;
1810 rem = hci_reassembly(hdev, type, data, count,
1815 data += (count - rem);
1821 EXPORT_SYMBOL(hci_recv_stream_fragment);
1823 /* ---- Interface to upper protocols ---- */
1825 /* Register/Unregister protocols.
1826 * hci_task_lock is used to ensure that no tasks are running. */
1827 int hci_register_proto(struct hci_proto *hp)
1831 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1833 if (hp->id >= HCI_MAX_PROTO)
1836 write_lock_bh(&hci_task_lock);
1838 if (!hci_proto[hp->id])
1839 hci_proto[hp->id] = hp;
1843 write_unlock_bh(&hci_task_lock);
1847 EXPORT_SYMBOL(hci_register_proto);
1849 int hci_unregister_proto(struct hci_proto *hp)
1853 BT_DBG("%p name %s id %d", hp, hp->name, hp->id);
1855 if (hp->id >= HCI_MAX_PROTO)
1858 write_lock_bh(&hci_task_lock);
1860 if (hci_proto[hp->id])
1861 hci_proto[hp->id] = NULL;
1865 write_unlock_bh(&hci_task_lock);
1869 EXPORT_SYMBOL(hci_unregister_proto);
1871 int hci_register_cb(struct hci_cb *cb)
1873 BT_DBG("%p name %s", cb, cb->name);
1875 write_lock_bh(&hci_cb_list_lock);
1876 list_add(&cb->list, &hci_cb_list);
1877 write_unlock_bh(&hci_cb_list_lock);
1881 EXPORT_SYMBOL(hci_register_cb);
1883 int hci_unregister_cb(struct hci_cb *cb)
1885 BT_DBG("%p name %s", cb, cb->name);
1887 write_lock_bh(&hci_cb_list_lock);
1888 list_del(&cb->list);
1889 write_unlock_bh(&hci_cb_list_lock);
1893 EXPORT_SYMBOL(hci_unregister_cb);
1895 static int hci_send_frame(struct sk_buff *skb)
1897 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1904 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
1906 if (atomic_read(&hdev->promisc)) {
1908 __net_timestamp(skb);
1910 hci_send_to_sock(hdev, skb, NULL);
1913 /* Get rid of skb owner, prior to sending to the driver. */
1916 return hdev->send(skb);
1919 /* Send HCI command */
1920 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
1922 int len = HCI_COMMAND_HDR_SIZE + plen;
1923 struct hci_command_hdr *hdr;
1924 struct sk_buff *skb;
1926 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
1928 skb = bt_skb_alloc(len, GFP_ATOMIC);
1930 BT_ERR("%s no memory for command", hdev->name);
1934 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
1935 hdr->opcode = cpu_to_le16(opcode);
1939 memcpy(skb_put(skb, plen), param, plen);
1941 BT_DBG("skb len %d", skb->len);
1943 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1944 skb->dev = (void *) hdev;
1946 if (test_bit(HCI_INIT, &hdev->flags))
1947 hdev->init_last_cmd = opcode;
1949 skb_queue_tail(&hdev->cmd_q, skb);
1950 tasklet_schedule(&hdev->cmd_task);
1955 /* Get data from the previously sent command */
1956 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1958 struct hci_command_hdr *hdr;
1960 if (!hdev->sent_cmd)
1963 hdr = (void *) hdev->sent_cmd->data;
1965 if (hdr->opcode != cpu_to_le16(opcode))
1968 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1970 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
1974 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
1976 struct hci_acl_hdr *hdr;
1979 skb_push(skb, HCI_ACL_HDR_SIZE);
1980 skb_reset_transport_header(skb);
1981 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
1982 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
1983 hdr->dlen = cpu_to_le16(len);
1986 void hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1988 struct hci_dev *hdev = conn->hdev;
1989 struct sk_buff *list;
1991 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
1993 skb->dev = (void *) hdev;
1994 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1995 hci_add_acl_hdr(skb, conn->handle, flags);
1997 list = skb_shinfo(skb)->frag_list;
1999 /* Non fragmented */
2000 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2002 skb_queue_tail(&conn->data_q, skb);
2005 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2007 skb_shinfo(skb)->frag_list = NULL;
2009 /* Queue all fragments atomically */
2010 spin_lock_bh(&conn->data_q.lock);
2012 __skb_queue_tail(&conn->data_q, skb);
2014 flags &= ~ACL_START;
2017 skb = list; list = list->next;
2019 skb->dev = (void *) hdev;
2020 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2021 hci_add_acl_hdr(skb, conn->handle, flags);
2023 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2025 __skb_queue_tail(&conn->data_q, skb);
2028 spin_unlock_bh(&conn->data_q.lock);
2031 tasklet_schedule(&hdev->tx_task);
2033 EXPORT_SYMBOL(hci_send_acl);
2036 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2038 struct hci_dev *hdev = conn->hdev;
2039 struct hci_sco_hdr hdr;
2041 BT_DBG("%s len %d", hdev->name, skb->len);
2043 hdr.handle = cpu_to_le16(conn->handle);
2044 hdr.dlen = skb->len;
2046 skb_push(skb, HCI_SCO_HDR_SIZE);
2047 skb_reset_transport_header(skb);
2048 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2050 skb->dev = (void *) hdev;
2051 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2053 skb_queue_tail(&conn->data_q, skb);
2054 tasklet_schedule(&hdev->tx_task);
2056 EXPORT_SYMBOL(hci_send_sco);
2058 /* ---- HCI TX task (outgoing data) ---- */
2060 /* HCI Connection scheduler */
2061 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2063 struct hci_conn_hash *h = &hdev->conn_hash;
2064 struct hci_conn *conn = NULL;
2065 int num = 0, min = ~0;
2066 struct list_head *p;
2068 /* We don't have to lock device here. Connections are always
2069 * added and removed with TX task disabled. */
2070 list_for_each(p, &h->list) {
2072 c = list_entry(p, struct hci_conn, list);
2074 if (c->type != type || skb_queue_empty(&c->data_q))
2077 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2082 if (c->sent < min) {
2091 switch (conn->type) {
2093 cnt = hdev->acl_cnt;
2097 cnt = hdev->sco_cnt;
2100 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2104 BT_ERR("Unknown link type");
2112 BT_DBG("conn %p quote %d", conn, *quote);
2116 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2118 struct hci_conn_hash *h = &hdev->conn_hash;
2119 struct list_head *p;
2122 BT_ERR("%s link tx timeout", hdev->name);
2124 /* Kill stalled connections */
2125 list_for_each(p, &h->list) {
2126 c = list_entry(p, struct hci_conn, list);
2127 if (c->type == type && c->sent) {
2128 BT_ERR("%s killing stalled connection %s",
2129 hdev->name, batostr(&c->dst));
2130 hci_acl_disconn(c, 0x13);
2135 static inline void hci_sched_acl(struct hci_dev *hdev)
2137 struct hci_conn *conn;
2138 struct sk_buff *skb;
2141 BT_DBG("%s", hdev->name);
2143 if (!test_bit(HCI_RAW, &hdev->flags)) {
2144 /* ACL tx timeout must be longer than maximum
2145 * link supervision timeout (40.9 seconds) */
2146 if (!hdev->acl_cnt && time_after(jiffies, hdev->acl_last_tx + HZ * 45))
2147 hci_link_tx_to(hdev, ACL_LINK);
2150 while (hdev->acl_cnt && (conn = hci_low_sent(hdev, ACL_LINK, "e))) {
2151 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2152 BT_DBG("skb %p len %d", skb, skb->len);
2154 hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active);
2156 hci_send_frame(skb);
2157 hdev->acl_last_tx = jiffies;
2166 static inline void hci_sched_sco(struct hci_dev *hdev)
2168 struct hci_conn *conn;
2169 struct sk_buff *skb;
2172 BT_DBG("%s", hdev->name);
2174 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
2175 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2176 BT_DBG("skb %p len %d", skb, skb->len);
2177 hci_send_frame(skb);
2180 if (conn->sent == ~0)
2186 static inline void hci_sched_esco(struct hci_dev *hdev)
2188 struct hci_conn *conn;
2189 struct sk_buff *skb;
2192 BT_DBG("%s", hdev->name);
2194 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
2195 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2196 BT_DBG("skb %p len %d", skb, skb->len);
2197 hci_send_frame(skb);
2200 if (conn->sent == ~0)
2206 static inline void hci_sched_le(struct hci_dev *hdev)
2208 struct hci_conn *conn;
2209 struct sk_buff *skb;
2212 BT_DBG("%s", hdev->name);
2214 if (!test_bit(HCI_RAW, &hdev->flags)) {
2215 /* LE tx timeout must be longer than maximum
2216 * link supervision timeout (40.9 seconds) */
2217 if (!hdev->le_cnt && hdev->le_pkts &&
2218 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2219 hci_link_tx_to(hdev, LE_LINK);
2222 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2223 while (cnt && (conn = hci_low_sent(hdev, LE_LINK, "e))) {
2224 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2225 BT_DBG("skb %p len %d", skb, skb->len);
2227 hci_send_frame(skb);
2228 hdev->le_last_tx = jiffies;
2237 hdev->acl_cnt = cnt;
2240 static void hci_tx_task(unsigned long arg)
2242 struct hci_dev *hdev = (struct hci_dev *) arg;
2243 struct sk_buff *skb;
2245 read_lock(&hci_task_lock);
2247 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2248 hdev->sco_cnt, hdev->le_cnt);
2250 /* Schedule queues and send stuff to HCI driver */
2252 hci_sched_acl(hdev);
2254 hci_sched_sco(hdev);
2256 hci_sched_esco(hdev);
2260 /* Send next queued raw (unknown type) packet */
2261 while ((skb = skb_dequeue(&hdev->raw_q)))
2262 hci_send_frame(skb);
2264 read_unlock(&hci_task_lock);
2267 /* ----- HCI RX task (incoming data processing) ----- */
2269 /* ACL data packet */
2270 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2272 struct hci_acl_hdr *hdr = (void *) skb->data;
2273 struct hci_conn *conn;
2274 __u16 handle, flags;
2276 skb_pull(skb, HCI_ACL_HDR_SIZE);
2278 handle = __le16_to_cpu(hdr->handle);
2279 flags = hci_flags(handle);
2280 handle = hci_handle(handle);
2282 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2284 hdev->stat.acl_rx++;
2287 conn = hci_conn_hash_lookup_handle(hdev, handle);
2288 hci_dev_unlock(hdev);
2291 register struct hci_proto *hp;
2293 hci_conn_enter_active_mode(conn, bt_cb(skb)->force_active);
2295 /* Send to upper protocol */
2296 hp = hci_proto[HCI_PROTO_L2CAP];
2297 if (hp && hp->recv_acldata) {
2298 hp->recv_acldata(conn, skb, flags);
2302 BT_ERR("%s ACL packet for unknown connection handle %d",
2303 hdev->name, handle);
2309 /* SCO data packet */
2310 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2312 struct hci_sco_hdr *hdr = (void *) skb->data;
2313 struct hci_conn *conn;
2316 skb_pull(skb, HCI_SCO_HDR_SIZE);
2318 handle = __le16_to_cpu(hdr->handle);
2320 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2322 hdev->stat.sco_rx++;
2325 conn = hci_conn_hash_lookup_handle(hdev, handle);
2326 hci_dev_unlock(hdev);
2329 register struct hci_proto *hp;
2331 /* Send to upper protocol */
2332 hp = hci_proto[HCI_PROTO_SCO];
2333 if (hp && hp->recv_scodata) {
2334 hp->recv_scodata(conn, skb);
2338 BT_ERR("%s SCO packet for unknown connection handle %d",
2339 hdev->name, handle);
2345 static void hci_rx_task(unsigned long arg)
2347 struct hci_dev *hdev = (struct hci_dev *) arg;
2348 struct sk_buff *skb;
2350 BT_DBG("%s", hdev->name);
2352 read_lock(&hci_task_lock);
2354 while ((skb = skb_dequeue(&hdev->rx_q))) {
2355 if (atomic_read(&hdev->promisc)) {
2356 /* Send copy to the sockets */
2357 hci_send_to_sock(hdev, skb, NULL);
2360 if (test_bit(HCI_RAW, &hdev->flags)) {
2365 if (test_bit(HCI_INIT, &hdev->flags)) {
2366 /* Don't process data packets in this states. */
2367 switch (bt_cb(skb)->pkt_type) {
2368 case HCI_ACLDATA_PKT:
2369 case HCI_SCODATA_PKT:
2376 switch (bt_cb(skb)->pkt_type) {
2378 hci_event_packet(hdev, skb);
2381 case HCI_ACLDATA_PKT:
2382 BT_DBG("%s ACL data packet", hdev->name);
2383 hci_acldata_packet(hdev, skb);
2386 case HCI_SCODATA_PKT:
2387 BT_DBG("%s SCO data packet", hdev->name);
2388 hci_scodata_packet(hdev, skb);
2397 read_unlock(&hci_task_lock);
2400 static void hci_cmd_task(unsigned long arg)
2402 struct hci_dev *hdev = (struct hci_dev *) arg;
2403 struct sk_buff *skb;
2405 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2407 /* Send queued commands */
2408 if (atomic_read(&hdev->cmd_cnt)) {
2409 skb = skb_dequeue(&hdev->cmd_q);
2413 kfree_skb(hdev->sent_cmd);
2415 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2416 if (hdev->sent_cmd) {
2417 atomic_dec(&hdev->cmd_cnt);
2418 hci_send_frame(skb);
2419 if (test_bit(HCI_RESET, &hdev->flags))
2420 del_timer(&hdev->cmd_timer);
2422 mod_timer(&hdev->cmd_timer,
2423 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2425 skb_queue_head(&hdev->cmd_q, skb);
2426 tasklet_schedule(&hdev->cmd_task);
projects / firefly-linux-kernel-4.4.55.git / blob