projects / firefly-linux-kernel-4.4.55.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge git://1984.lsi.us.es/nf-next
[firefly-linux-kernel-4.4.55.git] / net / bluetooth / hci_core.c
1 /*
2    BlueZ - Bluetooth protocol stack for Linux
3    Copyright (C) 2000-2001 Qualcomm Incorporated
4    Copyright (C) 2011 ProFUSION Embedded Systems
5
6    Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License version 2 as
10    published by the Free Software Foundation;
11
12    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
21    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23    SOFTWARE IS DISCLAIMED.
24 */
25
26 /* Bluetooth HCI core. */
27
28 #include <linux/export.h>
29 #include <linux/idr.h>
30
31 #include <linux/rfkill.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35
36 static void hci_rx_work(struct work_struct *work);
37 static void hci_cmd_work(struct work_struct *work);
38 static void hci_tx_work(struct work_struct *work);
39
40 /* HCI device list */
41 LIST_HEAD(hci_dev_list);
42 DEFINE_RWLOCK(hci_dev_list_lock);
43
44 /* HCI callback list */
45 LIST_HEAD(hci_cb_list);
46 DEFINE_RWLOCK(hci_cb_list_lock);
47
48 /* HCI ID Numbering */
49 static DEFINE_IDA(hci_index_ida);
50
51 /* ---- HCI notifications ---- */
52
53 static void hci_notify(struct hci_dev *hdev, int event)
54 {
55         hci_sock_dev_event(hdev, event);
56 }
57
58 /* ---- HCI requests ---- */
59
60 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
61 {
62         BT_DBG("%s command 0x%4.4x result 0x%2.2x", hdev->name, cmd, result);
63
64         /* If this is the init phase check if the completed command matches
65          * the last init command, and if not just return.
66          */
67         if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
68                 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
69                 u16 opcode = __le16_to_cpu(sent->opcode);
70                 struct sk_buff *skb;
71
72                 /* Some CSR based controllers generate a spontaneous
73                  * reset complete event during init and any pending
74                  * command will never be completed. In such a case we
75                  * need to resend whatever was the last sent
76                  * command.
77                  */
78
79                 if (cmd != HCI_OP_RESET || opcode == HCI_OP_RESET)
80                         return;
81
82                 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
83                 if (skb) {
84                         skb_queue_head(&hdev->cmd_q, skb);
85                         queue_work(hdev->workqueue, &hdev->cmd_work);
86                 }
87
88                 return;
89         }
90
91         if (hdev->req_status == HCI_REQ_PEND) {
92                 hdev->req_result = result;
93                 hdev->req_status = HCI_REQ_DONE;
94                 wake_up_interruptible(&hdev->req_wait_q);
95         }
96 }
97
98 static void hci_req_cancel(struct hci_dev *hdev, int err)
99 {
100         BT_DBG("%s err 0x%2.2x", hdev->name, err);
101
102         if (hdev->req_status == HCI_REQ_PEND) {
103                 hdev->req_result = err;
104                 hdev->req_status = HCI_REQ_CANCELED;
105                 wake_up_interruptible(&hdev->req_wait_q);
106         }
107 }
108
109 /* Execute request and wait for completion. */
110 static int __hci_request(struct hci_dev *hdev,
111                          void (*req)(struct hci_dev *hdev, unsigned long opt),
112                          unsigned long opt, __u32 timeout)
113 {
114         DECLARE_WAITQUEUE(wait, current);
115         int err = 0;
116
117         BT_DBG("%s start", hdev->name);
118
119         hdev->req_status = HCI_REQ_PEND;
120
121         add_wait_queue(&hdev->req_wait_q, &wait);
122         set_current_state(TASK_INTERRUPTIBLE);
123
124         req(hdev, opt);
125         schedule_timeout(timeout);
126
127         remove_wait_queue(&hdev->req_wait_q, &wait);
128
129         if (signal_pending(current))
130                 return -EINTR;
131
132         switch (hdev->req_status) {
133         case HCI_REQ_DONE:
134                 err = -bt_to_errno(hdev->req_result);
135                 break;
136
137         case HCI_REQ_CANCELED:
138                 err = -hdev->req_result;
139                 break;
140
141         default:
142                 err = -ETIMEDOUT;
143                 break;
144         }
145
146         hdev->req_status = hdev->req_result = 0;
147
148         BT_DBG("%s end: err %d", hdev->name, err);
149
150         return err;
151 }
152
153 static int hci_request(struct hci_dev *hdev,
154                        void (*req)(struct hci_dev *hdev, unsigned long opt),
155                        unsigned long opt, __u32 timeout)
156 {
157         int ret;
158
159         if (!test_bit(HCI_UP, &hdev->flags))
160                 return -ENETDOWN;
161
162         /* Serialize all requests */
163         hci_req_lock(hdev);
164         ret = __hci_request(hdev, req, opt, timeout);
165         hci_req_unlock(hdev);
166
167         return ret;
168 }
169
170 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
171 {
172         BT_DBG("%s %ld", hdev->name, opt);
173
174         /* Reset device */
175         set_bit(HCI_RESET, &hdev->flags);
176         hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
177 }
178
179 static void bredr_init(struct hci_dev *hdev)
180 {
181         struct hci_cp_delete_stored_link_key cp;
182         __le16 param;
183         __u8 flt_type;
184
185         hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
186
187         /* Mandatory initialization */
188
189         /* Read Local Supported Features */
190         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
191
192         /* Read Local Version */
193         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
194
195         /* Read Buffer Size (ACL mtu, max pkt, etc.) */
196         hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
197
198         /* Read BD Address */
199         hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
200
201         /* Read Class of Device */
202         hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
203
204         /* Read Local Name */
205         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
206
207         /* Read Voice Setting */
208         hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
209
210         /* Optional initialization */
211
212         /* Clear Event Filters */
213         flt_type = HCI_FLT_CLEAR_ALL;
214         hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
215
216         /* Connection accept timeout ~20 secs */
217         param = __constant_cpu_to_le16(0x7d00);
218         hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
219
220         bacpy(&cp.bdaddr, BDADDR_ANY);
221         cp.delete_all = 1;
222         hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
223 }
224
225 static void amp_init(struct hci_dev *hdev)
226 {
227         hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
228
229         /* Read Local Version */
230         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
231
232         /* Read Local AMP Info */
233         hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
234 }
235
236 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
237 {
238         struct sk_buff *skb;
239
240         BT_DBG("%s %ld", hdev->name, opt);
241
242         /* Driver initialization */
243
244         /* Special commands */
245         while ((skb = skb_dequeue(&hdev->driver_init))) {
246                 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
247                 skb->dev = (void *) hdev;
248
249                 skb_queue_tail(&hdev->cmd_q, skb);
250                 queue_work(hdev->workqueue, &hdev->cmd_work);
251         }
252         skb_queue_purge(&hdev->driver_init);
253
254         /* Reset */
255         if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
256                 hci_reset_req(hdev, 0);
257
258         switch (hdev->dev_type) {
259         case HCI_BREDR:
260                 bredr_init(hdev);
261                 break;
262
263         case HCI_AMP:
264                 amp_init(hdev);
265                 break;
266
267         default:
268                 BT_ERR("Unknown device type %d", hdev->dev_type);
269                 break;
270         }
271
272 }
273
274 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
275 {
276         BT_DBG("%s", hdev->name);
277
278         /* Read LE buffer size */
279         hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
280 }
281
282 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
283 {
284         __u8 scan = opt;
285
286         BT_DBG("%s %x", hdev->name, scan);
287
288         /* Inquiry and Page scans */
289         hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
290 }
291
292 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
293 {
294         __u8 auth = opt;
295
296         BT_DBG("%s %x", hdev->name, auth);
297
298         /* Authentication */
299         hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
300 }
301
302 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
303 {
304         __u8 encrypt = opt;
305
306         BT_DBG("%s %x", hdev->name, encrypt);
307
308         /* Encryption */
309         hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
310 }
311
312 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
313 {
314         __le16 policy = cpu_to_le16(opt);
315
316         BT_DBG("%s %x", hdev->name, policy);
317
318         /* Default link policy */
319         hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
320 }
321
322 /* Get HCI device by index.
323  * Device is held on return. */
324 struct hci_dev *hci_dev_get(int index)
325 {
326         struct hci_dev *hdev = NULL, *d;
327
328         BT_DBG("%d", index);
329
330         if (index < 0)
331                 return NULL;
332
333         read_lock(&hci_dev_list_lock);
334         list_for_each_entry(d, &hci_dev_list, list) {
335                 if (d->id == index) {
336                         hdev = hci_dev_hold(d);
337                         break;
338                 }
339         }
340         read_unlock(&hci_dev_list_lock);
341         return hdev;
342 }
343
344 /* ---- Inquiry support ---- */
345
346 bool hci_discovery_active(struct hci_dev *hdev)
347 {
348         struct discovery_state *discov = &hdev->discovery;
349
350         switch (discov->state) {
351         case DISCOVERY_FINDING:
352         case DISCOVERY_RESOLVING:
353                 return true;
354
355         default:
356                 return false;
357         }
358 }
359
360 void hci_discovery_set_state(struct hci_dev *hdev, int state)
361 {
362         BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
363
364         if (hdev->discovery.state == state)
365                 return;
366
367         switch (state) {
368         case DISCOVERY_STOPPED:
369                 if (hdev->discovery.state != DISCOVERY_STARTING)
370                         mgmt_discovering(hdev, 0);
371                 break;
372         case DISCOVERY_STARTING:
373                 break;
374         case DISCOVERY_FINDING:
375                 mgmt_discovering(hdev, 1);
376                 break;
377         case DISCOVERY_RESOLVING:
378                 break;
379         case DISCOVERY_STOPPING:
380                 break;
381         }
382
383         hdev->discovery.state = state;
384 }
385
386 static void inquiry_cache_flush(struct hci_dev *hdev)
387 {
388         struct discovery_state *cache = &hdev->discovery;
389         struct inquiry_entry *p, *n;
390
391         list_for_each_entry_safe(p, n, &cache->all, all) {
392                 list_del(&p->all);
393                 kfree(p);
394         }
395
396         INIT_LIST_HEAD(&cache->unknown);
397         INIT_LIST_HEAD(&cache->resolve);
398 }
399
400 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
401                                                bdaddr_t *bdaddr)
402 {
403         struct discovery_state *cache = &hdev->discovery;
404         struct inquiry_entry *e;
405
406         BT_DBG("cache %p, %s", cache, batostr(bdaddr));
407
408         list_for_each_entry(e, &cache->all, all) {
409                 if (!bacmp(&e->data.bdaddr, bdaddr))
410                         return e;
411         }
412
413         return NULL;
414 }
415
416 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
417                                                        bdaddr_t *bdaddr)
418 {
419         struct discovery_state *cache = &hdev->discovery;
420         struct inquiry_entry *e;
421
422         BT_DBG("cache %p, %s", cache, batostr(bdaddr));
423
424         list_for_each_entry(e, &cache->unknown, list) {
425                 if (!bacmp(&e->data.bdaddr, bdaddr))
426                         return e;
427         }
428
429         return NULL;
430 }
431
432 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
433                                                        bdaddr_t *bdaddr,
434                                                        int state)
435 {
436         struct discovery_state *cache = &hdev->discovery;
437         struct inquiry_entry *e;
438
439         BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
440
441         list_for_each_entry(e, &cache->resolve, list) {
442                 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
443                         return e;
444                 if (!bacmp(&e->data.bdaddr, bdaddr))
445                         return e;
446         }
447
448         return NULL;
449 }
450
451 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
452                                       struct inquiry_entry *ie)
453 {
454         struct discovery_state *cache = &hdev->discovery;
455         struct list_head *pos = &cache->resolve;
456         struct inquiry_entry *p;
457
458         list_del(&ie->list);
459
460         list_for_each_entry(p, &cache->resolve, list) {
461                 if (p->name_state != NAME_PENDING &&
462                     abs(p->data.rssi) >= abs(ie->data.rssi))
463                         break;
464                 pos = &p->list;
465         }
466
467         list_add(&ie->list, pos);
468 }
469
470 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
471                               bool name_known, bool *ssp)
472 {
473         struct discovery_state *cache = &hdev->discovery;
474         struct inquiry_entry *ie;
475
476         BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
477
478         if (ssp)
479                 *ssp = data->ssp_mode;
480
481         ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
482         if (ie) {
483                 if (ie->data.ssp_mode && ssp)
484                         *ssp = true;
485
486                 if (ie->name_state == NAME_NEEDED &&
487                     data->rssi != ie->data.rssi) {
488                         ie->data.rssi = data->rssi;
489                         hci_inquiry_cache_update_resolve(hdev, ie);
490                 }
491
492                 goto update;
493         }
494
495         /* Entry not in the cache. Add new one. */
496         ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
497         if (!ie)
498                 return false;
499
500         list_add(&ie->all, &cache->all);
501
502         if (name_known) {
503                 ie->name_state = NAME_KNOWN;
504         } else {
505                 ie->name_state = NAME_NOT_KNOWN;
506                 list_add(&ie->list, &cache->unknown);
507         }
508
509 update:
510         if (name_known && ie->name_state != NAME_KNOWN &&
511             ie->name_state != NAME_PENDING) {
512                 ie->name_state = NAME_KNOWN;
513                 list_del(&ie->list);
514         }
515
516         memcpy(&ie->data, data, sizeof(*data));
517         ie->timestamp = jiffies;
518         cache->timestamp = jiffies;
519
520         if (ie->name_state == NAME_NOT_KNOWN)
521                 return false;
522
523         return true;
524 }
525
526 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
527 {
528         struct discovery_state *cache = &hdev->discovery;
529         struct inquiry_info *info = (struct inquiry_info *) buf;
530         struct inquiry_entry *e;
531         int copied = 0;
532
533         list_for_each_entry(e, &cache->all, all) {
534                 struct inquiry_data *data = &e->data;
535
536                 if (copied >= num)
537                         break;
538
539                 bacpy(&info->bdaddr, &data->bdaddr);
540                 info->pscan_rep_mode    = data->pscan_rep_mode;
541                 info->pscan_period_mode = data->pscan_period_mode;
542                 info->pscan_mode        = data->pscan_mode;
543                 memcpy(info->dev_class, data->dev_class, 3);
544                 info->clock_offset      = data->clock_offset;
545
546                 info++;
547                 copied++;
548         }
549
550         BT_DBG("cache %p, copied %d", cache, copied);
551         return copied;
552 }
553
554 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
555 {
556         struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
557         struct hci_cp_inquiry cp;
558
559         BT_DBG("%s", hdev->name);
560
561         if (test_bit(HCI_INQUIRY, &hdev->flags))
562                 return;
563
564         /* Start Inquiry */
565         memcpy(&cp.lap, &ir->lap, 3);
566         cp.length  = ir->length;
567         cp.num_rsp = ir->num_rsp;
568         hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
569 }
570
571 int hci_inquiry(void __user *arg)
572 {
573         __u8 __user *ptr = arg;
574         struct hci_inquiry_req ir;
575         struct hci_dev *hdev;
576         int err = 0, do_inquiry = 0, max_rsp;
577         long timeo;
578         __u8 *buf;
579
580         if (copy_from_user(&ir, ptr, sizeof(ir)))
581                 return -EFAULT;
582
583         hdev = hci_dev_get(ir.dev_id);
584         if (!hdev)
585                 return -ENODEV;
586
587         hci_dev_lock(hdev);
588         if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
589             inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
590                 inquiry_cache_flush(hdev);
591                 do_inquiry = 1;
592         }
593         hci_dev_unlock(hdev);
594
595         timeo = ir.length * msecs_to_jiffies(2000);
596
597         if (do_inquiry) {
598                 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
599                 if (err < 0)
600                         goto done;
601         }
602
603         /* for unlimited number of responses we will use buffer with
604          * 255 entries
605          */
606         max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
607
608         /* cache_dump can't sleep. Therefore we allocate temp buffer and then
609          * copy it to the user space.
610          */
611         buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
612         if (!buf) {
613                 err = -ENOMEM;
614                 goto done;
615         }
616
617         hci_dev_lock(hdev);
618         ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
619         hci_dev_unlock(hdev);
620
621         BT_DBG("num_rsp %d", ir.num_rsp);
622
623         if (!copy_to_user(ptr, &ir, sizeof(ir))) {
624                 ptr += sizeof(ir);
625                 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
626                                  ir.num_rsp))
627                         err = -EFAULT;
628         } else
629                 err = -EFAULT;
630
631         kfree(buf);
632
633 done:
634         hci_dev_put(hdev);
635         return err;
636 }
637
638 /* ---- HCI ioctl helpers ---- */
639
640 int hci_dev_open(__u16 dev)
641 {
642         struct hci_dev *hdev;
643         int ret = 0;
644
645         hdev = hci_dev_get(dev);
646         if (!hdev)
647                 return -ENODEV;
648
649         BT_DBG("%s %p", hdev->name, hdev);
650
651         hci_req_lock(hdev);
652
653         if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
654                 ret = -ENODEV;
655                 goto done;
656         }
657
658         if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
659                 ret = -ERFKILL;
660                 goto done;
661         }
662
663         if (test_bit(HCI_UP, &hdev->flags)) {
664                 ret = -EALREADY;
665                 goto done;
666         }
667
668         if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
669                 set_bit(HCI_RAW, &hdev->flags);
670
671         /* Treat all non BR/EDR controllers as raw devices if
672            enable_hs is not set */
673         if (hdev->dev_type != HCI_BREDR && !enable_hs)
674                 set_bit(HCI_RAW, &hdev->flags);
675
676         if (hdev->open(hdev)) {
677                 ret = -EIO;
678                 goto done;
679         }
680
681         if (!test_bit(HCI_RAW, &hdev->flags)) {
682                 atomic_set(&hdev->cmd_cnt, 1);
683                 set_bit(HCI_INIT, &hdev->flags);
684                 hdev->init_last_cmd = 0;
685
686                 ret = __hci_request(hdev, hci_init_req, 0, HCI_INIT_TIMEOUT);
687
688                 if (lmp_host_le_capable(hdev))
689                         ret = __hci_request(hdev, hci_le_init_req, 0,
690                                             HCI_INIT_TIMEOUT);
691
692                 clear_bit(HCI_INIT, &hdev->flags);
693         }
694
695         if (!ret) {
696                 hci_dev_hold(hdev);
697                 set_bit(HCI_UP, &hdev->flags);
698                 hci_notify(hdev, HCI_DEV_UP);
699                 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
700                     mgmt_valid_hdev(hdev)) {
701                         hci_dev_lock(hdev);
702                         mgmt_powered(hdev, 1);
703                         hci_dev_unlock(hdev);
704                 }
705         } else {
706                 /* Init failed, cleanup */
707                 flush_work(&hdev->tx_work);
708                 flush_work(&hdev->cmd_work);
709                 flush_work(&hdev->rx_work);
710
711                 skb_queue_purge(&hdev->cmd_q);
712                 skb_queue_purge(&hdev->rx_q);
713
714                 if (hdev->flush)
715                         hdev->flush(hdev);
716
717                 if (hdev->sent_cmd) {
718                         kfree_skb(hdev->sent_cmd);
719                         hdev->sent_cmd = NULL;
720                 }
721
722                 hdev->close(hdev);
723                 hdev->flags = 0;
724         }
725
726 done:
727         hci_req_unlock(hdev);
728         hci_dev_put(hdev);
729         return ret;
730 }
731
732 static int hci_dev_do_close(struct hci_dev *hdev)
733 {
734         BT_DBG("%s %p", hdev->name, hdev);
735
736         cancel_work_sync(&hdev->le_scan);
737
738         hci_req_cancel(hdev, ENODEV);
739         hci_req_lock(hdev);
740
741         if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
742                 del_timer_sync(&hdev->cmd_timer);
743                 hci_req_unlock(hdev);
744                 return 0;
745         }
746
747         /* Flush RX and TX works */
748         flush_work(&hdev->tx_work);
749         flush_work(&hdev->rx_work);
750
751         if (hdev->discov_timeout > 0) {
752                 cancel_delayed_work(&hdev->discov_off);
753                 hdev->discov_timeout = 0;
754                 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
755         }
756
757         if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
758                 cancel_delayed_work(&hdev->service_cache);
759
760         cancel_delayed_work_sync(&hdev->le_scan_disable);
761
762         hci_dev_lock(hdev);
763         inquiry_cache_flush(hdev);
764         hci_conn_hash_flush(hdev);
765         hci_dev_unlock(hdev);
766
767         hci_notify(hdev, HCI_DEV_DOWN);
768
769         if (hdev->flush)
770                 hdev->flush(hdev);
771
772         /* Reset device */
773         skb_queue_purge(&hdev->cmd_q);
774         atomic_set(&hdev->cmd_cnt, 1);
775         if (!test_bit(HCI_RAW, &hdev->flags) &&
776             test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
777                 set_bit(HCI_INIT, &hdev->flags);
778                 __hci_request(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
779                 clear_bit(HCI_INIT, &hdev->flags);
780         }
781
782         /* flush cmd  work */
783         flush_work(&hdev->cmd_work);
784
785         /* Drop queues */
786         skb_queue_purge(&hdev->rx_q);
787         skb_queue_purge(&hdev->cmd_q);
788         skb_queue_purge(&hdev->raw_q);
789
790         /* Drop last sent command */
791         if (hdev->sent_cmd) {
792                 del_timer_sync(&hdev->cmd_timer);
793                 kfree_skb(hdev->sent_cmd);
794                 hdev->sent_cmd = NULL;
795         }
796
797         /* After this point our queues are empty
798          * and no tasks are scheduled. */
799         hdev->close(hdev);
800
801         if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
802             mgmt_valid_hdev(hdev)) {
803                 hci_dev_lock(hdev);
804                 mgmt_powered(hdev, 0);
805                 hci_dev_unlock(hdev);
806         }
807
808         /* Clear flags */
809         hdev->flags = 0;
810
811         memset(hdev->eir, 0, sizeof(hdev->eir));
812         memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
813
814         hci_req_unlock(hdev);
815
816         hci_dev_put(hdev);
817         return 0;
818 }
819
820 int hci_dev_close(__u16 dev)
821 {
822         struct hci_dev *hdev;
823         int err;
824
825         hdev = hci_dev_get(dev);
826         if (!hdev)
827                 return -ENODEV;
828
829         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
830                 cancel_delayed_work(&hdev->power_off);
831
832         err = hci_dev_do_close(hdev);
833
834         hci_dev_put(hdev);
835         return err;
836 }
837
838 int hci_dev_reset(__u16 dev)
839 {
840         struct hci_dev *hdev;
841         int ret = 0;
842
843         hdev = hci_dev_get(dev);
844         if (!hdev)
845                 return -ENODEV;
846
847         hci_req_lock(hdev);
848
849         if (!test_bit(HCI_UP, &hdev->flags))
850                 goto done;
851
852         /* Drop queues */
853         skb_queue_purge(&hdev->rx_q);
854         skb_queue_purge(&hdev->cmd_q);
855
856         hci_dev_lock(hdev);
857         inquiry_cache_flush(hdev);
858         hci_conn_hash_flush(hdev);
859         hci_dev_unlock(hdev);
860
861         if (hdev->flush)
862                 hdev->flush(hdev);
863
864         atomic_set(&hdev->cmd_cnt, 1);
865         hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
866
867         if (!test_bit(HCI_RAW, &hdev->flags))
868                 ret = __hci_request(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
869
870 done:
871         hci_req_unlock(hdev);
872         hci_dev_put(hdev);
873         return ret;
874 }
875
876 int hci_dev_reset_stat(__u16 dev)
877 {
878         struct hci_dev *hdev;
879         int ret = 0;
880
881         hdev = hci_dev_get(dev);
882         if (!hdev)
883                 return -ENODEV;
884
885         memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
886
887         hci_dev_put(hdev);
888
889         return ret;
890 }
891
892 int hci_dev_cmd(unsigned int cmd, void __user *arg)
893 {
894         struct hci_dev *hdev;
895         struct hci_dev_req dr;
896         int err = 0;
897
898         if (copy_from_user(&dr, arg, sizeof(dr)))
899                 return -EFAULT;
900
901         hdev = hci_dev_get(dr.dev_id);
902         if (!hdev)
903                 return -ENODEV;
904
905         switch (cmd) {
906         case HCISETAUTH:
907                 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
908                                   HCI_INIT_TIMEOUT);
909                 break;
910
911         case HCISETENCRYPT:
912                 if (!lmp_encrypt_capable(hdev)) {
913                         err = -EOPNOTSUPP;
914                         break;
915                 }
916
917                 if (!test_bit(HCI_AUTH, &hdev->flags)) {
918                         /* Auth must be enabled first */
919                         err = hci_request(hdev, hci_auth_req, dr.dev_opt,
920                                           HCI_INIT_TIMEOUT);
921                         if (err)
922                                 break;
923                 }
924
925                 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
926                                   HCI_INIT_TIMEOUT);
927                 break;
928
929         case HCISETSCAN:
930                 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
931                                   HCI_INIT_TIMEOUT);
932                 break;
933
934         case HCISETLINKPOL:
935                 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
936                                   HCI_INIT_TIMEOUT);
937                 break;
938
939         case HCISETLINKMODE:
940                 hdev->link_mode = ((__u16) dr.dev_opt) &
941                                         (HCI_LM_MASTER | HCI_LM_ACCEPT);
942                 break;
943
944         case HCISETPTYPE:
945                 hdev->pkt_type = (__u16) dr.dev_opt;
946                 break;
947
948         case HCISETACLMTU:
949                 hdev->acl_mtu  = *((__u16 *) &dr.dev_opt + 1);
950                 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
951                 break;
952
953         case HCISETSCOMTU:
954                 hdev->sco_mtu  = *((__u16 *) &dr.dev_opt + 1);
955                 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
956                 break;
957
958         default:
959                 err = -EINVAL;
960                 break;
961         }
962
963         hci_dev_put(hdev);
964         return err;
965 }
966
967 int hci_get_dev_list(void __user *arg)
968 {
969         struct hci_dev *hdev;
970         struct hci_dev_list_req *dl;
971         struct hci_dev_req *dr;
972         int n = 0, size, err;
973         __u16 dev_num;
974
975         if (get_user(dev_num, (__u16 __user *) arg))
976                 return -EFAULT;
977
978         if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
979                 return -EINVAL;
980
981         size = sizeof(*dl) + dev_num * sizeof(*dr);
982
983         dl = kzalloc(size, GFP_KERNEL);
984         if (!dl)
985                 return -ENOMEM;
986
987         dr = dl->dev_req;
988
989         read_lock(&hci_dev_list_lock);
990         list_for_each_entry(hdev, &hci_dev_list, list) {
991                 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
992                         cancel_delayed_work(&hdev->power_off);
993
994                 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
995                         set_bit(HCI_PAIRABLE, &hdev->dev_flags);
996
997                 (dr + n)->dev_id  = hdev->id;
998                 (dr + n)->dev_opt = hdev->flags;
999
1000                 if (++n >= dev_num)
1001                         break;
1002         }
1003         read_unlock(&hci_dev_list_lock);
1004
1005         dl->dev_num = n;
1006         size = sizeof(*dl) + n * sizeof(*dr);
1007
1008         err = copy_to_user(arg, dl, size);
1009         kfree(dl);
1010
1011         return err ? -EFAULT : 0;
1012 }
1013
1014 int hci_get_dev_info(void __user *arg)
1015 {
1016         struct hci_dev *hdev;
1017         struct hci_dev_info di;
1018         int err = 0;
1019
1020         if (copy_from_user(&di, arg, sizeof(di)))
1021                 return -EFAULT;
1022
1023         hdev = hci_dev_get(di.dev_id);
1024         if (!hdev)
1025                 return -ENODEV;
1026
1027         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1028                 cancel_delayed_work_sync(&hdev->power_off);
1029
1030         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1031                 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1032
1033         strcpy(di.name, hdev->name);
1034         di.bdaddr   = hdev->bdaddr;
1035         di.type     = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1036         di.flags    = hdev->flags;
1037         di.pkt_type = hdev->pkt_type;
1038         di.acl_mtu  = hdev->acl_mtu;
1039         di.acl_pkts = hdev->acl_pkts;
1040         di.sco_mtu  = hdev->sco_mtu;
1041         di.sco_pkts = hdev->sco_pkts;
1042         di.link_policy = hdev->link_policy;
1043         di.link_mode   = hdev->link_mode;
1044
1045         memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1046         memcpy(&di.features, &hdev->features, sizeof(di.features));
1047
1048         if (copy_to_user(arg, &di, sizeof(di)))
1049                 err = -EFAULT;
1050
1051         hci_dev_put(hdev);
1052
1053         return err;
1054 }
1055
1056 /* ---- Interface to HCI drivers ---- */
1057
1058 static int hci_rfkill_set_block(void *data, bool blocked)
1059 {
1060         struct hci_dev *hdev = data;
1061
1062         BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1063
1064         if (!blocked)
1065                 return 0;
1066
1067         hci_dev_do_close(hdev);
1068
1069         return 0;
1070 }
1071
1072 static const struct rfkill_ops hci_rfkill_ops = {
1073         .set_block = hci_rfkill_set_block,
1074 };
1075
1076 static void hci_power_on(struct work_struct *work)
1077 {
1078         struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1079
1080         BT_DBG("%s", hdev->name);
1081
1082         if (hci_dev_open(hdev->id) < 0)
1083                 return;
1084
1085         if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1086                 schedule_delayed_work(&hdev->power_off, HCI_AUTO_OFF_TIMEOUT);
1087
1088         if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1089                 mgmt_index_added(hdev);
1090 }
1091
1092 static void hci_power_off(struct work_struct *work)
1093 {
1094         struct hci_dev *hdev = container_of(work, struct hci_dev,
1095                                             power_off.work);
1096
1097         BT_DBG("%s", hdev->name);
1098
1099         hci_dev_do_close(hdev);
1100 }
1101
1102 static void hci_discov_off(struct work_struct *work)
1103 {
1104         struct hci_dev *hdev;
1105         u8 scan = SCAN_PAGE;
1106
1107         hdev = container_of(work, struct hci_dev, discov_off.work);
1108
1109         BT_DBG("%s", hdev->name);
1110
1111         hci_dev_lock(hdev);
1112
1113         hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1114
1115         hdev->discov_timeout = 0;
1116
1117         hci_dev_unlock(hdev);
1118 }
1119
1120 int hci_uuids_clear(struct hci_dev *hdev)
1121 {
1122         struct list_head *p, *n;
1123
1124         list_for_each_safe(p, n, &hdev->uuids) {
1125                 struct bt_uuid *uuid;
1126
1127                 uuid = list_entry(p, struct bt_uuid, list);
1128
1129                 list_del(p);
1130                 kfree(uuid);
1131         }
1132
1133         return 0;
1134 }
1135
1136 int hci_link_keys_clear(struct hci_dev *hdev)
1137 {
1138         struct list_head *p, *n;
1139
1140         list_for_each_safe(p, n, &hdev->link_keys) {
1141                 struct link_key *key;
1142
1143                 key = list_entry(p, struct link_key, list);
1144
1145                 list_del(p);
1146                 kfree(key);
1147         }
1148
1149         return 0;
1150 }
1151
1152 int hci_smp_ltks_clear(struct hci_dev *hdev)
1153 {
1154         struct smp_ltk *k, *tmp;
1155
1156         list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1157                 list_del(&k->list);
1158                 kfree(k);
1159         }
1160
1161         return 0;
1162 }
1163
1164 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1165 {
1166         struct link_key *k;
1167
1168         list_for_each_entry(k, &hdev->link_keys, list)
1169                 if (bacmp(bdaddr, &k->bdaddr) == 0)
1170                         return k;
1171
1172         return NULL;
1173 }
1174
1175 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1176                                u8 key_type, u8 old_key_type)
1177 {
1178         /* Legacy key */
1179         if (key_type < 0x03)
1180                 return true;
1181
1182         /* Debug keys are insecure so don't store them persistently */
1183         if (key_type == HCI_LK_DEBUG_COMBINATION)
1184                 return false;
1185
1186         /* Changed combination key and there's no previous one */
1187         if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1188                 return false;
1189
1190         /* Security mode 3 case */
1191         if (!conn)
1192                 return true;
1193
1194         /* Neither local nor remote side had no-bonding as requirement */
1195         if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1196                 return true;
1197
1198         /* Local side had dedicated bonding as requirement */
1199         if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1200                 return true;
1201
1202         /* Remote side had dedicated bonding as requirement */
1203         if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1204                 return true;
1205
1206         /* If none of the above criteria match, then don't store the key
1207          * persistently */
1208         return false;
1209 }
1210
1211 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1212 {
1213         struct smp_ltk *k;
1214
1215         list_for_each_entry(k, &hdev->long_term_keys, list) {
1216                 if (k->ediv != ediv ||
1217                     memcmp(rand, k->rand, sizeof(k->rand)))
1218                         continue;
1219
1220                 return k;
1221         }
1222
1223         return NULL;
1224 }
1225
1226 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1227                                      u8 addr_type)
1228 {
1229         struct smp_ltk *k;
1230
1231         list_for_each_entry(k, &hdev->long_term_keys, list)
1232                 if (addr_type == k->bdaddr_type &&
1233                     bacmp(bdaddr, &k->bdaddr) == 0)
1234                         return k;
1235
1236         return NULL;
1237 }
1238
1239 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1240                      bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1241 {
1242         struct link_key *key, *old_key;
1243         u8 old_key_type;
1244         bool persistent;
1245
1246         old_key = hci_find_link_key(hdev, bdaddr);
1247         if (old_key) {
1248                 old_key_type = old_key->type;
1249                 key = old_key;
1250         } else {
1251                 old_key_type = conn ? conn->key_type : 0xff;
1252                 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1253                 if (!key)
1254                         return -ENOMEM;
1255                 list_add(&key->list, &hdev->link_keys);
1256         }
1257
1258         BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1259
1260         /* Some buggy controller combinations generate a changed
1261          * combination key for legacy pairing even when there's no
1262          * previous key */
1263         if (type == HCI_LK_CHANGED_COMBINATION &&
1264             (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
1265                 type = HCI_LK_COMBINATION;
1266                 if (conn)
1267                         conn->key_type = type;
1268         }
1269
1270         bacpy(&key->bdaddr, bdaddr);
1271         memcpy(key->val, val, HCI_LINK_KEY_SIZE);
1272         key->pin_len = pin_len;
1273
1274         if (type == HCI_LK_CHANGED_COMBINATION)
1275                 key->type = old_key_type;
1276         else
1277                 key->type = type;
1278
1279         if (!new_key)
1280                 return 0;
1281
1282         persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1283
1284         mgmt_new_link_key(hdev, key, persistent);
1285
1286         if (conn)
1287                 conn->flush_key = !persistent;
1288
1289         return 0;
1290 }
1291
1292 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1293                 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
1294                 ediv, u8 rand[8])
1295 {
1296         struct smp_ltk *key, *old_key;
1297
1298         if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1299                 return 0;
1300
1301         old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1302         if (old_key)
1303                 key = old_key;
1304         else {
1305                 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1306                 if (!key)
1307                         return -ENOMEM;
1308                 list_add(&key->list, &hdev->long_term_keys);
1309         }
1310
1311         bacpy(&key->bdaddr, bdaddr);
1312         key->bdaddr_type = addr_type;
1313         memcpy(key->val, tk, sizeof(key->val));
1314         key->authenticated = authenticated;
1315         key->ediv = ediv;
1316         key->enc_size = enc_size;
1317         key->type = type;
1318         memcpy(key->rand, rand, sizeof(key->rand));
1319
1320         if (!new_key)
1321                 return 0;
1322
1323         if (type & HCI_SMP_LTK)
1324                 mgmt_new_ltk(hdev, key, 1);
1325
1326         return 0;
1327 }
1328
1329 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1330 {
1331         struct link_key *key;
1332
1333         key = hci_find_link_key(hdev, bdaddr);
1334         if (!key)
1335                 return -ENOENT;
1336
1337         BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1338
1339         list_del(&key->list);
1340         kfree(key);
1341
1342         return 0;
1343 }
1344
1345 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1346 {
1347         struct smp_ltk *k, *tmp;
1348
1349         list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1350                 if (bacmp(bdaddr, &k->bdaddr))
1351                         continue;
1352
1353                 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1354
1355                 list_del(&k->list);
1356                 kfree(k);
1357         }
1358
1359         return 0;
1360 }
1361
1362 /* HCI command timer function */
1363 static void hci_cmd_timeout(unsigned long arg)
1364 {
1365         struct hci_dev *hdev = (void *) arg;
1366
1367         if (hdev->sent_cmd) {
1368                 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
1369                 u16 opcode = __le16_to_cpu(sent->opcode);
1370
1371                 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
1372         } else {
1373                 BT_ERR("%s command tx timeout", hdev->name);
1374         }
1375
1376         atomic_set(&hdev->cmd_cnt, 1);
1377         queue_work(hdev->workqueue, &hdev->cmd_work);
1378 }
1379
1380 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1381                                           bdaddr_t *bdaddr)
1382 {
1383         struct oob_data *data;
1384
1385         list_for_each_entry(data, &hdev->remote_oob_data, list)
1386                 if (bacmp(bdaddr, &data->bdaddr) == 0)
1387                         return data;
1388
1389         return NULL;
1390 }
1391
1392 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1393 {
1394         struct oob_data *data;
1395
1396         data = hci_find_remote_oob_data(hdev, bdaddr);
1397         if (!data)
1398                 return -ENOENT;
1399
1400         BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1401
1402         list_del(&data->list);
1403         kfree(data);
1404
1405         return 0;
1406 }
1407
1408 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1409 {
1410         struct oob_data *data, *n;
1411
1412         list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1413                 list_del(&data->list);
1414                 kfree(data);
1415         }
1416
1417         return 0;
1418 }
1419
1420 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1421                             u8 *randomizer)
1422 {
1423         struct oob_data *data;
1424
1425         data = hci_find_remote_oob_data(hdev, bdaddr);
1426
1427         if (!data) {
1428                 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1429                 if (!data)
1430                         return -ENOMEM;
1431
1432                 bacpy(&data->bdaddr, bdaddr);
1433                 list_add(&data->list, &hdev->remote_oob_data);
1434         }
1435
1436         memcpy(data->hash, hash, sizeof(data->hash));
1437         memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1438
1439         BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1440
1441         return 0;
1442 }
1443
1444 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1445 {
1446         struct bdaddr_list *b;
1447
1448         list_for_each_entry(b, &hdev->blacklist, list)
1449                 if (bacmp(bdaddr, &b->bdaddr) == 0)
1450                         return b;
1451
1452         return NULL;
1453 }
1454
1455 int hci_blacklist_clear(struct hci_dev *hdev)
1456 {
1457         struct list_head *p, *n;
1458
1459         list_for_each_safe(p, n, &hdev->blacklist) {
1460                 struct bdaddr_list *b;
1461
1462                 b = list_entry(p, struct bdaddr_list, list);
1463
1464                 list_del(p);
1465                 kfree(b);
1466         }
1467
1468         return 0;
1469 }
1470
1471 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1472 {
1473         struct bdaddr_list *entry;
1474
1475         if (bacmp(bdaddr, BDADDR_ANY) == 0)
1476                 return -EBADF;
1477
1478         if (hci_blacklist_lookup(hdev, bdaddr))
1479                 return -EEXIST;
1480
1481         entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1482         if (!entry)
1483                 return -ENOMEM;
1484
1485         bacpy(&entry->bdaddr, bdaddr);
1486
1487         list_add(&entry->list, &hdev->blacklist);
1488
1489         return mgmt_device_blocked(hdev, bdaddr, type);
1490 }
1491
1492 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1493 {
1494         struct bdaddr_list *entry;
1495
1496         if (bacmp(bdaddr, BDADDR_ANY) == 0)
1497                 return hci_blacklist_clear(hdev);
1498
1499         entry = hci_blacklist_lookup(hdev, bdaddr);
1500         if (!entry)
1501                 return -ENOENT;
1502
1503         list_del(&entry->list);
1504         kfree(entry);
1505
1506         return mgmt_device_unblocked(hdev, bdaddr, type);
1507 }
1508
1509 static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1510 {
1511         struct le_scan_params *param =  (struct le_scan_params *) opt;
1512         struct hci_cp_le_set_scan_param cp;
1513
1514         memset(&cp, 0, sizeof(cp));
1515         cp.type = param->type;
1516         cp.interval = cpu_to_le16(param->interval);
1517         cp.window = cpu_to_le16(param->window);
1518
1519         hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1520 }
1521
1522 static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1523 {
1524         struct hci_cp_le_set_scan_enable cp;
1525
1526         memset(&cp, 0, sizeof(cp));
1527         cp.enable = 1;
1528         cp.filter_dup = 1;
1529
1530         hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1531 }
1532
1533 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1534                           u16 window, int timeout)
1535 {
1536         long timeo = msecs_to_jiffies(3000);
1537         struct le_scan_params param;
1538         int err;
1539
1540         BT_DBG("%s", hdev->name);
1541
1542         if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1543                 return -EINPROGRESS;
1544
1545         param.type = type;
1546         param.interval = interval;
1547         param.window = window;
1548
1549         hci_req_lock(hdev);
1550
1551         err = __hci_request(hdev, le_scan_param_req, (unsigned long) &param,
1552                             timeo);
1553         if (!err)
1554                 err = __hci_request(hdev, le_scan_enable_req, 0, timeo);
1555
1556         hci_req_unlock(hdev);
1557
1558         if (err < 0)
1559                 return err;
1560
1561         schedule_delayed_work(&hdev->le_scan_disable,
1562                               msecs_to_jiffies(timeout));
1563
1564         return 0;
1565 }
1566
1567 int hci_cancel_le_scan(struct hci_dev *hdev)
1568 {
1569         BT_DBG("%s", hdev->name);
1570
1571         if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1572                 return -EALREADY;
1573
1574         if (cancel_delayed_work(&hdev->le_scan_disable)) {
1575                 struct hci_cp_le_set_scan_enable cp;
1576
1577                 /* Send HCI command to disable LE Scan */
1578                 memset(&cp, 0, sizeof(cp));
1579                 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1580         }
1581
1582         return 0;
1583 }
1584
1585 static void le_scan_disable_work(struct work_struct *work)
1586 {
1587         struct hci_dev *hdev = container_of(work, struct hci_dev,
1588                                             le_scan_disable.work);
1589         struct hci_cp_le_set_scan_enable cp;
1590
1591         BT_DBG("%s", hdev->name);
1592
1593         memset(&cp, 0, sizeof(cp));
1594
1595         hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1596 }
1597
1598 static void le_scan_work(struct work_struct *work)
1599 {
1600         struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1601         struct le_scan_params *param = &hdev->le_scan_params;
1602
1603         BT_DBG("%s", hdev->name);
1604
1605         hci_do_le_scan(hdev, param->type, param->interval, param->window,
1606                        param->timeout);
1607 }
1608
1609 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1610                 int timeout)
1611 {
1612         struct le_scan_params *param = &hdev->le_scan_params;
1613
1614         BT_DBG("%s", hdev->name);
1615
1616         if (work_busy(&hdev->le_scan))
1617                 return -EINPROGRESS;
1618
1619         param->type = type;
1620         param->interval = interval;
1621         param->window = window;
1622         param->timeout = timeout;
1623
1624         queue_work(system_long_wq, &hdev->le_scan);
1625
1626         return 0;
1627 }
1628
1629 /* Alloc HCI device */
1630 struct hci_dev *hci_alloc_dev(void)
1631 {
1632         struct hci_dev *hdev;
1633
1634         hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1635         if (!hdev)
1636                 return NULL;
1637
1638         hdev->pkt_type  = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1639         hdev->esco_type = (ESCO_HV1);
1640         hdev->link_mode = (HCI_LM_ACCEPT);
1641         hdev->io_capability = 0x03; /* No Input No Output */
1642
1643         hdev->sniff_max_interval = 800;
1644         hdev->sniff_min_interval = 80;
1645
1646         mutex_init(&hdev->lock);
1647         mutex_init(&hdev->req_lock);
1648
1649         INIT_LIST_HEAD(&hdev->mgmt_pending);
1650         INIT_LIST_HEAD(&hdev->blacklist);
1651         INIT_LIST_HEAD(&hdev->uuids);
1652         INIT_LIST_HEAD(&hdev->link_keys);
1653         INIT_LIST_HEAD(&hdev->long_term_keys);
1654         INIT_LIST_HEAD(&hdev->remote_oob_data);
1655
1656         INIT_WORK(&hdev->rx_work, hci_rx_work);
1657         INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1658         INIT_WORK(&hdev->tx_work, hci_tx_work);
1659         INIT_WORK(&hdev->power_on, hci_power_on);
1660         INIT_WORK(&hdev->le_scan, le_scan_work);
1661
1662         INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1663         INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1664         INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
1665
1666         skb_queue_head_init(&hdev->driver_init);
1667         skb_queue_head_init(&hdev->rx_q);
1668         skb_queue_head_init(&hdev->cmd_q);
1669         skb_queue_head_init(&hdev->raw_q);
1670
1671         init_waitqueue_head(&hdev->req_wait_q);
1672
1673         setup_timer(&hdev->cmd_timer, hci_cmd_timeout, (unsigned long) hdev);
1674
1675         hci_init_sysfs(hdev);
1676         discovery_init(hdev);
1677         hci_conn_hash_init(hdev);
1678
1679         return hdev;
1680 }
1681 EXPORT_SYMBOL(hci_alloc_dev);
1682
1683 /* Free HCI device */
1684 void hci_free_dev(struct hci_dev *hdev)
1685 {
1686         skb_queue_purge(&hdev->driver_init);
1687
1688         /* will free via device release */
1689         put_device(&hdev->dev);
1690 }
1691 EXPORT_SYMBOL(hci_free_dev);
1692
1693 /* Register HCI device */
1694 int hci_register_dev(struct hci_dev *hdev)
1695 {
1696         int id, error;
1697
1698         if (!hdev->open || !hdev->close)
1699                 return -EINVAL;
1700
1701         /* Do not allow HCI_AMP devices to register at index 0,
1702          * so the index can be used as the AMP controller ID.
1703          */
1704         switch (hdev->dev_type) {
1705         case HCI_BREDR:
1706                 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
1707                 break;
1708         case HCI_AMP:
1709                 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
1710                 break;
1711         default:
1712                 return -EINVAL;
1713         }
1714
1715         if (id < 0)
1716                 return id;
1717
1718         sprintf(hdev->name, "hci%d", id);
1719         hdev->id = id;
1720
1721         BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1722
1723         write_lock(&hci_dev_list_lock);
1724         list_add(&hdev->list, &hci_dev_list);
1725         write_unlock(&hci_dev_list_lock);
1726
1727         hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1728                                           WQ_MEM_RECLAIM, 1);
1729         if (!hdev->workqueue) {
1730                 error = -ENOMEM;
1731                 goto err;
1732         }
1733
1734         error = hci_add_sysfs(hdev);
1735         if (error < 0)
1736                 goto err_wqueue;
1737
1738         hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1739                                     RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
1740                                     hdev);
1741         if (hdev->rfkill) {
1742                 if (rfkill_register(hdev->rfkill) < 0) {
1743                         rfkill_destroy(hdev->rfkill);
1744                         hdev->rfkill = NULL;
1745                 }
1746         }
1747
1748         set_bit(HCI_SETUP, &hdev->dev_flags);
1749
1750         if (hdev->dev_type != HCI_AMP)
1751                 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1752
1753         schedule_work(&hdev->power_on);
1754
1755         hci_notify(hdev, HCI_DEV_REG);
1756         hci_dev_hold(hdev);
1757
1758         return id;
1759
1760 err_wqueue:
1761         destroy_workqueue(hdev->workqueue);
1762 err:
1763         ida_simple_remove(&hci_index_ida, hdev->id);
1764         write_lock(&hci_dev_list_lock);
1765         list_del(&hdev->list);
1766         write_unlock(&hci_dev_list_lock);
1767
1768         return error;
1769 }
1770 EXPORT_SYMBOL(hci_register_dev);
1771
1772 /* Unregister HCI device */
1773 void hci_unregister_dev(struct hci_dev *hdev)
1774 {
1775         int i, id;
1776
1777         BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1778
1779         set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1780
1781         id = hdev->id;
1782
1783         write_lock(&hci_dev_list_lock);
1784         list_del(&hdev->list);
1785         write_unlock(&hci_dev_list_lock);
1786
1787         hci_dev_do_close(hdev);
1788
1789         for (i = 0; i < NUM_REASSEMBLY; i++)
1790                 kfree_skb(hdev->reassembly[i]);
1791
1792         if (!test_bit(HCI_INIT, &hdev->flags) &&
1793             !test_bit(HCI_SETUP, &hdev->dev_flags)) {
1794                 hci_dev_lock(hdev);
1795                 mgmt_index_removed(hdev);
1796                 hci_dev_unlock(hdev);
1797         }
1798
1799         /* mgmt_index_removed should take care of emptying the
1800          * pending list */
1801         BUG_ON(!list_empty(&hdev->mgmt_pending));
1802
1803         hci_notify(hdev, HCI_DEV_UNREG);
1804
1805         if (hdev->rfkill) {
1806                 rfkill_unregister(hdev->rfkill);
1807                 rfkill_destroy(hdev->rfkill);
1808         }
1809
1810         hci_del_sysfs(hdev);
1811
1812         destroy_workqueue(hdev->workqueue);
1813
1814         hci_dev_lock(hdev);
1815         hci_blacklist_clear(hdev);
1816         hci_uuids_clear(hdev);
1817         hci_link_keys_clear(hdev);
1818         hci_smp_ltks_clear(hdev);
1819         hci_remote_oob_data_clear(hdev);
1820         hci_dev_unlock(hdev);
1821
1822         hci_dev_put(hdev);
1823
1824         ida_simple_remove(&hci_index_ida, id);
1825 }
1826 EXPORT_SYMBOL(hci_unregister_dev);
1827
1828 /* Suspend HCI device */
1829 int hci_suspend_dev(struct hci_dev *hdev)
1830 {
1831         hci_notify(hdev, HCI_DEV_SUSPEND);
1832         return 0;
1833 }
1834 EXPORT_SYMBOL(hci_suspend_dev);
1835
1836 /* Resume HCI device */
1837 int hci_resume_dev(struct hci_dev *hdev)
1838 {
1839         hci_notify(hdev, HCI_DEV_RESUME);
1840         return 0;
1841 }
1842 EXPORT_SYMBOL(hci_resume_dev);
1843
1844 /* Receive frame from HCI drivers */
1845 int hci_recv_frame(struct sk_buff *skb)
1846 {
1847         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1848         if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1849                       && !test_bit(HCI_INIT, &hdev->flags))) {
1850                 kfree_skb(skb);
1851                 return -ENXIO;
1852         }
1853
1854         /* Incomming skb */
1855         bt_cb(skb)->incoming = 1;
1856
1857         /* Time stamp */
1858         __net_timestamp(skb);
1859
1860         skb_queue_tail(&hdev->rx_q, skb);
1861         queue_work(hdev->workqueue, &hdev->rx_work);
1862
1863         return 0;
1864 }
1865 EXPORT_SYMBOL(hci_recv_frame);
1866
1867 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1868                           int count, __u8 index)
1869 {
1870         int len = 0;
1871         int hlen = 0;
1872         int remain = count;
1873         struct sk_buff *skb;
1874         struct bt_skb_cb *scb;
1875
1876         if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1877             index >= NUM_REASSEMBLY)
1878                 return -EILSEQ;
1879
1880         skb = hdev->reassembly[index];
1881
1882         if (!skb) {
1883                 switch (type) {
1884                 case HCI_ACLDATA_PKT:
1885                         len = HCI_MAX_FRAME_SIZE;
1886                         hlen = HCI_ACL_HDR_SIZE;
1887                         break;
1888                 case HCI_EVENT_PKT:
1889                         len = HCI_MAX_EVENT_SIZE;
1890                         hlen = HCI_EVENT_HDR_SIZE;
1891                         break;
1892                 case HCI_SCODATA_PKT:
1893                         len = HCI_MAX_SCO_SIZE;
1894                         hlen = HCI_SCO_HDR_SIZE;
1895                         break;
1896                 }
1897
1898                 skb = bt_skb_alloc(len, GFP_ATOMIC);
1899                 if (!skb)
1900                         return -ENOMEM;
1901
1902                 scb = (void *) skb->cb;
1903                 scb->expect = hlen;
1904                 scb->pkt_type = type;
1905
1906                 skb->dev = (void *) hdev;
1907                 hdev->reassembly[index] = skb;
1908         }
1909
1910         while (count) {
1911                 scb = (void *) skb->cb;
1912                 len = min_t(uint, scb->expect, count);
1913
1914                 memcpy(skb_put(skb, len), data, len);
1915
1916                 count -= len;
1917                 data += len;
1918                 scb->expect -= len;
1919                 remain = count;
1920
1921                 switch (type) {
1922                 case HCI_EVENT_PKT:
1923                         if (skb->len == HCI_EVENT_HDR_SIZE) {
1924                                 struct hci_event_hdr *h = hci_event_hdr(skb);
1925                                 scb->expect = h->plen;
1926
1927                                 if (skb_tailroom(skb) < scb->expect) {
1928                                         kfree_skb(skb);
1929                                         hdev->reassembly[index] = NULL;
1930                                         return -ENOMEM;
1931                                 }
1932                         }
1933                         break;
1934
1935                 case HCI_ACLDATA_PKT:
1936                         if (skb->len  == HCI_ACL_HDR_SIZE) {
1937                                 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1938                                 scb->expect = __le16_to_cpu(h->dlen);
1939
1940                                 if (skb_tailroom(skb) < scb->expect) {
1941                                         kfree_skb(skb);
1942                                         hdev->reassembly[index] = NULL;
1943                                         return -ENOMEM;
1944                                 }
1945                         }
1946                         break;
1947
1948                 case HCI_SCODATA_PKT:
1949                         if (skb->len == HCI_SCO_HDR_SIZE) {
1950                                 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1951                                 scb->expect = h->dlen;
1952
1953                                 if (skb_tailroom(skb) < scb->expect) {
1954                                         kfree_skb(skb);
1955                                         hdev->reassembly[index] = NULL;
1956                                         return -ENOMEM;
1957                                 }
1958                         }
1959                         break;
1960                 }
1961
1962                 if (scb->expect == 0) {
1963                         /* Complete frame */
1964
1965                         bt_cb(skb)->pkt_type = type;
1966                         hci_recv_frame(skb);
1967
1968                         hdev->reassembly[index] = NULL;
1969                         return remain;
1970                 }
1971         }
1972
1973         return remain;
1974 }
1975
1976 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1977 {
1978         int rem = 0;
1979
1980         if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1981                 return -EILSEQ;
1982
1983         while (count) {
1984                 rem = hci_reassembly(hdev, type, data, count, type - 1);
1985                 if (rem < 0)
1986                         return rem;
1987
1988                 data += (count - rem);
1989                 count = rem;
1990         }
1991
1992         return rem;
1993 }
1994 EXPORT_SYMBOL(hci_recv_fragment);
1995
1996 #define STREAM_REASSEMBLY 0
1997
1998 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
1999 {
2000         int type;
2001         int rem = 0;
2002
2003         while (count) {
2004                 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2005
2006                 if (!skb) {
2007                         struct { char type; } *pkt;
2008
2009                         /* Start of the frame */
2010                         pkt = data;
2011                         type = pkt->type;
2012
2013                         data++;
2014                         count--;
2015                 } else
2016                         type = bt_cb(skb)->pkt_type;
2017
2018                 rem = hci_reassembly(hdev, type, data, count,
2019                                      STREAM_REASSEMBLY);
2020                 if (rem < 0)
2021                         return rem;
2022
2023                 data += (count - rem);
2024                 count = rem;
2025         }
2026
2027         return rem;
2028 }
2029 EXPORT_SYMBOL(hci_recv_stream_fragment);
2030
2031 /* ---- Interface to upper protocols ---- */
2032
2033 int hci_register_cb(struct hci_cb *cb)
2034 {
2035         BT_DBG("%p name %s", cb, cb->name);
2036
2037         write_lock(&hci_cb_list_lock);
2038         list_add(&cb->list, &hci_cb_list);
2039         write_unlock(&hci_cb_list_lock);
2040
2041         return 0;
2042 }
2043 EXPORT_SYMBOL(hci_register_cb);
2044
2045 int hci_unregister_cb(struct hci_cb *cb)
2046 {
2047         BT_DBG("%p name %s", cb, cb->name);
2048
2049         write_lock(&hci_cb_list_lock);
2050         list_del(&cb->list);
2051         write_unlock(&hci_cb_list_lock);
2052
2053         return 0;
2054 }
2055 EXPORT_SYMBOL(hci_unregister_cb);
2056
2057 static int hci_send_frame(struct sk_buff *skb)
2058 {
2059         struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2060
2061         if (!hdev) {
2062                 kfree_skb(skb);
2063                 return -ENODEV;
2064         }
2065
2066         BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2067
2068         /* Time stamp */
2069         __net_timestamp(skb);
2070
2071         /* Send copy to monitor */
2072         hci_send_to_monitor(hdev, skb);
2073
2074         if (atomic_read(&hdev->promisc)) {
2075                 /* Send copy to the sockets */
2076                 hci_send_to_sock(hdev, skb);
2077         }
2078
2079         /* Get rid of skb owner, prior to sending to the driver. */
2080         skb_orphan(skb);
2081
2082         return hdev->send(skb);
2083 }
2084
2085 /* Send HCI command */
2086 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2087 {
2088         int len = HCI_COMMAND_HDR_SIZE + plen;
2089         struct hci_command_hdr *hdr;
2090         struct sk_buff *skb;
2091
2092         BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
2093
2094         skb = bt_skb_alloc(len, GFP_ATOMIC);
2095         if (!skb) {
2096                 BT_ERR("%s no memory for command", hdev->name);
2097                 return -ENOMEM;
2098         }
2099
2100         hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2101         hdr->opcode = cpu_to_le16(opcode);
2102         hdr->plen   = plen;
2103
2104         if (plen)
2105                 memcpy(skb_put(skb, plen), param, plen);
2106
2107         BT_DBG("skb len %d", skb->len);
2108
2109         bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2110         skb->dev = (void *) hdev;
2111
2112         if (test_bit(HCI_INIT, &hdev->flags))
2113                 hdev->init_last_cmd = opcode;
2114
2115         skb_queue_tail(&hdev->cmd_q, skb);
2116         queue_work(hdev->workqueue, &hdev->cmd_work);
2117
2118         return 0;
2119 }
2120
2121 /* Get data from the previously sent command */
2122 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2123 {
2124         struct hci_command_hdr *hdr;
2125
2126         if (!hdev->sent_cmd)
2127                 return NULL;
2128
2129         hdr = (void *) hdev->sent_cmd->data;
2130
2131         if (hdr->opcode != cpu_to_le16(opcode))
2132                 return NULL;
2133
2134         BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2135
2136         return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2137 }
2138
2139 /* Send ACL data */
2140 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2141 {
2142         struct hci_acl_hdr *hdr;
2143         int len = skb->len;
2144
2145         skb_push(skb, HCI_ACL_HDR_SIZE);
2146         skb_reset_transport_header(skb);
2147         hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2148         hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2149         hdr->dlen   = cpu_to_le16(len);
2150 }
2151
2152 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2153                           struct sk_buff *skb, __u16 flags)
2154 {
2155         struct hci_dev *hdev = conn->hdev;
2156         struct sk_buff *list;
2157
2158         skb->len = skb_headlen(skb);
2159         skb->data_len = 0;
2160
2161         bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2162         hci_add_acl_hdr(skb, conn->handle, flags);
2163
2164         list = skb_shinfo(skb)->frag_list;
2165         if (!list) {
2166                 /* Non fragmented */
2167                 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2168
2169                 skb_queue_tail(queue, skb);
2170         } else {
2171                 /* Fragmented */
2172                 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2173
2174                 skb_shinfo(skb)->frag_list = NULL;
2175
2176                 /* Queue all fragments atomically */
2177                 spin_lock(&queue->lock);
2178
2179                 __skb_queue_tail(queue, skb);
2180
2181                 flags &= ~ACL_START;
2182                 flags |= ACL_CONT;
2183                 do {
2184                         skb = list; list = list->next;
2185
2186                         skb->dev = (void *) hdev;
2187                         bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2188                         hci_add_acl_hdr(skb, conn->handle, flags);
2189
2190                         BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2191
2192                         __skb_queue_tail(queue, skb);
2193                 } while (list);
2194
2195                 spin_unlock(&queue->lock);
2196         }
2197 }
2198
2199 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2200 {
2201         struct hci_conn *conn = chan->conn;
2202         struct hci_dev *hdev = conn->hdev;
2203
2204         BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
2205
2206         skb->dev = (void *) hdev;
2207
2208         hci_queue_acl(conn, &chan->data_q, skb, flags);
2209
2210         queue_work(hdev->workqueue, &hdev->tx_work);
2211 }
2212
2213 /* Send SCO data */
2214 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2215 {
2216         struct hci_dev *hdev = conn->hdev;
2217         struct hci_sco_hdr hdr;
2218
2219         BT_DBG("%s len %d", hdev->name, skb->len);
2220
2221         hdr.handle = cpu_to_le16(conn->handle);
2222         hdr.dlen   = skb->len;
2223
2224         skb_push(skb, HCI_SCO_HDR_SIZE);
2225         skb_reset_transport_header(skb);
2226         memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2227
2228         skb->dev = (void *) hdev;
2229         bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2230
2231         skb_queue_tail(&conn->data_q, skb);
2232         queue_work(hdev->workqueue, &hdev->tx_work);
2233 }
2234
2235 /* ---- HCI TX task (outgoing data) ---- */
2236
2237 /* HCI Connection scheduler */
2238 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
2239                                      int *quote)
2240 {
2241         struct hci_conn_hash *h = &hdev->conn_hash;
2242         struct hci_conn *conn = NULL, *c;
2243         unsigned int num = 0, min = ~0;
2244
2245         /* We don't have to lock device here. Connections are always
2246          * added and removed with TX task disabled. */
2247
2248         rcu_read_lock();
2249
2250         list_for_each_entry_rcu(c, &h->list, list) {
2251                 if (c->type != type || skb_queue_empty(&c->data_q))
2252                         continue;
2253
2254                 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2255                         continue;
2256
2257                 num++;
2258
2259                 if (c->sent < min) {
2260                         min  = c->sent;
2261                         conn = c;
2262                 }
2263
2264                 if (hci_conn_num(hdev, type) == num)
2265                         break;
2266         }
2267
2268         rcu_read_unlock();
2269
2270         if (conn) {
2271                 int cnt, q;
2272
2273                 switch (conn->type) {
2274                 case ACL_LINK:
2275                         cnt = hdev->acl_cnt;
2276                         break;
2277                 case SCO_LINK:
2278                 case ESCO_LINK:
2279                         cnt = hdev->sco_cnt;
2280                         break;
2281                 case LE_LINK:
2282                         cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2283                         break;
2284                 default:
2285                         cnt = 0;
2286                         BT_ERR("Unknown link type");
2287                 }
2288
2289                 q = cnt / num;
2290                 *quote = q ? q : 1;
2291         } else
2292                 *quote = 0;
2293
2294         BT_DBG("conn %p quote %d", conn, *quote);
2295         return conn;
2296 }
2297
2298 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2299 {
2300         struct hci_conn_hash *h = &hdev->conn_hash;
2301         struct hci_conn *c;
2302
2303         BT_ERR("%s link tx timeout", hdev->name);
2304
2305         rcu_read_lock();
2306
2307         /* Kill stalled connections */
2308         list_for_each_entry_rcu(c, &h->list, list) {
2309                 if (c->type == type && c->sent) {
2310                         BT_ERR("%s killing stalled connection %s",
2311                                hdev->name, batostr(&c->dst));
2312                         hci_acl_disconn(c, HCI_ERROR_REMOTE_USER_TERM);
2313                 }
2314         }
2315
2316         rcu_read_unlock();
2317 }
2318
2319 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2320                                       int *quote)
2321 {
2322         struct hci_conn_hash *h = &hdev->conn_hash;
2323         struct hci_chan *chan = NULL;
2324         unsigned int num = 0, min = ~0, cur_prio = 0;
2325         struct hci_conn *conn;
2326         int cnt, q, conn_num = 0;
2327
2328         BT_DBG("%s", hdev->name);
2329
2330         rcu_read_lock();
2331
2332         list_for_each_entry_rcu(conn, &h->list, list) {
2333                 struct hci_chan *tmp;
2334
2335                 if (conn->type != type)
2336                         continue;
2337
2338                 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2339                         continue;
2340
2341                 conn_num++;
2342
2343                 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2344                         struct sk_buff *skb;
2345
2346                         if (skb_queue_empty(&tmp->data_q))
2347                                 continue;
2348
2349                         skb = skb_peek(&tmp->data_q);
2350                         if (skb->priority < cur_prio)
2351                                 continue;
2352
2353                         if (skb->priority > cur_prio) {
2354                                 num = 0;
2355                                 min = ~0;
2356                                 cur_prio = skb->priority;
2357                         }
2358
2359                         num++;
2360
2361                         if (conn->sent < min) {
2362                                 min  = conn->sent;
2363                                 chan = tmp;
2364                         }
2365                 }
2366
2367                 if (hci_conn_num(hdev, type) == conn_num)
2368                         break;
2369         }
2370
2371         rcu_read_unlock();
2372
2373         if (!chan)
2374                 return NULL;
2375
2376         switch (chan->conn->type) {
2377         case ACL_LINK:
2378                 cnt = hdev->acl_cnt;
2379                 break;
2380         case SCO_LINK:
2381         case ESCO_LINK:
2382                 cnt = hdev->sco_cnt;
2383                 break;
2384         case LE_LINK:
2385                 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2386                 break;
2387         default:
2388                 cnt = 0;
2389                 BT_ERR("Unknown link type");
2390         }
2391
2392         q = cnt / num;
2393         *quote = q ? q : 1;
2394         BT_DBG("chan %p quote %d", chan, *quote);
2395         return chan;
2396 }
2397
2398 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2399 {
2400         struct hci_conn_hash *h = &hdev->conn_hash;
2401         struct hci_conn *conn;
2402         int num = 0;
2403
2404         BT_DBG("%s", hdev->name);
2405
2406         rcu_read_lock();
2407
2408         list_for_each_entry_rcu(conn, &h->list, list) {
2409                 struct hci_chan *chan;
2410
2411                 if (conn->type != type)
2412                         continue;
2413
2414                 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2415                         continue;
2416
2417                 num++;
2418
2419                 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2420                         struct sk_buff *skb;
2421
2422                         if (chan->sent) {
2423                                 chan->sent = 0;
2424                                 continue;
2425                         }
2426
2427                         if (skb_queue_empty(&chan->data_q))
2428                                 continue;
2429
2430                         skb = skb_peek(&chan->data_q);
2431                         if (skb->priority >= HCI_PRIO_MAX - 1)
2432                                 continue;
2433
2434                         skb->priority = HCI_PRIO_MAX - 1;
2435
2436                         BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2437                                skb->priority);
2438                 }
2439
2440                 if (hci_conn_num(hdev, type) == num)
2441                         break;
2442         }
2443
2444         rcu_read_unlock();
2445
2446 }
2447
2448 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2449 {
2450         /* Calculate count of blocks used by this packet */
2451         return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2452 }
2453
2454 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2455 {
2456         if (!test_bit(HCI_RAW, &hdev->flags)) {
2457                 /* ACL tx timeout must be longer than maximum
2458                  * link supervision timeout (40.9 seconds) */
2459                 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2460                                        HCI_ACL_TX_TIMEOUT))
2461                         hci_link_tx_to(hdev, ACL_LINK);
2462         }
2463 }
2464
2465 static void hci_sched_acl_pkt(struct hci_dev *hdev)
2466 {
2467         unsigned int cnt = hdev->acl_cnt;
2468         struct hci_chan *chan;
2469         struct sk_buff *skb;
2470         int quote;
2471
2472         __check_timeout(hdev, cnt);
2473
2474         while (hdev->acl_cnt &&
2475                (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2476                 u32 priority = (skb_peek(&chan->data_q))->priority;
2477                 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2478                         BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2479                                skb->len, skb->priority);
2480
2481                         /* Stop if priority has changed */
2482                         if (skb->priority < priority)
2483                                 break;
2484
2485                         skb = skb_dequeue(&chan->data_q);
2486
2487                         hci_conn_enter_active_mode(chan->conn,
2488                                                    bt_cb(skb)->force_active);
2489
2490                         hci_send_frame(skb);
2491                         hdev->acl_last_tx = jiffies;
2492
2493                         hdev->acl_cnt--;
2494                         chan->sent++;
2495                         chan->conn->sent++;
2496                 }
2497         }
2498
2499         if (cnt != hdev->acl_cnt)
2500                 hci_prio_recalculate(hdev, ACL_LINK);
2501 }
2502
2503 static void hci_sched_acl_blk(struct hci_dev *hdev)
2504 {
2505         unsigned int cnt = hdev->block_cnt;
2506         struct hci_chan *chan;
2507         struct sk_buff *skb;
2508         int quote;
2509
2510         __check_timeout(hdev, cnt);
2511
2512         while (hdev->block_cnt > 0 &&
2513                (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
2514                 u32 priority = (skb_peek(&chan->data_q))->priority;
2515                 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2516                         int blocks;
2517
2518                         BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2519                                skb->len, skb->priority);
2520
2521                         /* Stop if priority has changed */
2522                         if (skb->priority < priority)
2523                                 break;
2524
2525                         skb = skb_dequeue(&chan->data_q);
2526
2527                         blocks = __get_blocks(hdev, skb);
2528                         if (blocks > hdev->block_cnt)
2529                                 return;
2530
2531                         hci_conn_enter_active_mode(chan->conn,
2532                                                    bt_cb(skb)->force_active);
2533
2534                         hci_send_frame(skb);
2535                         hdev->acl_last_tx = jiffies;
2536
2537                         hdev->block_cnt -= blocks;
2538                         quote -= blocks;
2539
2540                         chan->sent += blocks;
2541                         chan->conn->sent += blocks;
2542                 }
2543         }
2544
2545         if (cnt != hdev->block_cnt)
2546                 hci_prio_recalculate(hdev, ACL_LINK);
2547 }
2548
2549 static void hci_sched_acl(struct hci_dev *hdev)
2550 {
2551         BT_DBG("%s", hdev->name);
2552
2553         if (!hci_conn_num(hdev, ACL_LINK))
2554                 return;
2555
2556         switch (hdev->flow_ctl_mode) {
2557         case HCI_FLOW_CTL_MODE_PACKET_BASED:
2558                 hci_sched_acl_pkt(hdev);
2559                 break;
2560
2561         case HCI_FLOW_CTL_MODE_BLOCK_BASED:
2562                 hci_sched_acl_blk(hdev);
2563                 break;
2564         }
2565 }
2566
2567 /* Schedule SCO */
2568 static void hci_sched_sco(struct hci_dev *hdev)
2569 {
2570         struct hci_conn *conn;
2571         struct sk_buff *skb;
2572         int quote;
2573
2574         BT_DBG("%s", hdev->name);
2575
2576         if (!hci_conn_num(hdev, SCO_LINK))
2577                 return;
2578
2579         while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
2580                 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2581                         BT_DBG("skb %p len %d", skb, skb->len);
2582                         hci_send_frame(skb);
2583
2584                         conn->sent++;
2585                         if (conn->sent == ~0)
2586                                 conn->sent = 0;
2587                 }
2588         }
2589 }
2590
2591 static void hci_sched_esco(struct hci_dev *hdev)
2592 {
2593         struct hci_conn *conn;
2594         struct sk_buff *skb;
2595         int quote;
2596
2597         BT_DBG("%s", hdev->name);
2598
2599         if (!hci_conn_num(hdev, ESCO_LINK))
2600                 return;
2601
2602         while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
2603                                                      &quote))) {
2604                 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2605                         BT_DBG("skb %p len %d", skb, skb->len);
2606                         hci_send_frame(skb);
2607
2608                         conn->sent++;
2609                         if (conn->sent == ~0)
2610                                 conn->sent = 0;
2611                 }
2612         }
2613 }
2614
2615 static void hci_sched_le(struct hci_dev *hdev)
2616 {
2617         struct hci_chan *chan;
2618         struct sk_buff *skb;
2619         int quote, cnt, tmp;
2620
2621         BT_DBG("%s", hdev->name);
2622
2623         if (!hci_conn_num(hdev, LE_LINK))
2624                 return;
2625
2626         if (!test_bit(HCI_RAW, &hdev->flags)) {
2627                 /* LE tx timeout must be longer than maximum
2628                  * link supervision timeout (40.9 seconds) */
2629                 if (!hdev->le_cnt && hdev->le_pkts &&
2630                     time_after(jiffies, hdev->le_last_tx + HZ * 45))
2631                         hci_link_tx_to(hdev, LE_LINK);
2632         }
2633
2634         cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2635         tmp = cnt;
2636         while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
2637                 u32 priority = (skb_peek(&chan->data_q))->priority;
2638                 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2639                         BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2640                                skb->len, skb->priority);
2641
2642                         /* Stop if priority has changed */
2643                         if (skb->priority < priority)
2644                                 break;
2645
2646                         skb = skb_dequeue(&chan->data_q);
2647
2648                         hci_send_frame(skb);
2649                         hdev->le_last_tx = jiffies;
2650
2651                         cnt--;
2652                         chan->sent++;
2653                         chan->conn->sent++;
2654                 }
2655         }
2656
2657         if (hdev->le_pkts)
2658                 hdev->le_cnt = cnt;
2659         else
2660                 hdev->acl_cnt = cnt;
2661
2662         if (cnt != tmp)
2663                 hci_prio_recalculate(hdev, LE_LINK);
2664 }
2665
2666 static void hci_tx_work(struct work_struct *work)
2667 {
2668         struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2669         struct sk_buff *skb;
2670
2671         BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2672                hdev->sco_cnt, hdev->le_cnt);
2673
2674         /* Schedule queues and send stuff to HCI driver */
2675
2676         hci_sched_acl(hdev);
2677
2678         hci_sched_sco(hdev);
2679
2680         hci_sched_esco(hdev);
2681
2682         hci_sched_le(hdev);
2683
2684         /* Send next queued raw (unknown type) packet */
2685         while ((skb = skb_dequeue(&hdev->raw_q)))
2686                 hci_send_frame(skb);
2687 }
2688
2689 /* ----- HCI RX task (incoming data processing) ----- */
2690
2691 /* ACL data packet */
2692 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2693 {
2694         struct hci_acl_hdr *hdr = (void *) skb->data;
2695         struct hci_conn *conn;
2696         __u16 handle, flags;
2697
2698         skb_pull(skb, HCI_ACL_HDR_SIZE);
2699
2700         handle = __le16_to_cpu(hdr->handle);
2701         flags  = hci_flags(handle);
2702         handle = hci_handle(handle);
2703
2704         BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
2705                handle, flags);
2706
2707         hdev->stat.acl_rx++;
2708
2709         hci_dev_lock(hdev);
2710         conn = hci_conn_hash_lookup_handle(hdev, handle);
2711         hci_dev_unlock(hdev);
2712
2713         if (conn) {
2714                 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2715
2716                 hci_dev_lock(hdev);
2717                 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2718                     !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2719                         mgmt_device_connected(hdev, &conn->dst, conn->type,
2720                                               conn->dst_type, 0, NULL, 0,
2721                                               conn->dev_class);
2722                 hci_dev_unlock(hdev);
2723
2724                 /* Send to upper protocol */
2725                 l2cap_recv_acldata(conn, skb, flags);
2726                 return;
2727         } else {
2728                 BT_ERR("%s ACL packet for unknown connection handle %d",
2729                        hdev->name, handle);
2730         }
2731
2732         kfree_skb(skb);
2733 }
2734
2735 /* SCO data packet */
2736 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2737 {
2738         struct hci_sco_hdr *hdr = (void *) skb->data;
2739         struct hci_conn *conn;
2740         __u16 handle;
2741
2742         skb_pull(skb, HCI_SCO_HDR_SIZE);
2743
2744         handle = __le16_to_cpu(hdr->handle);
2745
2746         BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
2747
2748         hdev->stat.sco_rx++;
2749
2750         hci_dev_lock(hdev);
2751         conn = hci_conn_hash_lookup_handle(hdev, handle);
2752         hci_dev_unlock(hdev);
2753
2754         if (conn) {
2755                 /* Send to upper protocol */
2756                 sco_recv_scodata(conn, skb);
2757                 return;
2758         } else {
2759                 BT_ERR("%s SCO packet for unknown connection handle %d",
2760                        hdev->name, handle);
2761         }
2762
2763         kfree_skb(skb);
2764 }
2765
2766 static void hci_rx_work(struct work_struct *work)
2767 {
2768         struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2769         struct sk_buff *skb;
2770
2771         BT_DBG("%s", hdev->name);
2772
2773         while ((skb = skb_dequeue(&hdev->rx_q))) {
2774                 /* Send copy to monitor */
2775                 hci_send_to_monitor(hdev, skb);
2776
2777                 if (atomic_read(&hdev->promisc)) {
2778                         /* Send copy to the sockets */
2779                         hci_send_to_sock(hdev, skb);
2780                 }
2781
2782                 if (test_bit(HCI_RAW, &hdev->flags)) {
2783                         kfree_skb(skb);
2784                         continue;
2785                 }
2786
2787                 if (test_bit(HCI_INIT, &hdev->flags)) {
2788                         /* Don't process data packets in this states. */
2789                         switch (bt_cb(skb)->pkt_type) {
2790                         case HCI_ACLDATA_PKT:
2791                         case HCI_SCODATA_PKT:
2792                                 kfree_skb(skb);
2793                                 continue;
2794                         }
2795                 }
2796
2797                 /* Process frame */
2798                 switch (bt_cb(skb)->pkt_type) {
2799                 case HCI_EVENT_PKT:
2800                         BT_DBG("%s Event packet", hdev->name);
2801                         hci_event_packet(hdev, skb);
2802                         break;
2803
2804                 case HCI_ACLDATA_PKT:
2805                         BT_DBG("%s ACL data packet", hdev->name);
2806                         hci_acldata_packet(hdev, skb);
2807                         break;
2808
2809                 case HCI_SCODATA_PKT:
2810                         BT_DBG("%s SCO data packet", hdev->name);
2811                         hci_scodata_packet(hdev, skb);
2812                         break;
2813
2814                 default:
2815                         kfree_skb(skb);
2816                         break;
2817                 }
2818         }
2819 }
2820
2821 static void hci_cmd_work(struct work_struct *work)
2822 {
2823         struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2824         struct sk_buff *skb;
2825
2826         BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
2827                atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
2828
2829         /* Send queued commands */
2830         if (atomic_read(&hdev->cmd_cnt)) {
2831                 skb = skb_dequeue(&hdev->cmd_q);
2832                 if (!skb)
2833                         return;
2834
2835                 kfree_skb(hdev->sent_cmd);
2836
2837                 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2838                 if (hdev->sent_cmd) {
2839                         atomic_dec(&hdev->cmd_cnt);
2840                         hci_send_frame(skb);
2841                         if (test_bit(HCI_RESET, &hdev->flags))
2842                                 del_timer(&hdev->cmd_timer);
2843                         else
2844                                 mod_timer(&hdev->cmd_timer,
2845                                           jiffies + HCI_CMD_TIMEOUT);
2846                 } else {
2847                         skb_queue_head(&hdev->cmd_q, skb);
2848                         queue_work(hdev->workqueue, &hdev->cmd_work);
2849                 }
2850         }
2851 }
2852
2853 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2854 {
2855         /* General inquiry access code (GIAC) */
2856         u8 lap[3] = { 0x33, 0x8b, 0x9e };
2857         struct hci_cp_inquiry cp;
2858
2859         BT_DBG("%s", hdev->name);
2860
2861         if (test_bit(HCI_INQUIRY, &hdev->flags))
2862                 return -EINPROGRESS;
2863
2864         inquiry_cache_flush(hdev);
2865
2866         memset(&cp, 0, sizeof(cp));
2867         memcpy(&cp.lap, lap, sizeof(cp.lap));
2868         cp.length  = length;
2869
2870         return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2871 }
2872
2873 int hci_cancel_inquiry(struct hci_dev *hdev)
2874 {
2875         BT_DBG("%s", hdev->name);
2876
2877         if (!test_bit(HCI_INQUIRY, &hdev->flags))
2878                 return -EALREADY;
2879
2880         return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2881 }
2882
2883 u8 bdaddr_to_le(u8 bdaddr_type)
2884 {
2885         switch (bdaddr_type) {
2886         case BDADDR_LE_PUBLIC:
2887                 return ADDR_LE_DEV_PUBLIC;
2888
2889         default:
2890                 /* Fallback to LE Random address type */
2891                 return ADDR_LE_DEV_RANDOM;
2892         }
2893 }
Unnamed repository; edit this file 'description' to name the repository.