projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 86
[linux-block.git] / net / bluetooth / hci_core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
590051de 4 Copyright (C) 2011 ProFUSION Embedded Systems
1da177e4
LT		 5
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
11
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20
8e87d142
YH		 21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 23 SOFTWARE IS DISCLAIMED.
24*/
25
26/* Bluetooth HCI core. */
27
8c520a59 28#include <linux/export.h>
3df92b31 29#include <linux/idr.h>
8c520a59 30#include <linux/rfkill.h>
baf27f6e 31#include <linux/debugfs.h>
99780a7b 32#include <linux/crypto.h>
7a0e5b15 33#include <linux/property.h>
47219839 34#include <asm/unaligned.h>
1da177e4
LT		 35
36#include <net/bluetooth/bluetooth.h>
37#include <net/bluetooth/hci_core.h>
4bc58f51 38#include <net/bluetooth/l2cap.h>
af58925c 39#include <net/bluetooth/mgmt.h>
1da177e4 40
0857dd3b 41#include "hci_request.h"
60c5f5fb 42#include "hci_debugfs.h"
970c4e46 43#include "smp.h"
6d5d2ee6 44#include "leds.h"
970c4e46 45
b78752cc 46static void hci_rx_work(struct work_struct *work);
c347b765 47static void hci_cmd_work(struct work_struct *work);
3eff45ea 48static void hci_tx_work(struct work_struct *work);
1da177e4 49
1da177e4
LT		 50/* HCI device list */
51LIST_HEAD(hci_dev_list);
52DEFINE_RWLOCK(hci_dev_list_lock);
53
54/* HCI callback list */
55LIST_HEAD(hci_cb_list);
fba7ecf0 56DEFINE_MUTEX(hci_cb_list_lock);
1da177e4 57
3df92b31
SL		 58/* HCI ID Numbering */
59static DEFINE_IDA(hci_index_ida);
60
baf27f6e
MH		 61/* ---- HCI debugfs entries ---- */
62
4b4148e9
MH		 63static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
64 size_t count, loff_t *ppos)
65{
66 struct hci_dev *hdev = file->private_data;
67 char buf[3];
68
74b93e9f 69 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y' : 'N';
4b4148e9
MH		 70 buf[1] = '\n';
71 buf[2] = '\0';
72 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
73}
74
75static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
76 size_t count, loff_t *ppos)
77{
78 struct hci_dev *hdev = file->private_data;
79 struct sk_buff *skb;
4b4148e9 80 bool enable;
3bf5e97d 81 int err;
4b4148e9
MH		 82
83 if (!test_bit(HCI_UP, &hdev->flags))
84 return -ENETDOWN;
85
3bf5e97d
AS		 86 err = kstrtobool_from_user(user_buf, count, &enable);
87 if (err)
88 return err;
4b4148e9 89
b7cb93e5 90 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
4b4148e9
MH		 91 return -EALREADY;
92
b504430c 93 hci_req_sync_lock(hdev);
4b4148e9
MH		 94 if (enable)
95 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
96 HCI_CMD_TIMEOUT);
97 else
98 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
99 HCI_CMD_TIMEOUT);
b504430c 100 hci_req_sync_unlock(hdev);
4b4148e9
MH		 101
102 if (IS_ERR(skb))
103 return PTR_ERR(skb);
104
4b4148e9
MH		 105 kfree_skb(skb);
106
b7cb93e5 107 hci_dev_change_flag(hdev, HCI_DUT_MODE);
4b4148e9
MH		 108
109 return count;
110}
111
112static const struct file_operations dut_mode_fops = {
113 .open = simple_open,
114 .read = dut_mode_read,
115 .write = dut_mode_write,
116 .llseek = default_llseek,
117};
118
4b4113d6
MH		 119static ssize_t vendor_diag_read(struct file *file, char __user *user_buf,
120 size_t count, loff_t *ppos)
121{
122 struct hci_dev *hdev = file->private_data;
123 char buf[3];
124
74b93e9f 125 buf[0] = hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) ? 'Y' : 'N';
4b4113d6
MH		 126 buf[1] = '\n';
127 buf[2] = '\0';
128 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
129}
130
131static ssize_t vendor_diag_write(struct file *file, const char __user *user_buf,
132 size_t count, loff_t *ppos)
133{
134 struct hci_dev *hdev = file->private_data;
4b4113d6
MH		 135 bool enable;
136 int err;
137
3bf5e97d
AS		 138 err = kstrtobool_from_user(user_buf, count, &enable);
139 if (err)
140 return err;
4b4113d6 141
7e995b9e 142 /* When the diagnostic flags are not persistent and the transport
b56c7b25
MH		 143 * is not active or in user channel operation, then there is no need
144 * for the vendor callback. Instead just store the desired value and
145 * the setting will be programmed when the controller gets powered on.
7e995b9e
MH		 146 */
147 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
b56c7b25
MH		 148 (!test_bit(HCI_RUNNING, &hdev->flags) ||
149 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)))
7e995b9e
MH		 150 goto done;
151
b504430c 152 hci_req_sync_lock(hdev);
4b4113d6 153 err = hdev->set_diag(hdev, enable);
b504430c 154 hci_req_sync_unlock(hdev);
4b4113d6
MH		 155
156 if (err < 0)
157 return err;
158
7e995b9e 159done:
4b4113d6
MH		 160 if (enable)
161 hci_dev_set_flag(hdev, HCI_VENDOR_DIAG);
162 else
163 hci_dev_clear_flag(hdev, HCI_VENDOR_DIAG);
164
165 return count;
166}
167
168static const struct file_operations vendor_diag_fops = {
169 .open = simple_open,
170 .read = vendor_diag_read,
171 .write = vendor_diag_write,
172 .llseek = default_llseek,
173};
174
f640ee98
MH		 175static void hci_debugfs_create_basic(struct hci_dev *hdev)
176{
177 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
178 &dut_mode_fops);
179
180 if (hdev->set_diag)
181 debugfs_create_file("vendor_diag", 0644, hdev->debugfs, hdev,
182 &vendor_diag_fops);
183}
184
a1d01db1 185static int hci_reset_req(struct hci_request *req, unsigned long opt)
1da177e4 186{
42c6b129 187 BT_DBG("%s %ld", req->hdev->name, opt);
1da177e4
LT		 188
189 /* Reset device */
42c6b129
JH		 190 set_bit(HCI_RESET, &req->hdev->flags);
191 hci_req_add(req, HCI_OP_RESET, 0, NULL);
a1d01db1 192 return 0;
1da177e4
LT		 193}
194
42c6b129 195static void bredr_init(struct hci_request *req)
1da177e4 196{
42c6b129 197 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
2455a3ea 198
1da177e4 199 /* Read Local Supported Features */
42c6b129 200 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1da177e4 201
1143e5a6 202 /* Read Local Version */
42c6b129 203 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
2177bab5
JH		 204
205 /* Read BD Address */
42c6b129 206 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1da177e4
LT		 207}
208
0af801b9 209static void amp_init1(struct hci_request *req)
e61ef499 210{
42c6b129 211 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
2455a3ea 212
e61ef499 213 /* Read Local Version */
42c6b129 214 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
6bcbc489 215
f6996cfe
MH		 216 /* Read Local Supported Commands */
217 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
218
6bcbc489 219 /* Read Local AMP Info */
42c6b129 220 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
e71dfaba
AE		 221
222 /* Read Data Blk size */
42c6b129 223 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
7528ca1c 224
f38ba941
MH		 225 /* Read Flow Control Mode */
226 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
227
7528ca1c
MH		 228 /* Read Location Data */
229 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
e61ef499
AE		 230}
231
a1d01db1 232static int amp_init2(struct hci_request *req)
0af801b9
JH		 233{
234 /* Read Local Supported Features. Not all AMP controllers
235 * support this so it's placed conditionally in the second
236 * stage init.
237 */
238 if (req->hdev->commands[14] & 0x20)
239 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
a1d01db1
JH		 240
241 return 0;
0af801b9
JH		 242}
243
a1d01db1 244static int hci_init1_req(struct hci_request *req, unsigned long opt)
e61ef499 245{
42c6b129 246 struct hci_dev *hdev = req->hdev;
e61ef499
AE		 247
248 BT_DBG("%s %ld", hdev->name, opt);
249
11778716
AE		 250 /* Reset */
251 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
42c6b129 252 hci_reset_req(req, 0);
11778716 253
e61ef499 254 switch (hdev->dev_type) {
ca8bee5d 255 case HCI_PRIMARY:
42c6b129 256 bredr_init(req);
e61ef499 257 break;
e61ef499 258 case HCI_AMP:
0af801b9 259 amp_init1(req);
e61ef499 260 break;
e61ef499 261 default:
2064ee33 262 bt_dev_err(hdev, "Unknown device type %d", hdev->dev_type);
e61ef499
AE		 263 break;
264 }
a1d01db1
JH		 265
266 return 0;
e61ef499
AE		 267}
268
42c6b129 269static void bredr_setup(struct hci_request *req)
2177bab5 270{
2177bab5
JH		 271 __le16 param;
272 __u8 flt_type;
273
274 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
42c6b129 275 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
2177bab5
JH		 276
277 /* Read Class of Device */
42c6b129 278 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
2177bab5
JH		 279
280 /* Read Local Name */
42c6b129 281 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
2177bab5
JH		 282
283 /* Read Voice Setting */
42c6b129 284 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
2177bab5 285
b4cb9fb2
MH		 286 /* Read Number of Supported IAC */
287 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
288
4b836f39
MH		 289 /* Read Current IAC LAP */
290 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
291
2177bab5
JH		 292 /* Clear Event Filters */
293 flt_type = HCI_FLT_CLEAR_ALL;
42c6b129 294 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
2177bab5
JH		 295
296 /* Connection accept timeout ~20 secs */
dcf4adbf 297 param = cpu_to_le16(0x7d00);
42c6b129 298 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
2177bab5
JH		 299}
300
42c6b129 301static void le_setup(struct hci_request *req)
2177bab5 302{
c73eee91
JH		 303 struct hci_dev *hdev = req->hdev;
304
2177bab5 305 /* Read LE Buffer Size */
42c6b129 306 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
2177bab5
JH		 307
308 /* Read LE Local Supported Features */
42c6b129 309 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
2177bab5 310
747d3f03
MH		 311 /* Read LE Supported States */
312 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
313
c73eee91
JH		 314 /* LE-only controllers have LE implicitly enabled */
315 if (!lmp_bredr_capable(hdev))
a1536da2 316 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2177bab5
JH		 317}
318
42c6b129 319static void hci_setup_event_mask(struct hci_request *req)
2177bab5 320{
42c6b129
JH		 321 struct hci_dev *hdev = req->hdev;
322
2177bab5
JH		 323 /* The second byte is 0xff instead of 0x9f (two reserved bits
324 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
325 * command otherwise.
326 */
327 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
328
329 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
330 * any event mask for pre 1.2 devices.
331 */
332 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
333 return;
334
335 if (lmp_bredr_capable(hdev)) {
336 events[4] |= 0x01; /* Flow Specification Complete */
c7882cbd
MH		 337 } else {
338 /* Use a different default for LE-only devices */
339 memset(events, 0, sizeof(events));
c7882cbd
MH		 340 events[1] |= 0x20; /* Command Complete */
341 events[1] |= 0x40; /* Command Status */
342 events[1] |= 0x80; /* Hardware Error */
5c3d3b4c
MH		 343
344 /* If the controller supports the Disconnect command, enable
345 * the corresponding event. In addition enable packet flow
346 * control related events.
347 */
348 if (hdev->commands[0] & 0x20) {
349 events[0] |= 0x10; /* Disconnection Complete */
350 events[2] |= 0x04; /* Number of Completed Packets */
351 events[3] |= 0x02; /* Data Buffer Overflow */
352 }
353
354 /* If the controller supports the Read Remote Version
355 * Information command, enable the corresponding event.
356 */
357 if (hdev->commands[2] & 0x80)
358 events[1] |= 0x08; /* Read Remote Version Information
359 * Complete
360 */
0da71f1b
MH		 361
362 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
363 events[0] |= 0x80; /* Encryption Change */
364 events[5] |= 0x80; /* Encryption Key Refresh Complete */
365 }
2177bab5
JH		 366 }
367
9fe759ce
MH		 368 if (lmp_inq_rssi_capable(hdev) ||
369 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
2177bab5
JH		 370 events[4] |= 0x02; /* Inquiry Result with RSSI */
371
70f56aa2
MH		 372 if (lmp_ext_feat_capable(hdev))
373 events[4] |= 0x04; /* Read Remote Extended Features Complete */
374
375 if (lmp_esco_capable(hdev)) {
376 events[5] |= 0x08; /* Synchronous Connection Complete */
377 events[5] |= 0x10; /* Synchronous Connection Changed */
378 }
379
2177bab5
JH		 380 if (lmp_sniffsubr_capable(hdev))
381 events[5] |= 0x20; /* Sniff Subrating */
382
383 if (lmp_pause_enc_capable(hdev))
384 events[5] |= 0x80; /* Encryption Key Refresh Complete */
385
386 if (lmp_ext_inq_capable(hdev))
387 events[5] |= 0x40; /* Extended Inquiry Result */
388
389 if (lmp_no_flush_capable(hdev))
390 events[7] |= 0x01; /* Enhanced Flush Complete */
391
392 if (lmp_lsto_capable(hdev))
393 events[6] |= 0x80; /* Link Supervision Timeout Changed */
394
395 if (lmp_ssp_capable(hdev)) {
396 events[6] |= 0x01; /* IO Capability Request */
397 events[6] |= 0x02; /* IO Capability Response */
398 events[6] |= 0x04; /* User Confirmation Request */
399 events[6] |= 0x08; /* User Passkey Request */
400 events[6] |= 0x10; /* Remote OOB Data Request */
401 events[6] |= 0x20; /* Simple Pairing Complete */
402 events[7] |= 0x04; /* User Passkey Notification */
403 events[7] |= 0x08; /* Keypress Notification */
404 events[7] |= 0x10; /* Remote Host Supported
405 * Features Notification
406 */
407 }
408
409 if (lmp_le_capable(hdev))
410 events[7] |= 0x20; /* LE Meta-Event */
411
42c6b129 412 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
2177bab5
JH		 413}
414
a1d01db1 415static int hci_init2_req(struct hci_request *req, unsigned long opt)
2177bab5 416{
42c6b129
JH		 417 struct hci_dev *hdev = req->hdev;
418
0af801b9
JH		 419 if (hdev->dev_type == HCI_AMP)
420 return amp_init2(req);
421
2177bab5 422 if (lmp_bredr_capable(hdev))
42c6b129 423 bredr_setup(req);
56f87901 424 else
a358dc11 425 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
2177bab5
JH		 426
427 if (lmp_le_capable(hdev))
42c6b129 428 le_setup(req);
2177bab5 429
0f3adeae
MH		 430 /* All Bluetooth 1.2 and later controllers should support the
431 * HCI command for reading the local supported commands.
432 *
433 * Unfortunately some controllers indicate Bluetooth 1.2 support,
434 * but do not have support for this command. If that is the case,
435 * the driver can quirk the behavior and skip reading the local
436 * supported commands.
3f8e2d75 437 */
0f3adeae
MH		 438 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
439 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
42c6b129 440 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
2177bab5
JH		 441
442 if (lmp_ssp_capable(hdev)) {
57af75a8
MH		 443 /* When SSP is available, then the host features page
444 * should also be available as well. However some
445 * controllers list the max_page as 0 as long as SSP
446 * has not been enabled. To achieve proper debugging
447 * output, force the minimum max_page to 1 at least.
448 */
449 hdev->max_page = 0x01;
450
d7a5a11d 451 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2177bab5 452 u8 mode = 0x01;
574ea3c7 453
42c6b129
JH		 454 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
455 sizeof(mode), &mode);
2177bab5
JH		 456 } else {
457 struct hci_cp_write_eir cp;
458
459 memset(hdev->eir, 0, sizeof(hdev->eir));
460 memset(&cp, 0, sizeof(cp));
461
42c6b129 462 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
2177bab5
JH		 463 }
464 }
465
043ec9bf
MH		 466 if (lmp_inq_rssi_capable(hdev) ||
467 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
04422da9
MH		 468 u8 mode;
469
470 /* If Extended Inquiry Result events are supported, then
471 * they are clearly preferred over Inquiry Result with RSSI
472 * events.
473 */
474 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
475
476 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
477 }
2177bab5
JH		 478
479 if (lmp_inq_tx_pwr_capable(hdev))
42c6b129 480 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
2177bab5
JH		 481
482 if (lmp_ext_feat_capable(hdev)) {
483 struct hci_cp_read_local_ext_features cp;
484
485 cp.page = 0x01;
42c6b129
JH		 486 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
487 sizeof(cp), &cp);
2177bab5
JH		 488 }
489
d7a5a11d 490 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2177bab5 491 u8 enable = 1;
42c6b129
JH		 492 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
493 &enable);
2177bab5 494 }
a1d01db1
JH		 495
496 return 0;
2177bab5
JH		 497}
498
42c6b129 499static void hci_setup_link_policy(struct hci_request *req)
2177bab5 500{
42c6b129 501 struct hci_dev *hdev = req->hdev;
2177bab5
JH		 502 struct hci_cp_write_def_link_policy cp;
503 u16 link_policy = 0;
504
505 if (lmp_rswitch_capable(hdev))
506 link_policy |= HCI_LP_RSWITCH;
507 if (lmp_hold_capable(hdev))
508 link_policy |= HCI_LP_HOLD;
509 if (lmp_sniff_capable(hdev))
510 link_policy |= HCI_LP_SNIFF;
511 if (lmp_park_capable(hdev))
512 link_policy |= HCI_LP_PARK;
513
514 cp.policy = cpu_to_le16(link_policy);
42c6b129 515 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
2177bab5
JH		 516}
517
42c6b129 518static void hci_set_le_support(struct hci_request *req)
2177bab5 519{
42c6b129 520 struct hci_dev *hdev = req->hdev;
2177bab5
JH		 521 struct hci_cp_write_le_host_supported cp;
522
c73eee91
JH		 523 /* LE-only devices do not support explicit enablement */
524 if (!lmp_bredr_capable(hdev))
525 return;
526
2177bab5
JH		 527 memset(&cp, 0, sizeof(cp));
528
d7a5a11d 529 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2177bab5 530 cp.le = 0x01;
32226e4f 531 cp.simul = 0x00;
2177bab5
JH		 532 }
533
534 if (cp.le != lmp_host_le_capable(hdev))
42c6b129
JH		 535 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
536 &cp);
2177bab5
JH		 537}
538
d62e6d67
JH		 539static void hci_set_event_mask_page_2(struct hci_request *req)
540{
541 struct hci_dev *hdev = req->hdev;
542 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
313f6888 543 bool changed = false;
d62e6d67
JH		 544
545 /* If Connectionless Slave Broadcast master role is supported
546 * enable all necessary events for it.
547 */
53b834d2 548 if (lmp_csb_master_capable(hdev)) {
d62e6d67
JH		 549 events[1] |= 0x40; /* Triggered Clock Capture */
550 events[1] |= 0x80; /* Synchronization Train Complete */
551 events[2] |= 0x10; /* Slave Page Response Timeout */
552 events[2] |= 0x20; /* CSB Channel Map Change */
313f6888 553 changed = true;
d62e6d67
JH		 554 }
555
556 /* If Connectionless Slave Broadcast slave role is supported
557 * enable all necessary events for it.
558 */
53b834d2 559 if (lmp_csb_slave_capable(hdev)) {
d62e6d67
JH		 560 events[2] |= 0x01; /* Synchronization Train Received */
561 events[2] |= 0x02; /* CSB Receive */
562 events[2] |= 0x04; /* CSB Timeout */
563 events[2] |= 0x08; /* Truncated Page Complete */
313f6888 564 changed = true;
d62e6d67
JH		 565 }
566
40c59fcb 567 /* Enable Authenticated Payload Timeout Expired event if supported */
313f6888 568 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) {
40c59fcb 569 events[2] |= 0x80;
313f6888
MH		 570 changed = true;
571 }
40c59fcb 572
313f6888
MH		 573 /* Some Broadcom based controllers indicate support for Set Event
574 * Mask Page 2 command, but then actually do not support it. Since
575 * the default value is all bits set to zero, the command is only
576 * required if the event mask has to be changed. In case no change
577 * to the event mask is needed, skip this command.
578 */
579 if (changed)
580 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2,
581 sizeof(events), events);
d62e6d67
JH		 582}
583
a1d01db1 584static int hci_init3_req(struct hci_request *req, unsigned long opt)
2177bab5 585{
42c6b129 586 struct hci_dev *hdev = req->hdev;
d2c5d77f 587 u8 p;
42c6b129 588
0da71f1b
MH		 589 hci_setup_event_mask(req);
590
e81be90b
JH		 591 if (hdev->commands[6] & 0x20 &&
592 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
48ce62c4
MH		 593 struct hci_cp_read_stored_link_key cp;
594
595 bacpy(&cp.bdaddr, BDADDR_ANY);
596 cp.read_all = 0x01;
597 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
598 }
599
2177bab5 600 if (hdev->commands[5] & 0x10)
42c6b129 601 hci_setup_link_policy(req);
2177bab5 602
417287de
MH		 603 if (hdev->commands[8] & 0x01)
604 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
605
606 /* Some older Broadcom based Bluetooth 1.2 controllers do not
607 * support the Read Page Scan Type command. Check support for
608 * this command in the bit mask of supported commands.
609 */
610 if (hdev->commands[13] & 0x01)
611 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
612
9193c6e8
AG		 613 if (lmp_le_capable(hdev)) {
614 u8 events[8];
615
616 memset(events, 0, sizeof(events));
4d6c705b
MH		 617
618 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
619 events[0] |= 0x10; /* LE Long Term Key Request */
662bc2e6
AG		 620
621 /* If controller supports the Connection Parameters Request
622 * Link Layer Procedure, enable the corresponding event.
623 */
624 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
625 events[0] |= 0x20; /* LE Remote Connection
626 * Parameter Request
627 */
628
a9f6068e
MH		 629 /* If the controller supports the Data Length Extension
630 * feature, enable the corresponding event.
631 */
632 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
633 events[0] |= 0x40; /* LE Data Length Change */
634
4b71bba4
MH		 635 /* If the controller supports Extended Scanner Filter
636 * Policies, enable the correspondig event.
637 */
638 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
639 events[1] |= 0x04; /* LE Direct Advertising
640 * Report
641 */
642
9756d33b
MH		 643 /* If the controller supports Channel Selection Algorithm #2
644 * feature, enable the corresponding event.
645 */
646 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2)
647 events[2] |= 0x08; /* LE Channel Selection
648 * Algorithm
649 */
650
7d26f5c4
MH		 651 /* If the controller supports the LE Set Scan Enable command,
652 * enable the corresponding advertising report event.
653 */
654 if (hdev->commands[26] & 0x08)
655 events[0] |= 0x02; /* LE Advertising Report */
656
657 /* If the controller supports the LE Create Connection
658 * command, enable the corresponding event.
659 */
660 if (hdev->commands[26] & 0x10)
661 events[0] |= 0x01; /* LE Connection Complete */
662
663 /* If the controller supports the LE Connection Update
664 * command, enable the corresponding event.
665 */
666 if (hdev->commands[27] & 0x04)
667 events[0] |= 0x04; /* LE Connection Update
668 * Complete
669 */
670
671 /* If the controller supports the LE Read Remote Used Features
672 * command, enable the corresponding event.
673 */
674 if (hdev->commands[27] & 0x20)
675 events[0] |= 0x08; /* LE Read Remote Used
676 * Features Complete
677 */
678
5a34bd5f
MH		 679 /* If the controller supports the LE Read Local P-256
680 * Public Key command, enable the corresponding event.
681 */
682 if (hdev->commands[34] & 0x02)
683 events[0] |= 0x80; /* LE Read Local P-256
684 * Public Key Complete
685 */
686
687 /* If the controller supports the LE Generate DHKey
688 * command, enable the corresponding event.
689 */
690 if (hdev->commands[34] & 0x04)
691 events[1] |= 0x01; /* LE Generate DHKey Complete */
692
27bbca44
MH		 693 /* If the controller supports the LE Set Default PHY or
694 * LE Set PHY commands, enable the corresponding event.
695 */
696 if (hdev->commands[35] & (0x20 | 0x40))
697 events[1] |= 0x08; /* LE PHY Update Complete */
698
c215e939
JK		 699 /* If the controller supports LE Set Extended Scan Parameters
700 * and LE Set Extended Scan Enable commands, enable the
701 * corresponding event.
702 */
703 if (use_ext_scan(hdev))
704 events[1] |= 0x10; /* LE Extended Advertising
705 * Report
706 */
707
4d94f95d
JK		 708 /* If the controller supports the LE Extended Create Connection
709 * command, enable the corresponding event.
710 */
711 if (use_ext_conn(hdev))
712 events[1] |= 0x02; /* LE Enhanced Connection
713 * Complete
714 */
715
acf0aeae
JK		 716 /* If the controller supports the LE Extended Advertising
717 * command, enable the corresponding event.
718 */
719 if (ext_adv_capable(hdev))
720 events[2] |= 0x02; /* LE Advertising Set
721 * Terminated
722 */
723
9193c6e8
AG		 724 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
725 events);
726
6b49bcb4
JK		 727 /* Read LE Advertising Channel TX Power */
728 if ((hdev->commands[25] & 0x40) && !ext_adv_capable(hdev)) {
729 /* HCI TS spec forbids mixing of legacy and extended
730 * advertising commands wherein READ_ADV_TX_POWER is
731 * also included. So do not call it if extended adv
732 * is supported otherwise controller will return
733 * COMMAND_DISALLOWED for extended commands.
734 */
15a49cca
MH		 735 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
736 }
737
2ab216a7
MH		 738 if (hdev->commands[26] & 0x40) {
739 /* Read LE White List Size */
740 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE,
741 0, NULL);
742 }
743
744 if (hdev->commands[26] & 0x80) {
745 /* Clear LE White List */
746 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
747 }
748
cfdb0c2d
AN		 749 if (hdev->commands[34] & 0x40) {
750 /* Read LE Resolving List Size */
751 hci_req_add(req, HCI_OP_LE_READ_RESOLV_LIST_SIZE,
752 0, NULL);
753 }
754
545f2596
AN		 755 if (hdev->commands[34] & 0x20) {
756 /* Clear LE Resolving List */
757 hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
758 }
759
a9f6068e
MH		 760 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
761 /* Read LE Maximum Data Length */
762 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
763
764 /* Read LE Suggested Default Data Length */
765 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
766 }
767
6b49bcb4
JK		 768 if (ext_adv_capable(hdev)) {
769 /* Read LE Number of Supported Advertising Sets */
770 hci_req_add(req, HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS,
771 0, NULL);
772 }
773
42c6b129 774 hci_set_le_support(req);
9193c6e8 775 }
d2c5d77f
JH		 776
777 /* Read features beyond page 1 if available */
778 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
779 struct hci_cp_read_local_ext_features cp;
780
781 cp.page = p;
782 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
783 sizeof(cp), &cp);
784 }
a1d01db1
JH		 785
786 return 0;
2177bab5
JH		 787}
788
a1d01db1 789static int hci_init4_req(struct hci_request *req, unsigned long opt)
5d4e7e8d
JH		 790{
791 struct hci_dev *hdev = req->hdev;
792
36f260ce
MH		 793 /* Some Broadcom based Bluetooth controllers do not support the
794 * Delete Stored Link Key command. They are clearly indicating its
795 * absence in the bit mask of supported commands.
796 *
797 * Check the supported commands and only if the the command is marked
798 * as supported send it. If not supported assume that the controller
799 * does not have actual support for stored link keys which makes this
800 * command redundant anyway.
801 *
802 * Some controllers indicate that they support handling deleting
803 * stored link keys, but they don't. The quirk lets a driver
804 * just disable this command.
805 */
806 if (hdev->commands[6] & 0x80 &&
807 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
808 struct hci_cp_delete_stored_link_key cp;
809
810 bacpy(&cp.bdaddr, BDADDR_ANY);
811 cp.delete_all = 0x01;
812 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
813 sizeof(cp), &cp);
814 }
815
d62e6d67
JH		 816 /* Set event mask page 2 if the HCI command for it is supported */
817 if (hdev->commands[22] & 0x04)
818 hci_set_event_mask_page_2(req);
819
109e3191
MH		 820 /* Read local codec list if the HCI command is supported */
821 if (hdev->commands[29] & 0x20)
822 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
823
f4fe73ed
MH		 824 /* Get MWS transport configuration if the HCI command is supported */
825 if (hdev->commands[30] & 0x08)
826 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
827
5d4e7e8d 828 /* Check for Synchronization Train support */
53b834d2 829 if (lmp_sync_train_capable(hdev))
5d4e7e8d 830 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
a6d0d690
MH		 831
832 /* Enable Secure Connections if supported and configured */
d7a5a11d 833 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
574ea3c7 834 bredr_sc_enabled(hdev)) {
a6d0d690 835 u8 support = 0x01;
574ea3c7 836
a6d0d690
MH		 837 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
838 sizeof(support), &support);
839 }
a1d01db1 840
12204875
MH		 841 /* Set Suggested Default Data Length to maximum if supported */
842 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
843 struct hci_cp_le_write_def_data_len cp;
844
845 cp.tx_len = hdev->le_max_tx_len;
846 cp.tx_time = hdev->le_max_tx_time;
847 hci_req_add(req, HCI_OP_LE_WRITE_DEF_DATA_LEN, sizeof(cp), &cp);
848 }
849
de2ba303
MH		 850 /* Set Default PHY parameters if command is supported */
851 if (hdev->commands[35] & 0x20) {
852 struct hci_cp_le_set_default_phy cp;
853
6decb5b4
JK		 854 cp.all_phys = 0x00;
855 cp.tx_phys = hdev->le_tx_def_phys;
856 cp.rx_phys = hdev->le_rx_def_phys;
de2ba303
MH		 857
858 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp);
859 }
860
a1d01db1 861 return 0;
5d4e7e8d
JH		 862}
863
2177bab5
JH		 864static int __hci_init(struct hci_dev *hdev)
865{
866 int err;
867
4ebeee2d 868 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT, NULL);
2177bab5
JH		 869 if (err < 0)
870 return err;
871
f640ee98
MH		 872 if (hci_dev_test_flag(hdev, HCI_SETUP))
873 hci_debugfs_create_basic(hdev);
4b4148e9 874
4ebeee2d 875 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT, NULL);
0af801b9
JH		 876 if (err < 0)
877 return err;
878
ca8bee5d 879 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode
2177bab5 880 * BR/EDR/LE type controllers. AMP controllers only need the
0af801b9 881 * first two stages of init.
2177bab5 882 */
ca8bee5d 883 if (hdev->dev_type != HCI_PRIMARY)
2177bab5
JH		 884 return 0;
885
4ebeee2d 886 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT, NULL);
5d4e7e8d
JH		 887 if (err < 0)
888 return err;
889
4ebeee2d 890 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT, NULL);
baf27f6e
MH		 891 if (err < 0)
892 return err;
893
ec6cef9c
MH		 894 /* This function is only called when the controller is actually in
895 * configured state. When the controller is marked as unconfigured,
896 * this initialization procedure is not run.
897 *
898 * It means that it is possible that a controller runs through its
899 * setup phase and then discovers missing settings. If that is the
900 * case, then this function will not be called. It then will only
901 * be called during the config phase.
902 *
903 * So only when in setup phase or config phase, create the debugfs
904 * entries and register the SMP channels.
baf27f6e 905 */
d7a5a11d
MH		 906 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
907 !hci_dev_test_flag(hdev, HCI_CONFIG))
baf27f6e
MH		 908 return 0;
909
60c5f5fb
MH		 910 hci_debugfs_create_common(hdev);
911
71c3b60e 912 if (lmp_bredr_capable(hdev))
60c5f5fb 913 hci_debugfs_create_bredr(hdev);
2bfa3531 914
162a3bac 915 if (lmp_le_capable(hdev))
60c5f5fb 916 hci_debugfs_create_le(hdev);
e7b8fc92 917
baf27f6e 918 return 0;
2177bab5
JH		 919}
920
a1d01db1 921static int hci_init0_req(struct hci_request *req, unsigned long opt)
0ebca7d6
MH		 922{
923 struct hci_dev *hdev = req->hdev;
924
925 BT_DBG("%s %ld", hdev->name, opt);
926
927 /* Reset */
928 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
929 hci_reset_req(req, 0);
930
931 /* Read Local Version */
932 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
933
934 /* Read BD Address */
935 if (hdev->set_bdaddr)
936 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
a1d01db1
JH		 937
938 return 0;
0ebca7d6
MH		 939}
940
941static int __hci_unconf_init(struct hci_dev *hdev)
942{
943 int err;
944
cc78b44b
MH		 945 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
946 return 0;
947
4ebeee2d 948 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT, NULL);
0ebca7d6
MH		 949 if (err < 0)
950 return err;
951
f640ee98
MH		 952 if (hci_dev_test_flag(hdev, HCI_SETUP))
953 hci_debugfs_create_basic(hdev);
954
0ebca7d6
MH		 955 return 0;
956}
957
a1d01db1 958static int hci_scan_req(struct hci_request *req, unsigned long opt)
1da177e4
LT		 959{
960 __u8 scan = opt;
961
42c6b129 962 BT_DBG("%s %x", req->hdev->name, scan);
1da177e4
LT		 963
964 /* Inquiry and Page scans */
42c6b129 965 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
a1d01db1 966 return 0;
1da177e4
LT		 967}
968
a1d01db1 969static int hci_auth_req(struct hci_request *req, unsigned long opt)
1da177e4
LT		 970{
971 __u8 auth = opt;
972
42c6b129 973 BT_DBG("%s %x", req->hdev->name, auth);
1da177e4
LT		 974
975 /* Authentication */
42c6b129 976 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
a1d01db1 977 return 0;
1da177e4
LT		 978}
979
a1d01db1 980static int hci_encrypt_req(struct hci_request *req, unsigned long opt)
1da177e4
LT		 981{
982 __u8 encrypt = opt;
983
42c6b129 984 BT_DBG("%s %x", req->hdev->name, encrypt);
1da177e4 985
e4e8e37c 986 /* Encryption */
42c6b129 987 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
a1d01db1 988 return 0;
1da177e4
LT		 989}
990
a1d01db1 991static int hci_linkpol_req(struct hci_request *req, unsigned long opt)
e4e8e37c
MH		 992{
993 __le16 policy = cpu_to_le16(opt);
994
42c6b129 995 BT_DBG("%s %x", req->hdev->name, policy);
e4e8e37c
MH		 996
997 /* Default link policy */
42c6b129 998 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
a1d01db1 999 return 0;
e4e8e37c
MH		 1000}
1001
8e87d142 1002/* Get HCI device by index.
1da177e4
LT		 1003 * Device is held on return. */
1004struct hci_dev *hci_dev_get(int index)
1005{
8035ded4 1006 struct hci_dev *hdev = NULL, *d;
1da177e4
LT		 1007
1008 BT_DBG("%d", index);
1009
1010 if (index < 0)
1011 return NULL;
1012
1013 read_lock(&hci_dev_list_lock);
8035ded4 1014 list_for_each_entry(d, &hci_dev_list, list) {
1da177e4
LT		 1015 if (d->id == index) {
1016 hdev = hci_dev_hold(d);
1017 break;
1018 }
1019 }
1020 read_unlock(&hci_dev_list_lock);
1021 return hdev;
1022}
1da177e4
LT		 1023
1024/* ---- Inquiry support ---- */
ff9ef578 1025
30dc78e1
JH		 1026bool hci_discovery_active(struct hci_dev *hdev)
1027{
1028 struct discovery_state *discov = &hdev->discovery;
1029
6fbe195d 1030 switch (discov->state) {
343f935b 1031 case DISCOVERY_FINDING:
6fbe195d 1032 case DISCOVERY_RESOLVING:
30dc78e1
JH		 1033 return true;
1034
6fbe195d
AG		 1035 default:
1036 return false;
1037 }
30dc78e1
JH		 1038}
1039
ff9ef578
JH		 1040void hci_discovery_set_state(struct hci_dev *hdev, int state)
1041{
bb3e0a33
JH		 1042 int old_state = hdev->discovery.state;
1043
ff9ef578
JH		 1044 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1045
bb3e0a33 1046 if (old_state == state)
ff9ef578
JH		 1047 return;
1048
bb3e0a33
JH		 1049 hdev->discovery.state = state;
1050
ff9ef578
JH		 1051 switch (state) {
1052 case DISCOVERY_STOPPED:
c54c3860
AG		 1053 hci_update_background_scan(hdev);
1054
bb3e0a33 1055 if (old_state != DISCOVERY_STARTING)
7b99b659 1056 mgmt_discovering(hdev, 0);
ff9ef578
JH		 1057 break;
1058 case DISCOVERY_STARTING:
1059 break;
343f935b 1060 case DISCOVERY_FINDING:
ff9ef578
JH		 1061 mgmt_discovering(hdev, 1);
1062 break;
30dc78e1
JH		 1063 case DISCOVERY_RESOLVING:
1064 break;
ff9ef578
JH		 1065 case DISCOVERY_STOPPING:
1066 break;
1067 }
ff9ef578
JH		 1068}
1069
1f9b9a5d 1070void hci_inquiry_cache_flush(struct hci_dev *hdev)
1da177e4 1071{
30883512 1072 struct discovery_state *cache = &hdev->discovery;
b57c1a56 1073 struct inquiry_entry *p, *n;
1da177e4 1074
561aafbc
JH		 1075 list_for_each_entry_safe(p, n, &cache->all, all) {
1076 list_del(&p->all);
b57c1a56 1077 kfree(p);
1da177e4 1078 }
561aafbc
JH		 1079
1080 INIT_LIST_HEAD(&cache->unknown);
1081 INIT_LIST_HEAD(&cache->resolve);
1da177e4
LT		 1082}
1083
a8c5fb1a
GP		 1084struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1085 bdaddr_t *bdaddr)
1da177e4 1086{
30883512 1087 struct discovery_state *cache = &hdev->discovery;
1da177e4
LT		 1088 struct inquiry_entry *e;
1089
6ed93dc6 1090 BT_DBG("cache %p, %pMR", cache, bdaddr);
1da177e4 1091
561aafbc
JH		 1092 list_for_each_entry(e, &cache->all, all) {
1093 if (!bacmp(&e->data.bdaddr, bdaddr))
1094 return e;
1095 }
1096
1097 return NULL;
1098}
1099
1100struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
04124681 1101 bdaddr_t *bdaddr)
561aafbc 1102{
30883512 1103 struct discovery_state *cache = &hdev->discovery;
561aafbc
JH		 1104 struct inquiry_entry *e;
1105
6ed93dc6 1106 BT_DBG("cache %p, %pMR", cache, bdaddr);
561aafbc
JH		 1107
1108 list_for_each_entry(e, &cache->unknown, list) {
1da177e4 1109 if (!bacmp(&e->data.bdaddr, bdaddr))
b57c1a56
JH		 1110 return e;
1111 }
1112
1113 return NULL;
1da177e4
LT		 1114}
1115
30dc78e1 1116struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
04124681
GP		 1117 bdaddr_t *bdaddr,
1118 int state)
30dc78e1
JH		 1119{
1120 struct discovery_state *cache = &hdev->discovery;
1121 struct inquiry_entry *e;
1122
6ed93dc6 1123 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
30dc78e1
JH		 1124
1125 list_for_each_entry(e, &cache->resolve, list) {
1126 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1127 return e;
1128 if (!bacmp(&e->data.bdaddr, bdaddr))
1129 return e;
1130 }
1131
1132 return NULL;
1133}
1134
a3d4e20a 1135void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
04124681 1136 struct inquiry_entry *ie)
a3d4e20a
JH		 1137{
1138 struct discovery_state *cache = &hdev->discovery;
1139 struct list_head *pos = &cache->resolve;
1140 struct inquiry_entry *p;
1141
1142 list_del(&ie->list);
1143
1144 list_for_each_entry(p, &cache->resolve, list) {
1145 if (p->name_state != NAME_PENDING &&
a8c5fb1a 1146 abs(p->data.rssi) >= abs(ie->data.rssi))
a3d4e20a
JH		 1147 break;
1148 pos = &p->list;
1149 }
1150
1151 list_add(&ie->list, pos);
1152}
1153
af58925c
MH		 1154u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1155 bool name_known)
1da177e4 1156{
30883512 1157 struct discovery_state *cache = &hdev->discovery;
70f23020 1158 struct inquiry_entry *ie;
af58925c 1159 u32 flags = 0;
1da177e4 1160
6ed93dc6 1161 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1da177e4 1162
6928a924 1163 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
2b2fec4d 1164
af58925c
MH		 1165 if (!data->ssp_mode)
1166 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
388fc8fa 1167
70f23020 1168 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
a3d4e20a 1169 if (ie) {
af58925c
MH		 1170 if (!ie->data.ssp_mode)
1171 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
388fc8fa 1172
a3d4e20a 1173 if (ie->name_state == NAME_NEEDED &&
a8c5fb1a 1174 data->rssi != ie->data.rssi) {
a3d4e20a
JH		 1175 ie->data.rssi = data->rssi;
1176 hci_inquiry_cache_update_resolve(hdev, ie);
1177 }
1178
561aafbc 1179 goto update;
a3d4e20a 1180 }
561aafbc
JH		 1181
1182 /* Entry not in the cache. Add new one. */
27f70f3e 1183 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
af58925c
MH		 1184 if (!ie) {
1185 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1186 goto done;
1187 }
561aafbc
JH		 1188
1189 list_add(&ie->all, &cache->all);
1190
1191 if (name_known) {
1192 ie->name_state = NAME_KNOWN;
1193 } else {
1194 ie->name_state = NAME_NOT_KNOWN;
1195 list_add(&ie->list, &cache->unknown);
1196 }
70f23020 1197
561aafbc
JH		 1198update:
1199 if (name_known && ie->name_state != NAME_KNOWN &&
a8c5fb1a 1200 ie->name_state != NAME_PENDING) {
561aafbc
JH		 1201 ie->name_state = NAME_KNOWN;
1202 list_del(&ie->list);
1da177e4
LT		 1203 }
1204
70f23020
AE		 1205 memcpy(&ie->data, data, sizeof(*data));
1206 ie->timestamp = jiffies;
1da177e4 1207 cache->timestamp = jiffies;
3175405b
JH		 1208
1209 if (ie->name_state == NAME_NOT_KNOWN)
af58925c 1210 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
3175405b 1211
af58925c
MH		 1212done:
1213 return flags;
1da177e4
LT		 1214}
1215
1216static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1217{
30883512 1218 struct discovery_state *cache = &hdev->discovery;
1da177e4
LT		 1219 struct inquiry_info *info = (struct inquiry_info *) buf;
1220 struct inquiry_entry *e;
1221 int copied = 0;
1222
561aafbc 1223 list_for_each_entry(e, &cache->all, all) {
1da177e4 1224 struct inquiry_data *data = &e->data;
b57c1a56
JH		 1225
1226 if (copied >= num)
1227 break;
1228
1da177e4
LT		 1229 bacpy(&info->bdaddr, &data->bdaddr);
1230 info->pscan_rep_mode = data->pscan_rep_mode;
1231 info->pscan_period_mode = data->pscan_period_mode;
1232 info->pscan_mode = data->pscan_mode;
1233 memcpy(info->dev_class, data->dev_class, 3);
1234 info->clock_offset = data->clock_offset;
b57c1a56 1235
1da177e4 1236 info++;
b57c1a56 1237 copied++;
1da177e4
LT		 1238 }
1239
1240 BT_DBG("cache %p, copied %d", cache, copied);
1241 return copied;
1242}
1243
a1d01db1 1244static int hci_inq_req(struct hci_request *req, unsigned long opt)
1da177e4
LT		 1245{
1246 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
42c6b129 1247 struct hci_dev *hdev = req->hdev;
1da177e4
LT		 1248 struct hci_cp_inquiry cp;
1249
1250 BT_DBG("%s", hdev->name);
1251
1252 if (test_bit(HCI_INQUIRY, &hdev->flags))
a1d01db1 1253 return 0;
1da177e4
LT		 1254
1255 /* Start Inquiry */
1256 memcpy(&cp.lap, &ir->lap, 3);
1257 cp.length = ir->length;
1258 cp.num_rsp = ir->num_rsp;
42c6b129 1259 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
a1d01db1
JH		 1260
1261 return 0;
1da177e4
LT		 1262}
1263
1264int hci_inquiry(void __user *arg)
1265{
1266 __u8 __user *ptr = arg;
1267 struct hci_inquiry_req ir;
1268 struct hci_dev *hdev;
1269 int err = 0, do_inquiry = 0, max_rsp;
1270 long timeo;
1271 __u8 *buf;
1272
1273 if (copy_from_user(&ir, ptr, sizeof(ir)))
1274 return -EFAULT;
1275
5a08ecce
AE		 1276 hdev = hci_dev_get(ir.dev_id);
1277 if (!hdev)
1da177e4
LT		 1278 return -ENODEV;
1279
d7a5a11d 1280 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
0736cfa8
MH		 1281 err = -EBUSY;
1282 goto done;
1283 }
1284
d7a5a11d 1285 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
fee746b0
MH		 1286 err = -EOPNOTSUPP;
1287 goto done;
1288 }
1289
ca8bee5d 1290 if (hdev->dev_type != HCI_PRIMARY) {
5b69bef5
MH		 1291 err = -EOPNOTSUPP;
1292 goto done;
1293 }
1294
d7a5a11d 1295 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
56f87901
JH		 1296 err = -EOPNOTSUPP;
1297 goto done;
1298 }
1299
09fd0de5 1300 hci_dev_lock(hdev);
8e87d142 1301 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
a8c5fb1a 1302 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1f9b9a5d 1303 hci_inquiry_cache_flush(hdev);
1da177e4
LT		 1304 do_inquiry = 1;
1305 }
09fd0de5 1306 hci_dev_unlock(hdev);
1da177e4 1307
04837f64 1308 timeo = ir.length * msecs_to_jiffies(2000);
70f23020
AE		 1309
1310 if (do_inquiry) {
01178cd4 1311 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
4ebeee2d 1312 timeo, NULL);
70f23020
AE		 1313 if (err < 0)
1314 goto done;
3e13fa1e
AG		 1315
1316 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1317 * cleared). If it is interrupted by a signal, return -EINTR.
1318 */
74316201 1319 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
3e13fa1e
AG		 1320 TASK_INTERRUPTIBLE))
1321 return -EINTR;
70f23020 1322 }
1da177e4 1323
8fc9ced3
GP		 1324 /* for unlimited number of responses we will use buffer with
1325 * 255 entries
1326 */
1da177e4
LT		 1327 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1328
1329 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1330 * copy it to the user space.
1331 */
6da2ec56 1332 buf = kmalloc_array(max_rsp, sizeof(struct inquiry_info), GFP_KERNEL);
70f23020 1333 if (!buf) {
1da177e4
LT		 1334 err = -ENOMEM;
1335 goto done;
1336 }
1337
09fd0de5 1338 hci_dev_lock(hdev);
1da177e4 1339 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
09fd0de5 1340 hci_dev_unlock(hdev);
1da177e4
LT		 1341
1342 BT_DBG("num_rsp %d", ir.num_rsp);
1343
1344 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1345 ptr += sizeof(ir);
1346 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
a8c5fb1a 1347 ir.num_rsp))
1da177e4 1348 err = -EFAULT;
8e87d142 1349 } else
1da177e4
LT		 1350 err = -EFAULT;
1351
1352 kfree(buf);
1353
1354done:
1355 hci_dev_put(hdev);
1356 return err;
1357}
1358
7a0e5b15
MK		 1359/**
1360 * hci_dev_get_bd_addr_from_property - Get the Bluetooth Device Address
1361 * (BD_ADDR) for a HCI device from
1362 * a firmware node property.
1363 * @hdev: The HCI device
1364 *
1365 * Search the firmware node for 'local-bd-address'.
1366 *
1367 * All-zero BD addresses are rejected, because those could be properties
1368 * that exist in the firmware tables, but were not updated by the firmware. For
1369 * example, the DTS could define 'local-bd-address', with zero BD addresses.
1370 */
1371static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev)
1372{
1373 struct fwnode_handle *fwnode = dev_fwnode(hdev->dev.parent);
1374 bdaddr_t ba;
1375 int ret;
1376
1377 ret = fwnode_property_read_u8_array(fwnode, "local-bd-address",
1378 (u8 *)&ba, sizeof(ba));
1379 if (ret < 0 || !bacmp(&ba, BDADDR_ANY))
1380 return;
1381
1382 bacpy(&hdev->public_addr, &ba);
1383}
1384
cbed0ca1 1385static int hci_dev_do_open(struct hci_dev *hdev)
1da177e4 1386{
1da177e4
LT		 1387 int ret = 0;
1388
1da177e4
LT		 1389 BT_DBG("%s %p", hdev->name, hdev);
1390
b504430c 1391 hci_req_sync_lock(hdev);
1da177e4 1392
d7a5a11d 1393 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
94324962
JH		 1394 ret = -ENODEV;
1395 goto done;
1396 }
1397
d7a5a11d
MH		 1398 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1399 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
a5c8f270
MH		 1400 /* Check for rfkill but allow the HCI setup stage to
1401 * proceed (which in itself doesn't cause any RF activity).
1402 */
d7a5a11d 1403 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
a5c8f270
MH		 1404 ret = -ERFKILL;
1405 goto done;
1406 }
1407
1408 /* Check for valid public address or a configured static
1409 * random adddress, but let the HCI setup proceed to
1410 * be able to determine if there is a public address
1411 * or not.
1412 *
c6beca0e
MH		 1413 * In case of user channel usage, it is not important
1414 * if a public address or static random address is
1415 * available.
1416 *
a5c8f270
MH		 1417 * This check is only valid for BR/EDR controllers
1418 * since AMP controllers do not have an address.
1419 */
d7a5a11d 1420 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
ca8bee5d 1421 hdev->dev_type == HCI_PRIMARY &&
a5c8f270
MH		 1422 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1423 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1424 ret = -EADDRNOTAVAIL;
1425 goto done;
1426 }
611b30f7
MH		 1427 }
1428
1da177e4
LT		 1429 if (test_bit(HCI_UP, &hdev->flags)) {
1430 ret = -EALREADY;
1431 goto done;
1432 }
1433
1da177e4
LT		 1434 if (hdev->open(hdev)) {
1435 ret = -EIO;
1436 goto done;
1437 }
1438
e9ca8bf1 1439 set_bit(HCI_RUNNING, &hdev->flags);
05fcd4c4 1440 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
4a3f95b7 1441
f41c70c4
MH		 1442 atomic_set(&hdev->cmd_cnt, 1);
1443 set_bit(HCI_INIT, &hdev->flags);
1444
740011cf
SW		 1445 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1446 test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
e131d74a
MH		 1447 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1448
af202f84
MH		 1449 if (hdev->setup)
1450 ret = hdev->setup(hdev);
f41c70c4 1451
7a0e5b15
MK		 1452 if (ret)
1453 goto setup_failed;
1454
1455 if (test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) {
1456 if (!bacmp(&hdev->public_addr, BDADDR_ANY))
1457 hci_dev_get_bd_addr_from_property(hdev);
1458
1459 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1460 hdev->set_bdaddr)
1461 ret = hdev->set_bdaddr(hdev,
1462 &hdev->public_addr);
7a0e5b15
MK		 1463 }
1464
1465setup_failed:
af202f84
MH		 1466 /* The transport driver can set these quirks before
1467 * creating the HCI device or in its setup callback.
1468 *
1469 * In case any of them is set, the controller has to
1470 * start up as unconfigured.
1471 */
eb1904f4
MH		 1472 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1473 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
a1536da2 1474 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
f41c70c4 1475
0ebca7d6
MH		 1476 /* For an unconfigured controller it is required to
1477 * read at least the version information provided by
1478 * the Read Local Version Information command.
1479 *
1480 * If the set_bdaddr driver callback is provided, then
1481 * also the original Bluetooth public device address
1482 * will be read using the Read BD Address command.
1483 */
d7a5a11d 1484 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
0ebca7d6 1485 ret = __hci_unconf_init(hdev);
89bc22d2
MH		 1486 }
1487
d7a5a11d 1488 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
9713c17b
MH		 1489 /* If public address change is configured, ensure that
1490 * the address gets programmed. If the driver does not
1491 * support changing the public address, fail the power
1492 * on procedure.
1493 */
1494 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1495 hdev->set_bdaddr)
24c457e2
MH		 1496 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1497 else
1498 ret = -EADDRNOTAVAIL;
1499 }
1500
f41c70c4 1501 if (!ret) {
d7a5a11d 1502 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
98a63aaf 1503 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
f41c70c4 1504 ret = __hci_init(hdev);
98a63aaf
MH		 1505 if (!ret && hdev->post_init)
1506 ret = hdev->post_init(hdev);
1507 }
1da177e4
LT		 1508 }
1509
7e995b9e
MH		 1510 /* If the HCI Reset command is clearing all diagnostic settings,
1511 * then they need to be reprogrammed after the init procedure
1512 * completed.
1513 */
1514 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
b56c7b25 1515 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
7e995b9e
MH		 1516 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
1517 ret = hdev->set_diag(hdev, true);
1518
f41c70c4
MH		 1519 clear_bit(HCI_INIT, &hdev->flags);
1520
1da177e4
LT		 1521 if (!ret) {
1522 hci_dev_hold(hdev);
a1536da2 1523 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 1524 hci_adv_instances_set_rpa_expired(hdev, true);
1da177e4 1525 set_bit(HCI_UP, &hdev->flags);
05fcd4c4 1526 hci_sock_dev_event(hdev, HCI_DEV_UP);
6d5d2ee6 1527 hci_leds_update_powered(hdev, true);
d7a5a11d
MH		 1528 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1529 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1530 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1531 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
2ff13894 1532 hci_dev_test_flag(hdev, HCI_MGMT) &&
ca8bee5d 1533 hdev->dev_type == HCI_PRIMARY) {
2ff13894
JH		 1534 ret = __hci_req_hci_power_on(hdev);
1535 mgmt_power_on(hdev, ret);
56e5cb86 1536 }
8e87d142 1537 } else {
1da177e4 1538 /* Init failed, cleanup */
3eff45ea 1539 flush_work(&hdev->tx_work);
c347b765 1540 flush_work(&hdev->cmd_work);
b78752cc 1541 flush_work(&hdev->rx_work);
1da177e4
LT		 1542
1543 skb_queue_purge(&hdev->cmd_q);
1544 skb_queue_purge(&hdev->rx_q);
1545
1546 if (hdev->flush)
1547 hdev->flush(hdev);
1548
1549 if (hdev->sent_cmd) {
1550 kfree_skb(hdev->sent_cmd);
1551 hdev->sent_cmd = NULL;
1552 }
1553
e9ca8bf1 1554 clear_bit(HCI_RUNNING, &hdev->flags);
05fcd4c4 1555 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
4a3f95b7 1556
1da177e4 1557 hdev->close(hdev);
fee746b0 1558 hdev->flags &= BIT(HCI_RAW);
1da177e4
LT		 1559 }
1560
1561done:
b504430c 1562 hci_req_sync_unlock(hdev);
1da177e4
LT		 1563 return ret;
1564}
1565
cbed0ca1
JH		 1566/* ---- HCI ioctl helpers ---- */
1567
1568int hci_dev_open(__u16 dev)
1569{
1570 struct hci_dev *hdev;
1571 int err;
1572
1573 hdev = hci_dev_get(dev);
1574 if (!hdev)
1575 return -ENODEV;
1576
4a964404 1577 /* Devices that are marked as unconfigured can only be powered
fee746b0
MH		 1578 * up as user channel. Trying to bring them up as normal devices
1579 * will result into a failure. Only user channel operation is
1580 * possible.
1581 *
1582 * When this function is called for a user channel, the flag
1583 * HCI_USER_CHANNEL will be set first before attempting to
1584 * open the device.
1585 */
d7a5a11d
MH		 1586 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1587 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
fee746b0
MH		 1588 err = -EOPNOTSUPP;
1589 goto done;
1590 }
1591
e1d08f40
JH		 1592 /* We need to ensure that no other power on/off work is pending
1593 * before proceeding to call hci_dev_do_open. This is
1594 * particularly important if the setup procedure has not yet
1595 * completed.
1596 */
a69d8927 1597 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
e1d08f40
JH		 1598 cancel_delayed_work(&hdev->power_off);
1599
a5c8f270
MH		 1600 /* After this call it is guaranteed that the setup procedure
1601 * has finished. This means that error conditions like RFKILL
1602 * or no valid public or static random address apply.
1603 */
e1d08f40
JH		 1604 flush_workqueue(hdev->req_workqueue);
1605
12aa4f0a 1606 /* For controllers not using the management interface and that
b6ae8457 1607 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
12aa4f0a
MH		 1608 * so that pairing works for them. Once the management interface
1609 * is in use this bit will be cleared again and userspace has
1610 * to explicitly enable it.
1611 */
d7a5a11d
MH		 1612 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1613 !hci_dev_test_flag(hdev, HCI_MGMT))
a1536da2 1614 hci_dev_set_flag(hdev, HCI_BONDABLE);
12aa4f0a 1615
cbed0ca1
JH		 1616 err = hci_dev_do_open(hdev);
1617
fee746b0 1618done:
cbed0ca1 1619 hci_dev_put(hdev);
cbed0ca1
JH		 1620 return err;
1621}
1622
d7347f3c
JH		 1623/* This function requires the caller holds hdev->lock */
1624static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1625{
1626 struct hci_conn_params *p;
1627
f161dd41
JH		 1628 list_for_each_entry(p, &hdev->le_conn_params, list) {
1629 if (p->conn) {
1630 hci_conn_drop(p->conn);
f8aaf9b6 1631 hci_conn_put(p->conn);
f161dd41
JH		 1632 p->conn = NULL;
1633 }
d7347f3c 1634 list_del_init(&p->action);
f161dd41 1635 }
d7347f3c
JH		 1636
1637 BT_DBG("All LE pending actions cleared");
1638}
1639
6b3cc1db 1640int hci_dev_do_close(struct hci_dev *hdev)
1da177e4 1641{
acc649c6
MH		 1642 bool auto_off;
1643
1da177e4
LT		 1644 BT_DBG("%s %p", hdev->name, hdev);
1645
d24d8144 1646 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
867146a0 1647 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
d24d8144 1648 test_bit(HCI_UP, &hdev->flags)) {
a44fecbd
THJA		 1649 /* Execute vendor specific shutdown routine */
1650 if (hdev->shutdown)
1651 hdev->shutdown(hdev);
1652 }
1653
78c04c0b
VCG		 1654 cancel_delayed_work(&hdev->power_off);
1655
7df0f73e 1656 hci_request_cancel_all(hdev);
b504430c 1657 hci_req_sync_lock(hdev);
1da177e4
LT		 1658
1659 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
65cc2b49 1660 cancel_delayed_work_sync(&hdev->cmd_timer);
b504430c 1661 hci_req_sync_unlock(hdev);
1da177e4
LT		 1662 return 0;
1663 }
1664
6d5d2ee6
HK		 1665 hci_leds_update_powered(hdev, false);
1666
3eff45ea
GP		 1667 /* Flush RX and TX works */
1668 flush_work(&hdev->tx_work);
b78752cc 1669 flush_work(&hdev->rx_work);
1da177e4 1670
16ab91ab 1671 if (hdev->discov_timeout > 0) {
16ab91ab 1672 hdev->discov_timeout = 0;
a358dc11
MH		 1673 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1674 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
16ab91ab
JH		 1675 }
1676
a69d8927 1677 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1678 cancel_delayed_work(&hdev->service_cache);
1679
a73c046a
JK		 1680 if (hci_dev_test_flag(hdev, HCI_MGMT)) {
1681 struct adv_info *adv_instance;
1682
4518bb0f 1683 cancel_delayed_work_sync(&hdev->rpa_expired);
7ba8b4be 1684
a73c046a
JK		 1685 list_for_each_entry(adv_instance, &hdev->adv_instances, list)
1686 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
1687 }
1688
76727c02
JH		 1689 /* Avoid potential lockdep warnings from the *_flush() calls by
1690 * ensuring the workqueue is empty up front.
1691 */
1692 drain_workqueue(hdev->workqueue);
1693
09fd0de5 1694 hci_dev_lock(hdev);
1aeb9c65 1695
8f502f84
JH		 1696 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1697
acc649c6
MH		 1698 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
1699
ca8bee5d 1700 if (!auto_off && hdev->dev_type == HCI_PRIMARY &&
baab7932 1701 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
2ff13894
JH		 1702 hci_dev_test_flag(hdev, HCI_MGMT))
1703 __mgmt_power_off(hdev);
1aeb9c65 1704
1f9b9a5d 1705 hci_inquiry_cache_flush(hdev);
d7347f3c 1706 hci_pend_le_actions_clear(hdev);
f161dd41 1707 hci_conn_hash_flush(hdev);
09fd0de5 1708 hci_dev_unlock(hdev);
1da177e4 1709
64dae967
MH		 1710 smp_unregister(hdev);
1711
05fcd4c4 1712 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
1da177e4
LT		 1713
1714 if (hdev->flush)
1715 hdev->flush(hdev);
1716
1717 /* Reset device */
1718 skb_queue_purge(&hdev->cmd_q);
1719 atomic_set(&hdev->cmd_cnt, 1);
acc649c6
MH		 1720 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
1721 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1da177e4 1722 set_bit(HCI_INIT, &hdev->flags);
4ebeee2d 1723 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT, NULL);
1da177e4
LT		 1724 clear_bit(HCI_INIT, &hdev->flags);
1725 }
1726
c347b765
GP		 1727 /* flush cmd work */
1728 flush_work(&hdev->cmd_work);
1da177e4
LT		 1729
1730 /* Drop queues */
1731 skb_queue_purge(&hdev->rx_q);
1732 skb_queue_purge(&hdev->cmd_q);
1733 skb_queue_purge(&hdev->raw_q);
1734
1735 /* Drop last sent command */
1736 if (hdev->sent_cmd) {
65cc2b49 1737 cancel_delayed_work_sync(&hdev->cmd_timer);
1da177e4
LT		 1738 kfree_skb(hdev->sent_cmd);
1739 hdev->sent_cmd = NULL;
1740 }
1741
e9ca8bf1 1742 clear_bit(HCI_RUNNING, &hdev->flags);
05fcd4c4 1743 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
4a3f95b7 1744
1da177e4
LT		 1745 /* After this point our queues are empty
1746 * and no tasks are scheduled. */
1747 hdev->close(hdev);
1748
35b973c9 1749 /* Clear flags */
fee746b0 1750 hdev->flags &= BIT(HCI_RAW);
eacb44df 1751 hci_dev_clear_volatile_flags(hdev);
35b973c9 1752
ced5c338 1753 /* Controller radio is available but is currently powered down */
536619e8 1754 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
ced5c338 1755
e59fda8d 1756 memset(hdev->eir, 0, sizeof(hdev->eir));
09b3c3fb 1757 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
7a4cd51d 1758 bacpy(&hdev->random_addr, BDADDR_ANY);
e59fda8d 1759
b504430c 1760 hci_req_sync_unlock(hdev);
1da177e4
LT		 1761
1762 hci_dev_put(hdev);
1763 return 0;
1764}
1765
1766int hci_dev_close(__u16 dev)
1767{
1768 struct hci_dev *hdev;
1769 int err;
1770
70f23020
AE		 1771 hdev = hci_dev_get(dev);
1772 if (!hdev)
1da177e4 1773 return -ENODEV;
8ee56540 1774
d7a5a11d 1775 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
0736cfa8
MH		 1776 err = -EBUSY;
1777 goto done;
1778 }
1779
a69d8927 1780 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
8ee56540
MH		 1781 cancel_delayed_work(&hdev->power_off);
1782
1da177e4 1783 err = hci_dev_do_close(hdev);
8ee56540 1784
0736cfa8 1785done:
1da177e4
LT		 1786 hci_dev_put(hdev);
1787 return err;
1788}
1789
5c912495 1790static int hci_dev_do_reset(struct hci_dev *hdev)
1da177e4 1791{
5c912495 1792 int ret;
1da177e4 1793
5c912495 1794 BT_DBG("%s %p", hdev->name, hdev);
1da177e4 1795
b504430c 1796 hci_req_sync_lock(hdev);
1da177e4 1797
1da177e4
LT		 1798 /* Drop queues */
1799 skb_queue_purge(&hdev->rx_q);
1800 skb_queue_purge(&hdev->cmd_q);
1801
76727c02
JH		 1802 /* Avoid potential lockdep warnings from the *_flush() calls by
1803 * ensuring the workqueue is empty up front.
1804 */
1805 drain_workqueue(hdev->workqueue);
1806
09fd0de5 1807 hci_dev_lock(hdev);
1f9b9a5d 1808 hci_inquiry_cache_flush(hdev);
1da177e4 1809 hci_conn_hash_flush(hdev);
09fd0de5 1810 hci_dev_unlock(hdev);
1da177e4
LT		 1811
1812 if (hdev->flush)
1813 hdev->flush(hdev);
1814
8e87d142 1815 atomic_set(&hdev->cmd_cnt, 1);
6ed58ec5 1816 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1da177e4 1817
4ebeee2d 1818 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT, NULL);
1da177e4 1819
b504430c 1820 hci_req_sync_unlock(hdev);
1da177e4
LT		 1821 return ret;
1822}
1823
5c912495
MH		 1824int hci_dev_reset(__u16 dev)
1825{
1826 struct hci_dev *hdev;
1827 int err;
1828
1829 hdev = hci_dev_get(dev);
1830 if (!hdev)
1831 return -ENODEV;
1832
1833 if (!test_bit(HCI_UP, &hdev->flags)) {
1834 err = -ENETDOWN;
1835 goto done;
1836 }
1837
d7a5a11d 1838 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
5c912495
MH		 1839 err = -EBUSY;
1840 goto done;
1841 }
1842
d7a5a11d 1843 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
5c912495
MH		 1844 err = -EOPNOTSUPP;
1845 goto done;
1846 }
1847
1848 err = hci_dev_do_reset(hdev);
1849
1850done:
1851 hci_dev_put(hdev);
1852 return err;
1853}
1854
1da177e4
LT		 1855int hci_dev_reset_stat(__u16 dev)
1856{
1857 struct hci_dev *hdev;
1858 int ret = 0;
1859
70f23020
AE		 1860 hdev = hci_dev_get(dev);
1861 if (!hdev)
1da177e4
LT		 1862 return -ENODEV;
1863
d7a5a11d 1864 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
0736cfa8
MH		 1865 ret = -EBUSY;
1866 goto done;
1867 }
1868
d7a5a11d 1869 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
fee746b0
MH		 1870 ret = -EOPNOTSUPP;
1871 goto done;
1872 }
1873
1da177e4
LT		 1874 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1875
0736cfa8 1876done:
1da177e4 1877 hci_dev_put(hdev);
1da177e4
LT		 1878 return ret;
1879}
1880
123abc08
JH		 1881static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1882{
bc6d2d04 1883 bool conn_changed, discov_changed;
123abc08
JH		 1884
1885 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1886
1887 if ((scan & SCAN_PAGE))
238be788
MH		 1888 conn_changed = !hci_dev_test_and_set_flag(hdev,
1889 HCI_CONNECTABLE);
123abc08 1890 else
a69d8927
MH		 1891 conn_changed = hci_dev_test_and_clear_flag(hdev,
1892 HCI_CONNECTABLE);
123abc08 1893
bc6d2d04 1894 if ((scan & SCAN_INQUIRY)) {
238be788
MH		 1895 discov_changed = !hci_dev_test_and_set_flag(hdev,
1896 HCI_DISCOVERABLE);
bc6d2d04 1897 } else {
a358dc11 1898 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
a69d8927
MH		 1899 discov_changed = hci_dev_test_and_clear_flag(hdev,
1900 HCI_DISCOVERABLE);
bc6d2d04
JH		 1901 }
1902
d7a5a11d 1903 if (!hci_dev_test_flag(hdev, HCI_MGMT))
123abc08
JH		 1904 return;
1905
bc6d2d04
JH		 1906 if (conn_changed || discov_changed) {
1907 /* In case this was disabled through mgmt */
a1536da2 1908 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
bc6d2d04 1909
d7a5a11d 1910 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
cab054ab 1911 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
bc6d2d04 1912
123abc08 1913 mgmt_new_settings(hdev);
bc6d2d04 1914 }
123abc08
JH		 1915}
1916
1da177e4
LT		 1917int hci_dev_cmd(unsigned int cmd, void __user *arg)
1918{
1919 struct hci_dev *hdev;
1920 struct hci_dev_req dr;
1921 int err = 0;
1922
1923 if (copy_from_user(&dr, arg, sizeof(dr)))
1924 return -EFAULT;
1925
70f23020
AE		 1926 hdev = hci_dev_get(dr.dev_id);
1927 if (!hdev)
1da177e4
LT		 1928 return -ENODEV;
1929
d7a5a11d 1930 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
0736cfa8
MH		 1931 err = -EBUSY;
1932 goto done;
1933 }
1934
d7a5a11d 1935 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
fee746b0
MH		 1936 err = -EOPNOTSUPP;
1937 goto done;
1938 }
1939
ca8bee5d 1940 if (hdev->dev_type != HCI_PRIMARY) {
5b69bef5
MH		 1941 err = -EOPNOTSUPP;
1942 goto done;
1943 }
1944
d7a5a11d 1945 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
56f87901
JH		 1946 err = -EOPNOTSUPP;
1947 goto done;
1948 }
1949
1da177e4
LT		 1950 switch (cmd) {
1951 case HCISETAUTH:
01178cd4 1952 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
4ebeee2d 1953 HCI_INIT_TIMEOUT, NULL);
1da177e4
LT		 1954 break;
1955
1956 case HCISETENCRYPT:
1957 if (!lmp_encrypt_capable(hdev)) {
1958 err = -EOPNOTSUPP;
1959 break;
1960 }
1961
1962 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1963 /* Auth must be enabled first */
01178cd4 1964 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
4ebeee2d 1965 HCI_INIT_TIMEOUT, NULL);
1da177e4
LT		 1966 if (err)
1967 break;
1968 }
1969
01178cd4 1970 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
4ebeee2d 1971 HCI_INIT_TIMEOUT, NULL);
1da177e4
LT		 1972 break;
1973
1974 case HCISETSCAN:
01178cd4 1975 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
4ebeee2d 1976 HCI_INIT_TIMEOUT, NULL);
91a668b0 1977
bc6d2d04
JH		 1978 /* Ensure that the connectable and discoverable states
1979 * get correctly modified as this was a non-mgmt change.
91a668b0 1980 */
123abc08
JH		 1981 if (!err)
1982 hci_update_scan_state(hdev, dr.dev_opt);
1da177e4
LT		 1983 break;
1984
1da177e4 1985 case HCISETLINKPOL:
01178cd4 1986 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
4ebeee2d 1987 HCI_INIT_TIMEOUT, NULL);
1da177e4
LT		 1988 break;
1989
1990 case HCISETLINKMODE:
e4e8e37c
MH		 1991 hdev->link_mode = ((__u16) dr.dev_opt) &
1992 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1993 break;
1994
1995 case HCISETPTYPE:
b7c23df8
JK		 1996 if (hdev->pkt_type == (__u16) dr.dev_opt)
1997 break;
1998
e4e8e37c 1999 hdev->pkt_type = (__u16) dr.dev_opt;
b7c23df8 2000 mgmt_phy_configuration_changed(hdev, NULL);
1da177e4
LT		 2001 break;
2002
2003 case HCISETACLMTU:
e4e8e37c
MH		 2004 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2005 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1da177e4
LT		 2006 break;
2007
2008 case HCISETSCOMTU:
e4e8e37c
MH		 2009 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2010 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1da177e4
LT		 2011 break;
2012
2013 default:
2014 err = -EINVAL;
2015 break;
2016 }
e4e8e37c 2017
0736cfa8 2018done:
1da177e4
LT		 2019 hci_dev_put(hdev);
2020 return err;
2021}
2022
2023int hci_get_dev_list(void __user *arg)
2024{
8035ded4 2025 struct hci_dev *hdev;
1da177e4
LT		 2026 struct hci_dev_list_req *dl;
2027 struct hci_dev_req *dr;
1da177e4
LT		 2028 int n = 0, size, err;
2029 __u16 dev_num;
2030
2031 if (get_user(dev_num, (__u16 __user *) arg))
2032 return -EFAULT;
2033
2034 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2035 return -EINVAL;
2036
2037 size = sizeof(*dl) + dev_num * sizeof(*dr);
2038
70f23020
AE		 2039 dl = kzalloc(size, GFP_KERNEL);
2040 if (!dl)
1da177e4
LT		 2041 return -ENOMEM;
2042
2043 dr = dl->dev_req;
2044
f20d09d5 2045 read_lock(&hci_dev_list_lock);
8035ded4 2046 list_for_each_entry(hdev, &hci_dev_list, list) {
2e84d8db 2047 unsigned long flags = hdev->flags;
c542a06c 2048
2e84d8db
MH		 2049 /* When the auto-off is configured it means the transport
2050 * is running, but in that case still indicate that the
2051 * device is actually down.
2052 */
d7a5a11d 2053 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2e84d8db 2054 flags &= ~BIT(HCI_UP);
c542a06c 2055
1da177e4 2056 (dr + n)->dev_id = hdev->id;
2e84d8db 2057 (dr + n)->dev_opt = flags;
c542a06c 2058
1da177e4
LT		 2059 if (++n >= dev_num)
2060 break;
2061 }
f20d09d5 2062 read_unlock(&hci_dev_list_lock);
1da177e4
LT		 2063
2064 dl->dev_num = n;
2065 size = sizeof(*dl) + n * sizeof(*dr);
2066
2067 err = copy_to_user(arg, dl, size);
2068 kfree(dl);
2069
2070 return err ? -EFAULT : 0;
2071}
2072
2073int hci_get_dev_info(void __user *arg)
2074{
2075 struct hci_dev *hdev;
2076 struct hci_dev_info di;
2e84d8db 2077 unsigned long flags;
1da177e4
LT		 2078 int err = 0;
2079
2080 if (copy_from_user(&di, arg, sizeof(di)))
2081 return -EFAULT;
2082
70f23020
AE		 2083 hdev = hci_dev_get(di.dev_id);
2084 if (!hdev)
1da177e4
LT		 2085 return -ENODEV;
2086
2e84d8db
MH		 2087 /* When the auto-off is configured it means the transport
2088 * is running, but in that case still indicate that the
2089 * device is actually down.
2090 */
d7a5a11d 2091 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2e84d8db
MH		 2092 flags = hdev->flags & ~BIT(HCI_UP);
2093 else
2094 flags = hdev->flags;
c542a06c 2095
1da177e4
LT		 2096 strcpy(di.name, hdev->name);
2097 di.bdaddr = hdev->bdaddr;
60f2a3ed 2098 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2e84d8db 2099 di.flags = flags;
1da177e4 2100 di.pkt_type = hdev->pkt_type;
572c7f84
JH		 2101 if (lmp_bredr_capable(hdev)) {
2102 di.acl_mtu = hdev->acl_mtu;
2103 di.acl_pkts = hdev->acl_pkts;
2104 di.sco_mtu = hdev->sco_mtu;
2105 di.sco_pkts = hdev->sco_pkts;
2106 } else {
2107 di.acl_mtu = hdev->le_mtu;
2108 di.acl_pkts = hdev->le_pkts;
2109 di.sco_mtu = 0;
2110 di.sco_pkts = 0;
2111 }
1da177e4
LT		 2112 di.link_policy = hdev->link_policy;
2113 di.link_mode = hdev->link_mode;
2114
2115 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2116 memcpy(&di.features, &hdev->features, sizeof(di.features));
2117
2118 if (copy_to_user(arg, &di, sizeof(di)))
2119 err = -EFAULT;
2120
2121 hci_dev_put(hdev);
2122
2123 return err;
2124}
2125
2126/* ---- Interface to HCI drivers ---- */
2127
611b30f7
MH		 2128static int hci_rfkill_set_block(void *data, bool blocked)
2129{
2130 struct hci_dev *hdev = data;
2131
2132 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2133
d7a5a11d 2134 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
0736cfa8
MH		 2135 return -EBUSY;
2136
5e130367 2137 if (blocked) {
a1536da2 2138 hci_dev_set_flag(hdev, HCI_RFKILLED);
d7a5a11d
MH		 2139 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2140 !hci_dev_test_flag(hdev, HCI_CONFIG))
bf543036 2141 hci_dev_do_close(hdev);
5e130367 2142 } else {
a358dc11 2143 hci_dev_clear_flag(hdev, HCI_RFKILLED);
1025c04c 2144 }
611b30f7
MH		 2145
2146 return 0;
2147}
2148
2149static const struct rfkill_ops hci_rfkill_ops = {
2150 .set_block = hci_rfkill_set_block,
2151};
2152
ab81cbf9
JH		 2153static void hci_power_on(struct work_struct *work)
2154{
2155 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
96570ffc 2156 int err;
ab81cbf9
JH		 2157
2158 BT_DBG("%s", hdev->name);
2159
2ff13894
JH		 2160 if (test_bit(HCI_UP, &hdev->flags) &&
2161 hci_dev_test_flag(hdev, HCI_MGMT) &&
2162 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
d82142a8 2163 cancel_delayed_work(&hdev->power_off);
2ff13894
JH		 2164 hci_req_sync_lock(hdev);
2165 err = __hci_req_hci_power_on(hdev);
2166 hci_req_sync_unlock(hdev);
2167 mgmt_power_on(hdev, err);
2168 return;
2169 }
2170
cbed0ca1 2171 err = hci_dev_do_open(hdev);
96570ffc 2172 if (err < 0) {
3ad67582 2173 hci_dev_lock(hdev);
96570ffc 2174 mgmt_set_powered_failed(hdev, err);
3ad67582 2175 hci_dev_unlock(hdev);
ab81cbf9 2176 return;
96570ffc 2177 }
ab81cbf9 2178
a5c8f270
MH		 2179 /* During the HCI setup phase, a few error conditions are
2180 * ignored and they need to be checked now. If they are still
2181 * valid, it is important to turn the device back off.
2182 */
d7a5a11d
MH		 2183 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2184 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
ca8bee5d 2185 (hdev->dev_type == HCI_PRIMARY &&
a5c8f270
MH		 2186 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2187 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
a358dc11 2188 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
bf543036 2189 hci_dev_do_close(hdev);
d7a5a11d 2190 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
19202573
JH		 2191 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2192 HCI_AUTO_OFF_TIMEOUT);
bf543036 2193 }
ab81cbf9 2194
a69d8927 2195 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
4a964404
MH		 2196 /* For unconfigured devices, set the HCI_RAW flag
2197 * so that userspace can easily identify them.
4a964404 2198 */
d7a5a11d 2199 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
4a964404 2200 set_bit(HCI_RAW, &hdev->flags);
0602a8ad
MH		 2201
2202 /* For fully configured devices, this will send
2203 * the Index Added event. For unconfigured devices,
2204 * it will send Unconfigued Index Added event.
2205 *
2206 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2207 * and no event will be send.
2208 */
2209 mgmt_index_added(hdev);
a69d8927 2210 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
5ea234d3
MH		 2211 /* When the controller is now configured, then it
2212 * is important to clear the HCI_RAW flag.
2213 */
d7a5a11d 2214 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5ea234d3
MH		 2215 clear_bit(HCI_RAW, &hdev->flags);
2216
d603b76b
MH		 2217 /* Powering on the controller with HCI_CONFIG set only
2218 * happens with the transition from unconfigured to
2219 * configured. This will send the Index Added event.
2220 */
744cf19e 2221 mgmt_index_added(hdev);
fee746b0 2222 }
ab81cbf9
JH		 2223}
2224
2225static void hci_power_off(struct work_struct *work)
2226{
3243553f 2227 struct hci_dev *hdev = container_of(work, struct hci_dev,
a8c5fb1a 2228 power_off.work);
ab81cbf9
JH		 2229
2230 BT_DBG("%s", hdev->name);
2231
8ee56540 2232 hci_dev_do_close(hdev);
ab81cbf9
JH		 2233}
2234
c7741d16
MH		 2235static void hci_error_reset(struct work_struct *work)
2236{
2237 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2238
2239 BT_DBG("%s", hdev->name);
2240
2241 if (hdev->hw_error)
2242 hdev->hw_error(hdev, hdev->hw_error_code);
2243 else
2064ee33 2244 bt_dev_err(hdev, "hardware error 0x%2.2x", hdev->hw_error_code);
c7741d16
MH		 2245
2246 if (hci_dev_do_close(hdev))
2247 return;
2248
c7741d16
MH		 2249 hci_dev_do_open(hdev);
2250}
2251
35f7498a 2252void hci_uuids_clear(struct hci_dev *hdev)
2aeb9a1a 2253{
4821002c 2254 struct bt_uuid *uuid, *tmp;
2aeb9a1a 2255
4821002c
JH		 2256 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2257 list_del(&uuid->list);
2aeb9a1a
JH		 2258 kfree(uuid);
2259 }
2aeb9a1a
JH		 2260}
2261
35f7498a 2262void hci_link_keys_clear(struct hci_dev *hdev)
55ed8ca1 2263{
0378b597 2264 struct link_key *key;
55ed8ca1 2265
0378b597
JH		 2266 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
2267 list_del_rcu(&key->list);
2268 kfree_rcu(key, rcu);
55ed8ca1 2269 }
55ed8ca1
JH		 2270}
2271
35f7498a 2272void hci_smp_ltks_clear(struct hci_dev *hdev)
b899efaf 2273{
970d0f1b 2274 struct smp_ltk *k;
b899efaf 2275
970d0f1b
JH		 2276 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2277 list_del_rcu(&k->list);
2278 kfree_rcu(k, rcu);
b899efaf 2279 }
b899efaf
VCG		 2280}
2281
970c4e46
JH		 2282void hci_smp_irks_clear(struct hci_dev *hdev)
2283{
adae20cb 2284 struct smp_irk *k;
970c4e46 2285
adae20cb
JH		 2286 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2287 list_del_rcu(&k->list);
2288 kfree_rcu(k, rcu);
970c4e46
JH		 2289 }
2290}
2291
55ed8ca1
JH		 2292struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2293{
8035ded4 2294 struct link_key *k;
55ed8ca1 2295
0378b597
JH		 2296 rcu_read_lock();
2297 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2298 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2299 rcu_read_unlock();
55ed8ca1 2300 return k;
0378b597
JH		 2301 }
2302 }
2303 rcu_read_unlock();
55ed8ca1
JH		 2304
2305 return NULL;
2306}
2307
745c0ce3 2308static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
a8c5fb1a 2309 u8 key_type, u8 old_key_type)
d25e28ab
JH		 2310{
2311 /* Legacy key */
2312 if (key_type < 0x03)
745c0ce3 2313 return true;
d25e28ab
JH		 2314
2315 /* Debug keys are insecure so don't store them persistently */
2316 if (key_type == HCI_LK_DEBUG_COMBINATION)
745c0ce3 2317 return false;
d25e28ab
JH		 2318
2319 /* Changed combination key and there's no previous one */
2320 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
745c0ce3 2321 return false;
d25e28ab
JH		 2322
2323 /* Security mode 3 case */
2324 if (!conn)
745c0ce3 2325 return true;
d25e28ab 2326
e3befab9
JH		 2327 /* BR/EDR key derived using SC from an LE link */
2328 if (conn->type == LE_LINK)
2329 return true;
2330
d25e28ab
JH		 2331 /* Neither local nor remote side had no-bonding as requirement */
2332 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
745c0ce3 2333 return true;
d25e28ab
JH		 2334
2335 /* Local side had dedicated bonding as requirement */
2336 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
745c0ce3 2337 return true;
d25e28ab
JH		 2338
2339 /* Remote side had dedicated bonding as requirement */
2340 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
745c0ce3 2341 return true;
d25e28ab
JH		 2342
2343 /* If none of the above criteria match, then don't store the key
2344 * persistently */
745c0ce3 2345 return false;
d25e28ab
JH		 2346}
2347
e804d25d 2348static u8 ltk_role(u8 type)
98a0b845 2349{
e804d25d
JH		 2350 if (type == SMP_LTK)
2351 return HCI_ROLE_MASTER;
98a0b845 2352
e804d25d 2353 return HCI_ROLE_SLAVE;
98a0b845
JH		 2354}
2355
f3a73d97
JH		 2356struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2357 u8 addr_type, u8 role)
75d262c2 2358{
c9839a11 2359 struct smp_ltk *k;
75d262c2 2360
970d0f1b
JH		 2361 rcu_read_lock();
2362 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
5378bc56
JH		 2363 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2364 continue;
2365
923e2414 2366 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
970d0f1b 2367 rcu_read_unlock();
75d262c2 2368 return k;
970d0f1b
JH		 2369 }
2370 }
2371 rcu_read_unlock();
75d262c2
VCG		 2372
2373 return NULL;
2374}
75d262c2 2375
970c4e46
JH		 2376struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2377{
2378 struct smp_irk *irk;
2379
adae20cb
JH		 2380 rcu_read_lock();
2381 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2382 if (!bacmp(&irk->rpa, rpa)) {
2383 rcu_read_unlock();
970c4e46 2384 return irk;
adae20cb 2385 }
970c4e46
JH		 2386 }
2387
adae20cb 2388 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
defce9e8 2389 if (smp_irk_matches(hdev, irk->val, rpa)) {
970c4e46 2390 bacpy(&irk->rpa, rpa);
adae20cb 2391 rcu_read_unlock();
970c4e46
JH		 2392 return irk;
2393 }
2394 }
adae20cb 2395 rcu_read_unlock();
970c4e46
JH		 2396
2397 return NULL;
2398}
2399
2400struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2401 u8 addr_type)
2402{
2403 struct smp_irk *irk;
2404
6cfc9988
JH		 2405 /* Identity Address must be public or static random */
2406 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2407 return NULL;
2408
adae20cb
JH		 2409 rcu_read_lock();
2410 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
970c4e46 2411 if (addr_type == irk->addr_type &&
adae20cb
JH		 2412 bacmp(bdaddr, &irk->bdaddr) == 0) {
2413 rcu_read_unlock();
970c4e46 2414 return irk;
adae20cb 2415 }
970c4e46 2416 }
adae20cb 2417 rcu_read_unlock();
970c4e46
JH		 2418
2419 return NULL;
2420}
2421
567fa2aa 2422struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
7652ff6a
JH		 2423 bdaddr_t *bdaddr, u8 *val, u8 type,
2424 u8 pin_len, bool *persistent)
55ed8ca1
JH		 2425{
2426 struct link_key *key, *old_key;
745c0ce3 2427 u8 old_key_type;
55ed8ca1
JH		 2428
2429 old_key = hci_find_link_key(hdev, bdaddr);
2430 if (old_key) {
2431 old_key_type = old_key->type;
2432 key = old_key;
2433 } else {
12adcf3a 2434 old_key_type = conn ? conn->key_type : 0xff;
0a14ab41 2435 key = kzalloc(sizeof(*key), GFP_KERNEL);
55ed8ca1 2436 if (!key)
567fa2aa 2437 return NULL;
0378b597 2438 list_add_rcu(&key->list, &hdev->link_keys);
55ed8ca1
JH		 2439 }
2440
6ed93dc6 2441 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
55ed8ca1 2442
d25e28ab
JH		 2443 /* Some buggy controller combinations generate a changed
2444 * combination key for legacy pairing even when there's no
2445 * previous key */
2446 if (type == HCI_LK_CHANGED_COMBINATION &&
a8c5fb1a 2447 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
d25e28ab 2448 type = HCI_LK_COMBINATION;
655fe6ec
JH		 2449 if (conn)
2450 conn->key_type = type;
2451 }
d25e28ab 2452
55ed8ca1 2453 bacpy(&key->bdaddr, bdaddr);
9b3b4460 2454 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
55ed8ca1
JH		 2455 key->pin_len = pin_len;
2456
b6020ba0 2457 if (type == HCI_LK_CHANGED_COMBINATION)
55ed8ca1 2458 key->type = old_key_type;
4748fed2
JH		 2459 else
2460 key->type = type;
2461
7652ff6a
JH		 2462 if (persistent)
2463 *persistent = hci_persistent_key(hdev, conn, type,
2464 old_key_type);
4df378a1 2465
567fa2aa 2466 return key;
55ed8ca1
JH		 2467}
2468
ca9142b8 2469struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
35d70271 2470 u8 addr_type, u8 type, u8 authenticated,
fe39c7b2 2471 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
75d262c2 2472{
c9839a11 2473 struct smp_ltk *key, *old_key;
e804d25d 2474 u8 role = ltk_role(type);
75d262c2 2475
f3a73d97 2476 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
c9839a11 2477 if (old_key)
75d262c2 2478 key = old_key;
c9839a11 2479 else {
0a14ab41 2480 key = kzalloc(sizeof(*key), GFP_KERNEL);
75d262c2 2481 if (!key)
ca9142b8 2482 return NULL;
970d0f1b 2483 list_add_rcu(&key->list, &hdev->long_term_keys);
75d262c2
VCG		 2484 }
2485
75d262c2 2486 bacpy(&key->bdaddr, bdaddr);
c9839a11
VCG		 2487 key->bdaddr_type = addr_type;
2488 memcpy(key->val, tk, sizeof(key->val));
2489 key->authenticated = authenticated;
2490 key->ediv = ediv;
fe39c7b2 2491 key->rand = rand;
c9839a11
VCG		 2492 key->enc_size = enc_size;
2493 key->type = type;
75d262c2 2494
ca9142b8 2495 return key;
75d262c2
VCG		 2496}
2497
ca9142b8
JH		 2498struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2499 u8 addr_type, u8 val[16], bdaddr_t *rpa)
970c4e46
JH		 2500{
2501 struct smp_irk *irk;
2502
2503 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2504 if (!irk) {
2505 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2506 if (!irk)
ca9142b8 2507 return NULL;
970c4e46
JH		 2508
2509 bacpy(&irk->bdaddr, bdaddr);
2510 irk->addr_type = addr_type;
2511
adae20cb 2512 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
970c4e46
JH		 2513 }
2514
2515 memcpy(irk->val, val, 16);
2516 bacpy(&irk->rpa, rpa);
2517
ca9142b8 2518 return irk;
970c4e46
JH		 2519}
2520
55ed8ca1
JH		 2521int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2522{
2523 struct link_key *key;
2524
2525 key = hci_find_link_key(hdev, bdaddr);
2526 if (!key)
2527 return -ENOENT;
2528
6ed93dc6 2529 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
55ed8ca1 2530
0378b597
JH		 2531 list_del_rcu(&key->list);
2532 kfree_rcu(key, rcu);
55ed8ca1
JH		 2533
2534 return 0;
2535}
2536
e0b2b27e 2537int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
b899efaf 2538{
970d0f1b 2539 struct smp_ltk *k;
c51ffa0b 2540 int removed = 0;
b899efaf 2541
970d0f1b 2542 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
e0b2b27e 2543 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
b899efaf
VCG		 2544 continue;
2545
6ed93dc6 2546 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
b899efaf 2547
970d0f1b
JH		 2548 list_del_rcu(&k->list);
2549 kfree_rcu(k, rcu);
c51ffa0b 2550 removed++;
b899efaf
VCG		 2551 }
2552
c51ffa0b 2553 return removed ? 0 : -ENOENT;
b899efaf
VCG		 2554}
2555
a7ec7338
JH		 2556void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2557{
adae20cb 2558 struct smp_irk *k;
a7ec7338 2559
adae20cb 2560 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
a7ec7338
JH		 2561 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2562 continue;
2563
2564 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2565
adae20cb
JH		 2566 list_del_rcu(&k->list);
2567 kfree_rcu(k, rcu);
a7ec7338
JH		 2568 }
2569}
2570
55e76b38
JH		 2571bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2572{
2573 struct smp_ltk *k;
4ba9faf3 2574 struct smp_irk *irk;
55e76b38
JH		 2575 u8 addr_type;
2576
2577 if (type == BDADDR_BREDR) {
2578 if (hci_find_link_key(hdev, bdaddr))
2579 return true;
2580 return false;
2581 }
2582
2583 /* Convert to HCI addr type which struct smp_ltk uses */
2584 if (type == BDADDR_LE_PUBLIC)
2585 addr_type = ADDR_LE_DEV_PUBLIC;
2586 else
2587 addr_type = ADDR_LE_DEV_RANDOM;
2588
4ba9faf3
JH		 2589 irk = hci_get_irk(hdev, bdaddr, addr_type);
2590 if (irk) {
2591 bdaddr = &irk->bdaddr;
2592 addr_type = irk->addr_type;
2593 }
2594
55e76b38
JH		 2595 rcu_read_lock();
2596 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
87c8b28d
JH		 2597 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2598 rcu_read_unlock();
55e76b38 2599 return true;
87c8b28d 2600 }
55e76b38
JH		 2601 }
2602 rcu_read_unlock();
2603
2604 return false;
2605}
2606
6bd32326 2607/* HCI command timer function */
65cc2b49 2608static void hci_cmd_timeout(struct work_struct *work)
6bd32326 2609{
65cc2b49
MH		 2610 struct hci_dev *hdev = container_of(work, struct hci_dev,
2611 cmd_timer.work);
6bd32326 2612
bda4f23a
AE		 2613 if (hdev->sent_cmd) {
2614 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2615 u16 opcode = __le16_to_cpu(sent->opcode);
2616
2064ee33 2617 bt_dev_err(hdev, "command 0x%4.4x tx timeout", opcode);
bda4f23a 2618 } else {
2064ee33 2619 bt_dev_err(hdev, "command tx timeout");
bda4f23a
AE		 2620 }
2621
e2bef384
RJ		 2622 if (hdev->cmd_timeout)
2623 hdev->cmd_timeout(hdev);
2624
6bd32326 2625 atomic_set(&hdev->cmd_cnt, 1);
c347b765 2626 queue_work(hdev->workqueue, &hdev->cmd_work);
6bd32326
VT		 2627}
2628
2763eda6 2629struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
6928a924 2630 bdaddr_t *bdaddr, u8 bdaddr_type)
2763eda6
SJ		 2631{
2632 struct oob_data *data;
2633
6928a924
JH		 2634 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2635 if (bacmp(bdaddr, &data->bdaddr) != 0)
2636 continue;
2637 if (data->bdaddr_type != bdaddr_type)
2638 continue;
2639 return data;
2640 }
2763eda6
SJ		 2641
2642 return NULL;
2643}
2644
6928a924
JH		 2645int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2646 u8 bdaddr_type)
2763eda6
SJ		 2647{
2648 struct oob_data *data;
2649
6928a924 2650 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2763eda6
SJ		 2651 if (!data)
2652 return -ENOENT;
2653
6928a924 2654 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2763eda6
SJ		 2655
2656 list_del(&data->list);
2657 kfree(data);
2658
2659 return 0;
2660}
2661
35f7498a 2662void hci_remote_oob_data_clear(struct hci_dev *hdev)
2763eda6
SJ		 2663{
2664 struct oob_data *data, *n;
2665
2666 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2667 list_del(&data->list);
2668 kfree(data);
2669 }
2763eda6
SJ		 2670}
2671
0798872e 2672int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
6928a924 2673 u8 bdaddr_type, u8 *hash192, u8 *rand192,
81328d5c 2674 u8 *hash256, u8 *rand256)
2763eda6
SJ		 2675{
2676 struct oob_data *data;
2677
6928a924 2678 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2763eda6 2679 if (!data) {
0a14ab41 2680 data = kmalloc(sizeof(*data), GFP_KERNEL);
2763eda6
SJ		 2681 if (!data)
2682 return -ENOMEM;
2683
2684 bacpy(&data->bdaddr, bdaddr);
6928a924 2685 data->bdaddr_type = bdaddr_type;
2763eda6
SJ		 2686 list_add(&data->list, &hdev->remote_oob_data);
2687 }
2688
81328d5c
JH		 2689 if (hash192 && rand192) {
2690 memcpy(data->hash192, hash192, sizeof(data->hash192));
2691 memcpy(data->rand192, rand192, sizeof(data->rand192));
f7697b16
MH		 2692 if (hash256 && rand256)
2693 data->present = 0x03;
81328d5c
JH		 2694 } else {
2695 memset(data->hash192, 0, sizeof(data->hash192));
2696 memset(data->rand192, 0, sizeof(data->rand192));
f7697b16
MH		 2697 if (hash256 && rand256)
2698 data->present = 0x02;
2699 else
2700 data->present = 0x00;
0798872e
MH		 2701 }
2702
81328d5c
JH		 2703 if (hash256 && rand256) {
2704 memcpy(data->hash256, hash256, sizeof(data->hash256));
2705 memcpy(data->rand256, rand256, sizeof(data->rand256));
2706 } else {
2707 memset(data->hash256, 0, sizeof(data->hash256));
2708 memset(data->rand256, 0, sizeof(data->rand256));
f7697b16
MH		 2709 if (hash192 && rand192)
2710 data->present = 0x01;
81328d5c 2711 }
0798872e 2712
6ed93dc6 2713 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2763eda6
SJ		 2714
2715 return 0;
2716}
2717
d2609b34
FG		 2718/* This function requires the caller holds hdev->lock */
2719struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2720{
2721 struct adv_info *adv_instance;
2722
2723 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2724 if (adv_instance->instance == instance)
2725 return adv_instance;
2726 }
2727
2728 return NULL;
2729}
2730
2731/* This function requires the caller holds hdev->lock */
74b93e9f
PK		 2732struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance)
2733{
d2609b34
FG		 2734 struct adv_info *cur_instance;
2735
2736 cur_instance = hci_find_adv_instance(hdev, instance);
2737 if (!cur_instance)
2738 return NULL;
2739
2740 if (cur_instance == list_last_entry(&hdev->adv_instances,
2741 struct adv_info, list))
2742 return list_first_entry(&hdev->adv_instances,
2743 struct adv_info, list);
2744 else
2745 return list_next_entry(cur_instance, list);
2746}
2747
2748/* This function requires the caller holds hdev->lock */
2749int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2750{
2751 struct adv_info *adv_instance;
2752
2753 adv_instance = hci_find_adv_instance(hdev, instance);
2754 if (!adv_instance)
2755 return -ENOENT;
2756
2757 BT_DBG("%s removing %dMR", hdev->name, instance);
2758
cab054ab
JH		 2759 if (hdev->cur_adv_instance == instance) {
2760 if (hdev->adv_instance_timeout) {
2761 cancel_delayed_work(&hdev->adv_instance_expire);
2762 hdev->adv_instance_timeout = 0;
2763 }
2764 hdev->cur_adv_instance = 0x00;
5d900e46
FG		 2765 }
2766
a73c046a
JK		 2767 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2768
d2609b34
FG		 2769 list_del(&adv_instance->list);
2770 kfree(adv_instance);
2771
2772 hdev->adv_instance_cnt--;
2773
2774 return 0;
2775}
2776
a73c046a
JK		 2777void hci_adv_instances_set_rpa_expired(struct hci_dev *hdev, bool rpa_expired)
2778{
2779 struct adv_info *adv_instance, *n;
2780
2781 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list)
2782 adv_instance->rpa_expired = rpa_expired;
2783}
2784
d2609b34
FG		 2785/* This function requires the caller holds hdev->lock */
2786void hci_adv_instances_clear(struct hci_dev *hdev)
2787{
2788 struct adv_info *adv_instance, *n;
2789
5d900e46
FG		 2790 if (hdev->adv_instance_timeout) {
2791 cancel_delayed_work(&hdev->adv_instance_expire);
2792 hdev->adv_instance_timeout = 0;
2793 }
2794
d2609b34 2795 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
a73c046a 2796 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
d2609b34
FG		 2797 list_del(&adv_instance->list);
2798 kfree(adv_instance);
2799 }
2800
2801 hdev->adv_instance_cnt = 0;
cab054ab 2802 hdev->cur_adv_instance = 0x00;
d2609b34
FG		 2803}
2804
a73c046a
JK		 2805static void adv_instance_rpa_expired(struct work_struct *work)
2806{
2807 struct adv_info *adv_instance = container_of(work, struct adv_info,
2808 rpa_expired_cb.work);
2809
2810 BT_DBG("");
2811
2812 adv_instance->rpa_expired = true;
2813}
2814
d2609b34
FG		 2815/* This function requires the caller holds hdev->lock */
2816int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2817 u16 adv_data_len, u8 *adv_data,
2818 u16 scan_rsp_len, u8 *scan_rsp_data,
2819 u16 timeout, u16 duration)
2820{
2821 struct adv_info *adv_instance;
2822
2823 adv_instance = hci_find_adv_instance(hdev, instance);
2824 if (adv_instance) {
2825 memset(adv_instance->adv_data, 0,
2826 sizeof(adv_instance->adv_data));
2827 memset(adv_instance->scan_rsp_data, 0,
2828 sizeof(adv_instance->scan_rsp_data));
2829 } else {
2830 if (hdev->adv_instance_cnt >= HCI_MAX_ADV_INSTANCES ||
2831 instance < 1 || instance > HCI_MAX_ADV_INSTANCES)
2832 return -EOVERFLOW;
2833
39ecfad6 2834 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
d2609b34
FG		 2835 if (!adv_instance)
2836 return -ENOMEM;
2837
fffd38bc 2838 adv_instance->pending = true;
d2609b34
FG		 2839 adv_instance->instance = instance;
2840 list_add(&adv_instance->list, &hdev->adv_instances);
2841 hdev->adv_instance_cnt++;
2842 }
2843
2844 adv_instance->flags = flags;
2845 adv_instance->adv_data_len = adv_data_len;
2846 adv_instance->scan_rsp_len = scan_rsp_len;
2847
2848 if (adv_data_len)
2849 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
2850
2851 if (scan_rsp_len)
2852 memcpy(adv_instance->scan_rsp_data,
2853 scan_rsp_data, scan_rsp_len);
2854
2855 adv_instance->timeout = timeout;
5d900e46 2856 adv_instance->remaining_time = timeout;
d2609b34
FG		 2857
2858 if (duration == 0)
2859 adv_instance->duration = HCI_DEFAULT_ADV_DURATION;
2860 else
2861 adv_instance->duration = duration;
2862
de181e88
JK		 2863 adv_instance->tx_power = HCI_TX_POWER_INVALID;
2864
a73c046a
JK		 2865 INIT_DELAYED_WORK(&adv_instance->rpa_expired_cb,
2866 adv_instance_rpa_expired);
2867
d2609b34
FG		 2868 BT_DBG("%s for %dMR", hdev->name, instance);
2869
2870 return 0;
2871}
2872
dcc36c16 2873struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
b9ee0a78 2874 bdaddr_t *bdaddr, u8 type)
b2a66aad 2875{
8035ded4 2876 struct bdaddr_list *b;
b2a66aad 2877
dcc36c16 2878 list_for_each_entry(b, bdaddr_list, list) {
b9ee0a78 2879 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
b2a66aad 2880 return b;
b9ee0a78 2881 }
b2a66aad
AJ		 2882
2883 return NULL;
2884}
2885
b950aa88
AN		 2886struct bdaddr_list_with_irk *hci_bdaddr_list_lookup_with_irk(
2887 struct list_head *bdaddr_list, bdaddr_t *bdaddr,
2888 u8 type)
2889{
2890 struct bdaddr_list_with_irk *b;
2891
2892 list_for_each_entry(b, bdaddr_list, list) {
2893 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2894 return b;
2895 }
2896
2897 return NULL;
2898}
2899
dcc36c16 2900void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
b2a66aad 2901{
7eb7404f 2902 struct bdaddr_list *b, *n;
b2a66aad 2903
7eb7404f
GT		 2904 list_for_each_entry_safe(b, n, bdaddr_list, list) {
2905 list_del(&b->list);
b2a66aad
AJ		 2906 kfree(b);
2907 }
b2a66aad
AJ		 2908}
2909
dcc36c16 2910int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
b2a66aad
AJ		 2911{
2912 struct bdaddr_list *entry;
b2a66aad 2913
b9ee0a78 2914 if (!bacmp(bdaddr, BDADDR_ANY))
b2a66aad
AJ		 2915 return -EBADF;
2916
dcc36c16 2917 if (hci_bdaddr_list_lookup(list, bdaddr, type))
5e762444 2918 return -EEXIST;
b2a66aad 2919
27f70f3e 2920 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
5e762444
AJ		 2921 if (!entry)
2922 return -ENOMEM;
b2a66aad
AJ		 2923
2924 bacpy(&entry->bdaddr, bdaddr);
b9ee0a78 2925 entry->bdaddr_type = type;
b2a66aad 2926
dcc36c16 2927 list_add(&entry->list, list);
b2a66aad 2928
2a8357f2 2929 return 0;
b2a66aad
AJ		 2930}
2931
b950aa88
AN		 2932int hci_bdaddr_list_add_with_irk(struct list_head *list, bdaddr_t *bdaddr,
2933 u8 type, u8 *peer_irk, u8 *local_irk)
2934{
2935 struct bdaddr_list_with_irk *entry;
2936
2937 if (!bacmp(bdaddr, BDADDR_ANY))
2938 return -EBADF;
2939
2940 if (hci_bdaddr_list_lookup(list, bdaddr, type))
2941 return -EEXIST;
2942
2943 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
2944 if (!entry)
2945 return -ENOMEM;
2946
2947 bacpy(&entry->bdaddr, bdaddr);
2948 entry->bdaddr_type = type;
2949
2950 if (peer_irk)
2951 memcpy(entry->peer_irk, peer_irk, 16);
2952
2953 if (local_irk)
2954 memcpy(entry->local_irk, local_irk, 16);
2955
2956 list_add(&entry->list, list);
2957
2958 return 0;
2959}
2960
dcc36c16 2961int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
b2a66aad
AJ		 2962{
2963 struct bdaddr_list *entry;
b2a66aad 2964
35f7498a 2965 if (!bacmp(bdaddr, BDADDR_ANY)) {
dcc36c16 2966 hci_bdaddr_list_clear(list);
35f7498a
JH		 2967 return 0;
2968 }
b2a66aad 2969
dcc36c16 2970 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
d2ab0ac1
MH		 2971 if (!entry)
2972 return -ENOENT;
2973
2974 list_del(&entry->list);
2975 kfree(entry);
2976
2977 return 0;
2978}
2979
b950aa88
AN		 2980int hci_bdaddr_list_del_with_irk(struct list_head *list, bdaddr_t *bdaddr,
2981 u8 type)
2982{
2983 struct bdaddr_list_with_irk *entry;
2984
2985 if (!bacmp(bdaddr, BDADDR_ANY)) {
2986 hci_bdaddr_list_clear(list);
2987 return 0;
2988 }
2989
2990 entry = hci_bdaddr_list_lookup_with_irk(list, bdaddr, type);
2991 if (!entry)
2992 return -ENOENT;
2993
2994 list_del(&entry->list);
2995 kfree(entry);
2996
2997 return 0;
2998}
2999
15819a70
AG		 3000/* This function requires the caller holds hdev->lock */
3001struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3002 bdaddr_t *addr, u8 addr_type)
3003{
3004 struct hci_conn_params *params;
3005
3006 list_for_each_entry(params, &hdev->le_conn_params, list) {
3007 if (bacmp(&params->addr, addr) == 0 &&
3008 params->addr_type == addr_type) {
3009 return params;
3010 }
3011 }
3012
3013 return NULL;
3014}
3015
4b10966f 3016/* This function requires the caller holds hdev->lock */
501f8827
JH		 3017struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3018 bdaddr_t *addr, u8 addr_type)
a9b0a04c 3019{
912b42ef 3020 struct hci_conn_params *param;
a9b0a04c 3021
501f8827 3022 list_for_each_entry(param, list, action) {
912b42ef
JH		 3023 if (bacmp(&param->addr, addr) == 0 &&
3024 param->addr_type == addr_type)
3025 return param;
4b10966f
MH		 3026 }
3027
3028 return NULL;
a9b0a04c
AG		 3029}
3030
15819a70 3031/* This function requires the caller holds hdev->lock */
51d167c0
MH		 3032struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3033 bdaddr_t *addr, u8 addr_type)
15819a70
AG		 3034{
3035 struct hci_conn_params *params;
3036
3037 params = hci_conn_params_lookup(hdev, addr, addr_type);
cef952ce 3038 if (params)
51d167c0 3039 return params;
15819a70
AG		 3040
3041 params = kzalloc(sizeof(*params), GFP_KERNEL);
3042 if (!params) {
2064ee33 3043 bt_dev_err(hdev, "out of memory");
51d167c0 3044 return NULL;
15819a70
AG		 3045 }
3046
3047 bacpy(&params->addr, addr);
3048 params->addr_type = addr_type;
cef952ce
AG		 3049
3050 list_add(&params->list, &hdev->le_conn_params);
93450c75 3051 INIT_LIST_HEAD(&params->action);
cef952ce 3052
bf5b3c8b
MH		 3053 params->conn_min_interval = hdev->le_conn_min_interval;
3054 params->conn_max_interval = hdev->le_conn_max_interval;
3055 params->conn_latency = hdev->le_conn_latency;
3056 params->supervision_timeout = hdev->le_supv_timeout;
3057 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3058
3059 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3060
51d167c0 3061 return params;
bf5b3c8b
MH		 3062}
3063
f6c63249 3064static void hci_conn_params_free(struct hci_conn_params *params)
15819a70 3065{
f8aaf9b6 3066 if (params->conn) {
f161dd41 3067 hci_conn_drop(params->conn);
f8aaf9b6
JH		 3068 hci_conn_put(params->conn);
3069 }
f161dd41 3070
95305baa 3071 list_del(&params->action);
15819a70
AG		 3072 list_del(&params->list);
3073 kfree(params);
f6c63249
JH		 3074}
3075
3076/* This function requires the caller holds hdev->lock */
3077void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3078{
3079 struct hci_conn_params *params;
3080
3081 params = hci_conn_params_lookup(hdev, addr, addr_type);
3082 if (!params)
3083 return;
3084
3085 hci_conn_params_free(params);
15819a70 3086
95305baa
JH		 3087 hci_update_background_scan(hdev);
3088
15819a70
AG		 3089 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3090}
3091
3092/* This function requires the caller holds hdev->lock */
55af49a8 3093void hci_conn_params_clear_disabled(struct hci_dev *hdev)
15819a70
AG		 3094{
3095 struct hci_conn_params *params, *tmp;
3096
3097 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
55af49a8
JH		 3098 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3099 continue;
f75113a2
JP		 3100
3101 /* If trying to estabilish one time connection to disabled
3102 * device, leave the params, but mark them as just once.
3103 */
3104 if (params->explicit_connect) {
3105 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3106 continue;
3107 }
3108
15819a70
AG		 3109 list_del(&params->list);
3110 kfree(params);
3111 }
3112
55af49a8 3113 BT_DBG("All LE disabled connection parameters were removed");
77a77a30
AG		 3114}
3115
3116/* This function requires the caller holds hdev->lock */
030e7f81 3117static void hci_conn_params_clear_all(struct hci_dev *hdev)
77a77a30 3118{
15819a70 3119 struct hci_conn_params *params, *tmp;
77a77a30 3120
f6c63249
JH		 3121 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
3122 hci_conn_params_free(params);
77a77a30 3123
15819a70 3124 BT_DBG("All LE connection parameters were removed");
77a77a30
AG		 3125}
3126
a1f4c318
JH		 3127/* Copy the Identity Address of the controller.
3128 *
3129 * If the controller has a public BD_ADDR, then by default use that one.
3130 * If this is a LE only controller without a public address, default to
3131 * the static random address.
3132 *
3133 * For debugging purposes it is possible to force controllers with a
3134 * public address to use the static random address instead.
50b5b952
MH		 3135 *
3136 * In case BR/EDR has been disabled on a dual-mode controller and
3137 * userspace has configured a static address, then that address
3138 * becomes the identity address instead of the public BR/EDR address.
a1f4c318
JH		 3139 */
3140void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3141 u8 *bdaddr_type)
3142{
b7cb93e5 3143 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
50b5b952 3144 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
d7a5a11d 3145 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
50b5b952 3146 bacmp(&hdev->static_addr, BDADDR_ANY))) {
a1f4c318
JH		 3147 bacpy(bdaddr, &hdev->static_addr);
3148 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3149 } else {
3150 bacpy(bdaddr, &hdev->bdaddr);
3151 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3152 }
3153}
3154
9be0dab7
DH		 3155/* Alloc HCI device */
3156struct hci_dev *hci_alloc_dev(void)
3157{
3158 struct hci_dev *hdev;
3159
27f70f3e 3160 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
9be0dab7
DH		 3161 if (!hdev)
3162 return NULL;
3163
b1b813d4
DH		 3164 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3165 hdev->esco_type = (ESCO_HV1);
3166 hdev->link_mode = (HCI_LM_ACCEPT);
b4cb9fb2
MH		 3167 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3168 hdev->io_capability = 0x03; /* No Input No Output */
96c2103a 3169 hdev->manufacturer = 0xffff; /* Default to internal use */
bbaf444a
JH		 3170 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3171 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
d2609b34
FG		 3172 hdev->adv_instance_cnt = 0;
3173 hdev->cur_adv_instance = 0x00;
5d900e46 3174 hdev->adv_instance_timeout = 0;
b1b813d4 3175
b1b813d4
DH		 3176 hdev->sniff_max_interval = 800;
3177 hdev->sniff_min_interval = 80;
3178
3f959d46 3179 hdev->le_adv_channel_map = 0x07;
628531c9
GL		 3180 hdev->le_adv_min_interval = 0x0800;
3181 hdev->le_adv_max_interval = 0x0800;
bef64738
MH		 3182 hdev->le_scan_interval = 0x0060;
3183 hdev->le_scan_window = 0x0030;
b48c3b59
JH		 3184 hdev->le_conn_min_interval = 0x0018;
3185 hdev->le_conn_max_interval = 0x0028;
04fb7d90
MH		 3186 hdev->le_conn_latency = 0x0000;
3187 hdev->le_supv_timeout = 0x002a;
a8e1bfaa
MH		 3188 hdev->le_def_tx_len = 0x001b;
3189 hdev->le_def_tx_time = 0x0148;
3190 hdev->le_max_tx_len = 0x001b;
3191 hdev->le_max_tx_time = 0x0148;
3192 hdev->le_max_rx_len = 0x001b;
3193 hdev->le_max_rx_time = 0x0148;
30d65e08
MK		 3194 hdev->le_max_key_size = SMP_MAX_ENC_KEY_SIZE;
3195 hdev->le_min_key_size = SMP_MIN_ENC_KEY_SIZE;
6decb5b4
JK		 3196 hdev->le_tx_def_phys = HCI_LE_SET_PHY_1M;
3197 hdev->le_rx_def_phys = HCI_LE_SET_PHY_1M;
bef64738 3198
d6bfd59c 3199 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
b9a7a61e 3200 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
31ad1691
AK		 3201 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3202 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
d6bfd59c 3203
b1b813d4
DH		 3204 mutex_init(&hdev->lock);
3205 mutex_init(&hdev->req_lock);
3206
3207 INIT_LIST_HEAD(&hdev->mgmt_pending);
3208 INIT_LIST_HEAD(&hdev->blacklist);
6659358e 3209 INIT_LIST_HEAD(&hdev->whitelist);
b1b813d4
DH		 3210 INIT_LIST_HEAD(&hdev->uuids);
3211 INIT_LIST_HEAD(&hdev->link_keys);
3212 INIT_LIST_HEAD(&hdev->long_term_keys);
970c4e46 3213 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
b1b813d4 3214 INIT_LIST_HEAD(&hdev->remote_oob_data);
d2ab0ac1 3215 INIT_LIST_HEAD(&hdev->le_white_list);
cfdb0c2d 3216 INIT_LIST_HEAD(&hdev->le_resolv_list);
15819a70 3217 INIT_LIST_HEAD(&hdev->le_conn_params);
77a77a30 3218 INIT_LIST_HEAD(&hdev->pend_le_conns);
66f8455a 3219 INIT_LIST_HEAD(&hdev->pend_le_reports);
6b536b5e 3220 INIT_LIST_HEAD(&hdev->conn_hash.list);
d2609b34 3221 INIT_LIST_HEAD(&hdev->adv_instances);
b1b813d4
DH		 3222
3223 INIT_WORK(&hdev->rx_work, hci_rx_work);
3224 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3225 INIT_WORK(&hdev->tx_work, hci_tx_work);
3226 INIT_WORK(&hdev->power_on, hci_power_on);
c7741d16 3227 INIT_WORK(&hdev->error_reset, hci_error_reset);
b1b813d4 3228
b1b813d4 3229 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
b1b813d4 3230
b1b813d4
DH		 3231 skb_queue_head_init(&hdev->rx_q);
3232 skb_queue_head_init(&hdev->cmd_q);
3233 skb_queue_head_init(&hdev->raw_q);
3234
3235 init_waitqueue_head(&hdev->req_wait_q);
3236
65cc2b49 3237 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
b1b813d4 3238
5fc16cc4
JH		 3239 hci_request_setup(hdev);
3240
b1b813d4
DH		 3241 hci_init_sysfs(hdev);
3242 discovery_init(hdev);
9be0dab7
DH		 3243
3244 return hdev;
3245}
3246EXPORT_SYMBOL(hci_alloc_dev);
3247
3248/* Free HCI device */
3249void hci_free_dev(struct hci_dev *hdev)
3250{
9be0dab7
DH		 3251 /* will free via device release */
3252 put_device(&hdev->dev);
3253}
3254EXPORT_SYMBOL(hci_free_dev);
3255
1da177e4
LT		 3256/* Register HCI device */
3257int hci_register_dev(struct hci_dev *hdev)
3258{
b1b813d4 3259 int id, error;
1da177e4 3260
74292d5a 3261 if (!hdev->open || !hdev->close || !hdev->send)
1da177e4
LT		 3262 return -EINVAL;
3263
08add513
MM		 3264 /* Do not allow HCI_AMP devices to register at index 0,
3265 * so the index can be used as the AMP controller ID.
3266 */
3df92b31 3267 switch (hdev->dev_type) {
ca8bee5d 3268 case HCI_PRIMARY:
3df92b31
SL		 3269 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
3270 break;
3271 case HCI_AMP:
3272 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
3273 break;
3274 default:
3275 return -EINVAL;
1da177e4 3276 }
8e87d142 3277
3df92b31
SL		 3278 if (id < 0)
3279 return id;
3280
1da177e4
LT		 3281 sprintf(hdev->name, "hci%d", id);
3282 hdev->id = id;
2d8b3a11
AE		 3283
3284 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3285
29e2dd0d 3286 hdev->workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI, hdev->name);
33ca954d
DH		 3287 if (!hdev->workqueue) {
3288 error = -ENOMEM;
3289 goto err;
3290 }
f48fd9c8 3291
29e2dd0d
TH		 3292 hdev->req_workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI,
3293 hdev->name);
6ead1bbc
JH		 3294 if (!hdev->req_workqueue) {
3295 destroy_workqueue(hdev->workqueue);
3296 error = -ENOMEM;
3297 goto err;
3298 }
3299
0153e2ec
MH		 3300 if (!IS_ERR_OR_NULL(bt_debugfs))
3301 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3302
bdc3e0f1
MH		 3303 dev_set_name(&hdev->dev, "%s", hdev->name);
3304
3305 error = device_add(&hdev->dev);
33ca954d 3306 if (error < 0)
54506918 3307 goto err_wqueue;
1da177e4 3308
6d5d2ee6
HK		 3309 hci_leds_init(hdev);
3310
611b30f7 3311 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
a8c5fb1a
GP		 3312 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3313 hdev);
611b30f7
MH		 3314 if (hdev->rfkill) {
3315 if (rfkill_register(hdev->rfkill) < 0) {
3316 rfkill_destroy(hdev->rfkill);
3317 hdev->rfkill = NULL;
3318 }
3319 }
3320
5e130367 3321 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
a1536da2 3322 hci_dev_set_flag(hdev, HCI_RFKILLED);
5e130367 3323
a1536da2
MH		 3324 hci_dev_set_flag(hdev, HCI_SETUP);
3325 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
ce2be9ac 3326
ca8bee5d 3327 if (hdev->dev_type == HCI_PRIMARY) {
56f87901
JH		 3328 /* Assume BR/EDR support until proven otherwise (such as
3329 * through reading supported features during init.
3330 */
a1536da2 3331 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
56f87901 3332 }
ce2be9ac 3333
fcee3377
GP		 3334 write_lock(&hci_dev_list_lock);
3335 list_add(&hdev->list, &hci_dev_list);
3336 write_unlock(&hci_dev_list_lock);
3337
4a964404
MH		 3338 /* Devices that are marked for raw-only usage are unconfigured
3339 * and should not be included in normal operation.
fee746b0
MH		 3340 */
3341 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
a1536da2 3342 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
fee746b0 3343
05fcd4c4 3344 hci_sock_dev_event(hdev, HCI_DEV_REG);
dc946bd8 3345 hci_dev_hold(hdev);
1da177e4 3346
19202573 3347 queue_work(hdev->req_workqueue, &hdev->power_on);
fbe96d6f 3348
1da177e4 3349 return id;
f48fd9c8 3350
33ca954d
DH		 3351err_wqueue:
3352 destroy_workqueue(hdev->workqueue);
6ead1bbc 3353 destroy_workqueue(hdev->req_workqueue);
33ca954d 3354err:
3df92b31 3355 ida_simple_remove(&hci_index_ida, hdev->id);
f48fd9c8 3356
33ca954d 3357 return error;
1da177e4
LT		 3358}
3359EXPORT_SYMBOL(hci_register_dev);
3360
3361/* Unregister HCI device */
59735631 3362void hci_unregister_dev(struct hci_dev *hdev)
1da177e4 3363{
2d7cc19e 3364 int id;
ef222013 3365
c13854ce 3366 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1da177e4 3367
a1536da2 3368 hci_dev_set_flag(hdev, HCI_UNREGISTER);
94324962 3369
3df92b31
SL		 3370 id = hdev->id;
3371
f20d09d5 3372 write_lock(&hci_dev_list_lock);
1da177e4 3373 list_del(&hdev->list);
f20d09d5 3374 write_unlock(&hci_dev_list_lock);
1da177e4 3375
b9b5ef18
GP		 3376 cancel_work_sync(&hdev->power_on);
3377
bf389cab
JS		 3378 hci_dev_do_close(hdev);
3379
ab81cbf9 3380 if (!test_bit(HCI_INIT, &hdev->flags) &&
d7a5a11d
MH		 3381 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3382 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
09fd0de5 3383 hci_dev_lock(hdev);
744cf19e 3384 mgmt_index_removed(hdev);
09fd0de5 3385 hci_dev_unlock(hdev);
56e5cb86 3386 }
ab81cbf9 3387
2e58ef3e
JH		 3388 /* mgmt_index_removed should take care of emptying the
3389 * pending list */
3390 BUG_ON(!list_empty(&hdev->mgmt_pending));
3391
05fcd4c4 3392 hci_sock_dev_event(hdev, HCI_DEV_UNREG);
1da177e4 3393
611b30f7
MH		 3394 if (hdev->rfkill) {
3395 rfkill_unregister(hdev->rfkill);
3396 rfkill_destroy(hdev->rfkill);
3397 }
3398
bdc3e0f1 3399 device_del(&hdev->dev);
147e2d59 3400
0153e2ec 3401 debugfs_remove_recursive(hdev->debugfs);
5177a838
MH		 3402 kfree_const(hdev->hw_info);
3403 kfree_const(hdev->fw_info);
0153e2ec 3404
f48fd9c8 3405 destroy_workqueue(hdev->workqueue);
6ead1bbc 3406 destroy_workqueue(hdev->req_workqueue);
f48fd9c8 3407
09fd0de5 3408 hci_dev_lock(hdev);
dcc36c16 3409 hci_bdaddr_list_clear(&hdev->blacklist);
6659358e 3410 hci_bdaddr_list_clear(&hdev->whitelist);
2aeb9a1a 3411 hci_uuids_clear(hdev);
55ed8ca1 3412 hci_link_keys_clear(hdev);
b899efaf 3413 hci_smp_ltks_clear(hdev);
970c4e46 3414 hci_smp_irks_clear(hdev);
2763eda6 3415 hci_remote_oob_data_clear(hdev);
d2609b34 3416 hci_adv_instances_clear(hdev);
dcc36c16 3417 hci_bdaddr_list_clear(&hdev->le_white_list);
cfdb0c2d 3418 hci_bdaddr_list_clear(&hdev->le_resolv_list);
373110c5 3419 hci_conn_params_clear_all(hdev);
22078800 3420 hci_discovery_filter_clear(hdev);
09fd0de5 3421 hci_dev_unlock(hdev);
e2e0cacb 3422
dc946bd8 3423 hci_dev_put(hdev);
3df92b31
SL		 3424
3425 ida_simple_remove(&hci_index_ida, id);
1da177e4
LT		 3426}
3427EXPORT_SYMBOL(hci_unregister_dev);
3428
3429/* Suspend HCI device */
3430int hci_suspend_dev(struct hci_dev *hdev)
3431{
05fcd4c4 3432 hci_sock_dev_event(hdev, HCI_DEV_SUSPEND);
1da177e4
LT		 3433 return 0;
3434}
3435EXPORT_SYMBOL(hci_suspend_dev);
3436
3437/* Resume HCI device */
3438int hci_resume_dev(struct hci_dev *hdev)
3439{
05fcd4c4 3440 hci_sock_dev_event(hdev, HCI_DEV_RESUME);
1da177e4
LT		 3441 return 0;
3442}
3443EXPORT_SYMBOL(hci_resume_dev);
3444
75e0569f
MH		 3445/* Reset HCI device */
3446int hci_reset_dev(struct hci_dev *hdev)
3447{
1e4b6e91 3448 static const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
75e0569f
MH		 3449 struct sk_buff *skb;
3450
3451 skb = bt_skb_alloc(3, GFP_ATOMIC);
3452 if (!skb)
3453 return -ENOMEM;
3454
d79f34e3 3455 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
59ae1d12 3456 skb_put_data(skb, hw_err, 3);
75e0569f
MH		 3457
3458 /* Send Hardware Error to upper stack */
3459 return hci_recv_frame(hdev, skb);
3460}
3461EXPORT_SYMBOL(hci_reset_dev);
3462
76bca880 3463/* Receive frame from HCI drivers */
e1a26170 3464int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
76bca880 3465{
76bca880 3466 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
a8c5fb1a 3467 && !test_bit(HCI_INIT, &hdev->flags))) {
76bca880
MH		 3468 kfree_skb(skb);
3469 return -ENXIO;
3470 }
3471
d79f34e3
MH		 3472 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
3473 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
3474 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
fe806dce
MH		 3475 kfree_skb(skb);
3476 return -EINVAL;
3477 }
3478
d82603c6 3479 /* Incoming skb */
76bca880
MH		 3480 bt_cb(skb)->incoming = 1;
3481
3482 /* Time stamp */
3483 __net_timestamp(skb);
3484
76bca880 3485 skb_queue_tail(&hdev->rx_q, skb);
b78752cc 3486 queue_work(hdev->workqueue, &hdev->rx_work);
c78ae283 3487
76bca880
MH		 3488 return 0;
3489}
3490EXPORT_SYMBOL(hci_recv_frame);
3491
e875ff84
MH		 3492/* Receive diagnostic message from HCI drivers */
3493int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
3494{
581d6fd6 3495 /* Mark as diagnostic packet */
d79f34e3 3496 hci_skb_pkt_type(skb) = HCI_DIAG_PKT;
581d6fd6 3497
e875ff84
MH		 3498 /* Time stamp */
3499 __net_timestamp(skb);
3500
581d6fd6
MH		 3501 skb_queue_tail(&hdev->rx_q, skb);
3502 queue_work(hdev->workqueue, &hdev->rx_work);
e875ff84 3503
e875ff84
MH		 3504 return 0;
3505}
3506EXPORT_SYMBOL(hci_recv_diag);
3507
5177a838
MH		 3508void hci_set_hw_info(struct hci_dev *hdev, const char *fmt, ...)
3509{
3510 va_list vargs;
3511
3512 va_start(vargs, fmt);
3513 kfree_const(hdev->hw_info);
3514 hdev->hw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3515 va_end(vargs);
3516}
3517EXPORT_SYMBOL(hci_set_hw_info);
3518
3519void hci_set_fw_info(struct hci_dev *hdev, const char *fmt, ...)
3520{
3521 va_list vargs;
3522
3523 va_start(vargs, fmt);
3524 kfree_const(hdev->fw_info);
3525 hdev->fw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3526 va_end(vargs);
3527}
3528EXPORT_SYMBOL(hci_set_fw_info);
3529
1da177e4
LT		 3530/* ---- Interface to upper protocols ---- */
3531
1da177e4
LT		 3532int hci_register_cb(struct hci_cb *cb)
3533{
3534 BT_DBG("%p name %s", cb, cb->name);
3535
fba7ecf0 3536 mutex_lock(&hci_cb_list_lock);
00629e0f 3537 list_add_tail(&cb->list, &hci_cb_list);
fba7ecf0 3538 mutex_unlock(&hci_cb_list_lock);
1da177e4
LT		 3539
3540 return 0;
3541}
3542EXPORT_SYMBOL(hci_register_cb);
3543
3544int hci_unregister_cb(struct hci_cb *cb)
3545{
3546 BT_DBG("%p name %s", cb, cb->name);
3547
fba7ecf0 3548 mutex_lock(&hci_cb_list_lock);
1da177e4 3549 list_del(&cb->list);
fba7ecf0 3550 mutex_unlock(&hci_cb_list_lock);
1da177e4
LT		 3551
3552 return 0;
3553}
3554EXPORT_SYMBOL(hci_unregister_cb);
3555
51086991 3556static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4 3557{
cdc52faa
MH		 3558 int err;
3559
d79f34e3
MH		 3560 BT_DBG("%s type %d len %d", hdev->name, hci_skb_pkt_type(skb),
3561 skb->len);
1da177e4 3562
cd82e61c
MH		 3563 /* Time stamp */
3564 __net_timestamp(skb);
1da177e4 3565
cd82e61c
MH		 3566 /* Send copy to monitor */
3567 hci_send_to_monitor(hdev, skb);
3568
3569 if (atomic_read(&hdev->promisc)) {
3570 /* Send copy to the sockets */
470fe1b5 3571 hci_send_to_sock(hdev, skb);
1da177e4
LT		 3572 }
3573
3574 /* Get rid of skb owner, prior to sending to the driver. */
3575 skb_orphan(skb);
3576
73d0d3c8
MH		 3577 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3578 kfree_skb(skb);
3579 return;
3580 }
3581
cdc52faa
MH		 3582 err = hdev->send(hdev, skb);
3583 if (err < 0) {
2064ee33 3584 bt_dev_err(hdev, "sending frame failed (%d)", err);
cdc52faa
MH		 3585 kfree_skb(skb);
3586 }
1da177e4
LT		 3587}
3588
1ca3a9d0 3589/* Send HCI command */
07dc93dd
JH		 3590int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3591 const void *param)
1ca3a9d0
JH		 3592{
3593 struct sk_buff *skb;
3594
3595 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3596
3597 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3598 if (!skb) {
2064ee33 3599 bt_dev_err(hdev, "no memory for command");
1ca3a9d0
JH		 3600 return -ENOMEM;
3601 }
3602
49c922bb 3603 /* Stand-alone HCI commands must be flagged as
11714b3d
JH		 3604 * single-command requests.
3605 */
44d27137 3606 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
11714b3d 3607
1da177e4 3608 skb_queue_tail(&hdev->cmd_q, skb);
c347b765 3609 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 3610
3611 return 0;
3612}
1da177e4 3613
d6ee6ad7
LP		 3614int __hci_cmd_send(struct hci_dev *hdev, u16 opcode, u32 plen,
3615 const void *param)
3616{
3617 struct sk_buff *skb;
3618
3619 if (hci_opcode_ogf(opcode) != 0x3f) {
3620 /* A controller receiving a command shall respond with either
3621 * a Command Status Event or a Command Complete Event.
3622 * Therefore, all standard HCI commands must be sent via the
3623 * standard API, using hci_send_cmd or hci_cmd_sync helpers.
3624 * Some vendors do not comply with this rule for vendor-specific
3625 * commands and do not return any event. We want to support
3626 * unresponded commands for such cases only.
3627 */
3628 bt_dev_err(hdev, "unresponded command not supported");
3629 return -EINVAL;
3630 }
3631
3632 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3633 if (!skb) {
3634 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
3635 opcode);
3636 return -ENOMEM;
3637 }
3638
3639 hci_send_frame(hdev, skb);
3640
3641 return 0;
3642}
3643EXPORT_SYMBOL(__hci_cmd_send);
3644
1da177e4 3645/* Get data from the previously sent command */
a9de9248 3646void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
1da177e4
LT		 3647{
3648 struct hci_command_hdr *hdr;
3649
3650 if (!hdev->sent_cmd)
3651 return NULL;
3652
3653 hdr = (void *) hdev->sent_cmd->data;
3654
a9de9248 3655 if (hdr->opcode != cpu_to_le16(opcode))
1da177e4
LT		 3656 return NULL;
3657
f0e09510 3658 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
1da177e4
LT		 3659
3660 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3661}
3662
fbef168f
LP		 3663/* Send HCI command and wait for command commplete event */
3664struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
3665 const void *param, u32 timeout)
3666{
3667 struct sk_buff *skb;
3668
3669 if (!test_bit(HCI_UP, &hdev->flags))
3670 return ERR_PTR(-ENETDOWN);
3671
3672 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
3673
b504430c 3674 hci_req_sync_lock(hdev);
fbef168f 3675 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
b504430c 3676 hci_req_sync_unlock(hdev);
fbef168f
LP		 3677
3678 return skb;
3679}
3680EXPORT_SYMBOL(hci_cmd_sync);
3681
1da177e4
LT		 3682/* Send ACL data */
3683static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3684{
3685 struct hci_acl_hdr *hdr;
3686 int len = skb->len;
3687
badff6d0
ACM		 3688 skb_push(skb, HCI_ACL_HDR_SIZE);
3689 skb_reset_transport_header(skb);
9c70220b 3690 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
aca3192c
YH		 3691 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3692 hdr->dlen = cpu_to_le16(len);
1da177e4
LT		 3693}
3694
ee22be7e 3695static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
a8c5fb1a 3696 struct sk_buff *skb, __u16 flags)
1da177e4 3697{
ee22be7e 3698 struct hci_conn *conn = chan->conn;
1da177e4
LT		 3699 struct hci_dev *hdev = conn->hdev;
3700 struct sk_buff *list;
3701
087bfd99
GP		 3702 skb->len = skb_headlen(skb);
3703 skb->data_len = 0;
3704
d79f34e3 3705 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
204a6e54
AE		 3706
3707 switch (hdev->dev_type) {
ca8bee5d 3708 case HCI_PRIMARY:
204a6e54
AE		 3709 hci_add_acl_hdr(skb, conn->handle, flags);
3710 break;
3711 case HCI_AMP:
3712 hci_add_acl_hdr(skb, chan->handle, flags);
3713 break;
3714 default:
2064ee33 3715 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
204a6e54
AE		 3716 return;
3717 }
087bfd99 3718
70f23020
AE		 3719 list = skb_shinfo(skb)->frag_list;
3720 if (!list) {
1da177e4
LT		 3721 /* Non fragmented */
3722 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3723
73d80deb 3724 skb_queue_tail(queue, skb);
1da177e4
LT		 3725 } else {
3726 /* Fragmented */
3727 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3728
3729 skb_shinfo(skb)->frag_list = NULL;
3730
9cfd5a23
JR		 3731 /* Queue all fragments atomically. We need to use spin_lock_bh
3732 * here because of 6LoWPAN links, as there this function is
3733 * called from softirq and using normal spin lock could cause
3734 * deadlocks.
3735 */
3736 spin_lock_bh(&queue->lock);
1da177e4 3737
73d80deb 3738 __skb_queue_tail(queue, skb);
e702112f
AE		 3739
3740 flags &= ~ACL_START;
3741 flags |= ACL_CONT;
1da177e4
LT		 3742 do {
3743 skb = list; list = list->next;
8e87d142 3744
d79f34e3 3745 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
e702112f 3746 hci_add_acl_hdr(skb, conn->handle, flags);
1da177e4
LT		 3747
3748 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3749
73d80deb 3750 __skb_queue_tail(queue, skb);
1da177e4
LT		 3751 } while (list);
3752
9cfd5a23 3753 spin_unlock_bh(&queue->lock);
1da177e4 3754 }
73d80deb
LAD		 3755}
3756
3757void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3758{
ee22be7e 3759 struct hci_dev *hdev = chan->conn->hdev;
73d80deb 3760
f0e09510 3761 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
73d80deb 3762
ee22be7e 3763 hci_queue_acl(chan, &chan->data_q, skb, flags);
1da177e4 3764
3eff45ea 3765 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 3766}
1da177e4
LT		 3767
3768/* Send SCO data */
0d861d8b 3769void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1da177e4
LT		 3770{
3771 struct hci_dev *hdev = conn->hdev;
3772 struct hci_sco_hdr hdr;
3773
3774 BT_DBG("%s len %d", hdev->name, skb->len);
3775
aca3192c 3776 hdr.handle = cpu_to_le16(conn->handle);
1da177e4
LT		 3777 hdr.dlen = skb->len;
3778
badff6d0
ACM		 3779 skb_push(skb, HCI_SCO_HDR_SIZE);
3780 skb_reset_transport_header(skb);
9c70220b 3781 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
1da177e4 3782
d79f34e3 3783 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
c78ae283 3784
1da177e4 3785 skb_queue_tail(&conn->data_q, skb);
3eff45ea 3786 queue_work(hdev->workqueue, &hdev->tx_work);
1da177e4 3787}
1da177e4
LT		 3788
3789/* ---- HCI TX task (outgoing data) ---- */
3790
3791/* HCI Connection scheduler */
6039aa73
GP		 3792static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3793 int *quote)
1da177e4
LT		 3794{
3795 struct hci_conn_hash *h = &hdev->conn_hash;
8035ded4 3796 struct hci_conn *conn = NULL, *c;
abc5de8f 3797 unsigned int num = 0, min = ~0;
1da177e4 3798
8e87d142 3799 /* We don't have to lock device here. Connections are always
1da177e4 3800 * added and removed with TX task disabled. */
bf4c6325
GP		 3801
3802 rcu_read_lock();
3803
3804 list_for_each_entry_rcu(c, &h->list, list) {
769be974 3805 if (c->type != type || skb_queue_empty(&c->data_q))
1da177e4 3806 continue;
769be974
MH		 3807
3808 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3809 continue;
3810
1da177e4
LT		 3811 num++;
3812
3813 if (c->sent < min) {
3814 min = c->sent;
3815 conn = c;
3816 }
52087a79
LAD		 3817
3818 if (hci_conn_num(hdev, type) == num)
3819 break;
1da177e4
LT		 3820 }
3821
bf4c6325
GP		 3822 rcu_read_unlock();
3823
1da177e4 3824 if (conn) {
6ed58ec5
VT		 3825 int cnt, q;
3826
3827 switch (conn->type) {
3828 case ACL_LINK:
3829 cnt = hdev->acl_cnt;
3830 break;
3831 case SCO_LINK:
3832 case ESCO_LINK:
3833 cnt = hdev->sco_cnt;
3834 break;
3835 case LE_LINK:
3836 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3837 break;
3838 default:
3839 cnt = 0;
2064ee33 3840 bt_dev_err(hdev, "unknown link type %d", conn->type);
6ed58ec5
VT		 3841 }
3842
3843 q = cnt / num;
1da177e4
LT		 3844 *quote = q ? q : 1;
3845 } else
3846 *quote = 0;
3847
3848 BT_DBG("conn %p quote %d", conn, *quote);
3849 return conn;
3850}
3851
6039aa73 3852static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
1da177e4
LT		 3853{
3854 struct hci_conn_hash *h = &hdev->conn_hash;
8035ded4 3855 struct hci_conn *c;
1da177e4 3856
2064ee33 3857 bt_dev_err(hdev, "link tx timeout");
1da177e4 3858
bf4c6325
GP		 3859 rcu_read_lock();
3860
1da177e4 3861 /* Kill stalled connections */
bf4c6325 3862 list_for_each_entry_rcu(c, &h->list, list) {
bae1f5d9 3863 if (c->type == type && c->sent) {
2064ee33
MH		 3864 bt_dev_err(hdev, "killing stalled connection %pMR",
3865 &c->dst);
bed71748 3866 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
1da177e4
LT		 3867 }
3868 }
bf4c6325
GP		 3869
3870 rcu_read_unlock();
1da177e4
LT		 3871}
3872
6039aa73
GP		 3873static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3874 int *quote)
1da177e4 3875{
73d80deb
LAD		 3876 struct hci_conn_hash *h = &hdev->conn_hash;
3877 struct hci_chan *chan = NULL;
abc5de8f 3878 unsigned int num = 0, min = ~0, cur_prio = 0;
1da177e4 3879 struct hci_conn *conn;
73d80deb
LAD		 3880 int cnt, q, conn_num = 0;
3881
3882 BT_DBG("%s", hdev->name);
3883
bf4c6325
GP		 3884 rcu_read_lock();
3885
3886 list_for_each_entry_rcu(conn, &h->list, list) {
73d80deb
LAD		 3887 struct hci_chan *tmp;
3888
3889 if (conn->type != type)
3890 continue;
3891
3892 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3893 continue;
3894
3895 conn_num++;
3896
8192edef 3897 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
73d80deb
LAD		 3898 struct sk_buff *skb;
3899
3900 if (skb_queue_empty(&tmp->data_q))
3901 continue;
3902
3903 skb = skb_peek(&tmp->data_q);
3904 if (skb->priority < cur_prio)
3905 continue;
3906
3907 if (skb->priority > cur_prio) {
3908 num = 0;
3909 min = ~0;
3910 cur_prio = skb->priority;
3911 }
3912
3913 num++;
3914
3915 if (conn->sent < min) {
3916 min = conn->sent;
3917 chan = tmp;
3918 }
3919 }
3920
3921 if (hci_conn_num(hdev, type) == conn_num)
3922 break;
3923 }
3924
bf4c6325
GP		 3925 rcu_read_unlock();
3926
73d80deb
LAD		 3927 if (!chan)
3928 return NULL;
3929
3930 switch (chan->conn->type) {
3931 case ACL_LINK:
3932 cnt = hdev->acl_cnt;
3933 break;
bd1eb66b
AE		 3934 case AMP_LINK:
3935 cnt = hdev->block_cnt;
3936 break;
73d80deb
LAD		 3937 case SCO_LINK:
3938 case ESCO_LINK:
3939 cnt = hdev->sco_cnt;
3940 break;
3941 case LE_LINK:
3942 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3943 break;
3944 default:
3945 cnt = 0;
2064ee33 3946 bt_dev_err(hdev, "unknown link type %d", chan->conn->type);
73d80deb
LAD		 3947 }
3948
3949 q = cnt / num;
3950 *quote = q ? q : 1;
3951 BT_DBG("chan %p quote %d", chan, *quote);
3952 return chan;
3953}
3954
02b20f0b
LAD		 3955static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3956{
3957 struct hci_conn_hash *h = &hdev->conn_hash;
3958 struct hci_conn *conn;
3959 int num = 0;
3960
3961 BT_DBG("%s", hdev->name);
3962
bf4c6325
GP		 3963 rcu_read_lock();
3964
3965 list_for_each_entry_rcu(conn, &h->list, list) {
02b20f0b
LAD		 3966 struct hci_chan *chan;
3967
3968 if (conn->type != type)
3969 continue;
3970
3971 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3972 continue;
3973
3974 num++;
3975
8192edef 3976 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
02b20f0b
LAD		 3977 struct sk_buff *skb;
3978
3979 if (chan->sent) {
3980 chan->sent = 0;
3981 continue;
3982 }
3983
3984 if (skb_queue_empty(&chan->data_q))
3985 continue;
3986
3987 skb = skb_peek(&chan->data_q);
3988 if (skb->priority >= HCI_PRIO_MAX - 1)
3989 continue;
3990
3991 skb->priority = HCI_PRIO_MAX - 1;
3992
3993 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
a8c5fb1a 3994 skb->priority);
02b20f0b
LAD		 3995 }
3996
3997 if (hci_conn_num(hdev, type) == num)
3998 break;
3999 }
bf4c6325
GP		 4000
4001 rcu_read_unlock();
4002
02b20f0b
LAD		 4003}
4004
b71d385a
AE		 4005static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4006{
4007 /* Calculate count of blocks used by this packet */
4008 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4009}
4010
6039aa73 4011static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
73d80deb 4012{
d7a5a11d 4013 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1da177e4
LT		 4014 /* ACL tx timeout must be longer than maximum
4015 * link supervision timeout (40.9 seconds) */
63d2bc1b 4016 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
5f246e89 4017 HCI_ACL_TX_TIMEOUT))
bae1f5d9 4018 hci_link_tx_to(hdev, ACL_LINK);
1da177e4 4019 }
63d2bc1b 4020}
1da177e4 4021
6039aa73 4022static void hci_sched_acl_pkt(struct hci_dev *hdev)
63d2bc1b
AE		 4023{
4024 unsigned int cnt = hdev->acl_cnt;
4025 struct hci_chan *chan;
4026 struct sk_buff *skb;
4027 int quote;
4028
4029 __check_timeout(hdev, cnt);
04837f64 4030
73d80deb 4031 while (hdev->acl_cnt &&
a8c5fb1a 4032 (chan = hci_chan_sent(hdev, ACL_LINK, &quote))) {
ec1cce24
LAD		 4033 u32 priority = (skb_peek(&chan->data_q))->priority;
4034 while (quote-- && (skb = skb_peek(&chan->data_q))) {
73d80deb 4035 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
a8c5fb1a 4036 skb->len, skb->priority);
73d80deb 4037
ec1cce24
LAD		 4038 /* Stop if priority has changed */
4039 if (skb->priority < priority)
4040 break;
4041
4042 skb = skb_dequeue(&chan->data_q);
4043
73d80deb 4044 hci_conn_enter_active_mode(chan->conn,
04124681 4045 bt_cb(skb)->force_active);
04837f64 4046
57d17d70 4047 hci_send_frame(hdev, skb);
1da177e4
LT		 4048 hdev->acl_last_tx = jiffies;
4049
4050 hdev->acl_cnt--;
73d80deb
LAD		 4051 chan->sent++;
4052 chan->conn->sent++;
1da177e4
LT		 4053 }
4054 }
02b20f0b
LAD		 4055
4056 if (cnt != hdev->acl_cnt)
4057 hci_prio_recalculate(hdev, ACL_LINK);
1da177e4
LT		 4058}
4059
6039aa73 4060static void hci_sched_acl_blk(struct hci_dev *hdev)
b71d385a 4061{
63d2bc1b 4062 unsigned int cnt = hdev->block_cnt;
b71d385a
AE		 4063 struct hci_chan *chan;
4064 struct sk_buff *skb;
4065 int quote;
bd1eb66b 4066 u8 type;
b71d385a 4067
63d2bc1b 4068 __check_timeout(hdev, cnt);
b71d385a 4069
bd1eb66b
AE		 4070 BT_DBG("%s", hdev->name);
4071
4072 if (hdev->dev_type == HCI_AMP)
4073 type = AMP_LINK;
4074 else
4075 type = ACL_LINK;
4076
b71d385a 4077 while (hdev->block_cnt > 0 &&
bd1eb66b 4078 (chan = hci_chan_sent(hdev, type, &quote))) {
b71d385a
AE		 4079 u32 priority = (skb_peek(&chan->data_q))->priority;
4080 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
4081 int blocks;
4082
4083 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
a8c5fb1a 4084 skb->len, skb->priority);
b71d385a
AE		 4085
4086 /* Stop if priority has changed */
4087 if (skb->priority < priority)
4088 break;
4089
4090 skb = skb_dequeue(&chan->data_q);
4091
4092 blocks = __get_blocks(hdev, skb);
4093 if (blocks > hdev->block_cnt)
4094 return;
4095
4096 hci_conn_enter_active_mode(chan->conn,
a8c5fb1a 4097 bt_cb(skb)->force_active);
b71d385a 4098
57d17d70 4099 hci_send_frame(hdev, skb);
b71d385a
AE		 4100 hdev->acl_last_tx = jiffies;
4101
4102 hdev->block_cnt -= blocks;
4103 quote -= blocks;
4104
4105 chan->sent += blocks;
4106 chan->conn->sent += blocks;
4107 }
4108 }
4109
4110 if (cnt != hdev->block_cnt)
bd1eb66b 4111 hci_prio_recalculate(hdev, type);
b71d385a
AE		 4112}
4113
6039aa73 4114static void hci_sched_acl(struct hci_dev *hdev)
b71d385a
AE		 4115{
4116 BT_DBG("%s", hdev->name);
4117
bd1eb66b 4118 /* No ACL link over BR/EDR controller */
ca8bee5d 4119 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_PRIMARY)
bd1eb66b
AE		 4120 return;
4121
4122 /* No AMP link over AMP controller */
4123 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
b71d385a
AE		 4124 return;
4125
4126 switch (hdev->flow_ctl_mode) {
4127 case HCI_FLOW_CTL_MODE_PACKET_BASED:
4128 hci_sched_acl_pkt(hdev);
4129 break;
4130
4131 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
4132 hci_sched_acl_blk(hdev);
4133 break;
4134 }
4135}
4136
1da177e4 4137/* Schedule SCO */
6039aa73 4138static void hci_sched_sco(struct hci_dev *hdev)
1da177e4
LT		 4139{
4140 struct hci_conn *conn;
4141 struct sk_buff *skb;
4142 int quote;
4143
4144 BT_DBG("%s", hdev->name);
4145
52087a79
LAD		 4146 if (!hci_conn_num(hdev, SCO_LINK))
4147 return;
4148
1da177e4
LT		 4149 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, &quote))) {
4150 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4151 BT_DBG("skb %p len %d", skb, skb->len);
57d17d70 4152 hci_send_frame(hdev, skb);
1da177e4
LT		 4153
4154 conn->sent++;
4155 if (conn->sent == ~0)
4156 conn->sent = 0;
4157 }
4158 }
4159}
4160
6039aa73 4161static void hci_sched_esco(struct hci_dev *hdev)
b6a0dc82
MH		 4162{
4163 struct hci_conn *conn;
4164 struct sk_buff *skb;
4165 int quote;
4166
4167 BT_DBG("%s", hdev->name);
4168
52087a79
LAD		 4169 if (!hci_conn_num(hdev, ESCO_LINK))
4170 return;
4171
8fc9ced3
GP		 4172 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
4173 &quote))) {
b6a0dc82
MH		 4174 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4175 BT_DBG("skb %p len %d", skb, skb->len);
57d17d70 4176 hci_send_frame(hdev, skb);
b6a0dc82
MH		 4177
4178 conn->sent++;
4179 if (conn->sent == ~0)
4180 conn->sent = 0;
4181 }
4182 }
4183}
4184
6039aa73 4185static void hci_sched_le(struct hci_dev *hdev)
6ed58ec5 4186{
73d80deb 4187 struct hci_chan *chan;
6ed58ec5 4188 struct sk_buff *skb;
02b20f0b 4189 int quote, cnt, tmp;
6ed58ec5
VT		 4190
4191 BT_DBG("%s", hdev->name);
4192
52087a79
LAD		 4193 if (!hci_conn_num(hdev, LE_LINK))
4194 return;
4195
d7a5a11d 4196 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6ed58ec5
VT		 4197 /* LE tx timeout must be longer than maximum
4198 * link supervision timeout (40.9 seconds) */
bae1f5d9 4199 if (!hdev->le_cnt && hdev->le_pkts &&
a8c5fb1a 4200 time_after(jiffies, hdev->le_last_tx + HZ * 45))
bae1f5d9 4201 hci_link_tx_to(hdev, LE_LINK);
6ed58ec5
VT		 4202 }
4203
4204 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
02b20f0b 4205 tmp = cnt;
73d80deb 4206 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, &quote))) {
ec1cce24
LAD		 4207 u32 priority = (skb_peek(&chan->data_q))->priority;
4208 while (quote-- && (skb = skb_peek(&chan->data_q))) {
73d80deb 4209 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
a8c5fb1a 4210 skb->len, skb->priority);
6ed58ec5 4211
ec1cce24
LAD		 4212 /* Stop if priority has changed */
4213 if (skb->priority < priority)
4214 break;
4215
4216 skb = skb_dequeue(&chan->data_q);
4217
57d17d70 4218 hci_send_frame(hdev, skb);
6ed58ec5
VT		 4219 hdev->le_last_tx = jiffies;
4220
4221 cnt--;
73d80deb
LAD		 4222 chan->sent++;
4223 chan->conn->sent++;
6ed58ec5
VT		 4224 }
4225 }
73d80deb 4226
6ed58ec5
VT		 4227 if (hdev->le_pkts)
4228 hdev->le_cnt = cnt;
4229 else
4230 hdev->acl_cnt = cnt;
02b20f0b
LAD		 4231
4232 if (cnt != tmp)
4233 hci_prio_recalculate(hdev, LE_LINK);
6ed58ec5
VT		 4234}
4235
3eff45ea 4236static void hci_tx_work(struct work_struct *work)
1da177e4 4237{
3eff45ea 4238 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
1da177e4
LT		 4239 struct sk_buff *skb;
4240
6ed58ec5 4241 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
a8c5fb1a 4242 hdev->sco_cnt, hdev->le_cnt);
1da177e4 4243
d7a5a11d 4244 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
52de599e
MH		 4245 /* Schedule queues and send stuff to HCI driver */
4246 hci_sched_acl(hdev);
4247 hci_sched_sco(hdev);
4248 hci_sched_esco(hdev);
4249 hci_sched_le(hdev);
4250 }
6ed58ec5 4251
1da177e4
LT		 4252 /* Send next queued raw (unknown type) packet */
4253 while ((skb = skb_dequeue(&hdev->raw_q)))
57d17d70 4254 hci_send_frame(hdev, skb);
1da177e4
LT		 4255}
4256
25985edc 4257/* ----- HCI RX task (incoming data processing) ----- */
1da177e4
LT		 4258
4259/* ACL data packet */
6039aa73 4260static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 4261{
4262 struct hci_acl_hdr *hdr = (void *) skb->data;
4263 struct hci_conn *conn;
4264 __u16 handle, flags;
4265
4266 skb_pull(skb, HCI_ACL_HDR_SIZE);
4267
4268 handle = __le16_to_cpu(hdr->handle);
4269 flags = hci_flags(handle);
4270 handle = hci_handle(handle);
4271
f0e09510 4272 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
a8c5fb1a 4273 handle, flags);
1da177e4
LT		 4274
4275 hdev->stat.acl_rx++;
4276
4277 hci_dev_lock(hdev);
4278 conn = hci_conn_hash_lookup_handle(hdev, handle);
4279 hci_dev_unlock(hdev);
8e87d142 4280
1da177e4 4281 if (conn) {
65983fc7 4282 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
04837f64 4283
1da177e4 4284 /* Send to upper protocol */
686ebf28
UF		 4285 l2cap_recv_acldata(conn, skb, flags);
4286 return;
1da177e4 4287 } else {
2064ee33
MH		 4288 bt_dev_err(hdev, "ACL packet for unknown connection handle %d",
4289 handle);
1da177e4
LT		 4290 }
4291
4292 kfree_skb(skb);
4293}
4294
4295/* SCO data packet */
6039aa73 4296static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1da177e4
LT		 4297{
4298 struct hci_sco_hdr *hdr = (void *) skb->data;
4299 struct hci_conn *conn;
4300 __u16 handle;
4301
4302 skb_pull(skb, HCI_SCO_HDR_SIZE);
4303
4304 handle = __le16_to_cpu(hdr->handle);
4305
f0e09510 4306 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
1da177e4
LT		 4307
4308 hdev->stat.sco_rx++;
4309
4310 hci_dev_lock(hdev);
4311 conn = hci_conn_hash_lookup_handle(hdev, handle);
4312 hci_dev_unlock(hdev);
4313
4314 if (conn) {
1da177e4 4315 /* Send to upper protocol */
686ebf28
UF		 4316 sco_recv_scodata(conn, skb);
4317 return;
1da177e4 4318 } else {
2064ee33
MH		 4319 bt_dev_err(hdev, "SCO packet for unknown connection handle %d",
4320 handle);
1da177e4
LT		 4321 }
4322
4323 kfree_skb(skb);
4324}
4325
9238f36a
JH		 4326static bool hci_req_is_complete(struct hci_dev *hdev)
4327{
4328 struct sk_buff *skb;
4329
4330 skb = skb_peek(&hdev->cmd_q);
4331 if (!skb)
4332 return true;
4333
44d27137 4334 return (bt_cb(skb)->hci.req_flags & HCI_REQ_START);
9238f36a
JH		 4335}
4336
42c6b129
JH		 4337static void hci_resend_last(struct hci_dev *hdev)
4338{
4339 struct hci_command_hdr *sent;
4340 struct sk_buff *skb;
4341 u16 opcode;
4342
4343 if (!hdev->sent_cmd)
4344 return;
4345
4346 sent = (void *) hdev->sent_cmd->data;
4347 opcode = __le16_to_cpu(sent->opcode);
4348 if (opcode == HCI_OP_RESET)
4349 return;
4350
4351 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4352 if (!skb)
4353 return;
4354
4355 skb_queue_head(&hdev->cmd_q, skb);
4356 queue_work(hdev->workqueue, &hdev->cmd_work);
4357}
4358
e6214487
JH		 4359void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4360 hci_req_complete_t *req_complete,
4361 hci_req_complete_skb_t *req_complete_skb)
9238f36a 4362{
9238f36a
JH		 4363 struct sk_buff *skb;
4364 unsigned long flags;
4365
4366 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4367
42c6b129
JH		 4368 /* If the completed command doesn't match the last one that was
4369 * sent we need to do special handling of it.
9238f36a 4370 */
42c6b129
JH		 4371 if (!hci_sent_cmd_data(hdev, opcode)) {
4372 /* Some CSR based controllers generate a spontaneous
4373 * reset complete event during init and any pending
4374 * command will never be completed. In such a case we
4375 * need to resend whatever was the last sent
4376 * command.
4377 */
4378 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4379 hci_resend_last(hdev);
4380
9238f36a 4381 return;
42c6b129 4382 }
9238f36a 4383
f80c5dad
JPRV		 4384 /* If we reach this point this event matches the last command sent */
4385 hci_dev_clear_flag(hdev, HCI_CMD_PENDING);
4386
9238f36a
JH		 4387 /* If the command succeeded and there's still more commands in
4388 * this request the request is not yet complete.
4389 */
4390 if (!status && !hci_req_is_complete(hdev))
4391 return;
4392
4393 /* If this was the last command in a request the complete
4394 * callback would be found in hdev->sent_cmd instead of the
4395 * command queue (hdev->cmd_q).
4396 */
44d27137
JH		 4397 if (bt_cb(hdev->sent_cmd)->hci.req_flags & HCI_REQ_SKB) {
4398 *req_complete_skb = bt_cb(hdev->sent_cmd)->hci.req_complete_skb;
e6214487
JH		 4399 return;
4400 }
53e21fbc 4401
44d27137
JH		 4402 if (bt_cb(hdev->sent_cmd)->hci.req_complete) {
4403 *req_complete = bt_cb(hdev->sent_cmd)->hci.req_complete;
e6214487 4404 return;
9238f36a
JH		 4405 }
4406
4407 /* Remove all pending commands belonging to this request */
4408 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4409 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
44d27137 4410 if (bt_cb(skb)->hci.req_flags & HCI_REQ_START) {
9238f36a
JH		 4411 __skb_queue_head(&hdev->cmd_q, skb);
4412 break;
4413 }
4414
3bd7594e
DA		 4415 if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
4416 *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
4417 else
4418 *req_complete = bt_cb(skb)->hci.req_complete;
9238f36a
JH		 4419 kfree_skb(skb);
4420 }
4421 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
9238f36a
JH		 4422}
4423
b78752cc 4424static void hci_rx_work(struct work_struct *work)
1da177e4 4425{
b78752cc 4426 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
1da177e4
LT		 4427 struct sk_buff *skb;
4428
4429 BT_DBG("%s", hdev->name);
4430
1da177e4 4431 while ((skb = skb_dequeue(&hdev->rx_q))) {
cd82e61c
MH		 4432 /* Send copy to monitor */
4433 hci_send_to_monitor(hdev, skb);
4434
1da177e4
LT		 4435 if (atomic_read(&hdev->promisc)) {
4436 /* Send copy to the sockets */
470fe1b5 4437 hci_send_to_sock(hdev, skb);
1da177e4
LT		 4438 }
4439
d7a5a11d 4440 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1da177e4
LT		 4441 kfree_skb(skb);
4442 continue;
4443 }
4444
4445 if (test_bit(HCI_INIT, &hdev->flags)) {
4446 /* Don't process data packets in this states. */
d79f34e3 4447 switch (hci_skb_pkt_type(skb)) {
1da177e4
LT		 4448 case HCI_ACLDATA_PKT:
4449 case HCI_SCODATA_PKT:
4450 kfree_skb(skb);
4451 continue;
3ff50b79 4452 }
1da177e4
LT		 4453 }
4454
4455 /* Process frame */
d79f34e3 4456 switch (hci_skb_pkt_type(skb)) {
1da177e4 4457 case HCI_EVENT_PKT:
b78752cc 4458 BT_DBG("%s Event packet", hdev->name);
1da177e4
LT		 4459 hci_event_packet(hdev, skb);
4460 break;
4461
4462 case HCI_ACLDATA_PKT:
4463 BT_DBG("%s ACL data packet", hdev->name);
4464 hci_acldata_packet(hdev, skb);
4465 break;
4466
4467 case HCI_SCODATA_PKT:
4468 BT_DBG("%s SCO data packet", hdev->name);
4469 hci_scodata_packet(hdev, skb);
4470 break;
4471
4472 default:
4473 kfree_skb(skb);
4474 break;
4475 }
4476 }
1da177e4
LT		 4477}
4478
c347b765 4479static void hci_cmd_work(struct work_struct *work)
1da177e4 4480{
c347b765 4481 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
1da177e4
LT		 4482 struct sk_buff *skb;
4483
2104786b
AE		 4484 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4485 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
1da177e4 4486
1da177e4 4487 /* Send queued commands */
5a08ecce
AE		 4488 if (atomic_read(&hdev->cmd_cnt)) {
4489 skb = skb_dequeue(&hdev->cmd_q);
4490 if (!skb)
4491 return;
4492
7585b97a 4493 kfree_skb(hdev->sent_cmd);
1da177e4 4494
a675d7f1 4495 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
70f23020 4496 if (hdev->sent_cmd) {
f80c5dad
JPRV		 4497 if (hci_req_status_pend(hdev))
4498 hci_dev_set_flag(hdev, HCI_CMD_PENDING);
1da177e4 4499 atomic_dec(&hdev->cmd_cnt);
57d17d70 4500 hci_send_frame(hdev, skb);
7bdb8a5c 4501 if (test_bit(HCI_RESET, &hdev->flags))
65cc2b49 4502 cancel_delayed_work(&hdev->cmd_timer);
7bdb8a5c 4503 else
65cc2b49
MH		 4504 schedule_delayed_work(&hdev->cmd_timer,
4505 HCI_CMD_TIMEOUT);
1da177e4
LT		 4506 } else {
4507 skb_queue_head(&hdev->cmd_q, skb);
c347b765 4508 queue_work(hdev->workqueue, &hdev->cmd_work);
1da177e4
LT		 4509 }
4510 }
4511}
Linux 6.x block layer and io_uring tree(s)