2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
40 #include "hci_request.h"
41 #include "hci_debugfs.h"
45 static void hci_rx_work(struct work_struct *work);
46 static void hci_cmd_work(struct work_struct *work);
47 static void hci_tx_work(struct work_struct *work);
50 LIST_HEAD(hci_dev_list);
51 DEFINE_RWLOCK(hci_dev_list_lock);
53 /* HCI callback list */
54 LIST_HEAD(hci_cb_list);
55 DEFINE_MUTEX(hci_cb_list_lock);
57 /* HCI ID Numbering */
58 static DEFINE_IDA(hci_index_ida);
60 /* ---- HCI debugfs entries ---- */
62 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
63 size_t count, loff_t *ppos)
65 struct hci_dev *hdev = file->private_data;
68 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y' : 'N';
71 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
74 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
75 size_t count, loff_t *ppos)
77 struct hci_dev *hdev = file->private_data;
80 size_t buf_size = min(count, (sizeof(buf)-1));
83 if (!test_bit(HCI_UP, &hdev->flags))
86 if (copy_from_user(buf, user_buf, buf_size))
90 if (strtobool(buf, &enable))
93 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
96 hci_req_sync_lock(hdev);
98 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
101 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
103 hci_req_sync_unlock(hdev);
110 hci_dev_change_flag(hdev, HCI_DUT_MODE);
115 static const struct file_operations dut_mode_fops = {
117 .read = dut_mode_read,
118 .write = dut_mode_write,
119 .llseek = default_llseek,
122 static ssize_t vendor_diag_read(struct file *file, char __user *user_buf,
123 size_t count, loff_t *ppos)
125 struct hci_dev *hdev = file->private_data;
128 buf[0] = hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) ? 'Y' : 'N';
131 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
134 static ssize_t vendor_diag_write(struct file *file, const char __user *user_buf,
135 size_t count, loff_t *ppos)
137 struct hci_dev *hdev = file->private_data;
139 size_t buf_size = min(count, (sizeof(buf)-1));
143 if (copy_from_user(buf, user_buf, buf_size))
146 buf[buf_size] = '\0';
147 if (strtobool(buf, &enable))
150 /* When the diagnostic flags are not persistent and the transport
151 * is not active or in user channel operation, then there is no need
152 * for the vendor callback. Instead just store the desired value and
153 * the setting will be programmed when the controller gets powered on.
155 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
156 (!test_bit(HCI_RUNNING, &hdev->flags) ||
157 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)))
160 hci_req_sync_lock(hdev);
161 err = hdev->set_diag(hdev, enable);
162 hci_req_sync_unlock(hdev);
169 hci_dev_set_flag(hdev, HCI_VENDOR_DIAG);
171 hci_dev_clear_flag(hdev, HCI_VENDOR_DIAG);
176 static const struct file_operations vendor_diag_fops = {
178 .read = vendor_diag_read,
179 .write = vendor_diag_write,
180 .llseek = default_llseek,
183 static void hci_debugfs_create_basic(struct hci_dev *hdev)
185 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
189 debugfs_create_file("vendor_diag", 0644, hdev->debugfs, hdev,
193 static int hci_reset_req(struct hci_request *req, unsigned long opt)
195 BT_DBG("%s %ld", req->hdev->name, opt);
198 set_bit(HCI_RESET, &req->hdev->flags);
199 hci_req_add(req, HCI_OP_RESET, 0, NULL);
203 static void bredr_init(struct hci_request *req)
205 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
207 /* Read Local Supported Features */
208 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
210 /* Read Local Version */
211 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
213 /* Read BD Address */
214 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
217 static void amp_init1(struct hci_request *req)
219 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
221 /* Read Local Version */
222 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
224 /* Read Local Supported Commands */
225 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
227 /* Read Local AMP Info */
228 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
230 /* Read Data Blk size */
231 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
233 /* Read Flow Control Mode */
234 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
236 /* Read Location Data */
237 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
240 static int amp_init2(struct hci_request *req)
242 /* Read Local Supported Features. Not all AMP controllers
243 * support this so it's placed conditionally in the second
246 if (req->hdev->commands[14] & 0x20)
247 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
252 static int hci_init1_req(struct hci_request *req, unsigned long opt)
254 struct hci_dev *hdev = req->hdev;
256 BT_DBG("%s %ld", hdev->name, opt);
259 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
260 hci_reset_req(req, 0);
262 switch (hdev->dev_type) {
270 BT_ERR("Unknown device type %d", hdev->dev_type);
277 static void bredr_setup(struct hci_request *req)
282 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
283 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
285 /* Read Class of Device */
286 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
288 /* Read Local Name */
289 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
291 /* Read Voice Setting */
292 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
294 /* Read Number of Supported IAC */
295 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
297 /* Read Current IAC LAP */
298 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
300 /* Clear Event Filters */
301 flt_type = HCI_FLT_CLEAR_ALL;
302 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
304 /* Connection accept timeout ~20 secs */
305 param = cpu_to_le16(0x7d00);
306 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
309 static void le_setup(struct hci_request *req)
311 struct hci_dev *hdev = req->hdev;
313 /* Read LE Buffer Size */
314 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
316 /* Read LE Local Supported Features */
317 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
319 /* Read LE Supported States */
320 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
322 /* LE-only controllers have LE implicitly enabled */
323 if (!lmp_bredr_capable(hdev))
324 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
327 static void hci_setup_event_mask(struct hci_request *req)
329 struct hci_dev *hdev = req->hdev;
331 /* The second byte is 0xff instead of 0x9f (two reserved bits
332 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
335 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
337 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
338 * any event mask for pre 1.2 devices.
340 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
343 if (lmp_bredr_capable(hdev)) {
344 events[4] |= 0x01; /* Flow Specification Complete */
346 /* Use a different default for LE-only devices */
347 memset(events, 0, sizeof(events));
348 events[1] |= 0x20; /* Command Complete */
349 events[1] |= 0x40; /* Command Status */
350 events[1] |= 0x80; /* Hardware Error */
352 /* If the controller supports the Disconnect command, enable
353 * the corresponding event. In addition enable packet flow
354 * control related events.
356 if (hdev->commands[0] & 0x20) {
357 events[0] |= 0x10; /* Disconnection Complete */
358 events[2] |= 0x04; /* Number of Completed Packets */
359 events[3] |= 0x02; /* Data Buffer Overflow */
362 /* If the controller supports the Read Remote Version
363 * Information command, enable the corresponding event.
365 if (hdev->commands[2] & 0x80)
366 events[1] |= 0x08; /* Read Remote Version Information
370 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
371 events[0] |= 0x80; /* Encryption Change */
372 events[5] |= 0x80; /* Encryption Key Refresh Complete */
376 if (lmp_inq_rssi_capable(hdev) ||
377 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
378 events[4] |= 0x02; /* Inquiry Result with RSSI */
380 if (lmp_ext_feat_capable(hdev))
381 events[4] |= 0x04; /* Read Remote Extended Features Complete */
383 if (lmp_esco_capable(hdev)) {
384 events[5] |= 0x08; /* Synchronous Connection Complete */
385 events[5] |= 0x10; /* Synchronous Connection Changed */
388 if (lmp_sniffsubr_capable(hdev))
389 events[5] |= 0x20; /* Sniff Subrating */
391 if (lmp_pause_enc_capable(hdev))
392 events[5] |= 0x80; /* Encryption Key Refresh Complete */
394 if (lmp_ext_inq_capable(hdev))
395 events[5] |= 0x40; /* Extended Inquiry Result */
397 if (lmp_no_flush_capable(hdev))
398 events[7] |= 0x01; /* Enhanced Flush Complete */
400 if (lmp_lsto_capable(hdev))
401 events[6] |= 0x80; /* Link Supervision Timeout Changed */
403 if (lmp_ssp_capable(hdev)) {
404 events[6] |= 0x01; /* IO Capability Request */
405 events[6] |= 0x02; /* IO Capability Response */
406 events[6] |= 0x04; /* User Confirmation Request */
407 events[6] |= 0x08; /* User Passkey Request */
408 events[6] |= 0x10; /* Remote OOB Data Request */
409 events[6] |= 0x20; /* Simple Pairing Complete */
410 events[7] |= 0x04; /* User Passkey Notification */
411 events[7] |= 0x08; /* Keypress Notification */
412 events[7] |= 0x10; /* Remote Host Supported
413 * Features Notification
417 if (lmp_le_capable(hdev))
418 events[7] |= 0x20; /* LE Meta-Event */
420 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
423 static int hci_init2_req(struct hci_request *req, unsigned long opt)
425 struct hci_dev *hdev = req->hdev;
427 if (hdev->dev_type == HCI_AMP)
428 return amp_init2(req);
430 if (lmp_bredr_capable(hdev))
433 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
435 if (lmp_le_capable(hdev))
438 /* All Bluetooth 1.2 and later controllers should support the
439 * HCI command for reading the local supported commands.
441 * Unfortunately some controllers indicate Bluetooth 1.2 support,
442 * but do not have support for this command. If that is the case,
443 * the driver can quirk the behavior and skip reading the local
444 * supported commands.
446 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
447 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
448 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
450 if (lmp_ssp_capable(hdev)) {
451 /* When SSP is available, then the host features page
452 * should also be available as well. However some
453 * controllers list the max_page as 0 as long as SSP
454 * has not been enabled. To achieve proper debugging
455 * output, force the minimum max_page to 1 at least.
457 hdev->max_page = 0x01;
459 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
462 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
463 sizeof(mode), &mode);
465 struct hci_cp_write_eir cp;
467 memset(hdev->eir, 0, sizeof(hdev->eir));
468 memset(&cp, 0, sizeof(cp));
470 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
474 if (lmp_inq_rssi_capable(hdev) ||
475 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
478 /* If Extended Inquiry Result events are supported, then
479 * they are clearly preferred over Inquiry Result with RSSI
482 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
484 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
487 if (lmp_inq_tx_pwr_capable(hdev))
488 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
490 if (lmp_ext_feat_capable(hdev)) {
491 struct hci_cp_read_local_ext_features cp;
494 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
498 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
500 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
507 static void hci_setup_link_policy(struct hci_request *req)
509 struct hci_dev *hdev = req->hdev;
510 struct hci_cp_write_def_link_policy cp;
513 if (lmp_rswitch_capable(hdev))
514 link_policy |= HCI_LP_RSWITCH;
515 if (lmp_hold_capable(hdev))
516 link_policy |= HCI_LP_HOLD;
517 if (lmp_sniff_capable(hdev))
518 link_policy |= HCI_LP_SNIFF;
519 if (lmp_park_capable(hdev))
520 link_policy |= HCI_LP_PARK;
522 cp.policy = cpu_to_le16(link_policy);
523 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
526 static void hci_set_le_support(struct hci_request *req)
528 struct hci_dev *hdev = req->hdev;
529 struct hci_cp_write_le_host_supported cp;
531 /* LE-only devices do not support explicit enablement */
532 if (!lmp_bredr_capable(hdev))
535 memset(&cp, 0, sizeof(cp));
537 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
542 if (cp.le != lmp_host_le_capable(hdev))
543 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
547 static void hci_set_event_mask_page_2(struct hci_request *req)
549 struct hci_dev *hdev = req->hdev;
550 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
552 /* If Connectionless Slave Broadcast master role is supported
553 * enable all necessary events for it.
555 if (lmp_csb_master_capable(hdev)) {
556 events[1] |= 0x40; /* Triggered Clock Capture */
557 events[1] |= 0x80; /* Synchronization Train Complete */
558 events[2] |= 0x10; /* Slave Page Response Timeout */
559 events[2] |= 0x20; /* CSB Channel Map Change */
562 /* If Connectionless Slave Broadcast slave role is supported
563 * enable all necessary events for it.
565 if (lmp_csb_slave_capable(hdev)) {
566 events[2] |= 0x01; /* Synchronization Train Received */
567 events[2] |= 0x02; /* CSB Receive */
568 events[2] |= 0x04; /* CSB Timeout */
569 events[2] |= 0x08; /* Truncated Page Complete */
572 /* Enable Authenticated Payload Timeout Expired event if supported */
573 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
576 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
579 static int hci_init3_req(struct hci_request *req, unsigned long opt)
581 struct hci_dev *hdev = req->hdev;
584 hci_setup_event_mask(req);
586 if (hdev->commands[6] & 0x20 &&
587 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
588 struct hci_cp_read_stored_link_key cp;
590 bacpy(&cp.bdaddr, BDADDR_ANY);
592 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
595 if (hdev->commands[5] & 0x10)
596 hci_setup_link_policy(req);
598 if (hdev->commands[8] & 0x01)
599 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
601 /* Some older Broadcom based Bluetooth 1.2 controllers do not
602 * support the Read Page Scan Type command. Check support for
603 * this command in the bit mask of supported commands.
605 if (hdev->commands[13] & 0x01)
606 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
608 if (lmp_le_capable(hdev)) {
611 memset(events, 0, sizeof(events));
613 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
614 events[0] |= 0x10; /* LE Long Term Key Request */
616 /* If controller supports the Connection Parameters Request
617 * Link Layer Procedure, enable the corresponding event.
619 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
620 events[0] |= 0x20; /* LE Remote Connection
624 /* If the controller supports the Data Length Extension
625 * feature, enable the corresponding event.
627 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
628 events[0] |= 0x40; /* LE Data Length Change */
630 /* If the controller supports Extended Scanner Filter
631 * Policies, enable the correspondig event.
633 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
634 events[1] |= 0x04; /* LE Direct Advertising
638 /* If the controller supports Channel Selection Algorithm #2
639 * feature, enable the corresponding event.
641 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2)
642 events[2] |= 0x08; /* LE Channel Selection
646 /* If the controller supports the LE Set Scan Enable command,
647 * enable the corresponding advertising report event.
649 if (hdev->commands[26] & 0x08)
650 events[0] |= 0x02; /* LE Advertising Report */
652 /* If the controller supports the LE Create Connection
653 * command, enable the corresponding event.
655 if (hdev->commands[26] & 0x10)
656 events[0] |= 0x01; /* LE Connection Complete */
658 /* If the controller supports the LE Connection Update
659 * command, enable the corresponding event.
661 if (hdev->commands[27] & 0x04)
662 events[0] |= 0x04; /* LE Connection Update
666 /* If the controller supports the LE Read Remote Used Features
667 * command, enable the corresponding event.
669 if (hdev->commands[27] & 0x20)
670 events[0] |= 0x08; /* LE Read Remote Used
674 /* If the controller supports the LE Read Local P-256
675 * Public Key command, enable the corresponding event.
677 if (hdev->commands[34] & 0x02)
678 events[0] |= 0x80; /* LE Read Local P-256
679 * Public Key Complete
682 /* If the controller supports the LE Generate DHKey
683 * command, enable the corresponding event.
685 if (hdev->commands[34] & 0x04)
686 events[1] |= 0x01; /* LE Generate DHKey Complete */
688 /* If the controller supports the LE Set Default PHY or
689 * LE Set PHY commands, enable the corresponding event.
691 if (hdev->commands[35] & (0x20 | 0x40))
692 events[1] |= 0x08; /* LE PHY Update Complete */
694 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
697 if (hdev->commands[25] & 0x40) {
698 /* Read LE Advertising Channel TX Power */
699 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
702 if (hdev->commands[26] & 0x40) {
703 /* Read LE White List Size */
704 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE,
708 if (hdev->commands[26] & 0x80) {
709 /* Clear LE White List */
710 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
713 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
714 /* Read LE Maximum Data Length */
715 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
717 /* Read LE Suggested Default Data Length */
718 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
721 hci_set_le_support(req);
724 /* Read features beyond page 1 if available */
725 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
726 struct hci_cp_read_local_ext_features cp;
729 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
736 static int hci_init4_req(struct hci_request *req, unsigned long opt)
738 struct hci_dev *hdev = req->hdev;
740 /* Some Broadcom based Bluetooth controllers do not support the
741 * Delete Stored Link Key command. They are clearly indicating its
742 * absence in the bit mask of supported commands.
744 * Check the supported commands and only if the the command is marked
745 * as supported send it. If not supported assume that the controller
746 * does not have actual support for stored link keys which makes this
747 * command redundant anyway.
749 * Some controllers indicate that they support handling deleting
750 * stored link keys, but they don't. The quirk lets a driver
751 * just disable this command.
753 if (hdev->commands[6] & 0x80 &&
754 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
755 struct hci_cp_delete_stored_link_key cp;
757 bacpy(&cp.bdaddr, BDADDR_ANY);
758 cp.delete_all = 0x01;
759 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
763 /* Set event mask page 2 if the HCI command for it is supported */
764 if (hdev->commands[22] & 0x04)
765 hci_set_event_mask_page_2(req);
767 /* Read local codec list if the HCI command is supported */
768 if (hdev->commands[29] & 0x20)
769 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
771 /* Get MWS transport configuration if the HCI command is supported */
772 if (hdev->commands[30] & 0x08)
773 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
775 /* Check for Synchronization Train support */
776 if (lmp_sync_train_capable(hdev))
777 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
779 /* Enable Secure Connections if supported and configured */
780 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
781 bredr_sc_enabled(hdev)) {
784 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
785 sizeof(support), &support);
788 /* Set Suggested Default Data Length to maximum if supported */
789 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
790 struct hci_cp_le_write_def_data_len cp;
792 cp.tx_len = hdev->le_max_tx_len;
793 cp.tx_time = hdev->le_max_tx_time;
794 hci_req_add(req, HCI_OP_LE_WRITE_DEF_DATA_LEN, sizeof(cp), &cp);
797 /* Set Default PHY parameters if command is supported */
798 if (hdev->commands[35] & 0x20) {
799 struct hci_cp_le_set_default_phy cp;
801 /* No transmitter PHY or receiver PHY preferences */
806 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp);
812 static int __hci_init(struct hci_dev *hdev)
816 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT, NULL);
820 if (hci_dev_test_flag(hdev, HCI_SETUP))
821 hci_debugfs_create_basic(hdev);
823 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT, NULL);
827 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode
828 * BR/EDR/LE type controllers. AMP controllers only need the
829 * first two stages of init.
831 if (hdev->dev_type != HCI_PRIMARY)
834 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT, NULL);
838 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT, NULL);
842 /* This function is only called when the controller is actually in
843 * configured state. When the controller is marked as unconfigured,
844 * this initialization procedure is not run.
846 * It means that it is possible that a controller runs through its
847 * setup phase and then discovers missing settings. If that is the
848 * case, then this function will not be called. It then will only
849 * be called during the config phase.
851 * So only when in setup phase or config phase, create the debugfs
852 * entries and register the SMP channels.
854 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
855 !hci_dev_test_flag(hdev, HCI_CONFIG))
858 hci_debugfs_create_common(hdev);
860 if (lmp_bredr_capable(hdev))
861 hci_debugfs_create_bredr(hdev);
863 if (lmp_le_capable(hdev))
864 hci_debugfs_create_le(hdev);
869 static int hci_init0_req(struct hci_request *req, unsigned long opt)
871 struct hci_dev *hdev = req->hdev;
873 BT_DBG("%s %ld", hdev->name, opt);
876 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
877 hci_reset_req(req, 0);
879 /* Read Local Version */
880 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
882 /* Read BD Address */
883 if (hdev->set_bdaddr)
884 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
889 static int __hci_unconf_init(struct hci_dev *hdev)
893 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
896 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT, NULL);
900 if (hci_dev_test_flag(hdev, HCI_SETUP))
901 hci_debugfs_create_basic(hdev);
906 static int hci_scan_req(struct hci_request *req, unsigned long opt)
910 BT_DBG("%s %x", req->hdev->name, scan);
912 /* Inquiry and Page scans */
913 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
917 static int hci_auth_req(struct hci_request *req, unsigned long opt)
921 BT_DBG("%s %x", req->hdev->name, auth);
924 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
928 static int hci_encrypt_req(struct hci_request *req, unsigned long opt)
932 BT_DBG("%s %x", req->hdev->name, encrypt);
935 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
939 static int hci_linkpol_req(struct hci_request *req, unsigned long opt)
941 __le16 policy = cpu_to_le16(opt);
943 BT_DBG("%s %x", req->hdev->name, policy);
945 /* Default link policy */
946 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
950 /* Get HCI device by index.
951 * Device is held on return. */
952 struct hci_dev *hci_dev_get(int index)
954 struct hci_dev *hdev = NULL, *d;
961 read_lock(&hci_dev_list_lock);
962 list_for_each_entry(d, &hci_dev_list, list) {
963 if (d->id == index) {
964 hdev = hci_dev_hold(d);
968 read_unlock(&hci_dev_list_lock);
972 /* ---- Inquiry support ---- */
974 bool hci_discovery_active(struct hci_dev *hdev)
976 struct discovery_state *discov = &hdev->discovery;
978 switch (discov->state) {
979 case DISCOVERY_FINDING:
980 case DISCOVERY_RESOLVING:
988 void hci_discovery_set_state(struct hci_dev *hdev, int state)
990 int old_state = hdev->discovery.state;
992 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
994 if (old_state == state)
997 hdev->discovery.state = state;
1000 case DISCOVERY_STOPPED:
1001 hci_update_background_scan(hdev);
1003 if (old_state != DISCOVERY_STARTING)
1004 mgmt_discovering(hdev, 0);
1006 case DISCOVERY_STARTING:
1008 case DISCOVERY_FINDING:
1009 mgmt_discovering(hdev, 1);
1011 case DISCOVERY_RESOLVING:
1013 case DISCOVERY_STOPPING:
1018 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1020 struct discovery_state *cache = &hdev->discovery;
1021 struct inquiry_entry *p, *n;
1023 list_for_each_entry_safe(p, n, &cache->all, all) {
1028 INIT_LIST_HEAD(&cache->unknown);
1029 INIT_LIST_HEAD(&cache->resolve);
1032 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1035 struct discovery_state *cache = &hdev->discovery;
1036 struct inquiry_entry *e;
1038 BT_DBG("cache %p, %pMR", cache, bdaddr);
1040 list_for_each_entry(e, &cache->all, all) {
1041 if (!bacmp(&e->data.bdaddr, bdaddr))
1048 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1051 struct discovery_state *cache = &hdev->discovery;
1052 struct inquiry_entry *e;
1054 BT_DBG("cache %p, %pMR", cache, bdaddr);
1056 list_for_each_entry(e, &cache->unknown, list) {
1057 if (!bacmp(&e->data.bdaddr, bdaddr))
1064 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1068 struct discovery_state *cache = &hdev->discovery;
1069 struct inquiry_entry *e;
1071 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1073 list_for_each_entry(e, &cache->resolve, list) {
1074 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1076 if (!bacmp(&e->data.bdaddr, bdaddr))
1083 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1084 struct inquiry_entry *ie)
1086 struct discovery_state *cache = &hdev->discovery;
1087 struct list_head *pos = &cache->resolve;
1088 struct inquiry_entry *p;
1090 list_del(&ie->list);
1092 list_for_each_entry(p, &cache->resolve, list) {
1093 if (p->name_state != NAME_PENDING &&
1094 abs(p->data.rssi) >= abs(ie->data.rssi))
1099 list_add(&ie->list, pos);
1102 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1105 struct discovery_state *cache = &hdev->discovery;
1106 struct inquiry_entry *ie;
1109 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1111 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1113 if (!data->ssp_mode)
1114 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1116 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1118 if (!ie->data.ssp_mode)
1119 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1121 if (ie->name_state == NAME_NEEDED &&
1122 data->rssi != ie->data.rssi) {
1123 ie->data.rssi = data->rssi;
1124 hci_inquiry_cache_update_resolve(hdev, ie);
1130 /* Entry not in the cache. Add new one. */
1131 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1133 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1137 list_add(&ie->all, &cache->all);
1140 ie->name_state = NAME_KNOWN;
1142 ie->name_state = NAME_NOT_KNOWN;
1143 list_add(&ie->list, &cache->unknown);
1147 if (name_known && ie->name_state != NAME_KNOWN &&
1148 ie->name_state != NAME_PENDING) {
1149 ie->name_state = NAME_KNOWN;
1150 list_del(&ie->list);
1153 memcpy(&ie->data, data, sizeof(*data));
1154 ie->timestamp = jiffies;
1155 cache->timestamp = jiffies;
1157 if (ie->name_state == NAME_NOT_KNOWN)
1158 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1164 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1166 struct discovery_state *cache = &hdev->discovery;
1167 struct inquiry_info *info = (struct inquiry_info *) buf;
1168 struct inquiry_entry *e;
1171 list_for_each_entry(e, &cache->all, all) {
1172 struct inquiry_data *data = &e->data;
1177 bacpy(&info->bdaddr, &data->bdaddr);
1178 info->pscan_rep_mode = data->pscan_rep_mode;
1179 info->pscan_period_mode = data->pscan_period_mode;
1180 info->pscan_mode = data->pscan_mode;
1181 memcpy(info->dev_class, data->dev_class, 3);
1182 info->clock_offset = data->clock_offset;
1188 BT_DBG("cache %p, copied %d", cache, copied);
1192 static int hci_inq_req(struct hci_request *req, unsigned long opt)
1194 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1195 struct hci_dev *hdev = req->hdev;
1196 struct hci_cp_inquiry cp;
1198 BT_DBG("%s", hdev->name);
1200 if (test_bit(HCI_INQUIRY, &hdev->flags))
1204 memcpy(&cp.lap, &ir->lap, 3);
1205 cp.length = ir->length;
1206 cp.num_rsp = ir->num_rsp;
1207 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1212 int hci_inquiry(void __user *arg)
1214 __u8 __user *ptr = arg;
1215 struct hci_inquiry_req ir;
1216 struct hci_dev *hdev;
1217 int err = 0, do_inquiry = 0, max_rsp;
1221 if (copy_from_user(&ir, ptr, sizeof(ir)))
1224 hdev = hci_dev_get(ir.dev_id);
1228 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1233 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1238 if (hdev->dev_type != HCI_PRIMARY) {
1243 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1249 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1250 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1251 hci_inquiry_cache_flush(hdev);
1254 hci_dev_unlock(hdev);
1256 timeo = ir.length * msecs_to_jiffies(2000);
1259 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1264 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1265 * cleared). If it is interrupted by a signal, return -EINTR.
1267 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1268 TASK_INTERRUPTIBLE))
1272 /* for unlimited number of responses we will use buffer with
1275 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1277 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1278 * copy it to the user space.
1280 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
1287 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1288 hci_dev_unlock(hdev);
1290 BT_DBG("num_rsp %d", ir.num_rsp);
1292 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1294 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1307 static int hci_dev_do_open(struct hci_dev *hdev)
1311 BT_DBG("%s %p", hdev->name, hdev);
1313 hci_req_sync_lock(hdev);
1315 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1320 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1321 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1322 /* Check for rfkill but allow the HCI setup stage to
1323 * proceed (which in itself doesn't cause any RF activity).
1325 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1330 /* Check for valid public address or a configured static
1331 * random adddress, but let the HCI setup proceed to
1332 * be able to determine if there is a public address
1335 * In case of user channel usage, it is not important
1336 * if a public address or static random address is
1339 * This check is only valid for BR/EDR controllers
1340 * since AMP controllers do not have an address.
1342 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1343 hdev->dev_type == HCI_PRIMARY &&
1344 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1345 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1346 ret = -EADDRNOTAVAIL;
1351 if (test_bit(HCI_UP, &hdev->flags)) {
1356 if (hdev->open(hdev)) {
1361 set_bit(HCI_RUNNING, &hdev->flags);
1362 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
1364 atomic_set(&hdev->cmd_cnt, 1);
1365 set_bit(HCI_INIT, &hdev->flags);
1367 if (hci_dev_test_flag(hdev, HCI_SETUP)) {
1368 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1371 ret = hdev->setup(hdev);
1373 /* The transport driver can set these quirks before
1374 * creating the HCI device or in its setup callback.
1376 * In case any of them is set, the controller has to
1377 * start up as unconfigured.
1379 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1380 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
1381 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1383 /* For an unconfigured controller it is required to
1384 * read at least the version information provided by
1385 * the Read Local Version Information command.
1387 * If the set_bdaddr driver callback is provided, then
1388 * also the original Bluetooth public device address
1389 * will be read using the Read BD Address command.
1391 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1392 ret = __hci_unconf_init(hdev);
1395 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1396 /* If public address change is configured, ensure that
1397 * the address gets programmed. If the driver does not
1398 * support changing the public address, fail the power
1401 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1403 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1405 ret = -EADDRNOTAVAIL;
1409 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1410 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1411 ret = __hci_init(hdev);
1412 if (!ret && hdev->post_init)
1413 ret = hdev->post_init(hdev);
1417 /* If the HCI Reset command is clearing all diagnostic settings,
1418 * then they need to be reprogrammed after the init procedure
1421 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
1422 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1423 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
1424 ret = hdev->set_diag(hdev, true);
1426 clear_bit(HCI_INIT, &hdev->flags);
1430 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1431 set_bit(HCI_UP, &hdev->flags);
1432 hci_sock_dev_event(hdev, HCI_DEV_UP);
1433 hci_leds_update_powered(hdev, true);
1434 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1435 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1436 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1437 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1438 hci_dev_test_flag(hdev, HCI_MGMT) &&
1439 hdev->dev_type == HCI_PRIMARY) {
1440 ret = __hci_req_hci_power_on(hdev);
1441 mgmt_power_on(hdev, ret);
1444 /* Init failed, cleanup */
1445 flush_work(&hdev->tx_work);
1446 flush_work(&hdev->cmd_work);
1447 flush_work(&hdev->rx_work);
1449 skb_queue_purge(&hdev->cmd_q);
1450 skb_queue_purge(&hdev->rx_q);
1455 if (hdev->sent_cmd) {
1456 kfree_skb(hdev->sent_cmd);
1457 hdev->sent_cmd = NULL;
1460 clear_bit(HCI_RUNNING, &hdev->flags);
1461 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1464 hdev->flags &= BIT(HCI_RAW);
1468 hci_req_sync_unlock(hdev);
1472 /* ---- HCI ioctl helpers ---- */
1474 int hci_dev_open(__u16 dev)
1476 struct hci_dev *hdev;
1479 hdev = hci_dev_get(dev);
1483 /* Devices that are marked as unconfigured can only be powered
1484 * up as user channel. Trying to bring them up as normal devices
1485 * will result into a failure. Only user channel operation is
1488 * When this function is called for a user channel, the flag
1489 * HCI_USER_CHANNEL will be set first before attempting to
1492 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1493 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1498 /* We need to ensure that no other power on/off work is pending
1499 * before proceeding to call hci_dev_do_open. This is
1500 * particularly important if the setup procedure has not yet
1503 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1504 cancel_delayed_work(&hdev->power_off);
1506 /* After this call it is guaranteed that the setup procedure
1507 * has finished. This means that error conditions like RFKILL
1508 * or no valid public or static random address apply.
1510 flush_workqueue(hdev->req_workqueue);
1512 /* For controllers not using the management interface and that
1513 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1514 * so that pairing works for them. Once the management interface
1515 * is in use this bit will be cleared again and userspace has
1516 * to explicitly enable it.
1518 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1519 !hci_dev_test_flag(hdev, HCI_MGMT))
1520 hci_dev_set_flag(hdev, HCI_BONDABLE);
1522 err = hci_dev_do_open(hdev);
1529 /* This function requires the caller holds hdev->lock */
1530 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1532 struct hci_conn_params *p;
1534 list_for_each_entry(p, &hdev->le_conn_params, list) {
1536 hci_conn_drop(p->conn);
1537 hci_conn_put(p->conn);
1540 list_del_init(&p->action);
1543 BT_DBG("All LE pending actions cleared");
1546 int hci_dev_do_close(struct hci_dev *hdev)
1550 BT_DBG("%s %p", hdev->name, hdev);
1552 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1553 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1554 test_bit(HCI_UP, &hdev->flags)) {
1555 /* Execute vendor specific shutdown routine */
1557 hdev->shutdown(hdev);
1560 cancel_delayed_work(&hdev->power_off);
1562 hci_request_cancel_all(hdev);
1563 hci_req_sync_lock(hdev);
1565 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1566 cancel_delayed_work_sync(&hdev->cmd_timer);
1567 hci_req_sync_unlock(hdev);
1571 hci_leds_update_powered(hdev, false);
1573 /* Flush RX and TX works */
1574 flush_work(&hdev->tx_work);
1575 flush_work(&hdev->rx_work);
1577 if (hdev->discov_timeout > 0) {
1578 hdev->discov_timeout = 0;
1579 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1580 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1583 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1584 cancel_delayed_work(&hdev->service_cache);
1586 if (hci_dev_test_flag(hdev, HCI_MGMT))
1587 cancel_delayed_work_sync(&hdev->rpa_expired);
1589 /* Avoid potential lockdep warnings from the *_flush() calls by
1590 * ensuring the workqueue is empty up front.
1592 drain_workqueue(hdev->workqueue);
1596 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1598 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
1600 if (!auto_off && hdev->dev_type == HCI_PRIMARY &&
1601 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1602 hci_dev_test_flag(hdev, HCI_MGMT))
1603 __mgmt_power_off(hdev);
1605 hci_inquiry_cache_flush(hdev);
1606 hci_pend_le_actions_clear(hdev);
1607 hci_conn_hash_flush(hdev);
1608 hci_dev_unlock(hdev);
1610 smp_unregister(hdev);
1612 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
1618 skb_queue_purge(&hdev->cmd_q);
1619 atomic_set(&hdev->cmd_cnt, 1);
1620 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
1621 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1622 set_bit(HCI_INIT, &hdev->flags);
1623 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT, NULL);
1624 clear_bit(HCI_INIT, &hdev->flags);
1627 /* flush cmd work */
1628 flush_work(&hdev->cmd_work);
1631 skb_queue_purge(&hdev->rx_q);
1632 skb_queue_purge(&hdev->cmd_q);
1633 skb_queue_purge(&hdev->raw_q);
1635 /* Drop last sent command */
1636 if (hdev->sent_cmd) {
1637 cancel_delayed_work_sync(&hdev->cmd_timer);
1638 kfree_skb(hdev->sent_cmd);
1639 hdev->sent_cmd = NULL;
1642 clear_bit(HCI_RUNNING, &hdev->flags);
1643 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1645 /* After this point our queues are empty
1646 * and no tasks are scheduled. */
1650 hdev->flags &= BIT(HCI_RAW);
1651 hci_dev_clear_volatile_flags(hdev);
1653 /* Controller radio is available but is currently powered down */
1654 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1656 memset(hdev->eir, 0, sizeof(hdev->eir));
1657 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1658 bacpy(&hdev->random_addr, BDADDR_ANY);
1660 hci_req_sync_unlock(hdev);
1666 int hci_dev_close(__u16 dev)
1668 struct hci_dev *hdev;
1671 hdev = hci_dev_get(dev);
1675 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1680 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1681 cancel_delayed_work(&hdev->power_off);
1683 err = hci_dev_do_close(hdev);
1690 static int hci_dev_do_reset(struct hci_dev *hdev)
1694 BT_DBG("%s %p", hdev->name, hdev);
1696 hci_req_sync_lock(hdev);
1699 skb_queue_purge(&hdev->rx_q);
1700 skb_queue_purge(&hdev->cmd_q);
1702 /* Avoid potential lockdep warnings from the *_flush() calls by
1703 * ensuring the workqueue is empty up front.
1705 drain_workqueue(hdev->workqueue);
1708 hci_inquiry_cache_flush(hdev);
1709 hci_conn_hash_flush(hdev);
1710 hci_dev_unlock(hdev);
1715 atomic_set(&hdev->cmd_cnt, 1);
1716 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1718 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT, NULL);
1720 hci_req_sync_unlock(hdev);
1724 int hci_dev_reset(__u16 dev)
1726 struct hci_dev *hdev;
1729 hdev = hci_dev_get(dev);
1733 if (!test_bit(HCI_UP, &hdev->flags)) {
1738 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1743 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1748 err = hci_dev_do_reset(hdev);
1755 int hci_dev_reset_stat(__u16 dev)
1757 struct hci_dev *hdev;
1760 hdev = hci_dev_get(dev);
1764 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1769 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1774 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1781 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1783 bool conn_changed, discov_changed;
1785 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1787 if ((scan & SCAN_PAGE))
1788 conn_changed = !hci_dev_test_and_set_flag(hdev,
1791 conn_changed = hci_dev_test_and_clear_flag(hdev,
1794 if ((scan & SCAN_INQUIRY)) {
1795 discov_changed = !hci_dev_test_and_set_flag(hdev,
1798 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1799 discov_changed = hci_dev_test_and_clear_flag(hdev,
1803 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1806 if (conn_changed || discov_changed) {
1807 /* In case this was disabled through mgmt */
1808 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1810 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1811 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1813 mgmt_new_settings(hdev);
1817 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1819 struct hci_dev *hdev;
1820 struct hci_dev_req dr;
1823 if (copy_from_user(&dr, arg, sizeof(dr)))
1826 hdev = hci_dev_get(dr.dev_id);
1830 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1835 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1840 if (hdev->dev_type != HCI_PRIMARY) {
1845 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1852 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1853 HCI_INIT_TIMEOUT, NULL);
1857 if (!lmp_encrypt_capable(hdev)) {
1862 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1863 /* Auth must be enabled first */
1864 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1865 HCI_INIT_TIMEOUT, NULL);
1870 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1871 HCI_INIT_TIMEOUT, NULL);
1875 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1876 HCI_INIT_TIMEOUT, NULL);
1878 /* Ensure that the connectable and discoverable states
1879 * get correctly modified as this was a non-mgmt change.
1882 hci_update_scan_state(hdev, dr.dev_opt);
1886 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1887 HCI_INIT_TIMEOUT, NULL);
1890 case HCISETLINKMODE:
1891 hdev->link_mode = ((__u16) dr.dev_opt) &
1892 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1896 hdev->pkt_type = (__u16) dr.dev_opt;
1900 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1901 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1905 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1906 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1919 int hci_get_dev_list(void __user *arg)
1921 struct hci_dev *hdev;
1922 struct hci_dev_list_req *dl;
1923 struct hci_dev_req *dr;
1924 int n = 0, size, err;
1927 if (get_user(dev_num, (__u16 __user *) arg))
1930 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1933 size = sizeof(*dl) + dev_num * sizeof(*dr);
1935 dl = kzalloc(size, GFP_KERNEL);
1941 read_lock(&hci_dev_list_lock);
1942 list_for_each_entry(hdev, &hci_dev_list, list) {
1943 unsigned long flags = hdev->flags;
1945 /* When the auto-off is configured it means the transport
1946 * is running, but in that case still indicate that the
1947 * device is actually down.
1949 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
1950 flags &= ~BIT(HCI_UP);
1952 (dr + n)->dev_id = hdev->id;
1953 (dr + n)->dev_opt = flags;
1958 read_unlock(&hci_dev_list_lock);
1961 size = sizeof(*dl) + n * sizeof(*dr);
1963 err = copy_to_user(arg, dl, size);
1966 return err ? -EFAULT : 0;
1969 int hci_get_dev_info(void __user *arg)
1971 struct hci_dev *hdev;
1972 struct hci_dev_info di;
1973 unsigned long flags;
1976 if (copy_from_user(&di, arg, sizeof(di)))
1979 hdev = hci_dev_get(di.dev_id);
1983 /* When the auto-off is configured it means the transport
1984 * is running, but in that case still indicate that the
1985 * device is actually down.
1987 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
1988 flags = hdev->flags & ~BIT(HCI_UP);
1990 flags = hdev->flags;
1992 strcpy(di.name, hdev->name);
1993 di.bdaddr = hdev->bdaddr;
1994 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
1996 di.pkt_type = hdev->pkt_type;
1997 if (lmp_bredr_capable(hdev)) {
1998 di.acl_mtu = hdev->acl_mtu;
1999 di.acl_pkts = hdev->acl_pkts;
2000 di.sco_mtu = hdev->sco_mtu;
2001 di.sco_pkts = hdev->sco_pkts;
2003 di.acl_mtu = hdev->le_mtu;
2004 di.acl_pkts = hdev->le_pkts;
2008 di.link_policy = hdev->link_policy;
2009 di.link_mode = hdev->link_mode;
2011 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2012 memcpy(&di.features, &hdev->features, sizeof(di.features));
2014 if (copy_to_user(arg, &di, sizeof(di)))
2022 /* ---- Interface to HCI drivers ---- */
2024 static int hci_rfkill_set_block(void *data, bool blocked)
2026 struct hci_dev *hdev = data;
2028 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2030 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2034 hci_dev_set_flag(hdev, HCI_RFKILLED);
2035 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2036 !hci_dev_test_flag(hdev, HCI_CONFIG))
2037 hci_dev_do_close(hdev);
2039 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2045 static const struct rfkill_ops hci_rfkill_ops = {
2046 .set_block = hci_rfkill_set_block,
2049 static void hci_power_on(struct work_struct *work)
2051 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2054 BT_DBG("%s", hdev->name);
2056 if (test_bit(HCI_UP, &hdev->flags) &&
2057 hci_dev_test_flag(hdev, HCI_MGMT) &&
2058 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
2059 cancel_delayed_work(&hdev->power_off);
2060 hci_req_sync_lock(hdev);
2061 err = __hci_req_hci_power_on(hdev);
2062 hci_req_sync_unlock(hdev);
2063 mgmt_power_on(hdev, err);
2067 err = hci_dev_do_open(hdev);
2070 mgmt_set_powered_failed(hdev, err);
2071 hci_dev_unlock(hdev);
2075 /* During the HCI setup phase, a few error conditions are
2076 * ignored and they need to be checked now. If they are still
2077 * valid, it is important to turn the device back off.
2079 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2080 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2081 (hdev->dev_type == HCI_PRIMARY &&
2082 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2083 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2084 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2085 hci_dev_do_close(hdev);
2086 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2087 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2088 HCI_AUTO_OFF_TIMEOUT);
2091 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2092 /* For unconfigured devices, set the HCI_RAW flag
2093 * so that userspace can easily identify them.
2095 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2096 set_bit(HCI_RAW, &hdev->flags);
2098 /* For fully configured devices, this will send
2099 * the Index Added event. For unconfigured devices,
2100 * it will send Unconfigued Index Added event.
2102 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2103 * and no event will be send.
2105 mgmt_index_added(hdev);
2106 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2107 /* When the controller is now configured, then it
2108 * is important to clear the HCI_RAW flag.
2110 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2111 clear_bit(HCI_RAW, &hdev->flags);
2113 /* Powering on the controller with HCI_CONFIG set only
2114 * happens with the transition from unconfigured to
2115 * configured. This will send the Index Added event.
2117 mgmt_index_added(hdev);
2121 static void hci_power_off(struct work_struct *work)
2123 struct hci_dev *hdev = container_of(work, struct hci_dev,
2126 BT_DBG("%s", hdev->name);
2128 hci_dev_do_close(hdev);
2131 static void hci_error_reset(struct work_struct *work)
2133 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2135 BT_DBG("%s", hdev->name);
2138 hdev->hw_error(hdev, hdev->hw_error_code);
2140 BT_ERR("%s hardware error 0x%2.2x", hdev->name,
2141 hdev->hw_error_code);
2143 if (hci_dev_do_close(hdev))
2146 hci_dev_do_open(hdev);
2149 void hci_uuids_clear(struct hci_dev *hdev)
2151 struct bt_uuid *uuid, *tmp;
2153 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2154 list_del(&uuid->list);
2159 void hci_link_keys_clear(struct hci_dev *hdev)
2161 struct link_key *key;
2163 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
2164 list_del_rcu(&key->list);
2165 kfree_rcu(key, rcu);
2169 void hci_smp_ltks_clear(struct hci_dev *hdev)
2173 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2174 list_del_rcu(&k->list);
2179 void hci_smp_irks_clear(struct hci_dev *hdev)
2183 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2184 list_del_rcu(&k->list);
2189 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2194 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2195 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2205 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2206 u8 key_type, u8 old_key_type)
2209 if (key_type < 0x03)
2212 /* Debug keys are insecure so don't store them persistently */
2213 if (key_type == HCI_LK_DEBUG_COMBINATION)
2216 /* Changed combination key and there's no previous one */
2217 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2220 /* Security mode 3 case */
2224 /* BR/EDR key derived using SC from an LE link */
2225 if (conn->type == LE_LINK)
2228 /* Neither local nor remote side had no-bonding as requirement */
2229 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2232 /* Local side had dedicated bonding as requirement */
2233 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2236 /* Remote side had dedicated bonding as requirement */
2237 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2240 /* If none of the above criteria match, then don't store the key
2245 static u8 ltk_role(u8 type)
2247 if (type == SMP_LTK)
2248 return HCI_ROLE_MASTER;
2250 return HCI_ROLE_SLAVE;
2253 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2254 u8 addr_type, u8 role)
2259 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2260 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2263 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2273 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2275 struct smp_irk *irk;
2278 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2279 if (!bacmp(&irk->rpa, rpa)) {
2285 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2286 if (smp_irk_matches(hdev, irk->val, rpa)) {
2287 bacpy(&irk->rpa, rpa);
2297 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2300 struct smp_irk *irk;
2302 /* Identity Address must be public or static random */
2303 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2307 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2308 if (addr_type == irk->addr_type &&
2309 bacmp(bdaddr, &irk->bdaddr) == 0) {
2319 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2320 bdaddr_t *bdaddr, u8 *val, u8 type,
2321 u8 pin_len, bool *persistent)
2323 struct link_key *key, *old_key;
2326 old_key = hci_find_link_key(hdev, bdaddr);
2328 old_key_type = old_key->type;
2331 old_key_type = conn ? conn->key_type : 0xff;
2332 key = kzalloc(sizeof(*key), GFP_KERNEL);
2335 list_add_rcu(&key->list, &hdev->link_keys);
2338 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2340 /* Some buggy controller combinations generate a changed
2341 * combination key for legacy pairing even when there's no
2343 if (type == HCI_LK_CHANGED_COMBINATION &&
2344 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2345 type = HCI_LK_COMBINATION;
2347 conn->key_type = type;
2350 bacpy(&key->bdaddr, bdaddr);
2351 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2352 key->pin_len = pin_len;
2354 if (type == HCI_LK_CHANGED_COMBINATION)
2355 key->type = old_key_type;
2360 *persistent = hci_persistent_key(hdev, conn, type,
2366 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2367 u8 addr_type, u8 type, u8 authenticated,
2368 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2370 struct smp_ltk *key, *old_key;
2371 u8 role = ltk_role(type);
2373 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2377 key = kzalloc(sizeof(*key), GFP_KERNEL);
2380 list_add_rcu(&key->list, &hdev->long_term_keys);
2383 bacpy(&key->bdaddr, bdaddr);
2384 key->bdaddr_type = addr_type;
2385 memcpy(key->val, tk, sizeof(key->val));
2386 key->authenticated = authenticated;
2389 key->enc_size = enc_size;
2395 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2396 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2398 struct smp_irk *irk;
2400 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2402 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2406 bacpy(&irk->bdaddr, bdaddr);
2407 irk->addr_type = addr_type;
2409 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2412 memcpy(irk->val, val, 16);
2413 bacpy(&irk->rpa, rpa);
2418 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2420 struct link_key *key;
2422 key = hci_find_link_key(hdev, bdaddr);
2426 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2428 list_del_rcu(&key->list);
2429 kfree_rcu(key, rcu);
2434 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2439 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2440 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2443 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2445 list_del_rcu(&k->list);
2450 return removed ? 0 : -ENOENT;
2453 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2457 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2458 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2461 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2463 list_del_rcu(&k->list);
2468 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2471 struct smp_irk *irk;
2474 if (type == BDADDR_BREDR) {
2475 if (hci_find_link_key(hdev, bdaddr))
2480 /* Convert to HCI addr type which struct smp_ltk uses */
2481 if (type == BDADDR_LE_PUBLIC)
2482 addr_type = ADDR_LE_DEV_PUBLIC;
2484 addr_type = ADDR_LE_DEV_RANDOM;
2486 irk = hci_get_irk(hdev, bdaddr, addr_type);
2488 bdaddr = &irk->bdaddr;
2489 addr_type = irk->addr_type;
2493 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2494 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2504 /* HCI command timer function */
2505 static void hci_cmd_timeout(struct work_struct *work)
2507 struct hci_dev *hdev = container_of(work, struct hci_dev,
2510 if (hdev->sent_cmd) {
2511 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2512 u16 opcode = __le16_to_cpu(sent->opcode);
2514 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
2516 BT_ERR("%s command tx timeout", hdev->name);
2519 atomic_set(&hdev->cmd_cnt, 1);
2520 queue_work(hdev->workqueue, &hdev->cmd_work);
2523 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2524 bdaddr_t *bdaddr, u8 bdaddr_type)
2526 struct oob_data *data;
2528 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2529 if (bacmp(bdaddr, &data->bdaddr) != 0)
2531 if (data->bdaddr_type != bdaddr_type)
2539 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2542 struct oob_data *data;
2544 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2548 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2550 list_del(&data->list);
2556 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2558 struct oob_data *data, *n;
2560 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2561 list_del(&data->list);
2566 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2567 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2568 u8 *hash256, u8 *rand256)
2570 struct oob_data *data;
2572 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2574 data = kmalloc(sizeof(*data), GFP_KERNEL);
2578 bacpy(&data->bdaddr, bdaddr);
2579 data->bdaddr_type = bdaddr_type;
2580 list_add(&data->list, &hdev->remote_oob_data);
2583 if (hash192 && rand192) {
2584 memcpy(data->hash192, hash192, sizeof(data->hash192));
2585 memcpy(data->rand192, rand192, sizeof(data->rand192));
2586 if (hash256 && rand256)
2587 data->present = 0x03;
2589 memset(data->hash192, 0, sizeof(data->hash192));
2590 memset(data->rand192, 0, sizeof(data->rand192));
2591 if (hash256 && rand256)
2592 data->present = 0x02;
2594 data->present = 0x00;
2597 if (hash256 && rand256) {
2598 memcpy(data->hash256, hash256, sizeof(data->hash256));
2599 memcpy(data->rand256, rand256, sizeof(data->rand256));
2601 memset(data->hash256, 0, sizeof(data->hash256));
2602 memset(data->rand256, 0, sizeof(data->rand256));
2603 if (hash192 && rand192)
2604 data->present = 0x01;
2607 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2612 /* This function requires the caller holds hdev->lock */
2613 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2615 struct adv_info *adv_instance;
2617 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2618 if (adv_instance->instance == instance)
2619 return adv_instance;
2625 /* This function requires the caller holds hdev->lock */
2626 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance)
2628 struct adv_info *cur_instance;
2630 cur_instance = hci_find_adv_instance(hdev, instance);
2634 if (cur_instance == list_last_entry(&hdev->adv_instances,
2635 struct adv_info, list))
2636 return list_first_entry(&hdev->adv_instances,
2637 struct adv_info, list);
2639 return list_next_entry(cur_instance, list);
2642 /* This function requires the caller holds hdev->lock */
2643 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2645 struct adv_info *adv_instance;
2647 adv_instance = hci_find_adv_instance(hdev, instance);
2651 BT_DBG("%s removing %dMR", hdev->name, instance);
2653 if (hdev->cur_adv_instance == instance) {
2654 if (hdev->adv_instance_timeout) {
2655 cancel_delayed_work(&hdev->adv_instance_expire);
2656 hdev->adv_instance_timeout = 0;
2658 hdev->cur_adv_instance = 0x00;
2661 list_del(&adv_instance->list);
2662 kfree(adv_instance);
2664 hdev->adv_instance_cnt--;
2669 /* This function requires the caller holds hdev->lock */
2670 void hci_adv_instances_clear(struct hci_dev *hdev)
2672 struct adv_info *adv_instance, *n;
2674 if (hdev->adv_instance_timeout) {
2675 cancel_delayed_work(&hdev->adv_instance_expire);
2676 hdev->adv_instance_timeout = 0;
2679 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2680 list_del(&adv_instance->list);
2681 kfree(adv_instance);
2684 hdev->adv_instance_cnt = 0;
2685 hdev->cur_adv_instance = 0x00;
2688 /* This function requires the caller holds hdev->lock */
2689 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2690 u16 adv_data_len, u8 *adv_data,
2691 u16 scan_rsp_len, u8 *scan_rsp_data,
2692 u16 timeout, u16 duration)
2694 struct adv_info *adv_instance;
2696 adv_instance = hci_find_adv_instance(hdev, instance);
2698 memset(adv_instance->adv_data, 0,
2699 sizeof(adv_instance->adv_data));
2700 memset(adv_instance->scan_rsp_data, 0,
2701 sizeof(adv_instance->scan_rsp_data));
2703 if (hdev->adv_instance_cnt >= HCI_MAX_ADV_INSTANCES ||
2704 instance < 1 || instance > HCI_MAX_ADV_INSTANCES)
2707 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2711 adv_instance->pending = true;
2712 adv_instance->instance = instance;
2713 list_add(&adv_instance->list, &hdev->adv_instances);
2714 hdev->adv_instance_cnt++;
2717 adv_instance->flags = flags;
2718 adv_instance->adv_data_len = adv_data_len;
2719 adv_instance->scan_rsp_len = scan_rsp_len;
2722 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
2725 memcpy(adv_instance->scan_rsp_data,
2726 scan_rsp_data, scan_rsp_len);
2728 adv_instance->timeout = timeout;
2729 adv_instance->remaining_time = timeout;
2732 adv_instance->duration = HCI_DEFAULT_ADV_DURATION;
2734 adv_instance->duration = duration;
2736 BT_DBG("%s for %dMR", hdev->name, instance);
2741 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
2742 bdaddr_t *bdaddr, u8 type)
2744 struct bdaddr_list *b;
2746 list_for_each_entry(b, bdaddr_list, list) {
2747 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2754 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
2756 struct bdaddr_list *b, *n;
2758 list_for_each_entry_safe(b, n, bdaddr_list, list) {
2764 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2766 struct bdaddr_list *entry;
2768 if (!bacmp(bdaddr, BDADDR_ANY))
2771 if (hci_bdaddr_list_lookup(list, bdaddr, type))
2774 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
2778 bacpy(&entry->bdaddr, bdaddr);
2779 entry->bdaddr_type = type;
2781 list_add(&entry->list, list);
2786 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2788 struct bdaddr_list *entry;
2790 if (!bacmp(bdaddr, BDADDR_ANY)) {
2791 hci_bdaddr_list_clear(list);
2795 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
2799 list_del(&entry->list);
2805 /* This function requires the caller holds hdev->lock */
2806 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
2807 bdaddr_t *addr, u8 addr_type)
2809 struct hci_conn_params *params;
2811 list_for_each_entry(params, &hdev->le_conn_params, list) {
2812 if (bacmp(¶ms->addr, addr) == 0 &&
2813 params->addr_type == addr_type) {
2821 /* This function requires the caller holds hdev->lock */
2822 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
2823 bdaddr_t *addr, u8 addr_type)
2825 struct hci_conn_params *param;
2827 list_for_each_entry(param, list, action) {
2828 if (bacmp(¶m->addr, addr) == 0 &&
2829 param->addr_type == addr_type)
2836 /* This function requires the caller holds hdev->lock */
2837 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
2838 bdaddr_t *addr, u8 addr_type)
2840 struct hci_conn_params *params;
2842 params = hci_conn_params_lookup(hdev, addr, addr_type);
2846 params = kzalloc(sizeof(*params), GFP_KERNEL);
2848 BT_ERR("Out of memory");
2852 bacpy(¶ms->addr, addr);
2853 params->addr_type = addr_type;
2855 list_add(¶ms->list, &hdev->le_conn_params);
2856 INIT_LIST_HEAD(¶ms->action);
2858 params->conn_min_interval = hdev->le_conn_min_interval;
2859 params->conn_max_interval = hdev->le_conn_max_interval;
2860 params->conn_latency = hdev->le_conn_latency;
2861 params->supervision_timeout = hdev->le_supv_timeout;
2862 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2864 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2869 static void hci_conn_params_free(struct hci_conn_params *params)
2872 hci_conn_drop(params->conn);
2873 hci_conn_put(params->conn);
2876 list_del(¶ms->action);
2877 list_del(¶ms->list);
2881 /* This function requires the caller holds hdev->lock */
2882 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
2884 struct hci_conn_params *params;
2886 params = hci_conn_params_lookup(hdev, addr, addr_type);
2890 hci_conn_params_free(params);
2892 hci_update_background_scan(hdev);
2894 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2897 /* This function requires the caller holds hdev->lock */
2898 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
2900 struct hci_conn_params *params, *tmp;
2902 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
2903 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
2906 /* If trying to estabilish one time connection to disabled
2907 * device, leave the params, but mark them as just once.
2909 if (params->explicit_connect) {
2910 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2914 list_del(¶ms->list);
2918 BT_DBG("All LE disabled connection parameters were removed");
2921 /* This function requires the caller holds hdev->lock */
2922 static void hci_conn_params_clear_all(struct hci_dev *hdev)
2924 struct hci_conn_params *params, *tmp;
2926 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
2927 hci_conn_params_free(params);
2929 BT_DBG("All LE connection parameters were removed");
2932 /* Copy the Identity Address of the controller.
2934 * If the controller has a public BD_ADDR, then by default use that one.
2935 * If this is a LE only controller without a public address, default to
2936 * the static random address.
2938 * For debugging purposes it is possible to force controllers with a
2939 * public address to use the static random address instead.
2941 * In case BR/EDR has been disabled on a dual-mode controller and
2942 * userspace has configured a static address, then that address
2943 * becomes the identity address instead of the public BR/EDR address.
2945 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
2948 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
2949 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
2950 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
2951 bacmp(&hdev->static_addr, BDADDR_ANY))) {
2952 bacpy(bdaddr, &hdev->static_addr);
2953 *bdaddr_type = ADDR_LE_DEV_RANDOM;
2955 bacpy(bdaddr, &hdev->bdaddr);
2956 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
2960 /* Alloc HCI device */
2961 struct hci_dev *hci_alloc_dev(void)
2963 struct hci_dev *hdev;
2965 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2969 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
2970 hdev->esco_type = (ESCO_HV1);
2971 hdev->link_mode = (HCI_LM_ACCEPT);
2972 hdev->num_iac = 0x01; /* One IAC support is mandatory */
2973 hdev->io_capability = 0x03; /* No Input No Output */
2974 hdev->manufacturer = 0xffff; /* Default to internal use */
2975 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
2976 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
2977 hdev->adv_instance_cnt = 0;
2978 hdev->cur_adv_instance = 0x00;
2979 hdev->adv_instance_timeout = 0;
2981 hdev->sniff_max_interval = 800;
2982 hdev->sniff_min_interval = 80;
2984 hdev->le_adv_channel_map = 0x07;
2985 hdev->le_adv_min_interval = 0x0800;
2986 hdev->le_adv_max_interval = 0x0800;
2987 hdev->le_scan_interval = 0x0060;
2988 hdev->le_scan_window = 0x0030;
2989 hdev->le_conn_min_interval = 0x0018;
2990 hdev->le_conn_max_interval = 0x0028;
2991 hdev->le_conn_latency = 0x0000;
2992 hdev->le_supv_timeout = 0x002a;
2993 hdev->le_def_tx_len = 0x001b;
2994 hdev->le_def_tx_time = 0x0148;
2995 hdev->le_max_tx_len = 0x001b;
2996 hdev->le_max_tx_time = 0x0148;
2997 hdev->le_max_rx_len = 0x001b;
2998 hdev->le_max_rx_time = 0x0148;
3000 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3001 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3002 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3003 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3005 mutex_init(&hdev->lock);
3006 mutex_init(&hdev->req_lock);
3008 INIT_LIST_HEAD(&hdev->mgmt_pending);
3009 INIT_LIST_HEAD(&hdev->blacklist);
3010 INIT_LIST_HEAD(&hdev->whitelist);
3011 INIT_LIST_HEAD(&hdev->uuids);
3012 INIT_LIST_HEAD(&hdev->link_keys);
3013 INIT_LIST_HEAD(&hdev->long_term_keys);
3014 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3015 INIT_LIST_HEAD(&hdev->remote_oob_data);
3016 INIT_LIST_HEAD(&hdev->le_white_list);
3017 INIT_LIST_HEAD(&hdev->le_conn_params);
3018 INIT_LIST_HEAD(&hdev->pend_le_conns);
3019 INIT_LIST_HEAD(&hdev->pend_le_reports);
3020 INIT_LIST_HEAD(&hdev->conn_hash.list);
3021 INIT_LIST_HEAD(&hdev->adv_instances);
3023 INIT_WORK(&hdev->rx_work, hci_rx_work);
3024 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3025 INIT_WORK(&hdev->tx_work, hci_tx_work);
3026 INIT_WORK(&hdev->power_on, hci_power_on);
3027 INIT_WORK(&hdev->error_reset, hci_error_reset);
3029 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3031 skb_queue_head_init(&hdev->rx_q);
3032 skb_queue_head_init(&hdev->cmd_q);
3033 skb_queue_head_init(&hdev->raw_q);
3035 init_waitqueue_head(&hdev->req_wait_q);
3037 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3039 hci_request_setup(hdev);
3041 hci_init_sysfs(hdev);
3042 discovery_init(hdev);
3046 EXPORT_SYMBOL(hci_alloc_dev);
3048 /* Free HCI device */
3049 void hci_free_dev(struct hci_dev *hdev)
3051 /* will free via device release */
3052 put_device(&hdev->dev);
3054 EXPORT_SYMBOL(hci_free_dev);
3056 /* Register HCI device */
3057 int hci_register_dev(struct hci_dev *hdev)
3061 if (!hdev->open || !hdev->close || !hdev->send)
3064 /* Do not allow HCI_AMP devices to register at index 0,
3065 * so the index can be used as the AMP controller ID.
3067 switch (hdev->dev_type) {
3069 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
3072 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
3081 sprintf(hdev->name, "hci%d", id);
3084 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3086 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3087 WQ_MEM_RECLAIM, 1, hdev->name);
3088 if (!hdev->workqueue) {
3093 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3094 WQ_MEM_RECLAIM, 1, hdev->name);
3095 if (!hdev->req_workqueue) {
3096 destroy_workqueue(hdev->workqueue);
3101 if (!IS_ERR_OR_NULL(bt_debugfs))
3102 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3104 dev_set_name(&hdev->dev, "%s", hdev->name);
3106 error = device_add(&hdev->dev);
3110 hci_leds_init(hdev);
3112 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3113 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3116 if (rfkill_register(hdev->rfkill) < 0) {
3117 rfkill_destroy(hdev->rfkill);
3118 hdev->rfkill = NULL;
3122 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3123 hci_dev_set_flag(hdev, HCI_RFKILLED);
3125 hci_dev_set_flag(hdev, HCI_SETUP);
3126 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3128 if (hdev->dev_type == HCI_PRIMARY) {
3129 /* Assume BR/EDR support until proven otherwise (such as
3130 * through reading supported features during init.
3132 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3135 write_lock(&hci_dev_list_lock);
3136 list_add(&hdev->list, &hci_dev_list);
3137 write_unlock(&hci_dev_list_lock);
3139 /* Devices that are marked for raw-only usage are unconfigured
3140 * and should not be included in normal operation.
3142 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3143 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3145 hci_sock_dev_event(hdev, HCI_DEV_REG);
3148 queue_work(hdev->req_workqueue, &hdev->power_on);
3153 destroy_workqueue(hdev->workqueue);
3154 destroy_workqueue(hdev->req_workqueue);
3156 ida_simple_remove(&hci_index_ida, hdev->id);
3160 EXPORT_SYMBOL(hci_register_dev);
3162 /* Unregister HCI device */
3163 void hci_unregister_dev(struct hci_dev *hdev)
3167 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3169 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3173 write_lock(&hci_dev_list_lock);
3174 list_del(&hdev->list);
3175 write_unlock(&hci_dev_list_lock);
3177 cancel_work_sync(&hdev->power_on);
3179 hci_dev_do_close(hdev);
3181 if (!test_bit(HCI_INIT, &hdev->flags) &&
3182 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3183 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
3185 mgmt_index_removed(hdev);
3186 hci_dev_unlock(hdev);
3189 /* mgmt_index_removed should take care of emptying the
3191 BUG_ON(!list_empty(&hdev->mgmt_pending));
3193 hci_sock_dev_event(hdev, HCI_DEV_UNREG);
3196 rfkill_unregister(hdev->rfkill);
3197 rfkill_destroy(hdev->rfkill);
3200 device_del(&hdev->dev);
3202 debugfs_remove_recursive(hdev->debugfs);
3203 kfree_const(hdev->hw_info);
3204 kfree_const(hdev->fw_info);
3206 destroy_workqueue(hdev->workqueue);
3207 destroy_workqueue(hdev->req_workqueue);
3210 hci_bdaddr_list_clear(&hdev->blacklist);
3211 hci_bdaddr_list_clear(&hdev->whitelist);
3212 hci_uuids_clear(hdev);
3213 hci_link_keys_clear(hdev);
3214 hci_smp_ltks_clear(hdev);
3215 hci_smp_irks_clear(hdev);
3216 hci_remote_oob_data_clear(hdev);
3217 hci_adv_instances_clear(hdev);
3218 hci_bdaddr_list_clear(&hdev->le_white_list);
3219 hci_conn_params_clear_all(hdev);
3220 hci_discovery_filter_clear(hdev);
3221 hci_dev_unlock(hdev);
3225 ida_simple_remove(&hci_index_ida, id);
3227 EXPORT_SYMBOL(hci_unregister_dev);
3229 /* Suspend HCI device */
3230 int hci_suspend_dev(struct hci_dev *hdev)
3232 hci_sock_dev_event(hdev, HCI_DEV_SUSPEND);
3235 EXPORT_SYMBOL(hci_suspend_dev);
3237 /* Resume HCI device */
3238 int hci_resume_dev(struct hci_dev *hdev)
3240 hci_sock_dev_event(hdev, HCI_DEV_RESUME);
3243 EXPORT_SYMBOL(hci_resume_dev);
3245 /* Reset HCI device */
3246 int hci_reset_dev(struct hci_dev *hdev)
3248 const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
3249 struct sk_buff *skb;
3251 skb = bt_skb_alloc(3, GFP_ATOMIC);
3255 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
3256 memcpy(skb_put(skb, 3), hw_err, 3);
3258 /* Send Hardware Error to upper stack */
3259 return hci_recv_frame(hdev, skb);
3261 EXPORT_SYMBOL(hci_reset_dev);
3263 /* Receive frame from HCI drivers */
3264 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3266 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3267 && !test_bit(HCI_INIT, &hdev->flags))) {
3272 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
3273 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
3274 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
3280 bt_cb(skb)->incoming = 1;
3283 __net_timestamp(skb);
3285 skb_queue_tail(&hdev->rx_q, skb);
3286 queue_work(hdev->workqueue, &hdev->rx_work);
3290 EXPORT_SYMBOL(hci_recv_frame);
3292 /* Receive diagnostic message from HCI drivers */
3293 int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
3295 /* Mark as diagnostic packet */
3296 hci_skb_pkt_type(skb) = HCI_DIAG_PKT;
3299 __net_timestamp(skb);
3301 skb_queue_tail(&hdev->rx_q, skb);
3302 queue_work(hdev->workqueue, &hdev->rx_work);
3306 EXPORT_SYMBOL(hci_recv_diag);
3308 void hci_set_hw_info(struct hci_dev *hdev, const char *fmt, ...)
3312 va_start(vargs, fmt);
3313 kfree_const(hdev->hw_info);
3314 hdev->hw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3317 EXPORT_SYMBOL(hci_set_hw_info);
3319 void hci_set_fw_info(struct hci_dev *hdev, const char *fmt, ...)
3323 va_start(vargs, fmt);
3324 kfree_const(hdev->fw_info);
3325 hdev->fw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3328 EXPORT_SYMBOL(hci_set_fw_info);
3330 /* ---- Interface to upper protocols ---- */
3332 int hci_register_cb(struct hci_cb *cb)
3334 BT_DBG("%p name %s", cb, cb->name);
3336 mutex_lock(&hci_cb_list_lock);
3337 list_add_tail(&cb->list, &hci_cb_list);
3338 mutex_unlock(&hci_cb_list_lock);
3342 EXPORT_SYMBOL(hci_register_cb);
3344 int hci_unregister_cb(struct hci_cb *cb)
3346 BT_DBG("%p name %s", cb, cb->name);
3348 mutex_lock(&hci_cb_list_lock);
3349 list_del(&cb->list);
3350 mutex_unlock(&hci_cb_list_lock);
3354 EXPORT_SYMBOL(hci_unregister_cb);
3356 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
3360 BT_DBG("%s type %d len %d", hdev->name, hci_skb_pkt_type(skb),
3364 __net_timestamp(skb);
3366 /* Send copy to monitor */
3367 hci_send_to_monitor(hdev, skb);
3369 if (atomic_read(&hdev->promisc)) {
3370 /* Send copy to the sockets */
3371 hci_send_to_sock(hdev, skb);
3374 /* Get rid of skb owner, prior to sending to the driver. */
3377 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3382 err = hdev->send(hdev, skb);
3384 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
3389 /* Send HCI command */
3390 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3393 struct sk_buff *skb;
3395 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3397 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3399 BT_ERR("%s no memory for command", hdev->name);
3403 /* Stand-alone HCI commands must be flagged as
3404 * single-command requests.
3406 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
3408 skb_queue_tail(&hdev->cmd_q, skb);
3409 queue_work(hdev->workqueue, &hdev->cmd_work);
3414 /* Get data from the previously sent command */
3415 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
3417 struct hci_command_hdr *hdr;
3419 if (!hdev->sent_cmd)
3422 hdr = (void *) hdev->sent_cmd->data;
3424 if (hdr->opcode != cpu_to_le16(opcode))
3427 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3429 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3432 /* Send HCI command and wait for command commplete event */
3433 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
3434 const void *param, u32 timeout)
3436 struct sk_buff *skb;
3438 if (!test_bit(HCI_UP, &hdev->flags))
3439 return ERR_PTR(-ENETDOWN);
3441 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
3443 hci_req_sync_lock(hdev);
3444 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
3445 hci_req_sync_unlock(hdev);
3449 EXPORT_SYMBOL(hci_cmd_sync);
3452 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3454 struct hci_acl_hdr *hdr;
3457 skb_push(skb, HCI_ACL_HDR_SIZE);
3458 skb_reset_transport_header(skb);
3459 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
3460 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3461 hdr->dlen = cpu_to_le16(len);
3464 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
3465 struct sk_buff *skb, __u16 flags)
3467 struct hci_conn *conn = chan->conn;
3468 struct hci_dev *hdev = conn->hdev;
3469 struct sk_buff *list;
3471 skb->len = skb_headlen(skb);
3474 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
3476 switch (hdev->dev_type) {
3478 hci_add_acl_hdr(skb, conn->handle, flags);
3481 hci_add_acl_hdr(skb, chan->handle, flags);
3484 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3488 list = skb_shinfo(skb)->frag_list;
3490 /* Non fragmented */
3491 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3493 skb_queue_tail(queue, skb);
3496 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3498 skb_shinfo(skb)->frag_list = NULL;
3500 /* Queue all fragments atomically. We need to use spin_lock_bh
3501 * here because of 6LoWPAN links, as there this function is
3502 * called from softirq and using normal spin lock could cause
3505 spin_lock_bh(&queue->lock);
3507 __skb_queue_tail(queue, skb);
3509 flags &= ~ACL_START;
3512 skb = list; list = list->next;
3514 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
3515 hci_add_acl_hdr(skb, conn->handle, flags);
3517 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3519 __skb_queue_tail(queue, skb);
3522 spin_unlock_bh(&queue->lock);
3526 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3528 struct hci_dev *hdev = chan->conn->hdev;
3530 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
3532 hci_queue_acl(chan, &chan->data_q, skb, flags);
3534 queue_work(hdev->workqueue, &hdev->tx_work);
3538 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
3540 struct hci_dev *hdev = conn->hdev;
3541 struct hci_sco_hdr hdr;
3543 BT_DBG("%s len %d", hdev->name, skb->len);
3545 hdr.handle = cpu_to_le16(conn->handle);
3546 hdr.dlen = skb->len;
3548 skb_push(skb, HCI_SCO_HDR_SIZE);
3549 skb_reset_transport_header(skb);
3550 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
3552 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
3554 skb_queue_tail(&conn->data_q, skb);
3555 queue_work(hdev->workqueue, &hdev->tx_work);
3558 /* ---- HCI TX task (outgoing data) ---- */
3560 /* HCI Connection scheduler */
3561 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3564 struct hci_conn_hash *h = &hdev->conn_hash;
3565 struct hci_conn *conn = NULL, *c;
3566 unsigned int num = 0, min = ~0;
3568 /* We don't have to lock device here. Connections are always
3569 * added and removed with TX task disabled. */
3573 list_for_each_entry_rcu(c, &h->list, list) {
3574 if (c->type != type || skb_queue_empty(&c->data_q))
3577 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3582 if (c->sent < min) {
3587 if (hci_conn_num(hdev, type) == num)
3596 switch (conn->type) {
3598 cnt = hdev->acl_cnt;
3602 cnt = hdev->sco_cnt;
3605 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3609 BT_ERR("Unknown link type");
3617 BT_DBG("conn %p quote %d", conn, *quote);
3621 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
3623 struct hci_conn_hash *h = &hdev->conn_hash;
3626 BT_ERR("%s link tx timeout", hdev->name);
3630 /* Kill stalled connections */
3631 list_for_each_entry_rcu(c, &h->list, list) {
3632 if (c->type == type && c->sent) {
3633 BT_ERR("%s killing stalled connection %pMR",
3634 hdev->name, &c->dst);
3635 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
3642 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3645 struct hci_conn_hash *h = &hdev->conn_hash;
3646 struct hci_chan *chan = NULL;
3647 unsigned int num = 0, min = ~0, cur_prio = 0;
3648 struct hci_conn *conn;
3649 int cnt, q, conn_num = 0;
3651 BT_DBG("%s", hdev->name);
3655 list_for_each_entry_rcu(conn, &h->list, list) {
3656 struct hci_chan *tmp;
3658 if (conn->type != type)
3661 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3666 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
3667 struct sk_buff *skb;
3669 if (skb_queue_empty(&tmp->data_q))
3672 skb = skb_peek(&tmp->data_q);
3673 if (skb->priority < cur_prio)
3676 if (skb->priority > cur_prio) {
3679 cur_prio = skb->priority;
3684 if (conn->sent < min) {
3690 if (hci_conn_num(hdev, type) == conn_num)
3699 switch (chan->conn->type) {
3701 cnt = hdev->acl_cnt;
3704 cnt = hdev->block_cnt;
3708 cnt = hdev->sco_cnt;
3711 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3715 BT_ERR("Unknown link type");
3720 BT_DBG("chan %p quote %d", chan, *quote);
3724 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3726 struct hci_conn_hash *h = &hdev->conn_hash;
3727 struct hci_conn *conn;
3730 BT_DBG("%s", hdev->name);
3734 list_for_each_entry_rcu(conn, &h->list, list) {
3735 struct hci_chan *chan;
3737 if (conn->type != type)
3740 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3745 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3746 struct sk_buff *skb;
3753 if (skb_queue_empty(&chan->data_q))
3756 skb = skb_peek(&chan->data_q);
3757 if (skb->priority >= HCI_PRIO_MAX - 1)
3760 skb->priority = HCI_PRIO_MAX - 1;
3762 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3766 if (hci_conn_num(hdev, type) == num)
3774 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3776 /* Calculate count of blocks used by this packet */
3777 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3780 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3782 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
3783 /* ACL tx timeout must be longer than maximum
3784 * link supervision timeout (40.9 seconds) */
3785 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3786 HCI_ACL_TX_TIMEOUT))
3787 hci_link_tx_to(hdev, ACL_LINK);
3791 static void hci_sched_acl_pkt(struct hci_dev *hdev)
3793 unsigned int cnt = hdev->acl_cnt;
3794 struct hci_chan *chan;
3795 struct sk_buff *skb;
3798 __check_timeout(hdev, cnt);
3800 while (hdev->acl_cnt &&
3801 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
3802 u32 priority = (skb_peek(&chan->data_q))->priority;
3803 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3804 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3805 skb->len, skb->priority);
3807 /* Stop if priority has changed */
3808 if (skb->priority < priority)
3811 skb = skb_dequeue(&chan->data_q);
3813 hci_conn_enter_active_mode(chan->conn,
3814 bt_cb(skb)->force_active);
3816 hci_send_frame(hdev, skb);
3817 hdev->acl_last_tx = jiffies;
3825 if (cnt != hdev->acl_cnt)
3826 hci_prio_recalculate(hdev, ACL_LINK);
3829 static void hci_sched_acl_blk(struct hci_dev *hdev)
3831 unsigned int cnt = hdev->block_cnt;
3832 struct hci_chan *chan;
3833 struct sk_buff *skb;
3837 __check_timeout(hdev, cnt);
3839 BT_DBG("%s", hdev->name);
3841 if (hdev->dev_type == HCI_AMP)
3846 while (hdev->block_cnt > 0 &&
3847 (chan = hci_chan_sent(hdev, type, "e))) {
3848 u32 priority = (skb_peek(&chan->data_q))->priority;
3849 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
3852 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3853 skb->len, skb->priority);
3855 /* Stop if priority has changed */
3856 if (skb->priority < priority)
3859 skb = skb_dequeue(&chan->data_q);
3861 blocks = __get_blocks(hdev, skb);
3862 if (blocks > hdev->block_cnt)
3865 hci_conn_enter_active_mode(chan->conn,
3866 bt_cb(skb)->force_active);
3868 hci_send_frame(hdev, skb);
3869 hdev->acl_last_tx = jiffies;
3871 hdev->block_cnt -= blocks;
3874 chan->sent += blocks;
3875 chan->conn->sent += blocks;
3879 if (cnt != hdev->block_cnt)
3880 hci_prio_recalculate(hdev, type);
3883 static void hci_sched_acl(struct hci_dev *hdev)
3885 BT_DBG("%s", hdev->name);
3887 /* No ACL link over BR/EDR controller */
3888 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_PRIMARY)
3891 /* No AMP link over AMP controller */
3892 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
3895 switch (hdev->flow_ctl_mode) {
3896 case HCI_FLOW_CTL_MODE_PACKET_BASED:
3897 hci_sched_acl_pkt(hdev);
3900 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
3901 hci_sched_acl_blk(hdev);
3907 static void hci_sched_sco(struct hci_dev *hdev)
3909 struct hci_conn *conn;
3910 struct sk_buff *skb;
3913 BT_DBG("%s", hdev->name);
3915 if (!hci_conn_num(hdev, SCO_LINK))
3918 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
3919 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3920 BT_DBG("skb %p len %d", skb, skb->len);
3921 hci_send_frame(hdev, skb);
3924 if (conn->sent == ~0)
3930 static void hci_sched_esco(struct hci_dev *hdev)
3932 struct hci_conn *conn;
3933 struct sk_buff *skb;
3936 BT_DBG("%s", hdev->name);
3938 if (!hci_conn_num(hdev, ESCO_LINK))
3941 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
3943 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3944 BT_DBG("skb %p len %d", skb, skb->len);
3945 hci_send_frame(hdev, skb);
3948 if (conn->sent == ~0)
3954 static void hci_sched_le(struct hci_dev *hdev)
3956 struct hci_chan *chan;
3957 struct sk_buff *skb;
3958 int quote, cnt, tmp;
3960 BT_DBG("%s", hdev->name);
3962 if (!hci_conn_num(hdev, LE_LINK))
3965 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
3966 /* LE tx timeout must be longer than maximum
3967 * link supervision timeout (40.9 seconds) */
3968 if (!hdev->le_cnt && hdev->le_pkts &&
3969 time_after(jiffies, hdev->le_last_tx + HZ * 45))
3970 hci_link_tx_to(hdev, LE_LINK);
3973 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
3975 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
3976 u32 priority = (skb_peek(&chan->data_q))->priority;
3977 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3978 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3979 skb->len, skb->priority);
3981 /* Stop if priority has changed */
3982 if (skb->priority < priority)
3985 skb = skb_dequeue(&chan->data_q);
3987 hci_send_frame(hdev, skb);
3988 hdev->le_last_tx = jiffies;
3999 hdev->acl_cnt = cnt;
4002 hci_prio_recalculate(hdev, LE_LINK);
4005 static void hci_tx_work(struct work_struct *work)
4007 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4008 struct sk_buff *skb;
4010 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4011 hdev->sco_cnt, hdev->le_cnt);
4013 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4014 /* Schedule queues and send stuff to HCI driver */
4015 hci_sched_acl(hdev);
4016 hci_sched_sco(hdev);
4017 hci_sched_esco(hdev);
4021 /* Send next queued raw (unknown type) packet */
4022 while ((skb = skb_dequeue(&hdev->raw_q)))
4023 hci_send_frame(hdev, skb);
4026 /* ----- HCI RX task (incoming data processing) ----- */
4028 /* ACL data packet */
4029 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4031 struct hci_acl_hdr *hdr = (void *) skb->data;
4032 struct hci_conn *conn;
4033 __u16 handle, flags;
4035 skb_pull(skb, HCI_ACL_HDR_SIZE);
4037 handle = __le16_to_cpu(hdr->handle);
4038 flags = hci_flags(handle);
4039 handle = hci_handle(handle);
4041 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4044 hdev->stat.acl_rx++;
4047 conn = hci_conn_hash_lookup_handle(hdev, handle);
4048 hci_dev_unlock(hdev);
4051 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4053 /* Send to upper protocol */
4054 l2cap_recv_acldata(conn, skb, flags);
4057 BT_ERR("%s ACL packet for unknown connection handle %d",
4058 hdev->name, handle);
4064 /* SCO data packet */
4065 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4067 struct hci_sco_hdr *hdr = (void *) skb->data;
4068 struct hci_conn *conn;
4071 skb_pull(skb, HCI_SCO_HDR_SIZE);
4073 handle = __le16_to_cpu(hdr->handle);
4075 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
4077 hdev->stat.sco_rx++;
4080 conn = hci_conn_hash_lookup_handle(hdev, handle);
4081 hci_dev_unlock(hdev);
4084 /* Send to upper protocol */
4085 sco_recv_scodata(conn, skb);
4088 BT_ERR("%s SCO packet for unknown connection handle %d",
4089 hdev->name, handle);
4095 static bool hci_req_is_complete(struct hci_dev *hdev)
4097 struct sk_buff *skb;
4099 skb = skb_peek(&hdev->cmd_q);
4103 return (bt_cb(skb)->hci.req_flags & HCI_REQ_START);
4106 static void hci_resend_last(struct hci_dev *hdev)
4108 struct hci_command_hdr *sent;
4109 struct sk_buff *skb;
4112 if (!hdev->sent_cmd)
4115 sent = (void *) hdev->sent_cmd->data;
4116 opcode = __le16_to_cpu(sent->opcode);
4117 if (opcode == HCI_OP_RESET)
4120 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4124 skb_queue_head(&hdev->cmd_q, skb);
4125 queue_work(hdev->workqueue, &hdev->cmd_work);
4128 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4129 hci_req_complete_t *req_complete,
4130 hci_req_complete_skb_t *req_complete_skb)
4132 struct sk_buff *skb;
4133 unsigned long flags;
4135 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4137 /* If the completed command doesn't match the last one that was
4138 * sent we need to do special handling of it.
4140 if (!hci_sent_cmd_data(hdev, opcode)) {
4141 /* Some CSR based controllers generate a spontaneous
4142 * reset complete event during init and any pending
4143 * command will never be completed. In such a case we
4144 * need to resend whatever was the last sent
4147 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4148 hci_resend_last(hdev);
4153 /* If the command succeeded and there's still more commands in
4154 * this request the request is not yet complete.
4156 if (!status && !hci_req_is_complete(hdev))
4159 /* If this was the last command in a request the complete
4160 * callback would be found in hdev->sent_cmd instead of the
4161 * command queue (hdev->cmd_q).
4163 if (bt_cb(hdev->sent_cmd)->hci.req_flags & HCI_REQ_SKB) {
4164 *req_complete_skb = bt_cb(hdev->sent_cmd)->hci.req_complete_skb;
4168 if (bt_cb(hdev->sent_cmd)->hci.req_complete) {
4169 *req_complete = bt_cb(hdev->sent_cmd)->hci.req_complete;
4173 /* Remove all pending commands belonging to this request */
4174 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4175 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4176 if (bt_cb(skb)->hci.req_flags & HCI_REQ_START) {
4177 __skb_queue_head(&hdev->cmd_q, skb);
4181 if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
4182 *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
4184 *req_complete = bt_cb(skb)->hci.req_complete;
4187 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4190 static void hci_rx_work(struct work_struct *work)
4192 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4193 struct sk_buff *skb;
4195 BT_DBG("%s", hdev->name);
4197 while ((skb = skb_dequeue(&hdev->rx_q))) {
4198 /* Send copy to monitor */
4199 hci_send_to_monitor(hdev, skb);
4201 if (atomic_read(&hdev->promisc)) {
4202 /* Send copy to the sockets */
4203 hci_send_to_sock(hdev, skb);
4206 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4211 if (test_bit(HCI_INIT, &hdev->flags)) {
4212 /* Don't process data packets in this states. */
4213 switch (hci_skb_pkt_type(skb)) {
4214 case HCI_ACLDATA_PKT:
4215 case HCI_SCODATA_PKT:
4222 switch (hci_skb_pkt_type(skb)) {
4224 BT_DBG("%s Event packet", hdev->name);
4225 hci_event_packet(hdev, skb);
4228 case HCI_ACLDATA_PKT:
4229 BT_DBG("%s ACL data packet", hdev->name);
4230 hci_acldata_packet(hdev, skb);
4233 case HCI_SCODATA_PKT:
4234 BT_DBG("%s SCO data packet", hdev->name);
4235 hci_scodata_packet(hdev, skb);
4245 static void hci_cmd_work(struct work_struct *work)
4247 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4248 struct sk_buff *skb;
4250 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4251 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4253 /* Send queued commands */
4254 if (atomic_read(&hdev->cmd_cnt)) {
4255 skb = skb_dequeue(&hdev->cmd_q);
4259 kfree_skb(hdev->sent_cmd);
4261 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4262 if (hdev->sent_cmd) {
4263 atomic_dec(&hdev->cmd_cnt);
4264 hci_send_frame(hdev, skb);
4265 if (test_bit(HCI_RESET, &hdev->flags))
4266 cancel_delayed_work(&hdev->cmd_timer);
4268 schedule_delayed_work(&hdev->cmd_timer,
4271 skb_queue_head(&hdev->cmd_q, skb);
4272 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / linux-block.git / blob