2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/jiffies.h>
29 #include <linux/module.h>
30 #include <linux/kmod.h>
32 #include <linux/types.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/skbuff.h>
41 #include <linux/workqueue.h>
42 #include <linux/interrupt.h>
43 #include <linux/rfkill.h>
44 #include <linux/timer.h>
45 #include <linux/crypto.h>
48 #include <linux/uaccess.h>
49 #include <asm/unaligned.h>
51 #include <net/bluetooth/bluetooth.h>
52 #include <net/bluetooth/hci_core.h>
54 #define AUTO_OFF_TIMEOUT 2000
56 static void hci_rx_work(struct work_struct *work);
57 static void hci_cmd_work(struct work_struct *work);
58 static void hci_tx_work(struct work_struct *work);
61 LIST_HEAD(hci_dev_list);
62 DEFINE_RWLOCK(hci_dev_list_lock);
64 /* HCI callback list */
65 LIST_HEAD(hci_cb_list);
66 DEFINE_RWLOCK(hci_cb_list_lock);
68 /* ---- HCI notifications ---- */
70 static void hci_notify(struct hci_dev *hdev, int event)
72 hci_sock_dev_event(hdev, event);
75 /* ---- HCI requests ---- */
77 void hci_req_complete(struct hci_dev *hdev, __u16 cmd, int result)
79 BT_DBG("%s command 0x%04x result 0x%2.2x", hdev->name, cmd, result);
81 /* If this is the init phase check if the completed command matches
82 * the last init command, and if not just return.
84 if (test_bit(HCI_INIT, &hdev->flags) && hdev->init_last_cmd != cmd) {
85 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
86 u16 opcode = __le16_to_cpu(sent->opcode);
89 /* Some CSR based controllers generate a spontaneous
90 * reset complete event during init and any pending
91 * command will never be completed. In such a case we
92 * need to resend whatever was the last sent
96 if (cmd != HCI_OP_RESET || opcode == HCI_OP_RESET)
99 skb = skb_clone(hdev->sent_cmd, GFP_ATOMIC);
101 skb_queue_head(&hdev->cmd_q, skb);
102 queue_work(hdev->workqueue, &hdev->cmd_work);
108 if (hdev->req_status == HCI_REQ_PEND) {
109 hdev->req_result = result;
110 hdev->req_status = HCI_REQ_DONE;
111 wake_up_interruptible(&hdev->req_wait_q);
115 static void hci_req_cancel(struct hci_dev *hdev, int err)
117 BT_DBG("%s err 0x%2.2x", hdev->name, err);
119 if (hdev->req_status == HCI_REQ_PEND) {
120 hdev->req_result = err;
121 hdev->req_status = HCI_REQ_CANCELED;
122 wake_up_interruptible(&hdev->req_wait_q);
126 /* Execute request and wait for completion. */
127 static int __hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
128 unsigned long opt, __u32 timeout)
130 DECLARE_WAITQUEUE(wait, current);
133 BT_DBG("%s start", hdev->name);
135 hdev->req_status = HCI_REQ_PEND;
137 add_wait_queue(&hdev->req_wait_q, &wait);
138 set_current_state(TASK_INTERRUPTIBLE);
141 schedule_timeout(timeout);
143 remove_wait_queue(&hdev->req_wait_q, &wait);
145 if (signal_pending(current))
148 switch (hdev->req_status) {
150 err = -bt_to_errno(hdev->req_result);
153 case HCI_REQ_CANCELED:
154 err = -hdev->req_result;
162 hdev->req_status = hdev->req_result = 0;
164 BT_DBG("%s end: err %d", hdev->name, err);
169 static inline int hci_request(struct hci_dev *hdev, void (*req)(struct hci_dev *hdev, unsigned long opt),
170 unsigned long opt, __u32 timeout)
174 if (!test_bit(HCI_UP, &hdev->flags))
177 /* Serialize all requests */
179 ret = __hci_request(hdev, req, opt, timeout);
180 hci_req_unlock(hdev);
185 static void hci_reset_req(struct hci_dev *hdev, unsigned long opt)
187 BT_DBG("%s %ld", hdev->name, opt);
190 set_bit(HCI_RESET, &hdev->flags);
191 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
194 static void bredr_init(struct hci_dev *hdev)
196 struct hci_cp_delete_stored_link_key cp;
200 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
202 /* Mandatory initialization */
205 if (!test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
206 set_bit(HCI_RESET, &hdev->flags);
207 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
210 /* Read Local Supported Features */
211 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
213 /* Read Local Version */
214 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
216 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
217 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
219 /* Read BD Address */
220 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
222 /* Read Class of Device */
223 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
225 /* Read Local Name */
226 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
228 /* Read Voice Setting */
229 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
231 /* Optional initialization */
233 /* Clear Event Filters */
234 flt_type = HCI_FLT_CLEAR_ALL;
235 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
237 /* Connection accept timeout ~20 secs */
238 param = cpu_to_le16(0x7d00);
239 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
241 bacpy(&cp.bdaddr, BDADDR_ANY);
243 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
246 static void amp_init(struct hci_dev *hdev)
248 hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
251 hci_send_cmd(hdev, HCI_OP_RESET, 0, NULL);
253 /* Read Local Version */
254 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
256 /* Read Local AMP Info */
257 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
260 static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
264 BT_DBG("%s %ld", hdev->name, opt);
266 /* Driver initialization */
268 /* Special commands */
269 while ((skb = skb_dequeue(&hdev->driver_init))) {
270 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
271 skb->dev = (void *) hdev;
273 skb_queue_tail(&hdev->cmd_q, skb);
274 queue_work(hdev->workqueue, &hdev->cmd_work);
276 skb_queue_purge(&hdev->driver_init);
278 switch (hdev->dev_type) {
288 BT_ERR("Unknown device type %d", hdev->dev_type);
294 static void hci_le_init_req(struct hci_dev *hdev, unsigned long opt)
296 BT_DBG("%s", hdev->name);
298 /* Read LE buffer size */
299 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
302 static void hci_scan_req(struct hci_dev *hdev, unsigned long opt)
306 BT_DBG("%s %x", hdev->name, scan);
308 /* Inquiry and Page scans */
309 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
312 static void hci_auth_req(struct hci_dev *hdev, unsigned long opt)
316 BT_DBG("%s %x", hdev->name, auth);
319 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
322 static void hci_encrypt_req(struct hci_dev *hdev, unsigned long opt)
326 BT_DBG("%s %x", hdev->name, encrypt);
329 hci_send_cmd(hdev, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
332 static void hci_linkpol_req(struct hci_dev *hdev, unsigned long opt)
334 __le16 policy = cpu_to_le16(opt);
336 BT_DBG("%s %x", hdev->name, policy);
338 /* Default link policy */
339 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
342 /* Get HCI device by index.
343 * Device is held on return. */
344 struct hci_dev *hci_dev_get(int index)
346 struct hci_dev *hdev = NULL, *d;
353 read_lock(&hci_dev_list_lock);
354 list_for_each_entry(d, &hci_dev_list, list) {
355 if (d->id == index) {
356 hdev = hci_dev_hold(d);
360 read_unlock(&hci_dev_list_lock);
364 /* ---- Inquiry support ---- */
366 bool hci_discovery_active(struct hci_dev *hdev)
368 struct discovery_state *discov = &hdev->discovery;
370 switch (discov->state) {
371 case DISCOVERY_FINDING:
372 case DISCOVERY_RESOLVING:
380 void hci_discovery_set_state(struct hci_dev *hdev, int state)
382 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
384 if (hdev->discovery.state == state)
388 case DISCOVERY_STOPPED:
389 if (hdev->discovery.state != DISCOVERY_STARTING)
390 mgmt_discovering(hdev, 0);
392 case DISCOVERY_STARTING:
394 case DISCOVERY_FINDING:
395 mgmt_discovering(hdev, 1);
397 case DISCOVERY_RESOLVING:
399 case DISCOVERY_STOPPING:
403 hdev->discovery.state = state;
406 static void inquiry_cache_flush(struct hci_dev *hdev)
408 struct discovery_state *cache = &hdev->discovery;
409 struct inquiry_entry *p, *n;
411 list_for_each_entry_safe(p, n, &cache->all, all) {
416 INIT_LIST_HEAD(&cache->unknown);
417 INIT_LIST_HEAD(&cache->resolve);
420 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
422 struct discovery_state *cache = &hdev->discovery;
423 struct inquiry_entry *e;
425 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
427 list_for_each_entry(e, &cache->all, all) {
428 if (!bacmp(&e->data.bdaddr, bdaddr))
435 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
438 struct discovery_state *cache = &hdev->discovery;
439 struct inquiry_entry *e;
441 BT_DBG("cache %p, %s", cache, batostr(bdaddr));
443 list_for_each_entry(e, &cache->unknown, list) {
444 if (!bacmp(&e->data.bdaddr, bdaddr))
451 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
455 struct discovery_state *cache = &hdev->discovery;
456 struct inquiry_entry *e;
458 BT_DBG("cache %p bdaddr %s state %d", cache, batostr(bdaddr), state);
460 list_for_each_entry(e, &cache->resolve, list) {
461 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
463 if (!bacmp(&e->data.bdaddr, bdaddr))
470 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
471 struct inquiry_entry *ie)
473 struct discovery_state *cache = &hdev->discovery;
474 struct list_head *pos = &cache->resolve;
475 struct inquiry_entry *p;
479 list_for_each_entry(p, &cache->resolve, list) {
480 if (p->name_state != NAME_PENDING &&
481 abs(p->data.rssi) >= abs(ie->data.rssi))
486 list_add(&ie->list, pos);
489 bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
490 bool name_known, bool *ssp)
492 struct discovery_state *cache = &hdev->discovery;
493 struct inquiry_entry *ie;
495 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
498 *ssp = data->ssp_mode;
500 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
502 if (ie->data.ssp_mode && ssp)
505 if (ie->name_state == NAME_NEEDED &&
506 data->rssi != ie->data.rssi) {
507 ie->data.rssi = data->rssi;
508 hci_inquiry_cache_update_resolve(hdev, ie);
514 /* Entry not in the cache. Add new one. */
515 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
519 list_add(&ie->all, &cache->all);
522 ie->name_state = NAME_KNOWN;
524 ie->name_state = NAME_NOT_KNOWN;
525 list_add(&ie->list, &cache->unknown);
529 if (name_known && ie->name_state != NAME_KNOWN &&
530 ie->name_state != NAME_PENDING) {
531 ie->name_state = NAME_KNOWN;
535 memcpy(&ie->data, data, sizeof(*data));
536 ie->timestamp = jiffies;
537 cache->timestamp = jiffies;
539 if (ie->name_state == NAME_NOT_KNOWN)
545 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
547 struct discovery_state *cache = &hdev->discovery;
548 struct inquiry_info *info = (struct inquiry_info *) buf;
549 struct inquiry_entry *e;
552 list_for_each_entry(e, &cache->all, all) {
553 struct inquiry_data *data = &e->data;
558 bacpy(&info->bdaddr, &data->bdaddr);
559 info->pscan_rep_mode = data->pscan_rep_mode;
560 info->pscan_period_mode = data->pscan_period_mode;
561 info->pscan_mode = data->pscan_mode;
562 memcpy(info->dev_class, data->dev_class, 3);
563 info->clock_offset = data->clock_offset;
569 BT_DBG("cache %p, copied %d", cache, copied);
573 static void hci_inq_req(struct hci_dev *hdev, unsigned long opt)
575 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
576 struct hci_cp_inquiry cp;
578 BT_DBG("%s", hdev->name);
580 if (test_bit(HCI_INQUIRY, &hdev->flags))
584 memcpy(&cp.lap, &ir->lap, 3);
585 cp.length = ir->length;
586 cp.num_rsp = ir->num_rsp;
587 hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
590 int hci_inquiry(void __user *arg)
592 __u8 __user *ptr = arg;
593 struct hci_inquiry_req ir;
594 struct hci_dev *hdev;
595 int err = 0, do_inquiry = 0, max_rsp;
599 if (copy_from_user(&ir, ptr, sizeof(ir)))
602 hdev = hci_dev_get(ir.dev_id);
607 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
608 inquiry_cache_empty(hdev) ||
609 ir.flags & IREQ_CACHE_FLUSH) {
610 inquiry_cache_flush(hdev);
613 hci_dev_unlock(hdev);
615 timeo = ir.length * msecs_to_jiffies(2000);
618 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
623 /* for unlimited number of responses we will use buffer with 255 entries */
624 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
626 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
627 * copy it to the user space.
629 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
636 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
637 hci_dev_unlock(hdev);
639 BT_DBG("num_rsp %d", ir.num_rsp);
641 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
643 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
656 /* ---- HCI ioctl helpers ---- */
658 int hci_dev_open(__u16 dev)
660 struct hci_dev *hdev;
663 hdev = hci_dev_get(dev);
667 BT_DBG("%s %p", hdev->name, hdev);
671 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
676 if (hdev->rfkill && rfkill_blocked(hdev->rfkill)) {
681 if (test_bit(HCI_UP, &hdev->flags)) {
686 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
687 set_bit(HCI_RAW, &hdev->flags);
689 /* Treat all non BR/EDR controllers as raw devices if
690 enable_hs is not set */
691 if (hdev->dev_type != HCI_BREDR && !enable_hs)
692 set_bit(HCI_RAW, &hdev->flags);
694 if (hdev->open(hdev)) {
699 if (!test_bit(HCI_RAW, &hdev->flags)) {
700 atomic_set(&hdev->cmd_cnt, 1);
701 set_bit(HCI_INIT, &hdev->flags);
702 hdev->init_last_cmd = 0;
704 ret = __hci_request(hdev, hci_init_req, 0,
705 msecs_to_jiffies(HCI_INIT_TIMEOUT));
707 if (lmp_host_le_capable(hdev))
708 ret = __hci_request(hdev, hci_le_init_req, 0,
709 msecs_to_jiffies(HCI_INIT_TIMEOUT));
711 clear_bit(HCI_INIT, &hdev->flags);
716 set_bit(HCI_UP, &hdev->flags);
717 hci_notify(hdev, HCI_DEV_UP);
718 if (!test_bit(HCI_SETUP, &hdev->dev_flags)) {
720 mgmt_powered(hdev, 1);
721 hci_dev_unlock(hdev);
724 /* Init failed, cleanup */
725 flush_work(&hdev->tx_work);
726 flush_work(&hdev->cmd_work);
727 flush_work(&hdev->rx_work);
729 skb_queue_purge(&hdev->cmd_q);
730 skb_queue_purge(&hdev->rx_q);
735 if (hdev->sent_cmd) {
736 kfree_skb(hdev->sent_cmd);
737 hdev->sent_cmd = NULL;
745 hci_req_unlock(hdev);
750 static int hci_dev_do_close(struct hci_dev *hdev)
752 BT_DBG("%s %p", hdev->name, hdev);
754 cancel_work_sync(&hdev->le_scan);
756 hci_req_cancel(hdev, ENODEV);
759 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
760 del_timer_sync(&hdev->cmd_timer);
761 hci_req_unlock(hdev);
765 /* Flush RX and TX works */
766 flush_work(&hdev->tx_work);
767 flush_work(&hdev->rx_work);
769 if (hdev->discov_timeout > 0) {
770 cancel_delayed_work(&hdev->discov_off);
771 hdev->discov_timeout = 0;
772 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
775 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
776 cancel_delayed_work(&hdev->service_cache);
778 cancel_delayed_work_sync(&hdev->le_scan_disable);
781 inquiry_cache_flush(hdev);
782 hci_conn_hash_flush(hdev);
783 hci_dev_unlock(hdev);
785 hci_notify(hdev, HCI_DEV_DOWN);
791 skb_queue_purge(&hdev->cmd_q);
792 atomic_set(&hdev->cmd_cnt, 1);
793 if (!test_bit(HCI_RAW, &hdev->flags) &&
794 test_bit(HCI_QUIRK_NO_RESET, &hdev->quirks)) {
795 set_bit(HCI_INIT, &hdev->flags);
796 __hci_request(hdev, hci_reset_req, 0,
797 msecs_to_jiffies(250));
798 clear_bit(HCI_INIT, &hdev->flags);
802 flush_work(&hdev->cmd_work);
805 skb_queue_purge(&hdev->rx_q);
806 skb_queue_purge(&hdev->cmd_q);
807 skb_queue_purge(&hdev->raw_q);
809 /* Drop last sent command */
810 if (hdev->sent_cmd) {
811 del_timer_sync(&hdev->cmd_timer);
812 kfree_skb(hdev->sent_cmd);
813 hdev->sent_cmd = NULL;
816 /* After this point our queues are empty
817 * and no tasks are scheduled. */
820 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
822 mgmt_powered(hdev, 0);
823 hci_dev_unlock(hdev);
829 memset(hdev->eir, 0, sizeof(hdev->eir));
830 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
832 hci_req_unlock(hdev);
838 int hci_dev_close(__u16 dev)
840 struct hci_dev *hdev;
843 hdev = hci_dev_get(dev);
847 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
848 cancel_delayed_work(&hdev->power_off);
850 err = hci_dev_do_close(hdev);
856 int hci_dev_reset(__u16 dev)
858 struct hci_dev *hdev;
861 hdev = hci_dev_get(dev);
867 if (!test_bit(HCI_UP, &hdev->flags))
871 skb_queue_purge(&hdev->rx_q);
872 skb_queue_purge(&hdev->cmd_q);
875 inquiry_cache_flush(hdev);
876 hci_conn_hash_flush(hdev);
877 hci_dev_unlock(hdev);
882 atomic_set(&hdev->cmd_cnt, 1);
883 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
885 if (!test_bit(HCI_RAW, &hdev->flags))
886 ret = __hci_request(hdev, hci_reset_req, 0,
887 msecs_to_jiffies(HCI_INIT_TIMEOUT));
890 hci_req_unlock(hdev);
895 int hci_dev_reset_stat(__u16 dev)
897 struct hci_dev *hdev;
900 hdev = hci_dev_get(dev);
904 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
911 int hci_dev_cmd(unsigned int cmd, void __user *arg)
913 struct hci_dev *hdev;
914 struct hci_dev_req dr;
917 if (copy_from_user(&dr, arg, sizeof(dr)))
920 hdev = hci_dev_get(dr.dev_id);
926 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
927 msecs_to_jiffies(HCI_INIT_TIMEOUT));
931 if (!lmp_encrypt_capable(hdev)) {
936 if (!test_bit(HCI_AUTH, &hdev->flags)) {
937 /* Auth must be enabled first */
938 err = hci_request(hdev, hci_auth_req, dr.dev_opt,
939 msecs_to_jiffies(HCI_INIT_TIMEOUT));
944 err = hci_request(hdev, hci_encrypt_req, dr.dev_opt,
945 msecs_to_jiffies(HCI_INIT_TIMEOUT));
949 err = hci_request(hdev, hci_scan_req, dr.dev_opt,
950 msecs_to_jiffies(HCI_INIT_TIMEOUT));
954 err = hci_request(hdev, hci_linkpol_req, dr.dev_opt,
955 msecs_to_jiffies(HCI_INIT_TIMEOUT));
959 hdev->link_mode = ((__u16) dr.dev_opt) &
960 (HCI_LM_MASTER | HCI_LM_ACCEPT);
964 hdev->pkt_type = (__u16) dr.dev_opt;
968 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
969 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
973 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
974 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
986 int hci_get_dev_list(void __user *arg)
988 struct hci_dev *hdev;
989 struct hci_dev_list_req *dl;
990 struct hci_dev_req *dr;
991 int n = 0, size, err;
994 if (get_user(dev_num, (__u16 __user *) arg))
997 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1000 size = sizeof(*dl) + dev_num * sizeof(*dr);
1002 dl = kzalloc(size, GFP_KERNEL);
1008 read_lock(&hci_dev_list_lock);
1009 list_for_each_entry(hdev, &hci_dev_list, list) {
1010 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1011 cancel_delayed_work(&hdev->power_off);
1013 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1014 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1016 (dr + n)->dev_id = hdev->id;
1017 (dr + n)->dev_opt = hdev->flags;
1022 read_unlock(&hci_dev_list_lock);
1025 size = sizeof(*dl) + n * sizeof(*dr);
1027 err = copy_to_user(arg, dl, size);
1030 return err ? -EFAULT : 0;
1033 int hci_get_dev_info(void __user *arg)
1035 struct hci_dev *hdev;
1036 struct hci_dev_info di;
1039 if (copy_from_user(&di, arg, sizeof(di)))
1042 hdev = hci_dev_get(di.dev_id);
1046 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1047 cancel_delayed_work_sync(&hdev->power_off);
1049 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1050 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1052 strcpy(di.name, hdev->name);
1053 di.bdaddr = hdev->bdaddr;
1054 di.type = (hdev->bus & 0x0f) | (hdev->dev_type << 4);
1055 di.flags = hdev->flags;
1056 di.pkt_type = hdev->pkt_type;
1057 di.acl_mtu = hdev->acl_mtu;
1058 di.acl_pkts = hdev->acl_pkts;
1059 di.sco_mtu = hdev->sco_mtu;
1060 di.sco_pkts = hdev->sco_pkts;
1061 di.link_policy = hdev->link_policy;
1062 di.link_mode = hdev->link_mode;
1064 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
1065 memcpy(&di.features, &hdev->features, sizeof(di.features));
1067 if (copy_to_user(arg, &di, sizeof(di)))
1075 /* ---- Interface to HCI drivers ---- */
1077 static int hci_rfkill_set_block(void *data, bool blocked)
1079 struct hci_dev *hdev = data;
1081 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
1086 hci_dev_do_close(hdev);
1091 static const struct rfkill_ops hci_rfkill_ops = {
1092 .set_block = hci_rfkill_set_block,
1095 static void hci_power_on(struct work_struct *work)
1097 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
1099 BT_DBG("%s", hdev->name);
1101 if (hci_dev_open(hdev->id) < 0)
1104 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
1105 schedule_delayed_work(&hdev->power_off,
1106 msecs_to_jiffies(AUTO_OFF_TIMEOUT));
1108 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags))
1109 mgmt_index_added(hdev);
1112 static void hci_power_off(struct work_struct *work)
1114 struct hci_dev *hdev = container_of(work, struct hci_dev,
1117 BT_DBG("%s", hdev->name);
1119 hci_dev_do_close(hdev);
1122 static void hci_discov_off(struct work_struct *work)
1124 struct hci_dev *hdev;
1125 u8 scan = SCAN_PAGE;
1127 hdev = container_of(work, struct hci_dev, discov_off.work);
1129 BT_DBG("%s", hdev->name);
1133 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1135 hdev->discov_timeout = 0;
1137 hci_dev_unlock(hdev);
1140 int hci_uuids_clear(struct hci_dev *hdev)
1142 struct list_head *p, *n;
1144 list_for_each_safe(p, n, &hdev->uuids) {
1145 struct bt_uuid *uuid;
1147 uuid = list_entry(p, struct bt_uuid, list);
1156 int hci_link_keys_clear(struct hci_dev *hdev)
1158 struct list_head *p, *n;
1160 list_for_each_safe(p, n, &hdev->link_keys) {
1161 struct link_key *key;
1163 key = list_entry(p, struct link_key, list);
1172 int hci_smp_ltks_clear(struct hci_dev *hdev)
1174 struct smp_ltk *k, *tmp;
1176 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1184 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1188 list_for_each_entry(k, &hdev->link_keys, list)
1189 if (bacmp(bdaddr, &k->bdaddr) == 0)
1195 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
1196 u8 key_type, u8 old_key_type)
1199 if (key_type < 0x03)
1202 /* Debug keys are insecure so don't store them persistently */
1203 if (key_type == HCI_LK_DEBUG_COMBINATION)
1206 /* Changed combination key and there's no previous one */
1207 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
1210 /* Security mode 3 case */
1214 /* Neither local nor remote side had no-bonding as requirement */
1215 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
1218 /* Local side had dedicated bonding as requirement */
1219 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
1222 /* Remote side had dedicated bonding as requirement */
1223 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
1226 /* If none of the above criteria match, then don't store the key
1231 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8])
1235 list_for_each_entry(k, &hdev->long_term_keys, list) {
1236 if (k->ediv != ediv ||
1237 memcmp(rand, k->rand, sizeof(k->rand)))
1245 EXPORT_SYMBOL(hci_find_ltk);
1247 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
1252 list_for_each_entry(k, &hdev->long_term_keys, list)
1253 if (addr_type == k->bdaddr_type &&
1254 bacmp(bdaddr, &k->bdaddr) == 0)
1259 EXPORT_SYMBOL(hci_find_ltk_by_addr);
1261 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
1262 bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len)
1264 struct link_key *key, *old_key;
1268 old_key = hci_find_link_key(hdev, bdaddr);
1270 old_key_type = old_key->type;
1273 old_key_type = conn ? conn->key_type : 0xff;
1274 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1277 list_add(&key->list, &hdev->link_keys);
1280 BT_DBG("%s key for %s type %u", hdev->name, batostr(bdaddr), type);
1282 /* Some buggy controller combinations generate a changed
1283 * combination key for legacy pairing even when there's no
1285 if (type == HCI_LK_CHANGED_COMBINATION &&
1286 (!conn || conn->remote_auth == 0xff) &&
1287 old_key_type == 0xff) {
1288 type = HCI_LK_COMBINATION;
1290 conn->key_type = type;
1293 bacpy(&key->bdaddr, bdaddr);
1294 memcpy(key->val, val, 16);
1295 key->pin_len = pin_len;
1297 if (type == HCI_LK_CHANGED_COMBINATION)
1298 key->type = old_key_type;
1305 persistent = hci_persistent_key(hdev, conn, type, old_key_type);
1307 mgmt_new_link_key(hdev, key, persistent);
1310 conn->flush_key = !persistent;
1315 int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
1316 int new_key, u8 authenticated, u8 tk[16], u8 enc_size, __le16
1319 struct smp_ltk *key, *old_key;
1321 if (!(type & HCI_SMP_STK) && !(type & HCI_SMP_LTK))
1324 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type);
1328 key = kzalloc(sizeof(*key), GFP_ATOMIC);
1331 list_add(&key->list, &hdev->long_term_keys);
1334 bacpy(&key->bdaddr, bdaddr);
1335 key->bdaddr_type = addr_type;
1336 memcpy(key->val, tk, sizeof(key->val));
1337 key->authenticated = authenticated;
1339 key->enc_size = enc_size;
1341 memcpy(key->rand, rand, sizeof(key->rand));
1346 if (type & HCI_SMP_LTK)
1347 mgmt_new_ltk(hdev, key, 1);
1352 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
1354 struct link_key *key;
1356 key = hci_find_link_key(hdev, bdaddr);
1360 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1362 list_del(&key->list);
1368 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr)
1370 struct smp_ltk *k, *tmp;
1372 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
1373 if (bacmp(bdaddr, &k->bdaddr))
1376 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1385 /* HCI command timer function */
1386 static void hci_cmd_timer(unsigned long arg)
1388 struct hci_dev *hdev = (void *) arg;
1390 BT_ERR("%s command tx timeout", hdev->name);
1391 atomic_set(&hdev->cmd_cnt, 1);
1392 queue_work(hdev->workqueue, &hdev->cmd_work);
1395 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
1398 struct oob_data *data;
1400 list_for_each_entry(data, &hdev->remote_oob_data, list)
1401 if (bacmp(bdaddr, &data->bdaddr) == 0)
1407 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
1409 struct oob_data *data;
1411 data = hci_find_remote_oob_data(hdev, bdaddr);
1415 BT_DBG("%s removing %s", hdev->name, batostr(bdaddr));
1417 list_del(&data->list);
1423 int hci_remote_oob_data_clear(struct hci_dev *hdev)
1425 struct oob_data *data, *n;
1427 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
1428 list_del(&data->list);
1435 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *hash,
1438 struct oob_data *data;
1440 data = hci_find_remote_oob_data(hdev, bdaddr);
1443 data = kmalloc(sizeof(*data), GFP_ATOMIC);
1447 bacpy(&data->bdaddr, bdaddr);
1448 list_add(&data->list, &hdev->remote_oob_data);
1451 memcpy(data->hash, hash, sizeof(data->hash));
1452 memcpy(data->randomizer, randomizer, sizeof(data->randomizer));
1454 BT_DBG("%s for %s", hdev->name, batostr(bdaddr));
1459 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr)
1461 struct bdaddr_list *b;
1463 list_for_each_entry(b, &hdev->blacklist, list)
1464 if (bacmp(bdaddr, &b->bdaddr) == 0)
1470 int hci_blacklist_clear(struct hci_dev *hdev)
1472 struct list_head *p, *n;
1474 list_for_each_safe(p, n, &hdev->blacklist) {
1475 struct bdaddr_list *b;
1477 b = list_entry(p, struct bdaddr_list, list);
1486 int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1488 struct bdaddr_list *entry;
1490 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1493 if (hci_blacklist_lookup(hdev, bdaddr))
1496 entry = kzalloc(sizeof(struct bdaddr_list), GFP_KERNEL);
1500 bacpy(&entry->bdaddr, bdaddr);
1502 list_add(&entry->list, &hdev->blacklist);
1504 return mgmt_device_blocked(hdev, bdaddr, type);
1507 int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1509 struct bdaddr_list *entry;
1511 if (bacmp(bdaddr, BDADDR_ANY) == 0)
1512 return hci_blacklist_clear(hdev);
1514 entry = hci_blacklist_lookup(hdev, bdaddr);
1518 list_del(&entry->list);
1521 return mgmt_device_unblocked(hdev, bdaddr, type);
1524 static void le_scan_param_req(struct hci_dev *hdev, unsigned long opt)
1526 struct le_scan_params *param = (struct le_scan_params *) opt;
1527 struct hci_cp_le_set_scan_param cp;
1529 memset(&cp, 0, sizeof(cp));
1530 cp.type = param->type;
1531 cp.interval = cpu_to_le16(param->interval);
1532 cp.window = cpu_to_le16(param->window);
1534 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_PARAM, sizeof(cp), &cp);
1537 static void le_scan_enable_req(struct hci_dev *hdev, unsigned long opt)
1539 struct hci_cp_le_set_scan_enable cp;
1541 memset(&cp, 0, sizeof(cp));
1544 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1547 static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1548 u16 window, int timeout)
1550 long timeo = msecs_to_jiffies(3000);
1551 struct le_scan_params param;
1554 BT_DBG("%s", hdev->name);
1556 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1557 return -EINPROGRESS;
1560 param.interval = interval;
1561 param.window = window;
1565 err = __hci_request(hdev, le_scan_param_req, (unsigned long) ¶m,
1568 err = __hci_request(hdev, le_scan_enable_req, 0, timeo);
1570 hci_req_unlock(hdev);
1575 schedule_delayed_work(&hdev->le_scan_disable,
1576 msecs_to_jiffies(timeout));
1581 int hci_cancel_le_scan(struct hci_dev *hdev)
1583 BT_DBG("%s", hdev->name);
1585 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1588 if (cancel_delayed_work(&hdev->le_scan_disable)) {
1589 struct hci_cp_le_set_scan_enable cp;
1591 /* Send HCI command to disable LE Scan */
1592 memset(&cp, 0, sizeof(cp));
1593 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1599 static void le_scan_disable_work(struct work_struct *work)
1601 struct hci_dev *hdev = container_of(work, struct hci_dev,
1602 le_scan_disable.work);
1603 struct hci_cp_le_set_scan_enable cp;
1605 BT_DBG("%s", hdev->name);
1607 memset(&cp, 0, sizeof(cp));
1609 hci_send_cmd(hdev, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1612 static void le_scan_work(struct work_struct *work)
1614 struct hci_dev *hdev = container_of(work, struct hci_dev, le_scan);
1615 struct le_scan_params *param = &hdev->le_scan_params;
1617 BT_DBG("%s", hdev->name);
1619 hci_do_le_scan(hdev, param->type, param->interval, param->window,
1623 int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
1626 struct le_scan_params *param = &hdev->le_scan_params;
1628 BT_DBG("%s", hdev->name);
1630 if (work_busy(&hdev->le_scan))
1631 return -EINPROGRESS;
1634 param->interval = interval;
1635 param->window = window;
1636 param->timeout = timeout;
1638 queue_work(system_long_wq, &hdev->le_scan);
1643 /* Alloc HCI device */
1644 struct hci_dev *hci_alloc_dev(void)
1646 struct hci_dev *hdev;
1648 hdev = kzalloc(sizeof(struct hci_dev), GFP_KERNEL);
1652 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
1653 hdev->esco_type = (ESCO_HV1);
1654 hdev->link_mode = (HCI_LM_ACCEPT);
1655 hdev->io_capability = 0x03; /* No Input No Output */
1657 hdev->sniff_max_interval = 800;
1658 hdev->sniff_min_interval = 80;
1660 mutex_init(&hdev->lock);
1661 mutex_init(&hdev->req_lock);
1663 INIT_LIST_HEAD(&hdev->mgmt_pending);
1664 INIT_LIST_HEAD(&hdev->blacklist);
1665 INIT_LIST_HEAD(&hdev->uuids);
1666 INIT_LIST_HEAD(&hdev->link_keys);
1667 INIT_LIST_HEAD(&hdev->long_term_keys);
1668 INIT_LIST_HEAD(&hdev->remote_oob_data);
1670 INIT_WORK(&hdev->rx_work, hci_rx_work);
1671 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
1672 INIT_WORK(&hdev->tx_work, hci_tx_work);
1673 INIT_WORK(&hdev->power_on, hci_power_on);
1674 INIT_WORK(&hdev->le_scan, le_scan_work);
1676 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
1677 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
1678 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
1680 skb_queue_head_init(&hdev->driver_init);
1681 skb_queue_head_init(&hdev->rx_q);
1682 skb_queue_head_init(&hdev->cmd_q);
1683 skb_queue_head_init(&hdev->raw_q);
1685 init_waitqueue_head(&hdev->req_wait_q);
1687 setup_timer(&hdev->cmd_timer, hci_cmd_timer, (unsigned long) hdev);
1689 hci_init_sysfs(hdev);
1690 discovery_init(hdev);
1691 hci_conn_hash_init(hdev);
1695 EXPORT_SYMBOL(hci_alloc_dev);
1697 /* Free HCI device */
1698 void hci_free_dev(struct hci_dev *hdev)
1700 skb_queue_purge(&hdev->driver_init);
1702 /* will free via device release */
1703 put_device(&hdev->dev);
1705 EXPORT_SYMBOL(hci_free_dev);
1707 /* Register HCI device */
1708 int hci_register_dev(struct hci_dev *hdev)
1710 struct list_head *head, *p;
1713 if (!hdev->open || !hdev->close)
1716 write_lock(&hci_dev_list_lock);
1718 /* Do not allow HCI_AMP devices to register at index 0,
1719 * so the index can be used as the AMP controller ID.
1721 id = (hdev->dev_type == HCI_BREDR) ? 0 : 1;
1722 head = &hci_dev_list;
1724 /* Find first available device id */
1725 list_for_each(p, &hci_dev_list) {
1726 int nid = list_entry(p, struct hci_dev, list)->id;
1734 sprintf(hdev->name, "hci%d", id);
1737 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1739 list_add(&hdev->list, head);
1741 write_unlock(&hci_dev_list_lock);
1743 hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
1745 if (!hdev->workqueue) {
1750 error = hci_add_sysfs(hdev);
1754 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
1755 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops, hdev);
1757 if (rfkill_register(hdev->rfkill) < 0) {
1758 rfkill_destroy(hdev->rfkill);
1759 hdev->rfkill = NULL;
1763 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
1764 set_bit(HCI_SETUP, &hdev->dev_flags);
1765 schedule_work(&hdev->power_on);
1767 hci_notify(hdev, HCI_DEV_REG);
1773 destroy_workqueue(hdev->workqueue);
1775 write_lock(&hci_dev_list_lock);
1776 list_del(&hdev->list);
1777 write_unlock(&hci_dev_list_lock);
1781 EXPORT_SYMBOL(hci_register_dev);
1783 /* Unregister HCI device */
1784 void hci_unregister_dev(struct hci_dev *hdev)
1788 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
1790 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
1792 write_lock(&hci_dev_list_lock);
1793 list_del(&hdev->list);
1794 write_unlock(&hci_dev_list_lock);
1796 hci_dev_do_close(hdev);
1798 for (i = 0; i < NUM_REASSEMBLY; i++)
1799 kfree_skb(hdev->reassembly[i]);
1801 if (!test_bit(HCI_INIT, &hdev->flags) &&
1802 !test_bit(HCI_SETUP, &hdev->dev_flags)) {
1804 mgmt_index_removed(hdev);
1805 hci_dev_unlock(hdev);
1808 /* mgmt_index_removed should take care of emptying the
1810 BUG_ON(!list_empty(&hdev->mgmt_pending));
1812 hci_notify(hdev, HCI_DEV_UNREG);
1815 rfkill_unregister(hdev->rfkill);
1816 rfkill_destroy(hdev->rfkill);
1819 hci_del_sysfs(hdev);
1821 destroy_workqueue(hdev->workqueue);
1824 hci_blacklist_clear(hdev);
1825 hci_uuids_clear(hdev);
1826 hci_link_keys_clear(hdev);
1827 hci_smp_ltks_clear(hdev);
1828 hci_remote_oob_data_clear(hdev);
1829 hci_dev_unlock(hdev);
1833 EXPORT_SYMBOL(hci_unregister_dev);
1835 /* Suspend HCI device */
1836 int hci_suspend_dev(struct hci_dev *hdev)
1838 hci_notify(hdev, HCI_DEV_SUSPEND);
1841 EXPORT_SYMBOL(hci_suspend_dev);
1843 /* Resume HCI device */
1844 int hci_resume_dev(struct hci_dev *hdev)
1846 hci_notify(hdev, HCI_DEV_RESUME);
1849 EXPORT_SYMBOL(hci_resume_dev);
1851 /* Receive frame from HCI drivers */
1852 int hci_recv_frame(struct sk_buff *skb)
1854 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
1855 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
1856 && !test_bit(HCI_INIT, &hdev->flags))) {
1862 bt_cb(skb)->incoming = 1;
1865 __net_timestamp(skb);
1867 skb_queue_tail(&hdev->rx_q, skb);
1868 queue_work(hdev->workqueue, &hdev->rx_work);
1872 EXPORT_SYMBOL(hci_recv_frame);
1874 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
1875 int count, __u8 index)
1880 struct sk_buff *skb;
1881 struct bt_skb_cb *scb;
1883 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
1884 index >= NUM_REASSEMBLY)
1887 skb = hdev->reassembly[index];
1891 case HCI_ACLDATA_PKT:
1892 len = HCI_MAX_FRAME_SIZE;
1893 hlen = HCI_ACL_HDR_SIZE;
1896 len = HCI_MAX_EVENT_SIZE;
1897 hlen = HCI_EVENT_HDR_SIZE;
1899 case HCI_SCODATA_PKT:
1900 len = HCI_MAX_SCO_SIZE;
1901 hlen = HCI_SCO_HDR_SIZE;
1905 skb = bt_skb_alloc(len, GFP_ATOMIC);
1909 scb = (void *) skb->cb;
1911 scb->pkt_type = type;
1913 skb->dev = (void *) hdev;
1914 hdev->reassembly[index] = skb;
1918 scb = (void *) skb->cb;
1919 len = min_t(uint, scb->expect, count);
1921 memcpy(skb_put(skb, len), data, len);
1930 if (skb->len == HCI_EVENT_HDR_SIZE) {
1931 struct hci_event_hdr *h = hci_event_hdr(skb);
1932 scb->expect = h->plen;
1934 if (skb_tailroom(skb) < scb->expect) {
1936 hdev->reassembly[index] = NULL;
1942 case HCI_ACLDATA_PKT:
1943 if (skb->len == HCI_ACL_HDR_SIZE) {
1944 struct hci_acl_hdr *h = hci_acl_hdr(skb);
1945 scb->expect = __le16_to_cpu(h->dlen);
1947 if (skb_tailroom(skb) < scb->expect) {
1949 hdev->reassembly[index] = NULL;
1955 case HCI_SCODATA_PKT:
1956 if (skb->len == HCI_SCO_HDR_SIZE) {
1957 struct hci_sco_hdr *h = hci_sco_hdr(skb);
1958 scb->expect = h->dlen;
1960 if (skb_tailroom(skb) < scb->expect) {
1962 hdev->reassembly[index] = NULL;
1969 if (scb->expect == 0) {
1970 /* Complete frame */
1972 bt_cb(skb)->pkt_type = type;
1973 hci_recv_frame(skb);
1975 hdev->reassembly[index] = NULL;
1983 int hci_recv_fragment(struct hci_dev *hdev, int type, void *data, int count)
1987 if (type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT)
1991 rem = hci_reassembly(hdev, type, data, count, type - 1);
1995 data += (count - rem);
2001 EXPORT_SYMBOL(hci_recv_fragment);
2003 #define STREAM_REASSEMBLY 0
2005 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
2011 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
2014 struct { char type; } *pkt;
2016 /* Start of the frame */
2023 type = bt_cb(skb)->pkt_type;
2025 rem = hci_reassembly(hdev, type, data, count,
2030 data += (count - rem);
2036 EXPORT_SYMBOL(hci_recv_stream_fragment);
2038 /* ---- Interface to upper protocols ---- */
2040 int hci_register_cb(struct hci_cb *cb)
2042 BT_DBG("%p name %s", cb, cb->name);
2044 write_lock(&hci_cb_list_lock);
2045 list_add(&cb->list, &hci_cb_list);
2046 write_unlock(&hci_cb_list_lock);
2050 EXPORT_SYMBOL(hci_register_cb);
2052 int hci_unregister_cb(struct hci_cb *cb)
2054 BT_DBG("%p name %s", cb, cb->name);
2056 write_lock(&hci_cb_list_lock);
2057 list_del(&cb->list);
2058 write_unlock(&hci_cb_list_lock);
2062 EXPORT_SYMBOL(hci_unregister_cb);
2064 static int hci_send_frame(struct sk_buff *skb)
2066 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
2073 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
2076 __net_timestamp(skb);
2078 /* Send copy to monitor */
2079 hci_send_to_monitor(hdev, skb);
2081 if (atomic_read(&hdev->promisc)) {
2082 /* Send copy to the sockets */
2083 hci_send_to_sock(hdev, skb);
2086 /* Get rid of skb owner, prior to sending to the driver. */
2089 return hdev->send(skb);
2092 /* Send HCI command */
2093 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2095 int len = HCI_COMMAND_HDR_SIZE + plen;
2096 struct hci_command_hdr *hdr;
2097 struct sk_buff *skb;
2099 BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);
2101 skb = bt_skb_alloc(len, GFP_ATOMIC);
2103 BT_ERR("%s no memory for command", hdev->name);
2107 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
2108 hdr->opcode = cpu_to_le16(opcode);
2112 memcpy(skb_put(skb, plen), param, plen);
2114 BT_DBG("skb len %d", skb->len);
2116 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
2117 skb->dev = (void *) hdev;
2119 if (test_bit(HCI_INIT, &hdev->flags))
2120 hdev->init_last_cmd = opcode;
2122 skb_queue_tail(&hdev->cmd_q, skb);
2123 queue_work(hdev->workqueue, &hdev->cmd_work);
2128 /* Get data from the previously sent command */
2129 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2131 struct hci_command_hdr *hdr;
2133 if (!hdev->sent_cmd)
2136 hdr = (void *) hdev->sent_cmd->data;
2138 if (hdr->opcode != cpu_to_le16(opcode))
2141 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2143 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
2147 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
2149 struct hci_acl_hdr *hdr;
2152 skb_push(skb, HCI_ACL_HDR_SIZE);
2153 skb_reset_transport_header(skb);
2154 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
2155 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
2156 hdr->dlen = cpu_to_le16(len);
2159 static void hci_queue_acl(struct hci_conn *conn, struct sk_buff_head *queue,
2160 struct sk_buff *skb, __u16 flags)
2162 struct hci_dev *hdev = conn->hdev;
2163 struct sk_buff *list;
2165 skb->len = skb_headlen(skb);
2168 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2169 hci_add_acl_hdr(skb, conn->handle, flags);
2171 list = skb_shinfo(skb)->frag_list;
2173 /* Non fragmented */
2174 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
2176 skb_queue_tail(queue, skb);
2179 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2181 skb_shinfo(skb)->frag_list = NULL;
2183 /* Queue all fragments atomically */
2184 spin_lock(&queue->lock);
2186 __skb_queue_tail(queue, skb);
2188 flags &= ~ACL_START;
2191 skb = list; list = list->next;
2193 skb->dev = (void *) hdev;
2194 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
2195 hci_add_acl_hdr(skb, conn->handle, flags);
2197 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
2199 __skb_queue_tail(queue, skb);
2202 spin_unlock(&queue->lock);
2206 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
2208 struct hci_conn *conn = chan->conn;
2209 struct hci_dev *hdev = conn->hdev;
2211 BT_DBG("%s chan %p flags 0x%x", hdev->name, chan, flags);
2213 skb->dev = (void *) hdev;
2215 hci_queue_acl(conn, &chan->data_q, skb, flags);
2217 queue_work(hdev->workqueue, &hdev->tx_work);
2219 EXPORT_SYMBOL(hci_send_acl);
2222 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
2224 struct hci_dev *hdev = conn->hdev;
2225 struct hci_sco_hdr hdr;
2227 BT_DBG("%s len %d", hdev->name, skb->len);
2229 hdr.handle = cpu_to_le16(conn->handle);
2230 hdr.dlen = skb->len;
2232 skb_push(skb, HCI_SCO_HDR_SIZE);
2233 skb_reset_transport_header(skb);
2234 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
2236 skb->dev = (void *) hdev;
2237 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
2239 skb_queue_tail(&conn->data_q, skb);
2240 queue_work(hdev->workqueue, &hdev->tx_work);
2242 EXPORT_SYMBOL(hci_send_sco);
2244 /* ---- HCI TX task (outgoing data) ---- */
2246 /* HCI Connection scheduler */
2247 static inline struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type, int *quote)
2249 struct hci_conn_hash *h = &hdev->conn_hash;
2250 struct hci_conn *conn = NULL, *c;
2251 unsigned int num = 0, min = ~0;
2253 /* We don't have to lock device here. Connections are always
2254 * added and removed with TX task disabled. */
2258 list_for_each_entry_rcu(c, &h->list, list) {
2259 if (c->type != type || skb_queue_empty(&c->data_q))
2262 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
2267 if (c->sent < min) {
2272 if (hci_conn_num(hdev, type) == num)
2281 switch (conn->type) {
2283 cnt = hdev->acl_cnt;
2287 cnt = hdev->sco_cnt;
2290 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2294 BT_ERR("Unknown link type");
2302 BT_DBG("conn %p quote %d", conn, *quote);
2306 static inline void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
2308 struct hci_conn_hash *h = &hdev->conn_hash;
2311 BT_ERR("%s link tx timeout", hdev->name);
2315 /* Kill stalled connections */
2316 list_for_each_entry_rcu(c, &h->list, list) {
2317 if (c->type == type && c->sent) {
2318 BT_ERR("%s killing stalled connection %s",
2319 hdev->name, batostr(&c->dst));
2320 hci_acl_disconn(c, 0x13);
2327 static inline struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
2330 struct hci_conn_hash *h = &hdev->conn_hash;
2331 struct hci_chan *chan = NULL;
2332 unsigned int num = 0, min = ~0, cur_prio = 0;
2333 struct hci_conn *conn;
2334 int cnt, q, conn_num = 0;
2336 BT_DBG("%s", hdev->name);
2340 list_for_each_entry_rcu(conn, &h->list, list) {
2341 struct hci_chan *tmp;
2343 if (conn->type != type)
2346 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2351 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
2352 struct sk_buff *skb;
2354 if (skb_queue_empty(&tmp->data_q))
2357 skb = skb_peek(&tmp->data_q);
2358 if (skb->priority < cur_prio)
2361 if (skb->priority > cur_prio) {
2364 cur_prio = skb->priority;
2369 if (conn->sent < min) {
2375 if (hci_conn_num(hdev, type) == conn_num)
2384 switch (chan->conn->type) {
2386 cnt = hdev->acl_cnt;
2390 cnt = hdev->sco_cnt;
2393 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
2397 BT_ERR("Unknown link type");
2402 BT_DBG("chan %p quote %d", chan, *quote);
2406 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
2408 struct hci_conn_hash *h = &hdev->conn_hash;
2409 struct hci_conn *conn;
2412 BT_DBG("%s", hdev->name);
2416 list_for_each_entry_rcu(conn, &h->list, list) {
2417 struct hci_chan *chan;
2419 if (conn->type != type)
2422 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
2427 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
2428 struct sk_buff *skb;
2435 if (skb_queue_empty(&chan->data_q))
2438 skb = skb_peek(&chan->data_q);
2439 if (skb->priority >= HCI_PRIO_MAX - 1)
2442 skb->priority = HCI_PRIO_MAX - 1;
2444 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
2448 if (hci_conn_num(hdev, type) == num)
2456 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
2458 /* Calculate count of blocks used by this packet */
2459 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
2462 static inline void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
2464 if (!test_bit(HCI_RAW, &hdev->flags)) {
2465 /* ACL tx timeout must be longer than maximum
2466 * link supervision timeout (40.9 seconds) */
2467 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
2468 msecs_to_jiffies(HCI_ACL_TX_TIMEOUT)))
2469 hci_link_tx_to(hdev, ACL_LINK);
2473 static inline void hci_sched_acl_pkt(struct hci_dev *hdev)
2475 unsigned int cnt = hdev->acl_cnt;
2476 struct hci_chan *chan;
2477 struct sk_buff *skb;
2480 __check_timeout(hdev, cnt);
2482 while (hdev->acl_cnt &&
2483 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2484 u32 priority = (skb_peek(&chan->data_q))->priority;
2485 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2486 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2487 skb->len, skb->priority);
2489 /* Stop if priority has changed */
2490 if (skb->priority < priority)
2493 skb = skb_dequeue(&chan->data_q);
2495 hci_conn_enter_active_mode(chan->conn,
2496 bt_cb(skb)->force_active);
2498 hci_send_frame(skb);
2499 hdev->acl_last_tx = jiffies;
2507 if (cnt != hdev->acl_cnt)
2508 hci_prio_recalculate(hdev, ACL_LINK);
2511 static inline void hci_sched_acl_blk(struct hci_dev *hdev)
2513 unsigned int cnt = hdev->block_cnt;
2514 struct hci_chan *chan;
2515 struct sk_buff *skb;
2518 __check_timeout(hdev, cnt);
2520 while (hdev->block_cnt > 0 &&
2521 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
2522 u32 priority = (skb_peek(&chan->data_q))->priority;
2523 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
2526 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2527 skb->len, skb->priority);
2529 /* Stop if priority has changed */
2530 if (skb->priority < priority)
2533 skb = skb_dequeue(&chan->data_q);
2535 blocks = __get_blocks(hdev, skb);
2536 if (blocks > hdev->block_cnt)
2539 hci_conn_enter_active_mode(chan->conn,
2540 bt_cb(skb)->force_active);
2542 hci_send_frame(skb);
2543 hdev->acl_last_tx = jiffies;
2545 hdev->block_cnt -= blocks;
2548 chan->sent += blocks;
2549 chan->conn->sent += blocks;
2553 if (cnt != hdev->block_cnt)
2554 hci_prio_recalculate(hdev, ACL_LINK);
2557 static inline void hci_sched_acl(struct hci_dev *hdev)
2559 BT_DBG("%s", hdev->name);
2561 if (!hci_conn_num(hdev, ACL_LINK))
2564 switch (hdev->flow_ctl_mode) {
2565 case HCI_FLOW_CTL_MODE_PACKET_BASED:
2566 hci_sched_acl_pkt(hdev);
2569 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
2570 hci_sched_acl_blk(hdev);
2576 static inline void hci_sched_sco(struct hci_dev *hdev)
2578 struct hci_conn *conn;
2579 struct sk_buff *skb;
2582 BT_DBG("%s", hdev->name);
2584 if (!hci_conn_num(hdev, SCO_LINK))
2587 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
2588 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2589 BT_DBG("skb %p len %d", skb, skb->len);
2590 hci_send_frame(skb);
2593 if (conn->sent == ~0)
2599 static inline void hci_sched_esco(struct hci_dev *hdev)
2601 struct hci_conn *conn;
2602 struct sk_buff *skb;
2605 BT_DBG("%s", hdev->name);
2607 if (!hci_conn_num(hdev, ESCO_LINK))
2610 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK, "e))) {
2611 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
2612 BT_DBG("skb %p len %d", skb, skb->len);
2613 hci_send_frame(skb);
2616 if (conn->sent == ~0)
2622 static inline void hci_sched_le(struct hci_dev *hdev)
2624 struct hci_chan *chan;
2625 struct sk_buff *skb;
2626 int quote, cnt, tmp;
2628 BT_DBG("%s", hdev->name);
2630 if (!hci_conn_num(hdev, LE_LINK))
2633 if (!test_bit(HCI_RAW, &hdev->flags)) {
2634 /* LE tx timeout must be longer than maximum
2635 * link supervision timeout (40.9 seconds) */
2636 if (!hdev->le_cnt && hdev->le_pkts &&
2637 time_after(jiffies, hdev->le_last_tx + HZ * 45))
2638 hci_link_tx_to(hdev, LE_LINK);
2641 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
2643 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
2644 u32 priority = (skb_peek(&chan->data_q))->priority;
2645 while (quote-- && (skb = skb_peek(&chan->data_q))) {
2646 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
2647 skb->len, skb->priority);
2649 /* Stop if priority has changed */
2650 if (skb->priority < priority)
2653 skb = skb_dequeue(&chan->data_q);
2655 hci_send_frame(skb);
2656 hdev->le_last_tx = jiffies;
2667 hdev->acl_cnt = cnt;
2670 hci_prio_recalculate(hdev, LE_LINK);
2673 static void hci_tx_work(struct work_struct *work)
2675 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
2676 struct sk_buff *skb;
2678 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
2679 hdev->sco_cnt, hdev->le_cnt);
2681 /* Schedule queues and send stuff to HCI driver */
2683 hci_sched_acl(hdev);
2685 hci_sched_sco(hdev);
2687 hci_sched_esco(hdev);
2691 /* Send next queued raw (unknown type) packet */
2692 while ((skb = skb_dequeue(&hdev->raw_q)))
2693 hci_send_frame(skb);
2696 /* ----- HCI RX task (incoming data processing) ----- */
2698 /* ACL data packet */
2699 static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2701 struct hci_acl_hdr *hdr = (void *) skb->data;
2702 struct hci_conn *conn;
2703 __u16 handle, flags;
2705 skb_pull(skb, HCI_ACL_HDR_SIZE);
2707 handle = __le16_to_cpu(hdr->handle);
2708 flags = hci_flags(handle);
2709 handle = hci_handle(handle);
2711 BT_DBG("%s len %d handle 0x%x flags 0x%x", hdev->name, skb->len, handle, flags);
2713 hdev->stat.acl_rx++;
2716 conn = hci_conn_hash_lookup_handle(hdev, handle);
2717 hci_dev_unlock(hdev);
2720 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
2723 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
2724 !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2725 mgmt_device_connected(hdev, &conn->dst, conn->type,
2726 conn->dst_type, 0, NULL, 0,
2728 hci_dev_unlock(hdev);
2730 /* Send to upper protocol */
2731 l2cap_recv_acldata(conn, skb, flags);
2734 BT_ERR("%s ACL packet for unknown connection handle %d",
2735 hdev->name, handle);
2741 /* SCO data packet */
2742 static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
2744 struct hci_sco_hdr *hdr = (void *) skb->data;
2745 struct hci_conn *conn;
2748 skb_pull(skb, HCI_SCO_HDR_SIZE);
2750 handle = __le16_to_cpu(hdr->handle);
2752 BT_DBG("%s len %d handle 0x%x", hdev->name, skb->len, handle);
2754 hdev->stat.sco_rx++;
2757 conn = hci_conn_hash_lookup_handle(hdev, handle);
2758 hci_dev_unlock(hdev);
2761 /* Send to upper protocol */
2762 sco_recv_scodata(conn, skb);
2765 BT_ERR("%s SCO packet for unknown connection handle %d",
2766 hdev->name, handle);
2772 static void hci_rx_work(struct work_struct *work)
2774 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
2775 struct sk_buff *skb;
2777 BT_DBG("%s", hdev->name);
2779 while ((skb = skb_dequeue(&hdev->rx_q))) {
2780 /* Send copy to monitor */
2781 hci_send_to_monitor(hdev, skb);
2783 if (atomic_read(&hdev->promisc)) {
2784 /* Send copy to the sockets */
2785 hci_send_to_sock(hdev, skb);
2788 if (test_bit(HCI_RAW, &hdev->flags)) {
2793 if (test_bit(HCI_INIT, &hdev->flags)) {
2794 /* Don't process data packets in this states. */
2795 switch (bt_cb(skb)->pkt_type) {
2796 case HCI_ACLDATA_PKT:
2797 case HCI_SCODATA_PKT:
2804 switch (bt_cb(skb)->pkt_type) {
2806 BT_DBG("%s Event packet", hdev->name);
2807 hci_event_packet(hdev, skb);
2810 case HCI_ACLDATA_PKT:
2811 BT_DBG("%s ACL data packet", hdev->name);
2812 hci_acldata_packet(hdev, skb);
2815 case HCI_SCODATA_PKT:
2816 BT_DBG("%s SCO data packet", hdev->name);
2817 hci_scodata_packet(hdev, skb);
2827 static void hci_cmd_work(struct work_struct *work)
2829 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
2830 struct sk_buff *skb;
2832 BT_DBG("%s cmd %d", hdev->name, atomic_read(&hdev->cmd_cnt));
2834 /* Send queued commands */
2835 if (atomic_read(&hdev->cmd_cnt)) {
2836 skb = skb_dequeue(&hdev->cmd_q);
2840 kfree_skb(hdev->sent_cmd);
2842 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
2843 if (hdev->sent_cmd) {
2844 atomic_dec(&hdev->cmd_cnt);
2845 hci_send_frame(skb);
2846 if (test_bit(HCI_RESET, &hdev->flags))
2847 del_timer(&hdev->cmd_timer);
2849 mod_timer(&hdev->cmd_timer,
2850 jiffies + msecs_to_jiffies(HCI_CMD_TIMEOUT));
2852 skb_queue_head(&hdev->cmd_q, skb);
2853 queue_work(hdev->workqueue, &hdev->cmd_work);
2858 int hci_do_inquiry(struct hci_dev *hdev, u8 length)
2860 /* General inquiry access code (GIAC) */
2861 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2862 struct hci_cp_inquiry cp;
2864 BT_DBG("%s", hdev->name);
2866 if (test_bit(HCI_INQUIRY, &hdev->flags))
2867 return -EINPROGRESS;
2869 inquiry_cache_flush(hdev);
2871 memset(&cp, 0, sizeof(cp));
2872 memcpy(&cp.lap, lap, sizeof(cp.lap));
2875 return hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
2878 int hci_cancel_inquiry(struct hci_dev *hdev)
2880 BT_DBG("%s", hdev->name);
2882 if (!test_bit(HCI_INQUIRY, &hdev->flags))
2885 return hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2888 u8 bdaddr_to_le(u8 bdaddr_type)
2890 switch (bdaddr_type) {
2891 case BDADDR_LE_PUBLIC:
2892 return ADDR_LE_DEV_PUBLIC;
2895 /* Fallback to LE Random address type */
2896 return ADDR_LE_DEV_RANDOM;
git.openpandora.org / pandora-kernel.git / blob