2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
42 static void hci_rx_work(struct work_struct *work);
43 static void hci_cmd_work(struct work_struct *work);
44 static void hci_tx_work(struct work_struct *work);
47 LIST_HEAD(hci_dev_list);
48 DEFINE_RWLOCK(hci_dev_list_lock);
50 /* HCI callback list */
51 LIST_HEAD(hci_cb_list);
52 DEFINE_RWLOCK(hci_cb_list_lock);
54 /* HCI ID Numbering */
55 static DEFINE_IDA(hci_index_ida);
57 /* ----- HCI requests ----- */
59 #define HCI_REQ_DONE 0
60 #define HCI_REQ_PEND 1
61 #define HCI_REQ_CANCELED 2
63 #define hci_req_lock(d) mutex_lock(&d->req_lock)
64 #define hci_req_unlock(d) mutex_unlock(&d->req_lock)
66 /* ---- HCI notifications ---- */
68 static void hci_notify(struct hci_dev *hdev, int event)
70 hci_sock_dev_event(hdev, event);
73 /* ---- HCI debugfs entries ---- */
75 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
76 size_t count, loff_t *ppos)
78 struct hci_dev *hdev = file->private_data;
81 buf[0] = test_bit(HCI_DUT_MODE, &hdev->dbg_flags) ? 'Y': 'N';
84 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
87 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
88 size_t count, loff_t *ppos)
90 struct hci_dev *hdev = file->private_data;
93 size_t buf_size = min(count, (sizeof(buf)-1));
97 if (!test_bit(HCI_UP, &hdev->flags))
100 if (copy_from_user(buf, user_buf, buf_size))
103 buf[buf_size] = '\0';
104 if (strtobool(buf, &enable))
107 if (enable == test_bit(HCI_DUT_MODE, &hdev->dbg_flags))
112 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
115 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
117 hci_req_unlock(hdev);
122 err = -bt_to_errno(skb->data[0]);
128 change_bit(HCI_DUT_MODE, &hdev->dbg_flags);
133 static const struct file_operations dut_mode_fops = {
135 .read = dut_mode_read,
136 .write = dut_mode_write,
137 .llseek = default_llseek,
140 static int features_show(struct seq_file *f, void *ptr)
142 struct hci_dev *hdev = f->private;
146 for (p = 0; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
147 seq_printf(f, "%2u: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
148 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n", p,
149 hdev->features[p][0], hdev->features[p][1],
150 hdev->features[p][2], hdev->features[p][3],
151 hdev->features[p][4], hdev->features[p][5],
152 hdev->features[p][6], hdev->features[p][7]);
154 if (lmp_le_capable(hdev))
155 seq_printf(f, "LE: 0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x "
156 "0x%2.2x 0x%2.2x 0x%2.2x 0x%2.2x\n",
157 hdev->le_features[0], hdev->le_features[1],
158 hdev->le_features[2], hdev->le_features[3],
159 hdev->le_features[4], hdev->le_features[5],
160 hdev->le_features[6], hdev->le_features[7]);
161 hci_dev_unlock(hdev);
166 static int features_open(struct inode *inode, struct file *file)
168 return single_open(file, features_show, inode->i_private);
171 static const struct file_operations features_fops = {
172 .open = features_open,
175 .release = single_release,
178 static int blacklist_show(struct seq_file *f, void *p)
180 struct hci_dev *hdev = f->private;
181 struct bdaddr_list *b;
184 list_for_each_entry(b, &hdev->blacklist, list)
185 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
186 hci_dev_unlock(hdev);
191 static int blacklist_open(struct inode *inode, struct file *file)
193 return single_open(file, blacklist_show, inode->i_private);
196 static const struct file_operations blacklist_fops = {
197 .open = blacklist_open,
200 .release = single_release,
203 static int whitelist_show(struct seq_file *f, void *p)
205 struct hci_dev *hdev = f->private;
206 struct bdaddr_list *b;
209 list_for_each_entry(b, &hdev->whitelist, list)
210 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
211 hci_dev_unlock(hdev);
216 static int whitelist_open(struct inode *inode, struct file *file)
218 return single_open(file, whitelist_show, inode->i_private);
221 static const struct file_operations whitelist_fops = {
222 .open = whitelist_open,
225 .release = single_release,
228 static int uuids_show(struct seq_file *f, void *p)
230 struct hci_dev *hdev = f->private;
231 struct bt_uuid *uuid;
234 list_for_each_entry(uuid, &hdev->uuids, list) {
237 /* The Bluetooth UUID values are stored in big endian,
238 * but with reversed byte order. So convert them into
239 * the right order for the %pUb modifier.
241 for (i = 0; i < 16; i++)
242 val[i] = uuid->uuid[15 - i];
244 seq_printf(f, "%pUb\n", val);
246 hci_dev_unlock(hdev);
251 static int uuids_open(struct inode *inode, struct file *file)
253 return single_open(file, uuids_show, inode->i_private);
256 static const struct file_operations uuids_fops = {
260 .release = single_release,
263 static int inquiry_cache_show(struct seq_file *f, void *p)
265 struct hci_dev *hdev = f->private;
266 struct discovery_state *cache = &hdev->discovery;
267 struct inquiry_entry *e;
271 list_for_each_entry(e, &cache->all, all) {
272 struct inquiry_data *data = &e->data;
273 seq_printf(f, "%pMR %d %d %d 0x%.2x%.2x%.2x 0x%.4x %d %d %u\n",
275 data->pscan_rep_mode, data->pscan_period_mode,
276 data->pscan_mode, data->dev_class[2],
277 data->dev_class[1], data->dev_class[0],
278 __le16_to_cpu(data->clock_offset),
279 data->rssi, data->ssp_mode, e->timestamp);
282 hci_dev_unlock(hdev);
287 static int inquiry_cache_open(struct inode *inode, struct file *file)
289 return single_open(file, inquiry_cache_show, inode->i_private);
292 static const struct file_operations inquiry_cache_fops = {
293 .open = inquiry_cache_open,
296 .release = single_release,
299 static int link_keys_show(struct seq_file *f, void *ptr)
301 struct hci_dev *hdev = f->private;
302 struct list_head *p, *n;
305 list_for_each_safe(p, n, &hdev->link_keys) {
306 struct link_key *key = list_entry(p, struct link_key, list);
307 seq_printf(f, "%pMR %u %*phN %u\n", &key->bdaddr, key->type,
308 HCI_LINK_KEY_SIZE, key->val, key->pin_len);
310 hci_dev_unlock(hdev);
315 static int link_keys_open(struct inode *inode, struct file *file)
317 return single_open(file, link_keys_show, inode->i_private);
320 static const struct file_operations link_keys_fops = {
321 .open = link_keys_open,
324 .release = single_release,
327 static int dev_class_show(struct seq_file *f, void *ptr)
329 struct hci_dev *hdev = f->private;
332 seq_printf(f, "0x%.2x%.2x%.2x\n", hdev->dev_class[2],
333 hdev->dev_class[1], hdev->dev_class[0]);
334 hci_dev_unlock(hdev);
339 static int dev_class_open(struct inode *inode, struct file *file)
341 return single_open(file, dev_class_show, inode->i_private);
344 static const struct file_operations dev_class_fops = {
345 .open = dev_class_open,
348 .release = single_release,
351 static int voice_setting_get(void *data, u64 *val)
353 struct hci_dev *hdev = data;
356 *val = hdev->voice_setting;
357 hci_dev_unlock(hdev);
362 DEFINE_SIMPLE_ATTRIBUTE(voice_setting_fops, voice_setting_get,
363 NULL, "0x%4.4llx\n");
365 static int auto_accept_delay_set(void *data, u64 val)
367 struct hci_dev *hdev = data;
370 hdev->auto_accept_delay = val;
371 hci_dev_unlock(hdev);
376 static int auto_accept_delay_get(void *data, u64 *val)
378 struct hci_dev *hdev = data;
381 *val = hdev->auto_accept_delay;
382 hci_dev_unlock(hdev);
387 DEFINE_SIMPLE_ATTRIBUTE(auto_accept_delay_fops, auto_accept_delay_get,
388 auto_accept_delay_set, "%llu\n");
390 static ssize_t force_sc_support_read(struct file *file, char __user *user_buf,
391 size_t count, loff_t *ppos)
393 struct hci_dev *hdev = file->private_data;
396 buf[0] = test_bit(HCI_FORCE_SC, &hdev->dbg_flags) ? 'Y': 'N';
399 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
402 static ssize_t force_sc_support_write(struct file *file,
403 const char __user *user_buf,
404 size_t count, loff_t *ppos)
406 struct hci_dev *hdev = file->private_data;
408 size_t buf_size = min(count, (sizeof(buf)-1));
411 if (test_bit(HCI_UP, &hdev->flags))
414 if (copy_from_user(buf, user_buf, buf_size))
417 buf[buf_size] = '\0';
418 if (strtobool(buf, &enable))
421 if (enable == test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
424 change_bit(HCI_FORCE_SC, &hdev->dbg_flags);
429 static const struct file_operations force_sc_support_fops = {
431 .read = force_sc_support_read,
432 .write = force_sc_support_write,
433 .llseek = default_llseek,
436 static ssize_t sc_only_mode_read(struct file *file, char __user *user_buf,
437 size_t count, loff_t *ppos)
439 struct hci_dev *hdev = file->private_data;
442 buf[0] = test_bit(HCI_SC_ONLY, &hdev->dev_flags) ? 'Y': 'N';
445 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
448 static const struct file_operations sc_only_mode_fops = {
450 .read = sc_only_mode_read,
451 .llseek = default_llseek,
454 static int idle_timeout_set(void *data, u64 val)
456 struct hci_dev *hdev = data;
458 if (val != 0 && (val < 500 || val > 3600000))
462 hdev->idle_timeout = val;
463 hci_dev_unlock(hdev);
468 static int idle_timeout_get(void *data, u64 *val)
470 struct hci_dev *hdev = data;
473 *val = hdev->idle_timeout;
474 hci_dev_unlock(hdev);
479 DEFINE_SIMPLE_ATTRIBUTE(idle_timeout_fops, idle_timeout_get,
480 idle_timeout_set, "%llu\n");
482 static int rpa_timeout_set(void *data, u64 val)
484 struct hci_dev *hdev = data;
486 /* Require the RPA timeout to be at least 30 seconds and at most
489 if (val < 30 || val > (60 * 60 * 24))
493 hdev->rpa_timeout = val;
494 hci_dev_unlock(hdev);
499 static int rpa_timeout_get(void *data, u64 *val)
501 struct hci_dev *hdev = data;
504 *val = hdev->rpa_timeout;
505 hci_dev_unlock(hdev);
510 DEFINE_SIMPLE_ATTRIBUTE(rpa_timeout_fops, rpa_timeout_get,
511 rpa_timeout_set, "%llu\n");
513 static int sniff_min_interval_set(void *data, u64 val)
515 struct hci_dev *hdev = data;
517 if (val == 0 || val % 2 || val > hdev->sniff_max_interval)
521 hdev->sniff_min_interval = val;
522 hci_dev_unlock(hdev);
527 static int sniff_min_interval_get(void *data, u64 *val)
529 struct hci_dev *hdev = data;
532 *val = hdev->sniff_min_interval;
533 hci_dev_unlock(hdev);
538 DEFINE_SIMPLE_ATTRIBUTE(sniff_min_interval_fops, sniff_min_interval_get,
539 sniff_min_interval_set, "%llu\n");
541 static int sniff_max_interval_set(void *data, u64 val)
543 struct hci_dev *hdev = data;
545 if (val == 0 || val % 2 || val < hdev->sniff_min_interval)
549 hdev->sniff_max_interval = val;
550 hci_dev_unlock(hdev);
555 static int sniff_max_interval_get(void *data, u64 *val)
557 struct hci_dev *hdev = data;
560 *val = hdev->sniff_max_interval;
561 hci_dev_unlock(hdev);
566 DEFINE_SIMPLE_ATTRIBUTE(sniff_max_interval_fops, sniff_max_interval_get,
567 sniff_max_interval_set, "%llu\n");
569 static int conn_info_min_age_set(void *data, u64 val)
571 struct hci_dev *hdev = data;
573 if (val == 0 || val > hdev->conn_info_max_age)
577 hdev->conn_info_min_age = val;
578 hci_dev_unlock(hdev);
583 static int conn_info_min_age_get(void *data, u64 *val)
585 struct hci_dev *hdev = data;
588 *val = hdev->conn_info_min_age;
589 hci_dev_unlock(hdev);
594 DEFINE_SIMPLE_ATTRIBUTE(conn_info_min_age_fops, conn_info_min_age_get,
595 conn_info_min_age_set, "%llu\n");
597 static int conn_info_max_age_set(void *data, u64 val)
599 struct hci_dev *hdev = data;
601 if (val == 0 || val < hdev->conn_info_min_age)
605 hdev->conn_info_max_age = val;
606 hci_dev_unlock(hdev);
611 static int conn_info_max_age_get(void *data, u64 *val)
613 struct hci_dev *hdev = data;
616 *val = hdev->conn_info_max_age;
617 hci_dev_unlock(hdev);
622 DEFINE_SIMPLE_ATTRIBUTE(conn_info_max_age_fops, conn_info_max_age_get,
623 conn_info_max_age_set, "%llu\n");
625 static int identity_show(struct seq_file *f, void *p)
627 struct hci_dev *hdev = f->private;
633 hci_copy_identity_address(hdev, &addr, &addr_type);
635 seq_printf(f, "%pMR (type %u) %*phN %pMR\n", &addr, addr_type,
636 16, hdev->irk, &hdev->rpa);
638 hci_dev_unlock(hdev);
643 static int identity_open(struct inode *inode, struct file *file)
645 return single_open(file, identity_show, inode->i_private);
648 static const struct file_operations identity_fops = {
649 .open = identity_open,
652 .release = single_release,
655 static int random_address_show(struct seq_file *f, void *p)
657 struct hci_dev *hdev = f->private;
660 seq_printf(f, "%pMR\n", &hdev->random_addr);
661 hci_dev_unlock(hdev);
666 static int random_address_open(struct inode *inode, struct file *file)
668 return single_open(file, random_address_show, inode->i_private);
671 static const struct file_operations random_address_fops = {
672 .open = random_address_open,
675 .release = single_release,
678 static int static_address_show(struct seq_file *f, void *p)
680 struct hci_dev *hdev = f->private;
683 seq_printf(f, "%pMR\n", &hdev->static_addr);
684 hci_dev_unlock(hdev);
689 static int static_address_open(struct inode *inode, struct file *file)
691 return single_open(file, static_address_show, inode->i_private);
694 static const struct file_operations static_address_fops = {
695 .open = static_address_open,
698 .release = single_release,
701 static ssize_t force_static_address_read(struct file *file,
702 char __user *user_buf,
703 size_t count, loff_t *ppos)
705 struct hci_dev *hdev = file->private_data;
708 buf[0] = test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ? 'Y': 'N';
711 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
714 static ssize_t force_static_address_write(struct file *file,
715 const char __user *user_buf,
716 size_t count, loff_t *ppos)
718 struct hci_dev *hdev = file->private_data;
720 size_t buf_size = min(count, (sizeof(buf)-1));
723 if (test_bit(HCI_UP, &hdev->flags))
726 if (copy_from_user(buf, user_buf, buf_size))
729 buf[buf_size] = '\0';
730 if (strtobool(buf, &enable))
733 if (enable == test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags))
736 change_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags);
741 static const struct file_operations force_static_address_fops = {
743 .read = force_static_address_read,
744 .write = force_static_address_write,
745 .llseek = default_llseek,
748 static int white_list_show(struct seq_file *f, void *ptr)
750 struct hci_dev *hdev = f->private;
751 struct bdaddr_list *b;
754 list_for_each_entry(b, &hdev->le_white_list, list)
755 seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
756 hci_dev_unlock(hdev);
761 static int white_list_open(struct inode *inode, struct file *file)
763 return single_open(file, white_list_show, inode->i_private);
766 static const struct file_operations white_list_fops = {
767 .open = white_list_open,
770 .release = single_release,
773 static int identity_resolving_keys_show(struct seq_file *f, void *ptr)
775 struct hci_dev *hdev = f->private;
776 struct list_head *p, *n;
779 list_for_each_safe(p, n, &hdev->identity_resolving_keys) {
780 struct smp_irk *irk = list_entry(p, struct smp_irk, list);
781 seq_printf(f, "%pMR (type %u) %*phN %pMR\n",
782 &irk->bdaddr, irk->addr_type,
783 16, irk->val, &irk->rpa);
785 hci_dev_unlock(hdev);
790 static int identity_resolving_keys_open(struct inode *inode, struct file *file)
792 return single_open(file, identity_resolving_keys_show,
796 static const struct file_operations identity_resolving_keys_fops = {
797 .open = identity_resolving_keys_open,
800 .release = single_release,
803 static int long_term_keys_show(struct seq_file *f, void *ptr)
805 struct hci_dev *hdev = f->private;
806 struct list_head *p, *n;
809 list_for_each_safe(p, n, &hdev->long_term_keys) {
810 struct smp_ltk *ltk = list_entry(p, struct smp_ltk, list);
811 seq_printf(f, "%pMR (type %u) %u 0x%02x %u %.4x %.16llx %*phN\n",
812 <k->bdaddr, ltk->bdaddr_type, ltk->authenticated,
813 ltk->type, ltk->enc_size, __le16_to_cpu(ltk->ediv),
814 __le64_to_cpu(ltk->rand), 16, ltk->val);
816 hci_dev_unlock(hdev);
821 static int long_term_keys_open(struct inode *inode, struct file *file)
823 return single_open(file, long_term_keys_show, inode->i_private);
826 static const struct file_operations long_term_keys_fops = {
827 .open = long_term_keys_open,
830 .release = single_release,
833 static int conn_min_interval_set(void *data, u64 val)
835 struct hci_dev *hdev = data;
837 if (val < 0x0006 || val > 0x0c80 || val > hdev->le_conn_max_interval)
841 hdev->le_conn_min_interval = val;
842 hci_dev_unlock(hdev);
847 static int conn_min_interval_get(void *data, u64 *val)
849 struct hci_dev *hdev = data;
852 *val = hdev->le_conn_min_interval;
853 hci_dev_unlock(hdev);
858 DEFINE_SIMPLE_ATTRIBUTE(conn_min_interval_fops, conn_min_interval_get,
859 conn_min_interval_set, "%llu\n");
861 static int conn_max_interval_set(void *data, u64 val)
863 struct hci_dev *hdev = data;
865 if (val < 0x0006 || val > 0x0c80 || val < hdev->le_conn_min_interval)
869 hdev->le_conn_max_interval = val;
870 hci_dev_unlock(hdev);
875 static int conn_max_interval_get(void *data, u64 *val)
877 struct hci_dev *hdev = data;
880 *val = hdev->le_conn_max_interval;
881 hci_dev_unlock(hdev);
886 DEFINE_SIMPLE_ATTRIBUTE(conn_max_interval_fops, conn_max_interval_get,
887 conn_max_interval_set, "%llu\n");
889 static int conn_latency_set(void *data, u64 val)
891 struct hci_dev *hdev = data;
897 hdev->le_conn_latency = val;
898 hci_dev_unlock(hdev);
903 static int conn_latency_get(void *data, u64 *val)
905 struct hci_dev *hdev = data;
908 *val = hdev->le_conn_latency;
909 hci_dev_unlock(hdev);
914 DEFINE_SIMPLE_ATTRIBUTE(conn_latency_fops, conn_latency_get,
915 conn_latency_set, "%llu\n");
917 static int supervision_timeout_set(void *data, u64 val)
919 struct hci_dev *hdev = data;
921 if (val < 0x000a || val > 0x0c80)
925 hdev->le_supv_timeout = val;
926 hci_dev_unlock(hdev);
931 static int supervision_timeout_get(void *data, u64 *val)
933 struct hci_dev *hdev = data;
936 *val = hdev->le_supv_timeout;
937 hci_dev_unlock(hdev);
942 DEFINE_SIMPLE_ATTRIBUTE(supervision_timeout_fops, supervision_timeout_get,
943 supervision_timeout_set, "%llu\n");
945 static int adv_channel_map_set(void *data, u64 val)
947 struct hci_dev *hdev = data;
949 if (val < 0x01 || val > 0x07)
953 hdev->le_adv_channel_map = val;
954 hci_dev_unlock(hdev);
959 static int adv_channel_map_get(void *data, u64 *val)
961 struct hci_dev *hdev = data;
964 *val = hdev->le_adv_channel_map;
965 hci_dev_unlock(hdev);
970 DEFINE_SIMPLE_ATTRIBUTE(adv_channel_map_fops, adv_channel_map_get,
971 adv_channel_map_set, "%llu\n");
973 static int adv_min_interval_set(void *data, u64 val)
975 struct hci_dev *hdev = data;
977 if (val < 0x0020 || val > 0x4000 || val > hdev->le_adv_max_interval)
981 hdev->le_adv_min_interval = val;
982 hci_dev_unlock(hdev);
987 static int adv_min_interval_get(void *data, u64 *val)
989 struct hci_dev *hdev = data;
992 *val = hdev->le_adv_min_interval;
993 hci_dev_unlock(hdev);
998 DEFINE_SIMPLE_ATTRIBUTE(adv_min_interval_fops, adv_min_interval_get,
999 adv_min_interval_set, "%llu\n");
1001 static int adv_max_interval_set(void *data, u64 val)
1003 struct hci_dev *hdev = data;
1005 if (val < 0x0020 || val > 0x4000 || val < hdev->le_adv_min_interval)
1009 hdev->le_adv_max_interval = val;
1010 hci_dev_unlock(hdev);
1015 static int adv_max_interval_get(void *data, u64 *val)
1017 struct hci_dev *hdev = data;
1020 *val = hdev->le_adv_max_interval;
1021 hci_dev_unlock(hdev);
1026 DEFINE_SIMPLE_ATTRIBUTE(adv_max_interval_fops, adv_max_interval_get,
1027 adv_max_interval_set, "%llu\n");
1029 static int device_list_show(struct seq_file *f, void *ptr)
1031 struct hci_dev *hdev = f->private;
1032 struct hci_conn_params *p;
1035 list_for_each_entry(p, &hdev->le_conn_params, list) {
1036 seq_printf(f, "%pMR %u %u\n", &p->addr, p->addr_type,
1039 hci_dev_unlock(hdev);
1044 static int device_list_open(struct inode *inode, struct file *file)
1046 return single_open(file, device_list_show, inode->i_private);
1049 static const struct file_operations device_list_fops = {
1050 .open = device_list_open,
1052 .llseek = seq_lseek,
1053 .release = single_release,
1056 /* ---- HCI requests ---- */
1058 static void hci_req_sync_complete(struct hci_dev *hdev, u8 result)
1060 BT_DBG("%s result 0x%2.2x", hdev->name, result);
1062 if (hdev->req_status == HCI_REQ_PEND) {
1063 hdev->req_result = result;
1064 hdev->req_status = HCI_REQ_DONE;
1065 wake_up_interruptible(&hdev->req_wait_q);
1069 static void hci_req_cancel(struct hci_dev *hdev, int err)
1071 BT_DBG("%s err 0x%2.2x", hdev->name, err);
1073 if (hdev->req_status == HCI_REQ_PEND) {
1074 hdev->req_result = err;
1075 hdev->req_status = HCI_REQ_CANCELED;
1076 wake_up_interruptible(&hdev->req_wait_q);
1080 static struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode,
1083 struct hci_ev_cmd_complete *ev;
1084 struct hci_event_hdr *hdr;
1085 struct sk_buff *skb;
1089 skb = hdev->recv_evt;
1090 hdev->recv_evt = NULL;
1092 hci_dev_unlock(hdev);
1095 return ERR_PTR(-ENODATA);
1097 if (skb->len < sizeof(*hdr)) {
1098 BT_ERR("Too short HCI event");
1102 hdr = (void *) skb->data;
1103 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1106 if (hdr->evt != event)
1111 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
1112 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
1116 if (skb->len < sizeof(*ev)) {
1117 BT_ERR("Too short cmd_complete event");
1121 ev = (void *) skb->data;
1122 skb_pull(skb, sizeof(*ev));
1124 if (opcode == __le16_to_cpu(ev->opcode))
1127 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
1128 __le16_to_cpu(ev->opcode));
1132 return ERR_PTR(-ENODATA);
1135 struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
1136 const void *param, u8 event, u32 timeout)
1138 DECLARE_WAITQUEUE(wait, current);
1139 struct hci_request req;
1142 BT_DBG("%s", hdev->name);
1144 hci_req_init(&req, hdev);
1146 hci_req_add_ev(&req, opcode, plen, param, event);
1148 hdev->req_status = HCI_REQ_PEND;
1150 err = hci_req_run(&req, hci_req_sync_complete);
1152 return ERR_PTR(err);
1154 add_wait_queue(&hdev->req_wait_q, &wait);
1155 set_current_state(TASK_INTERRUPTIBLE);
1157 schedule_timeout(timeout);
1159 remove_wait_queue(&hdev->req_wait_q, &wait);
1161 if (signal_pending(current))
1162 return ERR_PTR(-EINTR);
1164 switch (hdev->req_status) {
1166 err = -bt_to_errno(hdev->req_result);
1169 case HCI_REQ_CANCELED:
1170 err = -hdev->req_result;
1178 hdev->req_status = hdev->req_result = 0;
1180 BT_DBG("%s end: err %d", hdev->name, err);
1183 return ERR_PTR(err);
1185 return hci_get_cmd_complete(hdev, opcode, event);
1187 EXPORT_SYMBOL(__hci_cmd_sync_ev);
1189 struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
1190 const void *param, u32 timeout)
1192 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
1194 EXPORT_SYMBOL(__hci_cmd_sync);
1196 /* Execute request and wait for completion. */
1197 static int __hci_req_sync(struct hci_dev *hdev,
1198 void (*func)(struct hci_request *req,
1200 unsigned long opt, __u32 timeout)
1202 struct hci_request req;
1203 DECLARE_WAITQUEUE(wait, current);
1206 BT_DBG("%s start", hdev->name);
1208 hci_req_init(&req, hdev);
1210 hdev->req_status = HCI_REQ_PEND;
1214 err = hci_req_run(&req, hci_req_sync_complete);
1216 hdev->req_status = 0;
1218 /* ENODATA means the HCI request command queue is empty.
1219 * This can happen when a request with conditionals doesn't
1220 * trigger any commands to be sent. This is normal behavior
1221 * and should not trigger an error return.
1223 if (err == -ENODATA)
1229 add_wait_queue(&hdev->req_wait_q, &wait);
1230 set_current_state(TASK_INTERRUPTIBLE);
1232 schedule_timeout(timeout);
1234 remove_wait_queue(&hdev->req_wait_q, &wait);
1236 if (signal_pending(current))
1239 switch (hdev->req_status) {
1241 err = -bt_to_errno(hdev->req_result);
1244 case HCI_REQ_CANCELED:
1245 err = -hdev->req_result;
1253 hdev->req_status = hdev->req_result = 0;
1255 BT_DBG("%s end: err %d", hdev->name, err);
1260 static int hci_req_sync(struct hci_dev *hdev,
1261 void (*req)(struct hci_request *req,
1263 unsigned long opt, __u32 timeout)
1267 if (!test_bit(HCI_UP, &hdev->flags))
1270 /* Serialize all requests */
1272 ret = __hci_req_sync(hdev, req, opt, timeout);
1273 hci_req_unlock(hdev);
1278 static void hci_reset_req(struct hci_request *req, unsigned long opt)
1280 BT_DBG("%s %ld", req->hdev->name, opt);
1283 set_bit(HCI_RESET, &req->hdev->flags);
1284 hci_req_add(req, HCI_OP_RESET, 0, NULL);
1287 static void bredr_init(struct hci_request *req)
1289 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
1291 /* Read Local Supported Features */
1292 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1294 /* Read Local Version */
1295 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1297 /* Read BD Address */
1298 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1301 static void amp_init(struct hci_request *req)
1303 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
1305 /* Read Local Version */
1306 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1308 /* Read Local Supported Commands */
1309 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1311 /* Read Local Supported Features */
1312 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
1314 /* Read Local AMP Info */
1315 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
1317 /* Read Data Blk size */
1318 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
1320 /* Read Flow Control Mode */
1321 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
1323 /* Read Location Data */
1324 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
1327 static void hci_init1_req(struct hci_request *req, unsigned long opt)
1329 struct hci_dev *hdev = req->hdev;
1331 BT_DBG("%s %ld", hdev->name, opt);
1334 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1335 hci_reset_req(req, 0);
1337 switch (hdev->dev_type) {
1347 BT_ERR("Unknown device type %d", hdev->dev_type);
1352 static void bredr_setup(struct hci_request *req)
1354 struct hci_dev *hdev = req->hdev;
1359 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
1360 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
1362 /* Read Class of Device */
1363 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
1365 /* Read Local Name */
1366 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
1368 /* Read Voice Setting */
1369 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
1371 /* Read Number of Supported IAC */
1372 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
1374 /* Read Current IAC LAP */
1375 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
1377 /* Clear Event Filters */
1378 flt_type = HCI_FLT_CLEAR_ALL;
1379 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
1381 /* Connection accept timeout ~20 secs */
1382 param = cpu_to_le16(0x7d00);
1383 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
1385 /* AVM Berlin (31), aka "BlueFRITZ!", reports version 1.2,
1386 * but it does not support page scan related HCI commands.
1388 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1) {
1389 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
1390 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
1394 static void le_setup(struct hci_request *req)
1396 struct hci_dev *hdev = req->hdev;
1398 /* Read LE Buffer Size */
1399 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
1401 /* Read LE Local Supported Features */
1402 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
1404 /* Read LE Supported States */
1405 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
1407 /* Read LE White List Size */
1408 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE, 0, NULL);
1410 /* Clear LE White List */
1411 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
1413 /* LE-only controllers have LE implicitly enabled */
1414 if (!lmp_bredr_capable(hdev))
1415 set_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1418 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
1420 if (lmp_ext_inq_capable(hdev))
1423 if (lmp_inq_rssi_capable(hdev))
1426 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
1427 hdev->lmp_subver == 0x0757)
1430 if (hdev->manufacturer == 15) {
1431 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
1433 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
1435 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
1439 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
1440 hdev->lmp_subver == 0x1805)
1446 static void hci_setup_inquiry_mode(struct hci_request *req)
1450 mode = hci_get_inquiry_mode(req->hdev);
1452 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
1455 static void hci_setup_event_mask(struct hci_request *req)
1457 struct hci_dev *hdev = req->hdev;
1459 /* The second byte is 0xff instead of 0x9f (two reserved bits
1460 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
1461 * command otherwise.
1463 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
1465 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
1466 * any event mask for pre 1.2 devices.
1468 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1471 if (lmp_bredr_capable(hdev)) {
1472 events[4] |= 0x01; /* Flow Specification Complete */
1473 events[4] |= 0x02; /* Inquiry Result with RSSI */
1474 events[4] |= 0x04; /* Read Remote Extended Features Complete */
1475 events[5] |= 0x08; /* Synchronous Connection Complete */
1476 events[5] |= 0x10; /* Synchronous Connection Changed */
1478 /* Use a different default for LE-only devices */
1479 memset(events, 0, sizeof(events));
1480 events[0] |= 0x10; /* Disconnection Complete */
1481 events[1] |= 0x08; /* Read Remote Version Information Complete */
1482 events[1] |= 0x20; /* Command Complete */
1483 events[1] |= 0x40; /* Command Status */
1484 events[1] |= 0x80; /* Hardware Error */
1485 events[2] |= 0x04; /* Number of Completed Packets */
1486 events[3] |= 0x02; /* Data Buffer Overflow */
1488 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
1489 events[0] |= 0x80; /* Encryption Change */
1490 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1494 if (lmp_inq_rssi_capable(hdev))
1495 events[4] |= 0x02; /* Inquiry Result with RSSI */
1497 if (lmp_sniffsubr_capable(hdev))
1498 events[5] |= 0x20; /* Sniff Subrating */
1500 if (lmp_pause_enc_capable(hdev))
1501 events[5] |= 0x80; /* Encryption Key Refresh Complete */
1503 if (lmp_ext_inq_capable(hdev))
1504 events[5] |= 0x40; /* Extended Inquiry Result */
1506 if (lmp_no_flush_capable(hdev))
1507 events[7] |= 0x01; /* Enhanced Flush Complete */
1509 if (lmp_lsto_capable(hdev))
1510 events[6] |= 0x80; /* Link Supervision Timeout Changed */
1512 if (lmp_ssp_capable(hdev)) {
1513 events[6] |= 0x01; /* IO Capability Request */
1514 events[6] |= 0x02; /* IO Capability Response */
1515 events[6] |= 0x04; /* User Confirmation Request */
1516 events[6] |= 0x08; /* User Passkey Request */
1517 events[6] |= 0x10; /* Remote OOB Data Request */
1518 events[6] |= 0x20; /* Simple Pairing Complete */
1519 events[7] |= 0x04; /* User Passkey Notification */
1520 events[7] |= 0x08; /* Keypress Notification */
1521 events[7] |= 0x10; /* Remote Host Supported
1522 * Features Notification
1526 if (lmp_le_capable(hdev))
1527 events[7] |= 0x20; /* LE Meta-Event */
1529 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
1532 static void hci_init2_req(struct hci_request *req, unsigned long opt)
1534 struct hci_dev *hdev = req->hdev;
1536 if (lmp_bredr_capable(hdev))
1539 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
1541 if (lmp_le_capable(hdev))
1544 /* AVM Berlin (31), aka "BlueFRITZ!", doesn't support the read
1545 * local supported commands HCI command.
1547 if (hdev->manufacturer != 31 && hdev->hci_ver > BLUETOOTH_VER_1_1)
1548 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
1550 if (lmp_ssp_capable(hdev)) {
1551 /* When SSP is available, then the host features page
1552 * should also be available as well. However some
1553 * controllers list the max_page as 0 as long as SSP
1554 * has not been enabled. To achieve proper debugging
1555 * output, force the minimum max_page to 1 at least.
1557 hdev->max_page = 0x01;
1559 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1561 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
1562 sizeof(mode), &mode);
1564 struct hci_cp_write_eir cp;
1566 memset(hdev->eir, 0, sizeof(hdev->eir));
1567 memset(&cp, 0, sizeof(cp));
1569 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1573 if (lmp_inq_rssi_capable(hdev))
1574 hci_setup_inquiry_mode(req);
1576 if (lmp_inq_tx_pwr_capable(hdev))
1577 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
1579 if (lmp_ext_feat_capable(hdev)) {
1580 struct hci_cp_read_local_ext_features cp;
1583 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1587 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
1589 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
1594 static void hci_setup_link_policy(struct hci_request *req)
1596 struct hci_dev *hdev = req->hdev;
1597 struct hci_cp_write_def_link_policy cp;
1598 u16 link_policy = 0;
1600 if (lmp_rswitch_capable(hdev))
1601 link_policy |= HCI_LP_RSWITCH;
1602 if (lmp_hold_capable(hdev))
1603 link_policy |= HCI_LP_HOLD;
1604 if (lmp_sniff_capable(hdev))
1605 link_policy |= HCI_LP_SNIFF;
1606 if (lmp_park_capable(hdev))
1607 link_policy |= HCI_LP_PARK;
1609 cp.policy = cpu_to_le16(link_policy);
1610 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
1613 static void hci_set_le_support(struct hci_request *req)
1615 struct hci_dev *hdev = req->hdev;
1616 struct hci_cp_write_le_host_supported cp;
1618 /* LE-only devices do not support explicit enablement */
1619 if (!lmp_bredr_capable(hdev))
1622 memset(&cp, 0, sizeof(cp));
1624 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1629 if (cp.le != lmp_host_le_capable(hdev))
1630 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
1634 static void hci_set_event_mask_page_2(struct hci_request *req)
1636 struct hci_dev *hdev = req->hdev;
1637 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
1639 /* If Connectionless Slave Broadcast master role is supported
1640 * enable all necessary events for it.
1642 if (lmp_csb_master_capable(hdev)) {
1643 events[1] |= 0x40; /* Triggered Clock Capture */
1644 events[1] |= 0x80; /* Synchronization Train Complete */
1645 events[2] |= 0x10; /* Slave Page Response Timeout */
1646 events[2] |= 0x20; /* CSB Channel Map Change */
1649 /* If Connectionless Slave Broadcast slave role is supported
1650 * enable all necessary events for it.
1652 if (lmp_csb_slave_capable(hdev)) {
1653 events[2] |= 0x01; /* Synchronization Train Received */
1654 events[2] |= 0x02; /* CSB Receive */
1655 events[2] |= 0x04; /* CSB Timeout */
1656 events[2] |= 0x08; /* Truncated Page Complete */
1659 /* Enable Authenticated Payload Timeout Expired event if supported */
1660 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING)
1663 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2, sizeof(events), events);
1666 static void hci_init3_req(struct hci_request *req, unsigned long opt)
1668 struct hci_dev *hdev = req->hdev;
1671 hci_setup_event_mask(req);
1673 /* Some Broadcom based Bluetooth controllers do not support the
1674 * Delete Stored Link Key command. They are clearly indicating its
1675 * absence in the bit mask of supported commands.
1677 * Check the supported commands and only if the the command is marked
1678 * as supported send it. If not supported assume that the controller
1679 * does not have actual support for stored link keys which makes this
1680 * command redundant anyway.
1682 * Some controllers indicate that they support handling deleting
1683 * stored link keys, but they don't. The quirk lets a driver
1684 * just disable this command.
1686 if (hdev->commands[6] & 0x80 &&
1687 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
1688 struct hci_cp_delete_stored_link_key cp;
1690 bacpy(&cp.bdaddr, BDADDR_ANY);
1691 cp.delete_all = 0x01;
1692 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
1696 if (hdev->commands[5] & 0x10)
1697 hci_setup_link_policy(req);
1699 if (lmp_le_capable(hdev)) {
1702 memset(events, 0, sizeof(events));
1705 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
1706 events[0] |= 0x10; /* LE Long Term Key Request */
1708 /* If controller supports the Connection Parameters Request
1709 * Link Layer Procedure, enable the corresponding event.
1711 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
1712 events[0] |= 0x20; /* LE Remote Connection
1716 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
1719 if (hdev->commands[25] & 0x40) {
1720 /* Read LE Advertising Channel TX Power */
1721 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
1724 hci_set_le_support(req);
1727 /* Read features beyond page 1 if available */
1728 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
1729 struct hci_cp_read_local_ext_features cp;
1732 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
1737 static void hci_init4_req(struct hci_request *req, unsigned long opt)
1739 struct hci_dev *hdev = req->hdev;
1741 /* Set event mask page 2 if the HCI command for it is supported */
1742 if (hdev->commands[22] & 0x04)
1743 hci_set_event_mask_page_2(req);
1745 /* Read local codec list if the HCI command is supported */
1746 if (hdev->commands[29] & 0x20)
1747 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
1749 /* Get MWS transport configuration if the HCI command is supported */
1750 if (hdev->commands[30] & 0x08)
1751 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
1753 /* Check for Synchronization Train support */
1754 if (lmp_sync_train_capable(hdev))
1755 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
1757 /* Enable Secure Connections if supported and configured */
1758 if ((lmp_sc_capable(hdev) ||
1759 test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) &&
1760 test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
1762 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
1763 sizeof(support), &support);
1767 static int __hci_init(struct hci_dev *hdev)
1771 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT);
1775 /* The Device Under Test (DUT) mode is special and available for
1776 * all controller types. So just create it early on.
1778 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
1779 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
1783 /* HCI_BREDR covers both single-mode LE, BR/EDR and dual-mode
1784 * BR/EDR/LE type controllers. AMP controllers only need the
1787 if (hdev->dev_type != HCI_BREDR)
1790 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT);
1794 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT);
1798 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT);
1802 /* Only create debugfs entries during the initial setup
1803 * phase and not every time the controller gets powered on.
1805 if (!test_bit(HCI_SETUP, &hdev->dev_flags))
1808 debugfs_create_file("features", 0444, hdev->debugfs, hdev,
1810 debugfs_create_u16("manufacturer", 0444, hdev->debugfs,
1811 &hdev->manufacturer);
1812 debugfs_create_u8("hci_version", 0444, hdev->debugfs, &hdev->hci_ver);
1813 debugfs_create_u16("hci_revision", 0444, hdev->debugfs, &hdev->hci_rev);
1814 debugfs_create_file("blacklist", 0444, hdev->debugfs, hdev,
1816 debugfs_create_file("whitelist", 0444, hdev->debugfs, hdev,
1818 debugfs_create_file("uuids", 0444, hdev->debugfs, hdev, &uuids_fops);
1820 debugfs_create_file("conn_info_min_age", 0644, hdev->debugfs, hdev,
1821 &conn_info_min_age_fops);
1822 debugfs_create_file("conn_info_max_age", 0644, hdev->debugfs, hdev,
1823 &conn_info_max_age_fops);
1825 if (lmp_bredr_capable(hdev)) {
1826 debugfs_create_file("inquiry_cache", 0444, hdev->debugfs,
1827 hdev, &inquiry_cache_fops);
1828 debugfs_create_file("link_keys", 0400, hdev->debugfs,
1829 hdev, &link_keys_fops);
1830 debugfs_create_file("dev_class", 0444, hdev->debugfs,
1831 hdev, &dev_class_fops);
1832 debugfs_create_file("voice_setting", 0444, hdev->debugfs,
1833 hdev, &voice_setting_fops);
1836 if (lmp_ssp_capable(hdev)) {
1837 debugfs_create_file("auto_accept_delay", 0644, hdev->debugfs,
1838 hdev, &auto_accept_delay_fops);
1839 debugfs_create_file("force_sc_support", 0644, hdev->debugfs,
1840 hdev, &force_sc_support_fops);
1841 debugfs_create_file("sc_only_mode", 0444, hdev->debugfs,
1842 hdev, &sc_only_mode_fops);
1845 if (lmp_sniff_capable(hdev)) {
1846 debugfs_create_file("idle_timeout", 0644, hdev->debugfs,
1847 hdev, &idle_timeout_fops);
1848 debugfs_create_file("sniff_min_interval", 0644, hdev->debugfs,
1849 hdev, &sniff_min_interval_fops);
1850 debugfs_create_file("sniff_max_interval", 0644, hdev->debugfs,
1851 hdev, &sniff_max_interval_fops);
1854 if (lmp_le_capable(hdev)) {
1855 debugfs_create_file("identity", 0400, hdev->debugfs,
1856 hdev, &identity_fops);
1857 debugfs_create_file("rpa_timeout", 0644, hdev->debugfs,
1858 hdev, &rpa_timeout_fops);
1859 debugfs_create_file("random_address", 0444, hdev->debugfs,
1860 hdev, &random_address_fops);
1861 debugfs_create_file("static_address", 0444, hdev->debugfs,
1862 hdev, &static_address_fops);
1864 /* For controllers with a public address, provide a debug
1865 * option to force the usage of the configured static
1866 * address. By default the public address is used.
1868 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1869 debugfs_create_file("force_static_address", 0644,
1870 hdev->debugfs, hdev,
1871 &force_static_address_fops);
1873 debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
1874 &hdev->le_white_list_size);
1875 debugfs_create_file("white_list", 0444, hdev->debugfs, hdev,
1877 debugfs_create_file("identity_resolving_keys", 0400,
1878 hdev->debugfs, hdev,
1879 &identity_resolving_keys_fops);
1880 debugfs_create_file("long_term_keys", 0400, hdev->debugfs,
1881 hdev, &long_term_keys_fops);
1882 debugfs_create_file("conn_min_interval", 0644, hdev->debugfs,
1883 hdev, &conn_min_interval_fops);
1884 debugfs_create_file("conn_max_interval", 0644, hdev->debugfs,
1885 hdev, &conn_max_interval_fops);
1886 debugfs_create_file("conn_latency", 0644, hdev->debugfs,
1887 hdev, &conn_latency_fops);
1888 debugfs_create_file("supervision_timeout", 0644, hdev->debugfs,
1889 hdev, &supervision_timeout_fops);
1890 debugfs_create_file("adv_channel_map", 0644, hdev->debugfs,
1891 hdev, &adv_channel_map_fops);
1892 debugfs_create_file("adv_min_interval", 0644, hdev->debugfs,
1893 hdev, &adv_min_interval_fops);
1894 debugfs_create_file("adv_max_interval", 0644, hdev->debugfs,
1895 hdev, &adv_max_interval_fops);
1896 debugfs_create_file("device_list", 0444, hdev->debugfs, hdev,
1898 debugfs_create_u16("discov_interleaved_timeout", 0644,
1900 &hdev->discov_interleaved_timeout);
1908 static void hci_init0_req(struct hci_request *req, unsigned long opt)
1910 struct hci_dev *hdev = req->hdev;
1912 BT_DBG("%s %ld", hdev->name, opt);
1915 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
1916 hci_reset_req(req, 0);
1918 /* Read Local Version */
1919 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
1921 /* Read BD Address */
1922 if (hdev->set_bdaddr)
1923 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
1926 static int __hci_unconf_init(struct hci_dev *hdev)
1930 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1933 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT);
1940 static void hci_scan_req(struct hci_request *req, unsigned long opt)
1944 BT_DBG("%s %x", req->hdev->name, scan);
1946 /* Inquiry and Page scans */
1947 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1950 static void hci_auth_req(struct hci_request *req, unsigned long opt)
1954 BT_DBG("%s %x", req->hdev->name, auth);
1956 /* Authentication */
1957 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1960 static void hci_encrypt_req(struct hci_request *req, unsigned long opt)
1964 BT_DBG("%s %x", req->hdev->name, encrypt);
1967 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1970 static void hci_linkpol_req(struct hci_request *req, unsigned long opt)
1972 __le16 policy = cpu_to_le16(opt);
1974 BT_DBG("%s %x", req->hdev->name, policy);
1976 /* Default link policy */
1977 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1980 /* Get HCI device by index.
1981 * Device is held on return. */
1982 struct hci_dev *hci_dev_get(int index)
1984 struct hci_dev *hdev = NULL, *d;
1986 BT_DBG("%d", index);
1991 read_lock(&hci_dev_list_lock);
1992 list_for_each_entry(d, &hci_dev_list, list) {
1993 if (d->id == index) {
1994 hdev = hci_dev_hold(d);
1998 read_unlock(&hci_dev_list_lock);
2002 /* ---- Inquiry support ---- */
2004 bool hci_discovery_active(struct hci_dev *hdev)
2006 struct discovery_state *discov = &hdev->discovery;
2008 switch (discov->state) {
2009 case DISCOVERY_FINDING:
2010 case DISCOVERY_RESOLVING:
2018 void hci_discovery_set_state(struct hci_dev *hdev, int state)
2020 int old_state = hdev->discovery.state;
2022 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
2024 if (old_state == state)
2027 hdev->discovery.state = state;
2030 case DISCOVERY_STOPPED:
2031 hci_update_background_scan(hdev);
2033 if (old_state != DISCOVERY_STARTING)
2034 mgmt_discovering(hdev, 0);
2036 case DISCOVERY_STARTING:
2038 case DISCOVERY_FINDING:
2039 mgmt_discovering(hdev, 1);
2041 case DISCOVERY_RESOLVING:
2043 case DISCOVERY_STOPPING:
2048 void hci_inquiry_cache_flush(struct hci_dev *hdev)
2050 struct discovery_state *cache = &hdev->discovery;
2051 struct inquiry_entry *p, *n;
2053 list_for_each_entry_safe(p, n, &cache->all, all) {
2058 INIT_LIST_HEAD(&cache->unknown);
2059 INIT_LIST_HEAD(&cache->resolve);
2062 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
2065 struct discovery_state *cache = &hdev->discovery;
2066 struct inquiry_entry *e;
2068 BT_DBG("cache %p, %pMR", cache, bdaddr);
2070 list_for_each_entry(e, &cache->all, all) {
2071 if (!bacmp(&e->data.bdaddr, bdaddr))
2078 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
2081 struct discovery_state *cache = &hdev->discovery;
2082 struct inquiry_entry *e;
2084 BT_DBG("cache %p, %pMR", cache, bdaddr);
2086 list_for_each_entry(e, &cache->unknown, list) {
2087 if (!bacmp(&e->data.bdaddr, bdaddr))
2094 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
2098 struct discovery_state *cache = &hdev->discovery;
2099 struct inquiry_entry *e;
2101 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
2103 list_for_each_entry(e, &cache->resolve, list) {
2104 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
2106 if (!bacmp(&e->data.bdaddr, bdaddr))
2113 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
2114 struct inquiry_entry *ie)
2116 struct discovery_state *cache = &hdev->discovery;
2117 struct list_head *pos = &cache->resolve;
2118 struct inquiry_entry *p;
2120 list_del(&ie->list);
2122 list_for_each_entry(p, &cache->resolve, list) {
2123 if (p->name_state != NAME_PENDING &&
2124 abs(p->data.rssi) >= abs(ie->data.rssi))
2129 list_add(&ie->list, pos);
2132 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
2135 struct discovery_state *cache = &hdev->discovery;
2136 struct inquiry_entry *ie;
2139 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
2141 hci_remove_remote_oob_data(hdev, &data->bdaddr);
2143 if (!data->ssp_mode)
2144 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2146 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
2148 if (!ie->data.ssp_mode)
2149 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
2151 if (ie->name_state == NAME_NEEDED &&
2152 data->rssi != ie->data.rssi) {
2153 ie->data.rssi = data->rssi;
2154 hci_inquiry_cache_update_resolve(hdev, ie);
2160 /* Entry not in the cache. Add new one. */
2161 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
2163 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2167 list_add(&ie->all, &cache->all);
2170 ie->name_state = NAME_KNOWN;
2172 ie->name_state = NAME_NOT_KNOWN;
2173 list_add(&ie->list, &cache->unknown);
2177 if (name_known && ie->name_state != NAME_KNOWN &&
2178 ie->name_state != NAME_PENDING) {
2179 ie->name_state = NAME_KNOWN;
2180 list_del(&ie->list);
2183 memcpy(&ie->data, data, sizeof(*data));
2184 ie->timestamp = jiffies;
2185 cache->timestamp = jiffies;
2187 if (ie->name_state == NAME_NOT_KNOWN)
2188 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
2194 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
2196 struct discovery_state *cache = &hdev->discovery;
2197 struct inquiry_info *info = (struct inquiry_info *) buf;
2198 struct inquiry_entry *e;
2201 list_for_each_entry(e, &cache->all, all) {
2202 struct inquiry_data *data = &e->data;
2207 bacpy(&info->bdaddr, &data->bdaddr);
2208 info->pscan_rep_mode = data->pscan_rep_mode;
2209 info->pscan_period_mode = data->pscan_period_mode;
2210 info->pscan_mode = data->pscan_mode;
2211 memcpy(info->dev_class, data->dev_class, 3);
2212 info->clock_offset = data->clock_offset;
2218 BT_DBG("cache %p, copied %d", cache, copied);
2222 static void hci_inq_req(struct hci_request *req, unsigned long opt)
2224 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
2225 struct hci_dev *hdev = req->hdev;
2226 struct hci_cp_inquiry cp;
2228 BT_DBG("%s", hdev->name);
2230 if (test_bit(HCI_INQUIRY, &hdev->flags))
2234 memcpy(&cp.lap, &ir->lap, 3);
2235 cp.length = ir->length;
2236 cp.num_rsp = ir->num_rsp;
2237 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
2240 int hci_inquiry(void __user *arg)
2242 __u8 __user *ptr = arg;
2243 struct hci_inquiry_req ir;
2244 struct hci_dev *hdev;
2245 int err = 0, do_inquiry = 0, max_rsp;
2249 if (copy_from_user(&ir, ptr, sizeof(ir)))
2252 hdev = hci_dev_get(ir.dev_id);
2256 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2261 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2266 if (hdev->dev_type != HCI_BREDR) {
2271 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2277 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
2278 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
2279 hci_inquiry_cache_flush(hdev);
2282 hci_dev_unlock(hdev);
2284 timeo = ir.length * msecs_to_jiffies(2000);
2287 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
2292 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
2293 * cleared). If it is interrupted by a signal, return -EINTR.
2295 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
2296 TASK_INTERRUPTIBLE))
2300 /* for unlimited number of responses we will use buffer with
2303 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
2305 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
2306 * copy it to the user space.
2308 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
2315 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
2316 hci_dev_unlock(hdev);
2318 BT_DBG("num_rsp %d", ir.num_rsp);
2320 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
2322 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
2335 static int hci_dev_do_open(struct hci_dev *hdev)
2339 BT_DBG("%s %p", hdev->name, hdev);
2343 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags)) {
2348 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2349 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2350 /* Check for rfkill but allow the HCI setup stage to
2351 * proceed (which in itself doesn't cause any RF activity).
2353 if (test_bit(HCI_RFKILLED, &hdev->dev_flags)) {
2358 /* Check for valid public address or a configured static
2359 * random adddress, but let the HCI setup proceed to
2360 * be able to determine if there is a public address
2363 * In case of user channel usage, it is not important
2364 * if a public address or static random address is
2367 * This check is only valid for BR/EDR controllers
2368 * since AMP controllers do not have an address.
2370 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2371 hdev->dev_type == HCI_BREDR &&
2372 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2373 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
2374 ret = -EADDRNOTAVAIL;
2379 if (test_bit(HCI_UP, &hdev->flags)) {
2384 if (hdev->open(hdev)) {
2389 atomic_set(&hdev->cmd_cnt, 1);
2390 set_bit(HCI_INIT, &hdev->flags);
2392 if (test_bit(HCI_SETUP, &hdev->dev_flags)) {
2394 ret = hdev->setup(hdev);
2396 /* The transport driver can set these quirks before
2397 * creating the HCI device or in its setup callback.
2399 * In case any of them is set, the controller has to
2400 * start up as unconfigured.
2402 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
2403 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
2404 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
2406 /* For an unconfigured controller it is required to
2407 * read at least the version information provided by
2408 * the Read Local Version Information command.
2410 * If the set_bdaddr driver callback is provided, then
2411 * also the original Bluetooth public device address
2412 * will be read using the Read BD Address command.
2414 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
2415 ret = __hci_unconf_init(hdev);
2418 if (test_bit(HCI_CONFIG, &hdev->dev_flags)) {
2419 /* If public address change is configured, ensure that
2420 * the address gets programmed. If the driver does not
2421 * support changing the public address, fail the power
2424 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
2426 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
2428 ret = -EADDRNOTAVAIL;
2432 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2433 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
2434 ret = __hci_init(hdev);
2437 clear_bit(HCI_INIT, &hdev->flags);
2441 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
2442 set_bit(HCI_UP, &hdev->flags);
2443 hci_notify(hdev, HCI_DEV_UP);
2444 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
2445 !test_bit(HCI_CONFIG, &hdev->dev_flags) &&
2446 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2447 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2448 hdev->dev_type == HCI_BREDR) {
2450 mgmt_powered(hdev, 1);
2451 hci_dev_unlock(hdev);
2454 /* Init failed, cleanup */
2455 flush_work(&hdev->tx_work);
2456 flush_work(&hdev->cmd_work);
2457 flush_work(&hdev->rx_work);
2459 skb_queue_purge(&hdev->cmd_q);
2460 skb_queue_purge(&hdev->rx_q);
2465 if (hdev->sent_cmd) {
2466 kfree_skb(hdev->sent_cmd);
2467 hdev->sent_cmd = NULL;
2471 hdev->flags &= BIT(HCI_RAW);
2475 hci_req_unlock(hdev);
2479 /* ---- HCI ioctl helpers ---- */
2481 int hci_dev_open(__u16 dev)
2483 struct hci_dev *hdev;
2486 hdev = hci_dev_get(dev);
2490 /* Devices that are marked as unconfigured can only be powered
2491 * up as user channel. Trying to bring them up as normal devices
2492 * will result into a failure. Only user channel operation is
2495 * When this function is called for a user channel, the flag
2496 * HCI_USER_CHANNEL will be set first before attempting to
2499 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2500 !test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2505 /* We need to ensure that no other power on/off work is pending
2506 * before proceeding to call hci_dev_do_open. This is
2507 * particularly important if the setup procedure has not yet
2510 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2511 cancel_delayed_work(&hdev->power_off);
2513 /* After this call it is guaranteed that the setup procedure
2514 * has finished. This means that error conditions like RFKILL
2515 * or no valid public or static random address apply.
2517 flush_workqueue(hdev->req_workqueue);
2519 /* For controllers not using the management interface and that
2520 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
2521 * so that pairing works for them. Once the management interface
2522 * is in use this bit will be cleared again and userspace has
2523 * to explicitly enable it.
2525 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) &&
2526 !test_bit(HCI_MGMT, &hdev->dev_flags))
2527 set_bit(HCI_BONDABLE, &hdev->dev_flags);
2529 err = hci_dev_do_open(hdev);
2536 /* This function requires the caller holds hdev->lock */
2537 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
2539 struct hci_conn_params *p;
2541 list_for_each_entry(p, &hdev->le_conn_params, list) {
2543 hci_conn_drop(p->conn);
2544 hci_conn_put(p->conn);
2547 list_del_init(&p->action);
2550 BT_DBG("All LE pending actions cleared");
2553 static int hci_dev_do_close(struct hci_dev *hdev)
2555 BT_DBG("%s %p", hdev->name, hdev);
2557 cancel_delayed_work(&hdev->power_off);
2559 hci_req_cancel(hdev, ENODEV);
2562 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
2563 cancel_delayed_work_sync(&hdev->cmd_timer);
2564 hci_req_unlock(hdev);
2568 /* Flush RX and TX works */
2569 flush_work(&hdev->tx_work);
2570 flush_work(&hdev->rx_work);
2572 if (hdev->discov_timeout > 0) {
2573 cancel_delayed_work(&hdev->discov_off);
2574 hdev->discov_timeout = 0;
2575 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
2576 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2579 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
2580 cancel_delayed_work(&hdev->service_cache);
2582 cancel_delayed_work_sync(&hdev->le_scan_disable);
2584 if (test_bit(HCI_MGMT, &hdev->dev_flags))
2585 cancel_delayed_work_sync(&hdev->rpa_expired);
2588 hci_inquiry_cache_flush(hdev);
2589 hci_pend_le_actions_clear(hdev);
2590 hci_conn_hash_flush(hdev);
2591 hci_dev_unlock(hdev);
2593 hci_notify(hdev, HCI_DEV_DOWN);
2599 skb_queue_purge(&hdev->cmd_q);
2600 atomic_set(&hdev->cmd_cnt, 1);
2601 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags) &&
2602 !test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
2603 test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) {
2604 set_bit(HCI_INIT, &hdev->flags);
2605 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT);
2606 clear_bit(HCI_INIT, &hdev->flags);
2609 /* flush cmd work */
2610 flush_work(&hdev->cmd_work);
2613 skb_queue_purge(&hdev->rx_q);
2614 skb_queue_purge(&hdev->cmd_q);
2615 skb_queue_purge(&hdev->raw_q);
2617 /* Drop last sent command */
2618 if (hdev->sent_cmd) {
2619 cancel_delayed_work_sync(&hdev->cmd_timer);
2620 kfree_skb(hdev->sent_cmd);
2621 hdev->sent_cmd = NULL;
2624 kfree_skb(hdev->recv_evt);
2625 hdev->recv_evt = NULL;
2627 /* After this point our queues are empty
2628 * and no tasks are scheduled. */
2632 hdev->flags &= BIT(HCI_RAW);
2633 hdev->dev_flags &= ~HCI_PERSISTENT_MASK;
2635 if (!test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
2636 if (hdev->dev_type == HCI_BREDR) {
2638 mgmt_powered(hdev, 0);
2639 hci_dev_unlock(hdev);
2643 /* Controller radio is available but is currently powered down */
2644 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
2646 memset(hdev->eir, 0, sizeof(hdev->eir));
2647 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
2648 bacpy(&hdev->random_addr, BDADDR_ANY);
2650 hci_req_unlock(hdev);
2656 int hci_dev_close(__u16 dev)
2658 struct hci_dev *hdev;
2661 hdev = hci_dev_get(dev);
2665 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2670 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2671 cancel_delayed_work(&hdev->power_off);
2673 err = hci_dev_do_close(hdev);
2680 int hci_dev_reset(__u16 dev)
2682 struct hci_dev *hdev;
2685 hdev = hci_dev_get(dev);
2691 if (!test_bit(HCI_UP, &hdev->flags)) {
2696 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2701 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2707 skb_queue_purge(&hdev->rx_q);
2708 skb_queue_purge(&hdev->cmd_q);
2711 hci_inquiry_cache_flush(hdev);
2712 hci_conn_hash_flush(hdev);
2713 hci_dev_unlock(hdev);
2718 atomic_set(&hdev->cmd_cnt, 1);
2719 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
2721 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT);
2724 hci_req_unlock(hdev);
2729 int hci_dev_reset_stat(__u16 dev)
2731 struct hci_dev *hdev;
2734 hdev = hci_dev_get(dev);
2738 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2743 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2748 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
2755 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
2757 bool conn_changed, discov_changed;
2759 BT_DBG("%s scan 0x%02x", hdev->name, scan);
2761 if ((scan & SCAN_PAGE))
2762 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
2765 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
2768 if ((scan & SCAN_INQUIRY)) {
2769 discov_changed = !test_and_set_bit(HCI_DISCOVERABLE,
2772 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
2773 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
2777 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2780 if (conn_changed || discov_changed) {
2781 /* In case this was disabled through mgmt */
2782 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
2784 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
2785 mgmt_update_adv_data(hdev);
2787 mgmt_new_settings(hdev);
2791 int hci_dev_cmd(unsigned int cmd, void __user *arg)
2793 struct hci_dev *hdev;
2794 struct hci_dev_req dr;
2797 if (copy_from_user(&dr, arg, sizeof(dr)))
2800 hdev = hci_dev_get(dr.dev_id);
2804 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
2809 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
2814 if (hdev->dev_type != HCI_BREDR) {
2819 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2826 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2831 if (!lmp_encrypt_capable(hdev)) {
2836 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2837 /* Auth must be enabled first */
2838 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2844 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2849 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2852 /* Ensure that the connectable and discoverable states
2853 * get correctly modified as this was a non-mgmt change.
2856 hci_update_scan_state(hdev, dr.dev_opt);
2860 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2864 case HCISETLINKMODE:
2865 hdev->link_mode = ((__u16) dr.dev_opt) &
2866 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2870 hdev->pkt_type = (__u16) dr.dev_opt;
2874 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2875 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2879 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2880 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2893 int hci_get_dev_list(void __user *arg)
2895 struct hci_dev *hdev;
2896 struct hci_dev_list_req *dl;
2897 struct hci_dev_req *dr;
2898 int n = 0, size, err;
2901 if (get_user(dev_num, (__u16 __user *) arg))
2904 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2907 size = sizeof(*dl) + dev_num * sizeof(*dr);
2909 dl = kzalloc(size, GFP_KERNEL);
2915 read_lock(&hci_dev_list_lock);
2916 list_for_each_entry(hdev, &hci_dev_list, list) {
2917 unsigned long flags = hdev->flags;
2919 /* When the auto-off is configured it means the transport
2920 * is running, but in that case still indicate that the
2921 * device is actually down.
2923 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2924 flags &= ~BIT(HCI_UP);
2926 (dr + n)->dev_id = hdev->id;
2927 (dr + n)->dev_opt = flags;
2932 read_unlock(&hci_dev_list_lock);
2935 size = sizeof(*dl) + n * sizeof(*dr);
2937 err = copy_to_user(arg, dl, size);
2940 return err ? -EFAULT : 0;
2943 int hci_get_dev_info(void __user *arg)
2945 struct hci_dev *hdev;
2946 struct hci_dev_info di;
2947 unsigned long flags;
2950 if (copy_from_user(&di, arg, sizeof(di)))
2953 hdev = hci_dev_get(di.dev_id);
2957 /* When the auto-off is configured it means the transport
2958 * is running, but in that case still indicate that the
2959 * device is actually down.
2961 if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
2962 flags = hdev->flags & ~BIT(HCI_UP);
2964 flags = hdev->flags;
2966 strcpy(di.name, hdev->name);
2967 di.bdaddr = hdev->bdaddr;
2968 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2970 di.pkt_type = hdev->pkt_type;
2971 if (lmp_bredr_capable(hdev)) {
2972 di.acl_mtu = hdev->acl_mtu;
2973 di.acl_pkts = hdev->acl_pkts;
2974 di.sco_mtu = hdev->sco_mtu;
2975 di.sco_pkts = hdev->sco_pkts;
2977 di.acl_mtu = hdev->le_mtu;
2978 di.acl_pkts = hdev->le_pkts;
2982 di.link_policy = hdev->link_policy;
2983 di.link_mode = hdev->link_mode;
2985 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2986 memcpy(&di.features, &hdev->features, sizeof(di.features));
2988 if (copy_to_user(arg, &di, sizeof(di)))
2996 /* ---- Interface to HCI drivers ---- */
2998 static int hci_rfkill_set_block(void *data, bool blocked)
3000 struct hci_dev *hdev = data;
3002 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
3004 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags))
3008 set_bit(HCI_RFKILLED, &hdev->dev_flags);
3009 if (!test_bit(HCI_SETUP, &hdev->dev_flags) &&
3010 !test_bit(HCI_CONFIG, &hdev->dev_flags))
3011 hci_dev_do_close(hdev);
3013 clear_bit(HCI_RFKILLED, &hdev->dev_flags);
3019 static const struct rfkill_ops hci_rfkill_ops = {
3020 .set_block = hci_rfkill_set_block,
3023 static void hci_power_on(struct work_struct *work)
3025 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
3028 BT_DBG("%s", hdev->name);
3030 err = hci_dev_do_open(hdev);
3032 mgmt_set_powered_failed(hdev, err);
3036 /* During the HCI setup phase, a few error conditions are
3037 * ignored and they need to be checked now. If they are still
3038 * valid, it is important to turn the device back off.
3040 if (test_bit(HCI_RFKILLED, &hdev->dev_flags) ||
3041 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
3042 (hdev->dev_type == HCI_BREDR &&
3043 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
3044 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
3045 clear_bit(HCI_AUTO_OFF, &hdev->dev_flags);
3046 hci_dev_do_close(hdev);
3047 } else if (test_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
3048 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
3049 HCI_AUTO_OFF_TIMEOUT);
3052 if (test_and_clear_bit(HCI_SETUP, &hdev->dev_flags)) {
3053 /* For unconfigured devices, set the HCI_RAW flag
3054 * so that userspace can easily identify them.
3056 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3057 set_bit(HCI_RAW, &hdev->flags);
3059 /* For fully configured devices, this will send
3060 * the Index Added event. For unconfigured devices,
3061 * it will send Unconfigued Index Added event.
3063 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
3064 * and no event will be send.
3066 mgmt_index_added(hdev);
3067 } else if (test_and_clear_bit(HCI_CONFIG, &hdev->dev_flags)) {
3068 /* When the controller is now configured, then it
3069 * is important to clear the HCI_RAW flag.
3071 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
3072 clear_bit(HCI_RAW, &hdev->flags);
3074 /* Powering on the controller with HCI_CONFIG set only
3075 * happens with the transition from unconfigured to
3076 * configured. This will send the Index Added event.
3078 mgmt_index_added(hdev);
3082 static void hci_power_off(struct work_struct *work)
3084 struct hci_dev *hdev = container_of(work, struct hci_dev,
3087 BT_DBG("%s", hdev->name);
3089 hci_dev_do_close(hdev);
3092 static void hci_discov_off(struct work_struct *work)
3094 struct hci_dev *hdev;
3096 hdev = container_of(work, struct hci_dev, discov_off.work);
3098 BT_DBG("%s", hdev->name);
3100 mgmt_discoverable_timeout(hdev);
3103 void hci_uuids_clear(struct hci_dev *hdev)
3105 struct bt_uuid *uuid, *tmp;
3107 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
3108 list_del(&uuid->list);
3113 void hci_link_keys_clear(struct hci_dev *hdev)
3115 struct list_head *p, *n;
3117 list_for_each_safe(p, n, &hdev->link_keys) {
3118 struct link_key *key;
3120 key = list_entry(p, struct link_key, list);
3127 void hci_smp_ltks_clear(struct hci_dev *hdev)
3129 struct smp_ltk *k, *tmp;
3131 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
3137 void hci_smp_irks_clear(struct hci_dev *hdev)
3139 struct smp_irk *k, *tmp;
3141 list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
3147 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3151 list_for_each_entry(k, &hdev->link_keys, list)
3152 if (bacmp(bdaddr, &k->bdaddr) == 0)
3158 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
3159 u8 key_type, u8 old_key_type)
3162 if (key_type < 0x03)
3165 /* Debug keys are insecure so don't store them persistently */
3166 if (key_type == HCI_LK_DEBUG_COMBINATION)
3169 /* Changed combination key and there's no previous one */
3170 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
3173 /* Security mode 3 case */
3177 /* Neither local nor remote side had no-bonding as requirement */
3178 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
3181 /* Local side had dedicated bonding as requirement */
3182 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
3185 /* Remote side had dedicated bonding as requirement */
3186 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
3189 /* If none of the above criteria match, then don't store the key
3194 static u8 ltk_role(u8 type)
3196 if (type == SMP_LTK)
3197 return HCI_ROLE_MASTER;
3199 return HCI_ROLE_SLAVE;
3202 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, __le64 rand,
3207 list_for_each_entry(k, &hdev->long_term_keys, list) {
3208 if (k->ediv != ediv || k->rand != rand)
3211 if (ltk_role(k->type) != role)
3220 struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3221 u8 addr_type, u8 role)
3225 list_for_each_entry(k, &hdev->long_term_keys, list)
3226 if (addr_type == k->bdaddr_type &&
3227 bacmp(bdaddr, &k->bdaddr) == 0 &&
3228 ltk_role(k->type) == role)
3234 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
3236 struct smp_irk *irk;
3238 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3239 if (!bacmp(&irk->rpa, rpa))
3243 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3244 if (smp_irk_matches(hdev, irk->val, rpa)) {
3245 bacpy(&irk->rpa, rpa);
3253 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
3256 struct smp_irk *irk;
3258 /* Identity Address must be public or static random */
3259 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
3262 list_for_each_entry(irk, &hdev->identity_resolving_keys, list) {
3263 if (addr_type == irk->addr_type &&
3264 bacmp(bdaddr, &irk->bdaddr) == 0)
3271 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
3272 bdaddr_t *bdaddr, u8 *val, u8 type,
3273 u8 pin_len, bool *persistent)
3275 struct link_key *key, *old_key;
3278 old_key = hci_find_link_key(hdev, bdaddr);
3280 old_key_type = old_key->type;
3283 old_key_type = conn ? conn->key_type : 0xff;
3284 key = kzalloc(sizeof(*key), GFP_KERNEL);
3287 list_add(&key->list, &hdev->link_keys);
3290 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
3292 /* Some buggy controller combinations generate a changed
3293 * combination key for legacy pairing even when there's no
3295 if (type == HCI_LK_CHANGED_COMBINATION &&
3296 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
3297 type = HCI_LK_COMBINATION;
3299 conn->key_type = type;
3302 bacpy(&key->bdaddr, bdaddr);
3303 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
3304 key->pin_len = pin_len;
3306 if (type == HCI_LK_CHANGED_COMBINATION)
3307 key->type = old_key_type;
3312 *persistent = hci_persistent_key(hdev, conn, type,
3318 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3319 u8 addr_type, u8 type, u8 authenticated,
3320 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
3322 struct smp_ltk *key, *old_key;
3323 u8 role = ltk_role(type);
3325 old_key = hci_find_ltk_by_addr(hdev, bdaddr, addr_type, role);
3329 key = kzalloc(sizeof(*key), GFP_KERNEL);
3332 list_add(&key->list, &hdev->long_term_keys);
3335 bacpy(&key->bdaddr, bdaddr);
3336 key->bdaddr_type = addr_type;
3337 memcpy(key->val, tk, sizeof(key->val));
3338 key->authenticated = authenticated;
3341 key->enc_size = enc_size;
3347 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
3348 u8 addr_type, u8 val[16], bdaddr_t *rpa)
3350 struct smp_irk *irk;
3352 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
3354 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
3358 bacpy(&irk->bdaddr, bdaddr);
3359 irk->addr_type = addr_type;
3361 list_add(&irk->list, &hdev->identity_resolving_keys);
3364 memcpy(irk->val, val, 16);
3365 bacpy(&irk->rpa, rpa);
3370 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
3372 struct link_key *key;
3374 key = hci_find_link_key(hdev, bdaddr);
3378 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3380 list_del(&key->list);
3386 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
3388 struct smp_ltk *k, *tmp;
3391 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
3392 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
3395 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3402 return removed ? 0 : -ENOENT;
3405 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
3407 struct smp_irk *k, *tmp;
3409 list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
3410 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
3413 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3420 /* HCI command timer function */
3421 static void hci_cmd_timeout(struct work_struct *work)
3423 struct hci_dev *hdev = container_of(work, struct hci_dev,
3426 if (hdev->sent_cmd) {
3427 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
3428 u16 opcode = __le16_to_cpu(sent->opcode);
3430 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
3432 BT_ERR("%s command tx timeout", hdev->name);
3435 atomic_set(&hdev->cmd_cnt, 1);
3436 queue_work(hdev->workqueue, &hdev->cmd_work);
3439 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
3442 struct oob_data *data;
3444 list_for_each_entry(data, &hdev->remote_oob_data, list)
3445 if (bacmp(bdaddr, &data->bdaddr) == 0)
3451 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr)
3453 struct oob_data *data;
3455 data = hci_find_remote_oob_data(hdev, bdaddr);
3459 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
3461 list_del(&data->list);
3467 void hci_remote_oob_data_clear(struct hci_dev *hdev)
3469 struct oob_data *data, *n;
3471 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
3472 list_del(&data->list);
3477 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3478 u8 *hash, u8 *randomizer)
3480 struct oob_data *data;
3482 data = hci_find_remote_oob_data(hdev, bdaddr);
3484 data = kmalloc(sizeof(*data), GFP_KERNEL);
3488 bacpy(&data->bdaddr, bdaddr);
3489 list_add(&data->list, &hdev->remote_oob_data);
3492 memcpy(data->hash192, hash, sizeof(data->hash192));
3493 memcpy(data->randomizer192, randomizer, sizeof(data->randomizer192));
3495 memset(data->hash256, 0, sizeof(data->hash256));
3496 memset(data->randomizer256, 0, sizeof(data->randomizer256));
3498 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3503 int hci_add_remote_oob_ext_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
3504 u8 *hash192, u8 *randomizer192,
3505 u8 *hash256, u8 *randomizer256)
3507 struct oob_data *data;
3509 data = hci_find_remote_oob_data(hdev, bdaddr);
3511 data = kmalloc(sizeof(*data), GFP_KERNEL);
3515 bacpy(&data->bdaddr, bdaddr);
3516 list_add(&data->list, &hdev->remote_oob_data);
3519 memcpy(data->hash192, hash192, sizeof(data->hash192));
3520 memcpy(data->randomizer192, randomizer192, sizeof(data->randomizer192));
3522 memcpy(data->hash256, hash256, sizeof(data->hash256));
3523 memcpy(data->randomizer256, randomizer256, sizeof(data->randomizer256));
3525 BT_DBG("%s for %pMR", hdev->name, bdaddr);
3530 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3531 bdaddr_t *bdaddr, u8 type)
3533 struct bdaddr_list *b;
3535 list_for_each_entry(b, bdaddr_list, list) {
3536 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3543 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3545 struct list_head *p, *n;
3547 list_for_each_safe(p, n, bdaddr_list) {
3548 struct bdaddr_list *b = list_entry(p, struct bdaddr_list, list);
3555 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3557 struct bdaddr_list *entry;
3559 if (!bacmp(bdaddr, BDADDR_ANY))
3562 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3565 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3569 bacpy(&entry->bdaddr, bdaddr);
3570 entry->bdaddr_type = type;
3572 list_add(&entry->list, list);
3577 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3579 struct bdaddr_list *entry;
3581 if (!bacmp(bdaddr, BDADDR_ANY)) {
3582 hci_bdaddr_list_clear(list);
3586 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3590 list_del(&entry->list);
3596 /* This function requires the caller holds hdev->lock */
3597 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3598 bdaddr_t *addr, u8 addr_type)
3600 struct hci_conn_params *params;
3602 /* The conn params list only contains identity addresses */
3603 if (!hci_is_identity_address(addr, addr_type))
3606 list_for_each_entry(params, &hdev->le_conn_params, list) {
3607 if (bacmp(¶ms->addr, addr) == 0 &&
3608 params->addr_type == addr_type) {
3616 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
3618 struct hci_conn *conn;
3620 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
3624 if (conn->dst_type != type)
3627 if (conn->state != BT_CONNECTED)
3633 /* This function requires the caller holds hdev->lock */
3634 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3635 bdaddr_t *addr, u8 addr_type)
3637 struct hci_conn_params *param;
3639 /* The list only contains identity addresses */
3640 if (!hci_is_identity_address(addr, addr_type))
3643 list_for_each_entry(param, list, action) {
3644 if (bacmp(¶m->addr, addr) == 0 &&
3645 param->addr_type == addr_type)
3652 /* This function requires the caller holds hdev->lock */
3653 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3654 bdaddr_t *addr, u8 addr_type)
3656 struct hci_conn_params *params;
3658 if (!hci_is_identity_address(addr, addr_type))
3661 params = hci_conn_params_lookup(hdev, addr, addr_type);
3665 params = kzalloc(sizeof(*params), GFP_KERNEL);
3667 BT_ERR("Out of memory");
3671 bacpy(¶ms->addr, addr);
3672 params->addr_type = addr_type;
3674 list_add(¶ms->list, &hdev->le_conn_params);
3675 INIT_LIST_HEAD(¶ms->action);
3677 params->conn_min_interval = hdev->le_conn_min_interval;
3678 params->conn_max_interval = hdev->le_conn_max_interval;
3679 params->conn_latency = hdev->le_conn_latency;
3680 params->supervision_timeout = hdev->le_supv_timeout;
3681 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3683 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3688 /* This function requires the caller holds hdev->lock */
3689 int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type,
3692 struct hci_conn_params *params;
3694 params = hci_conn_params_add(hdev, addr, addr_type);
3698 if (params->auto_connect == auto_connect)
3701 list_del_init(¶ms->action);
3703 switch (auto_connect) {
3704 case HCI_AUTO_CONN_DISABLED:
3705 case HCI_AUTO_CONN_LINK_LOSS:
3706 hci_update_background_scan(hdev);
3708 case HCI_AUTO_CONN_REPORT:
3709 list_add(¶ms->action, &hdev->pend_le_reports);
3710 hci_update_background_scan(hdev);
3712 case HCI_AUTO_CONN_DIRECT:
3713 case HCI_AUTO_CONN_ALWAYS:
3714 if (!is_connected(hdev, addr, addr_type)) {
3715 list_add(¶ms->action, &hdev->pend_le_conns);
3716 hci_update_background_scan(hdev);
3721 params->auto_connect = auto_connect;
3723 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
3729 static void hci_conn_params_free(struct hci_conn_params *params)
3732 hci_conn_drop(params->conn);
3733 hci_conn_put(params->conn);
3736 list_del(¶ms->action);
3737 list_del(¶ms->list);
3741 /* This function requires the caller holds hdev->lock */
3742 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3744 struct hci_conn_params *params;
3746 params = hci_conn_params_lookup(hdev, addr, addr_type);
3750 hci_conn_params_free(params);
3752 hci_update_background_scan(hdev);
3754 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3757 /* This function requires the caller holds hdev->lock */
3758 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3760 struct hci_conn_params *params, *tmp;
3762 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3763 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3765 list_del(¶ms->list);
3769 BT_DBG("All LE disabled connection parameters were removed");
3772 /* This function requires the caller holds hdev->lock */
3773 void hci_conn_params_clear_all(struct hci_dev *hdev)
3775 struct hci_conn_params *params, *tmp;
3777 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
3778 hci_conn_params_free(params);
3780 hci_update_background_scan(hdev);
3782 BT_DBG("All LE connection parameters were removed");
3785 static void inquiry_complete(struct hci_dev *hdev, u8 status)
3788 BT_ERR("Failed to start inquiry: status %d", status);
3791 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3792 hci_dev_unlock(hdev);
3797 static void le_scan_disable_work_complete(struct hci_dev *hdev, u8 status)
3799 /* General inquiry access code (GIAC) */
3800 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3801 struct hci_request req;
3802 struct hci_cp_inquiry cp;
3806 BT_ERR("Failed to disable LE scanning: status %d", status);
3810 switch (hdev->discovery.type) {
3811 case DISCOV_TYPE_LE:
3813 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3814 hci_dev_unlock(hdev);
3817 case DISCOV_TYPE_INTERLEAVED:
3818 hci_req_init(&req, hdev);
3820 memset(&cp, 0, sizeof(cp));
3821 memcpy(&cp.lap, lap, sizeof(cp.lap));
3822 cp.length = DISCOV_INTERLEAVED_INQUIRY_LEN;
3823 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3827 hci_inquiry_cache_flush(hdev);
3829 err = hci_req_run(&req, inquiry_complete);
3831 BT_ERR("Inquiry request failed: err %d", err);
3832 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3835 hci_dev_unlock(hdev);
3840 static void le_scan_disable_work(struct work_struct *work)
3842 struct hci_dev *hdev = container_of(work, struct hci_dev,
3843 le_scan_disable.work);
3844 struct hci_request req;
3847 BT_DBG("%s", hdev->name);
3849 hci_req_init(&req, hdev);
3851 hci_req_add_le_scan_disable(&req);
3853 err = hci_req_run(&req, le_scan_disable_work_complete);
3855 BT_ERR("Disable LE scanning request failed: err %d", err);
3858 static void set_random_addr(struct hci_request *req, bdaddr_t *rpa)
3860 struct hci_dev *hdev = req->hdev;
3862 /* If we're advertising or initiating an LE connection we can't
3863 * go ahead and change the random address at this time. This is
3864 * because the eventual initiator address used for the
3865 * subsequently created connection will be undefined (some
3866 * controllers use the new address and others the one we had
3867 * when the operation started).
3869 * In this kind of scenario skip the update and let the random
3870 * address be updated at the next cycle.
3872 if (test_bit(HCI_LE_ADV, &hdev->dev_flags) ||
3873 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3874 BT_DBG("Deferring random address update");
3875 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
3879 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, rpa);
3882 int hci_update_random_address(struct hci_request *req, bool require_privacy,
3885 struct hci_dev *hdev = req->hdev;
3888 /* If privacy is enabled use a resolvable private address. If
3889 * current RPA has expired or there is something else than
3890 * the current RPA in use, then generate a new one.
3892 if (test_bit(HCI_PRIVACY, &hdev->dev_flags)) {
3895 *own_addr_type = ADDR_LE_DEV_RANDOM;
3897 if (!test_and_clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags) &&
3898 !bacmp(&hdev->random_addr, &hdev->rpa))
3901 err = smp_generate_rpa(hdev, hdev->irk, &hdev->rpa);
3903 BT_ERR("%s failed to generate new RPA", hdev->name);
3907 set_random_addr(req, &hdev->rpa);
3909 to = msecs_to_jiffies(hdev->rpa_timeout * 1000);
3910 queue_delayed_work(hdev->workqueue, &hdev->rpa_expired, to);
3915 /* In case of required privacy without resolvable private address,
3916 * use an unresolvable private address. This is useful for active
3917 * scanning and non-connectable advertising.
3919 if (require_privacy) {
3922 get_random_bytes(&urpa, 6);
3923 urpa.b[5] &= 0x3f; /* Clear two most significant bits */
3925 *own_addr_type = ADDR_LE_DEV_RANDOM;
3926 set_random_addr(req, &urpa);
3930 /* If forcing static address is in use or there is no public
3931 * address use the static address as random address (but skip
3932 * the HCI command if the current random address is already the
3935 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3936 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3937 *own_addr_type = ADDR_LE_DEV_RANDOM;
3938 if (bacmp(&hdev->static_addr, &hdev->random_addr))
3939 hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3940 &hdev->static_addr);
3944 /* Neither privacy nor static address is being used so use a
3947 *own_addr_type = ADDR_LE_DEV_PUBLIC;
3952 /* Copy the Identity Address of the controller.
3954 * If the controller has a public BD_ADDR, then by default use that one.
3955 * If this is a LE only controller without a public address, default to
3956 * the static random address.
3958 * For debugging purposes it is possible to force controllers with a
3959 * public address to use the static random address instead.
3961 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3964 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
3965 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
3966 bacpy(bdaddr, &hdev->static_addr);
3967 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3969 bacpy(bdaddr, &hdev->bdaddr);
3970 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3974 /* Alloc HCI device */
3975 struct hci_dev *hci_alloc_dev(void)
3977 struct hci_dev *hdev;
3979 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3983 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3984 hdev->esco_type = (ESCO_HV1);
3985 hdev->link_mode = (HCI_LM_ACCEPT);
3986 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3987 hdev->io_capability = 0x03; /* No Input No Output */
3988 hdev->manufacturer = 0xffff; /* Default to internal use */
3989 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3990 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3992 hdev->sniff_max_interval = 800;
3993 hdev->sniff_min_interval = 80;
3995 hdev->le_adv_channel_map = 0x07;
3996 hdev->le_adv_min_interval = 0x0800;
3997 hdev->le_adv_max_interval = 0x0800;
3998 hdev->le_scan_interval = 0x0060;
3999 hdev->le_scan_window = 0x0030;
4000 hdev->le_conn_min_interval = 0x0028;
4001 hdev->le_conn_max_interval = 0x0038;
4002 hdev->le_conn_latency = 0x0000;
4003 hdev->le_supv_timeout = 0x002a;
4005 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
4006 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
4007 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
4008 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
4010 mutex_init(&hdev->lock);
4011 mutex_init(&hdev->req_lock);
4013 INIT_LIST_HEAD(&hdev->mgmt_pending);
4014 INIT_LIST_HEAD(&hdev->blacklist);
4015 INIT_LIST_HEAD(&hdev->whitelist);
4016 INIT_LIST_HEAD(&hdev->uuids);
4017 INIT_LIST_HEAD(&hdev->link_keys);
4018 INIT_LIST_HEAD(&hdev->long_term_keys);
4019 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
4020 INIT_LIST_HEAD(&hdev->remote_oob_data);
4021 INIT_LIST_HEAD(&hdev->le_white_list);
4022 INIT_LIST_HEAD(&hdev->le_conn_params);
4023 INIT_LIST_HEAD(&hdev->pend_le_conns);
4024 INIT_LIST_HEAD(&hdev->pend_le_reports);
4025 INIT_LIST_HEAD(&hdev->conn_hash.list);
4027 INIT_WORK(&hdev->rx_work, hci_rx_work);
4028 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
4029 INIT_WORK(&hdev->tx_work, hci_tx_work);
4030 INIT_WORK(&hdev->power_on, hci_power_on);
4032 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
4033 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
4034 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
4036 skb_queue_head_init(&hdev->rx_q);
4037 skb_queue_head_init(&hdev->cmd_q);
4038 skb_queue_head_init(&hdev->raw_q);
4040 init_waitqueue_head(&hdev->req_wait_q);
4042 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
4044 hci_init_sysfs(hdev);
4045 discovery_init(hdev);
4049 EXPORT_SYMBOL(hci_alloc_dev);
4051 /* Free HCI device */
4052 void hci_free_dev(struct hci_dev *hdev)
4054 /* will free via device release */
4055 put_device(&hdev->dev);
4057 EXPORT_SYMBOL(hci_free_dev);
4059 /* Register HCI device */
4060 int hci_register_dev(struct hci_dev *hdev)
4064 if (!hdev->open || !hdev->close || !hdev->send)
4067 /* Do not allow HCI_AMP devices to register at index 0,
4068 * so the index can be used as the AMP controller ID.
4070 switch (hdev->dev_type) {
4072 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
4075 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
4084 sprintf(hdev->name, "hci%d", id);
4087 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4089 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4090 WQ_MEM_RECLAIM, 1, hdev->name);
4091 if (!hdev->workqueue) {
4096 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
4097 WQ_MEM_RECLAIM, 1, hdev->name);
4098 if (!hdev->req_workqueue) {
4099 destroy_workqueue(hdev->workqueue);
4104 if (!IS_ERR_OR_NULL(bt_debugfs))
4105 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
4107 dev_set_name(&hdev->dev, "%s", hdev->name);
4109 error = device_add(&hdev->dev);
4113 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
4114 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
4117 if (rfkill_register(hdev->rfkill) < 0) {
4118 rfkill_destroy(hdev->rfkill);
4119 hdev->rfkill = NULL;
4123 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
4124 set_bit(HCI_RFKILLED, &hdev->dev_flags);
4126 set_bit(HCI_SETUP, &hdev->dev_flags);
4127 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
4129 if (hdev->dev_type == HCI_BREDR) {
4130 /* Assume BR/EDR support until proven otherwise (such as
4131 * through reading supported features during init.
4133 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4136 write_lock(&hci_dev_list_lock);
4137 list_add(&hdev->list, &hci_dev_list);
4138 write_unlock(&hci_dev_list_lock);
4140 /* Devices that are marked for raw-only usage are unconfigured
4141 * and should not be included in normal operation.
4143 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
4144 set_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
4146 hci_notify(hdev, HCI_DEV_REG);
4149 queue_work(hdev->req_workqueue, &hdev->power_on);
4154 destroy_workqueue(hdev->workqueue);
4155 destroy_workqueue(hdev->req_workqueue);
4157 ida_simple_remove(&hci_index_ida, hdev->id);
4161 EXPORT_SYMBOL(hci_register_dev);
4163 /* Unregister HCI device */
4164 void hci_unregister_dev(struct hci_dev *hdev)
4168 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
4170 set_bit(HCI_UNREGISTER, &hdev->dev_flags);
4174 write_lock(&hci_dev_list_lock);
4175 list_del(&hdev->list);
4176 write_unlock(&hci_dev_list_lock);
4178 hci_dev_do_close(hdev);
4180 for (i = 0; i < NUM_REASSEMBLY; i++)
4181 kfree_skb(hdev->reassembly[i]);
4183 cancel_work_sync(&hdev->power_on);
4185 if (!test_bit(HCI_INIT, &hdev->flags) &&
4186 !test_bit(HCI_SETUP, &hdev->dev_flags) &&
4187 !test_bit(HCI_CONFIG, &hdev->dev_flags)) {
4189 mgmt_index_removed(hdev);
4190 hci_dev_unlock(hdev);
4193 /* mgmt_index_removed should take care of emptying the
4195 BUG_ON(!list_empty(&hdev->mgmt_pending));
4197 hci_notify(hdev, HCI_DEV_UNREG);
4200 rfkill_unregister(hdev->rfkill);
4201 rfkill_destroy(hdev->rfkill);
4204 smp_unregister(hdev);
4206 device_del(&hdev->dev);
4208 debugfs_remove_recursive(hdev->debugfs);
4210 destroy_workqueue(hdev->workqueue);
4211 destroy_workqueue(hdev->req_workqueue);
4214 hci_bdaddr_list_clear(&hdev->blacklist);
4215 hci_bdaddr_list_clear(&hdev->whitelist);
4216 hci_uuids_clear(hdev);
4217 hci_link_keys_clear(hdev);
4218 hci_smp_ltks_clear(hdev);
4219 hci_smp_irks_clear(hdev);
4220 hci_remote_oob_data_clear(hdev);
4221 hci_bdaddr_list_clear(&hdev->le_white_list);
4222 hci_conn_params_clear_all(hdev);
4223 hci_dev_unlock(hdev);
4227 ida_simple_remove(&hci_index_ida, id);
4229 EXPORT_SYMBOL(hci_unregister_dev);
4231 /* Suspend HCI device */
4232 int hci_suspend_dev(struct hci_dev *hdev)
4234 hci_notify(hdev, HCI_DEV_SUSPEND);
4237 EXPORT_SYMBOL(hci_suspend_dev);
4239 /* Resume HCI device */
4240 int hci_resume_dev(struct hci_dev *hdev)
4242 hci_notify(hdev, HCI_DEV_RESUME);
4245 EXPORT_SYMBOL(hci_resume_dev);
4247 /* Receive frame from HCI drivers */
4248 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
4250 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
4251 && !test_bit(HCI_INIT, &hdev->flags))) {
4257 bt_cb(skb)->incoming = 1;
4260 __net_timestamp(skb);
4262 skb_queue_tail(&hdev->rx_q, skb);
4263 queue_work(hdev->workqueue, &hdev->rx_work);
4267 EXPORT_SYMBOL(hci_recv_frame);
4269 static int hci_reassembly(struct hci_dev *hdev, int type, void *data,
4270 int count, __u8 index)
4275 struct sk_buff *skb;
4276 struct bt_skb_cb *scb;
4278 if ((type < HCI_ACLDATA_PKT || type > HCI_EVENT_PKT) ||
4279 index >= NUM_REASSEMBLY)
4282 skb = hdev->reassembly[index];
4286 case HCI_ACLDATA_PKT:
4287 len = HCI_MAX_FRAME_SIZE;
4288 hlen = HCI_ACL_HDR_SIZE;
4291 len = HCI_MAX_EVENT_SIZE;
4292 hlen = HCI_EVENT_HDR_SIZE;
4294 case HCI_SCODATA_PKT:
4295 len = HCI_MAX_SCO_SIZE;
4296 hlen = HCI_SCO_HDR_SIZE;
4300 skb = bt_skb_alloc(len, GFP_ATOMIC);
4304 scb = (void *) skb->cb;
4306 scb->pkt_type = type;
4308 hdev->reassembly[index] = skb;
4312 scb = (void *) skb->cb;
4313 len = min_t(uint, scb->expect, count);
4315 memcpy(skb_put(skb, len), data, len);
4324 if (skb->len == HCI_EVENT_HDR_SIZE) {
4325 struct hci_event_hdr *h = hci_event_hdr(skb);
4326 scb->expect = h->plen;
4328 if (skb_tailroom(skb) < scb->expect) {
4330 hdev->reassembly[index] = NULL;
4336 case HCI_ACLDATA_PKT:
4337 if (skb->len == HCI_ACL_HDR_SIZE) {
4338 struct hci_acl_hdr *h = hci_acl_hdr(skb);
4339 scb->expect = __le16_to_cpu(h->dlen);
4341 if (skb_tailroom(skb) < scb->expect) {
4343 hdev->reassembly[index] = NULL;
4349 case HCI_SCODATA_PKT:
4350 if (skb->len == HCI_SCO_HDR_SIZE) {
4351 struct hci_sco_hdr *h = hci_sco_hdr(skb);
4352 scb->expect = h->dlen;
4354 if (skb_tailroom(skb) < scb->expect) {
4356 hdev->reassembly[index] = NULL;
4363 if (scb->expect == 0) {
4364 /* Complete frame */
4366 bt_cb(skb)->pkt_type = type;
4367 hci_recv_frame(hdev, skb);
4369 hdev->reassembly[index] = NULL;
4377 #define STREAM_REASSEMBLY 0
4379 int hci_recv_stream_fragment(struct hci_dev *hdev, void *data, int count)
4385 struct sk_buff *skb = hdev->reassembly[STREAM_REASSEMBLY];
4388 struct { char type; } *pkt;
4390 /* Start of the frame */
4397 type = bt_cb(skb)->pkt_type;
4399 rem = hci_reassembly(hdev, type, data, count,
4404 data += (count - rem);
4410 EXPORT_SYMBOL(hci_recv_stream_fragment);
4412 /* ---- Interface to upper protocols ---- */
4414 int hci_register_cb(struct hci_cb *cb)
4416 BT_DBG("%p name %s", cb, cb->name);
4418 write_lock(&hci_cb_list_lock);
4419 list_add(&cb->list, &hci_cb_list);
4420 write_unlock(&hci_cb_list_lock);
4424 EXPORT_SYMBOL(hci_register_cb);
4426 int hci_unregister_cb(struct hci_cb *cb)
4428 BT_DBG("%p name %s", cb, cb->name);
4430 write_lock(&hci_cb_list_lock);
4431 list_del(&cb->list);
4432 write_unlock(&hci_cb_list_lock);
4436 EXPORT_SYMBOL(hci_unregister_cb);
4438 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4442 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
4445 __net_timestamp(skb);
4447 /* Send copy to monitor */
4448 hci_send_to_monitor(hdev, skb);
4450 if (atomic_read(&hdev->promisc)) {
4451 /* Send copy to the sockets */
4452 hci_send_to_sock(hdev, skb);
4455 /* Get rid of skb owner, prior to sending to the driver. */
4458 err = hdev->send(hdev, skb);
4460 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
4465 void hci_req_init(struct hci_request *req, struct hci_dev *hdev)
4467 skb_queue_head_init(&req->cmd_q);
4472 int hci_req_run(struct hci_request *req, hci_req_complete_t complete)
4474 struct hci_dev *hdev = req->hdev;
4475 struct sk_buff *skb;
4476 unsigned long flags;
4478 BT_DBG("length %u", skb_queue_len(&req->cmd_q));
4480 /* If an error occured during request building, remove all HCI
4481 * commands queued on the HCI request queue.
4484 skb_queue_purge(&req->cmd_q);
4488 /* Do not allow empty requests */
4489 if (skb_queue_empty(&req->cmd_q))
4492 skb = skb_peek_tail(&req->cmd_q);
4493 bt_cb(skb)->req.complete = complete;
4495 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4496 skb_queue_splice_tail(&req->cmd_q, &hdev->cmd_q);
4497 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4499 queue_work(hdev->workqueue, &hdev->cmd_work);
4504 bool hci_req_pending(struct hci_dev *hdev)
4506 return (hdev->req_status == HCI_REQ_PEND);
4509 static struct sk_buff *hci_prepare_cmd(struct hci_dev *hdev, u16 opcode,
4510 u32 plen, const void *param)
4512 int len = HCI_COMMAND_HDR_SIZE + plen;
4513 struct hci_command_hdr *hdr;
4514 struct sk_buff *skb;
4516 skb = bt_skb_alloc(len, GFP_ATOMIC);
4520 hdr = (struct hci_command_hdr *) skb_put(skb, HCI_COMMAND_HDR_SIZE);
4521 hdr->opcode = cpu_to_le16(opcode);
4525 memcpy(skb_put(skb, plen), param, plen);
4527 BT_DBG("skb len %d", skb->len);
4529 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
4530 bt_cb(skb)->opcode = opcode;
4535 /* Send HCI command */
4536 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
4539 struct sk_buff *skb;
4541 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4543 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4545 BT_ERR("%s no memory for command", hdev->name);
4549 /* Stand-alone HCI commands must be flaged as
4550 * single-command requests.
4552 bt_cb(skb)->req.start = true;
4554 skb_queue_tail(&hdev->cmd_q, skb);
4555 queue_work(hdev->workqueue, &hdev->cmd_work);
4560 /* Queue a command to an asynchronous HCI request */
4561 void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen,
4562 const void *param, u8 event)
4564 struct hci_dev *hdev = req->hdev;
4565 struct sk_buff *skb;
4567 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4569 /* If an error occured during request building, there is no point in
4570 * queueing the HCI command. We can simply return.
4575 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4577 BT_ERR("%s no memory for command (opcode 0x%4.4x)",
4578 hdev->name, opcode);
4583 if (skb_queue_empty(&req->cmd_q))
4584 bt_cb(skb)->req.start = true;
4586 bt_cb(skb)->req.event = event;
4588 skb_queue_tail(&req->cmd_q, skb);
4591 void hci_req_add(struct hci_request *req, u16 opcode, u32 plen,
4594 hci_req_add_ev(req, opcode, plen, param, 0);
4597 /* Get data from the previously sent command */
4598 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
4600 struct hci_command_hdr *hdr;
4602 if (!hdev->sent_cmd)
4605 hdr = (void *) hdev->sent_cmd->data;
4607 if (hdr->opcode != cpu_to_le16(opcode))
4610 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
4612 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
4616 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
4618 struct hci_acl_hdr *hdr;
4621 skb_push(skb, HCI_ACL_HDR_SIZE);
4622 skb_reset_transport_header(skb);
4623 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
4624 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
4625 hdr->dlen = cpu_to_le16(len);
4628 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
4629 struct sk_buff *skb, __u16 flags)
4631 struct hci_conn *conn = chan->conn;
4632 struct hci_dev *hdev = conn->hdev;
4633 struct sk_buff *list;
4635 skb->len = skb_headlen(skb);
4638 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4640 switch (hdev->dev_type) {
4642 hci_add_acl_hdr(skb, conn->handle, flags);
4645 hci_add_acl_hdr(skb, chan->handle, flags);
4648 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
4652 list = skb_shinfo(skb)->frag_list;
4654 /* Non fragmented */
4655 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
4657 skb_queue_tail(queue, skb);
4660 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4662 skb_shinfo(skb)->frag_list = NULL;
4664 /* Queue all fragments atomically */
4665 spin_lock(&queue->lock);
4667 __skb_queue_tail(queue, skb);
4669 flags &= ~ACL_START;
4672 skb = list; list = list->next;
4674 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
4675 hci_add_acl_hdr(skb, conn->handle, flags);
4677 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4679 __skb_queue_tail(queue, skb);
4682 spin_unlock(&queue->lock);
4686 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
4688 struct hci_dev *hdev = chan->conn->hdev;
4690 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
4692 hci_queue_acl(chan, &chan->data_q, skb, flags);
4694 queue_work(hdev->workqueue, &hdev->tx_work);
4698 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
4700 struct hci_dev *hdev = conn->hdev;
4701 struct hci_sco_hdr hdr;
4703 BT_DBG("%s len %d", hdev->name, skb->len);
4705 hdr.handle = cpu_to_le16(conn->handle);
4706 hdr.dlen = skb->len;
4708 skb_push(skb, HCI_SCO_HDR_SIZE);
4709 skb_reset_transport_header(skb);
4710 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
4712 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
4714 skb_queue_tail(&conn->data_q, skb);
4715 queue_work(hdev->workqueue, &hdev->tx_work);
4718 /* ---- HCI TX task (outgoing data) ---- */
4720 /* HCI Connection scheduler */
4721 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
4724 struct hci_conn_hash *h = &hdev->conn_hash;
4725 struct hci_conn *conn = NULL, *c;
4726 unsigned int num = 0, min = ~0;
4728 /* We don't have to lock device here. Connections are always
4729 * added and removed with TX task disabled. */
4733 list_for_each_entry_rcu(c, &h->list, list) {
4734 if (c->type != type || skb_queue_empty(&c->data_q))
4737 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
4742 if (c->sent < min) {
4747 if (hci_conn_num(hdev, type) == num)
4756 switch (conn->type) {
4758 cnt = hdev->acl_cnt;
4762 cnt = hdev->sco_cnt;
4765 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4769 BT_ERR("Unknown link type");
4777 BT_DBG("conn %p quote %d", conn, *quote);
4781 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
4783 struct hci_conn_hash *h = &hdev->conn_hash;
4786 BT_ERR("%s link tx timeout", hdev->name);
4790 /* Kill stalled connections */
4791 list_for_each_entry_rcu(c, &h->list, list) {
4792 if (c->type == type && c->sent) {
4793 BT_ERR("%s killing stalled connection %pMR",
4794 hdev->name, &c->dst);
4795 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
4802 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
4805 struct hci_conn_hash *h = &hdev->conn_hash;
4806 struct hci_chan *chan = NULL;
4807 unsigned int num = 0, min = ~0, cur_prio = 0;
4808 struct hci_conn *conn;
4809 int cnt, q, conn_num = 0;
4811 BT_DBG("%s", hdev->name);
4815 list_for_each_entry_rcu(conn, &h->list, list) {
4816 struct hci_chan *tmp;
4818 if (conn->type != type)
4821 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4826 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
4827 struct sk_buff *skb;
4829 if (skb_queue_empty(&tmp->data_q))
4832 skb = skb_peek(&tmp->data_q);
4833 if (skb->priority < cur_prio)
4836 if (skb->priority > cur_prio) {
4839 cur_prio = skb->priority;
4844 if (conn->sent < min) {
4850 if (hci_conn_num(hdev, type) == conn_num)
4859 switch (chan->conn->type) {
4861 cnt = hdev->acl_cnt;
4864 cnt = hdev->block_cnt;
4868 cnt = hdev->sco_cnt;
4871 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4875 BT_ERR("Unknown link type");
4880 BT_DBG("chan %p quote %d", chan, *quote);
4884 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
4886 struct hci_conn_hash *h = &hdev->conn_hash;
4887 struct hci_conn *conn;
4890 BT_DBG("%s", hdev->name);
4894 list_for_each_entry_rcu(conn, &h->list, list) {
4895 struct hci_chan *chan;
4897 if (conn->type != type)
4900 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4905 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
4906 struct sk_buff *skb;
4913 if (skb_queue_empty(&chan->data_q))
4916 skb = skb_peek(&chan->data_q);
4917 if (skb->priority >= HCI_PRIO_MAX - 1)
4920 skb->priority = HCI_PRIO_MAX - 1;
4922 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
4926 if (hci_conn_num(hdev, type) == num)
4934 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4936 /* Calculate count of blocks used by this packet */
4937 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4940 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
4942 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
4943 /* ACL tx timeout must be longer than maximum
4944 * link supervision timeout (40.9 seconds) */
4945 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
4946 HCI_ACL_TX_TIMEOUT))
4947 hci_link_tx_to(hdev, ACL_LINK);
4951 static void hci_sched_acl_pkt(struct hci_dev *hdev)
4953 unsigned int cnt = hdev->acl_cnt;
4954 struct hci_chan *chan;
4955 struct sk_buff *skb;
4958 __check_timeout(hdev, cnt);
4960 while (hdev->acl_cnt &&
4961 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
4962 u32 priority = (skb_peek(&chan->data_q))->priority;
4963 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4964 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4965 skb->len, skb->priority);
4967 /* Stop if priority has changed */
4968 if (skb->priority < priority)
4971 skb = skb_dequeue(&chan->data_q);
4973 hci_conn_enter_active_mode(chan->conn,
4974 bt_cb(skb)->force_active);
4976 hci_send_frame(hdev, skb);
4977 hdev->acl_last_tx = jiffies;
4985 if (cnt != hdev->acl_cnt)
4986 hci_prio_recalculate(hdev, ACL_LINK);
4989 static void hci_sched_acl_blk(struct hci_dev *hdev)
4991 unsigned int cnt = hdev->block_cnt;
4992 struct hci_chan *chan;
4993 struct sk_buff *skb;
4997 __check_timeout(hdev, cnt);
4999 BT_DBG("%s", hdev->name);
5001 if (hdev->dev_type == HCI_AMP)
5006 while (hdev->block_cnt > 0 &&
5007 (chan = hci_chan_sent(hdev, type, "e))) {
5008 u32 priority = (skb_peek(&chan->data_q))->priority;
5009 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
5012 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5013 skb->len, skb->priority);
5015 /* Stop if priority has changed */
5016 if (skb->priority < priority)
5019 skb = skb_dequeue(&chan->data_q);
5021 blocks = __get_blocks(hdev, skb);
5022 if (blocks > hdev->block_cnt)
5025 hci_conn_enter_active_mode(chan->conn,
5026 bt_cb(skb)->force_active);
5028 hci_send_frame(hdev, skb);
5029 hdev->acl_last_tx = jiffies;
5031 hdev->block_cnt -= blocks;
5034 chan->sent += blocks;
5035 chan->conn->sent += blocks;
5039 if (cnt != hdev->block_cnt)
5040 hci_prio_recalculate(hdev, type);
5043 static void hci_sched_acl(struct hci_dev *hdev)
5045 BT_DBG("%s", hdev->name);
5047 /* No ACL link over BR/EDR controller */
5048 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_BREDR)
5051 /* No AMP link over AMP controller */
5052 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
5055 switch (hdev->flow_ctl_mode) {
5056 case HCI_FLOW_CTL_MODE_PACKET_BASED:
5057 hci_sched_acl_pkt(hdev);
5060 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
5061 hci_sched_acl_blk(hdev);
5067 static void hci_sched_sco(struct hci_dev *hdev)
5069 struct hci_conn *conn;
5070 struct sk_buff *skb;
5073 BT_DBG("%s", hdev->name);
5075 if (!hci_conn_num(hdev, SCO_LINK))
5078 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
5079 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5080 BT_DBG("skb %p len %d", skb, skb->len);
5081 hci_send_frame(hdev, skb);
5084 if (conn->sent == ~0)
5090 static void hci_sched_esco(struct hci_dev *hdev)
5092 struct hci_conn *conn;
5093 struct sk_buff *skb;
5096 BT_DBG("%s", hdev->name);
5098 if (!hci_conn_num(hdev, ESCO_LINK))
5101 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
5103 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
5104 BT_DBG("skb %p len %d", skb, skb->len);
5105 hci_send_frame(hdev, skb);
5108 if (conn->sent == ~0)
5114 static void hci_sched_le(struct hci_dev *hdev)
5116 struct hci_chan *chan;
5117 struct sk_buff *skb;
5118 int quote, cnt, tmp;
5120 BT_DBG("%s", hdev->name);
5122 if (!hci_conn_num(hdev, LE_LINK))
5125 if (!test_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5126 /* LE tx timeout must be longer than maximum
5127 * link supervision timeout (40.9 seconds) */
5128 if (!hdev->le_cnt && hdev->le_pkts &&
5129 time_after(jiffies, hdev->le_last_tx + HZ * 45))
5130 hci_link_tx_to(hdev, LE_LINK);
5133 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
5135 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
5136 u32 priority = (skb_peek(&chan->data_q))->priority;
5137 while (quote-- && (skb = skb_peek(&chan->data_q))) {
5138 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
5139 skb->len, skb->priority);
5141 /* Stop if priority has changed */
5142 if (skb->priority < priority)
5145 skb = skb_dequeue(&chan->data_q);
5147 hci_send_frame(hdev, skb);
5148 hdev->le_last_tx = jiffies;
5159 hdev->acl_cnt = cnt;
5162 hci_prio_recalculate(hdev, LE_LINK);
5165 static void hci_tx_work(struct work_struct *work)
5167 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
5168 struct sk_buff *skb;
5170 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
5171 hdev->sco_cnt, hdev->le_cnt);
5173 if (!test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5174 /* Schedule queues and send stuff to HCI driver */
5175 hci_sched_acl(hdev);
5176 hci_sched_sco(hdev);
5177 hci_sched_esco(hdev);
5181 /* Send next queued raw (unknown type) packet */
5182 while ((skb = skb_dequeue(&hdev->raw_q)))
5183 hci_send_frame(hdev, skb);
5186 /* ----- HCI RX task (incoming data processing) ----- */
5188 /* ACL data packet */
5189 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5191 struct hci_acl_hdr *hdr = (void *) skb->data;
5192 struct hci_conn *conn;
5193 __u16 handle, flags;
5195 skb_pull(skb, HCI_ACL_HDR_SIZE);
5197 handle = __le16_to_cpu(hdr->handle);
5198 flags = hci_flags(handle);
5199 handle = hci_handle(handle);
5201 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
5204 hdev->stat.acl_rx++;
5207 conn = hci_conn_hash_lookup_handle(hdev, handle);
5208 hci_dev_unlock(hdev);
5211 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
5213 /* Send to upper protocol */
5214 l2cap_recv_acldata(conn, skb, flags);
5217 BT_ERR("%s ACL packet for unknown connection handle %d",
5218 hdev->name, handle);
5224 /* SCO data packet */
5225 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
5227 struct hci_sco_hdr *hdr = (void *) skb->data;
5228 struct hci_conn *conn;
5231 skb_pull(skb, HCI_SCO_HDR_SIZE);
5233 handle = __le16_to_cpu(hdr->handle);
5235 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
5237 hdev->stat.sco_rx++;
5240 conn = hci_conn_hash_lookup_handle(hdev, handle);
5241 hci_dev_unlock(hdev);
5244 /* Send to upper protocol */
5245 sco_recv_scodata(conn, skb);
5248 BT_ERR("%s SCO packet for unknown connection handle %d",
5249 hdev->name, handle);
5255 static bool hci_req_is_complete(struct hci_dev *hdev)
5257 struct sk_buff *skb;
5259 skb = skb_peek(&hdev->cmd_q);
5263 return bt_cb(skb)->req.start;
5266 static void hci_resend_last(struct hci_dev *hdev)
5268 struct hci_command_hdr *sent;
5269 struct sk_buff *skb;
5272 if (!hdev->sent_cmd)
5275 sent = (void *) hdev->sent_cmd->data;
5276 opcode = __le16_to_cpu(sent->opcode);
5277 if (opcode == HCI_OP_RESET)
5280 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
5284 skb_queue_head(&hdev->cmd_q, skb);
5285 queue_work(hdev->workqueue, &hdev->cmd_work);
5288 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status)
5290 hci_req_complete_t req_complete = NULL;
5291 struct sk_buff *skb;
5292 unsigned long flags;
5294 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
5296 /* If the completed command doesn't match the last one that was
5297 * sent we need to do special handling of it.
5299 if (!hci_sent_cmd_data(hdev, opcode)) {
5300 /* Some CSR based controllers generate a spontaneous
5301 * reset complete event during init and any pending
5302 * command will never be completed. In such a case we
5303 * need to resend whatever was the last sent
5306 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
5307 hci_resend_last(hdev);
5312 /* If the command succeeded and there's still more commands in
5313 * this request the request is not yet complete.
5315 if (!status && !hci_req_is_complete(hdev))
5318 /* If this was the last command in a request the complete
5319 * callback would be found in hdev->sent_cmd instead of the
5320 * command queue (hdev->cmd_q).
5322 if (hdev->sent_cmd) {
5323 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
5326 /* We must set the complete callback to NULL to
5327 * avoid calling the callback more than once if
5328 * this function gets called again.
5330 bt_cb(hdev->sent_cmd)->req.complete = NULL;
5336 /* Remove all pending commands belonging to this request */
5337 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
5338 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
5339 if (bt_cb(skb)->req.start) {
5340 __skb_queue_head(&hdev->cmd_q, skb);
5344 req_complete = bt_cb(skb)->req.complete;
5347 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
5351 req_complete(hdev, status);
5354 static void hci_rx_work(struct work_struct *work)
5356 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
5357 struct sk_buff *skb;
5359 BT_DBG("%s", hdev->name);
5361 while ((skb = skb_dequeue(&hdev->rx_q))) {
5362 /* Send copy to monitor */
5363 hci_send_to_monitor(hdev, skb);
5365 if (atomic_read(&hdev->promisc)) {
5366 /* Send copy to the sockets */
5367 hci_send_to_sock(hdev, skb);
5370 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5375 if (test_bit(HCI_INIT, &hdev->flags)) {
5376 /* Don't process data packets in this states. */
5377 switch (bt_cb(skb)->pkt_type) {
5378 case HCI_ACLDATA_PKT:
5379 case HCI_SCODATA_PKT:
5386 switch (bt_cb(skb)->pkt_type) {
5388 BT_DBG("%s Event packet", hdev->name);
5389 hci_event_packet(hdev, skb);
5392 case HCI_ACLDATA_PKT:
5393 BT_DBG("%s ACL data packet", hdev->name);
5394 hci_acldata_packet(hdev, skb);
5397 case HCI_SCODATA_PKT:
5398 BT_DBG("%s SCO data packet", hdev->name);
5399 hci_scodata_packet(hdev, skb);
5409 static void hci_cmd_work(struct work_struct *work)
5411 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
5412 struct sk_buff *skb;
5414 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
5415 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
5417 /* Send queued commands */
5418 if (atomic_read(&hdev->cmd_cnt)) {
5419 skb = skb_dequeue(&hdev->cmd_q);
5423 kfree_skb(hdev->sent_cmd);
5425 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
5426 if (hdev->sent_cmd) {
5427 atomic_dec(&hdev->cmd_cnt);
5428 hci_send_frame(hdev, skb);
5429 if (test_bit(HCI_RESET, &hdev->flags))
5430 cancel_delayed_work(&hdev->cmd_timer);
5432 schedule_delayed_work(&hdev->cmd_timer,
5435 skb_queue_head(&hdev->cmd_q, skb);
5436 queue_work(hdev->workqueue, &hdev->cmd_work);
5441 void hci_req_add_le_scan_disable(struct hci_request *req)
5443 struct hci_cp_le_set_scan_enable cp;
5445 memset(&cp, 0, sizeof(cp));
5446 cp.enable = LE_SCAN_DISABLE;
5447 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
5450 static void add_to_white_list(struct hci_request *req,
5451 struct hci_conn_params *params)
5453 struct hci_cp_le_add_to_white_list cp;
5455 cp.bdaddr_type = params->addr_type;
5456 bacpy(&cp.bdaddr, ¶ms->addr);
5458 hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
5461 static u8 update_white_list(struct hci_request *req)
5463 struct hci_dev *hdev = req->hdev;
5464 struct hci_conn_params *params;
5465 struct bdaddr_list *b;
5466 uint8_t white_list_entries = 0;
5468 /* Go through the current white list programmed into the
5469 * controller one by one and check if that address is still
5470 * in the list of pending connections or list of devices to
5471 * report. If not present in either list, then queue the
5472 * command to remove it from the controller.
5474 list_for_each_entry(b, &hdev->le_white_list, list) {
5475 struct hci_cp_le_del_from_white_list cp;
5477 if (hci_pend_le_action_lookup(&hdev->pend_le_conns,
5478 &b->bdaddr, b->bdaddr_type) ||
5479 hci_pend_le_action_lookup(&hdev->pend_le_reports,
5480 &b->bdaddr, b->bdaddr_type)) {
5481 white_list_entries++;
5485 cp.bdaddr_type = b->bdaddr_type;
5486 bacpy(&cp.bdaddr, &b->bdaddr);
5488 hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST,
5492 /* Since all no longer valid white list entries have been
5493 * removed, walk through the list of pending connections
5494 * and ensure that any new device gets programmed into
5497 * If the list of the devices is larger than the list of
5498 * available white list entries in the controller, then
5499 * just abort and return filer policy value to not use the
5502 list_for_each_entry(params, &hdev->pend_le_conns, action) {
5503 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5504 ¶ms->addr, params->addr_type))
5507 if (white_list_entries >= hdev->le_white_list_size) {
5508 /* Select filter policy to accept all advertising */
5512 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
5513 params->addr_type)) {
5514 /* White list can not be used with RPAs */
5518 white_list_entries++;
5519 add_to_white_list(req, params);
5522 /* After adding all new pending connections, walk through
5523 * the list of pending reports and also add these to the
5524 * white list if there is still space.
5526 list_for_each_entry(params, &hdev->pend_le_reports, action) {
5527 if (hci_bdaddr_list_lookup(&hdev->le_white_list,
5528 ¶ms->addr, params->addr_type))
5531 if (white_list_entries >= hdev->le_white_list_size) {
5532 /* Select filter policy to accept all advertising */
5536 if (hci_find_irk_by_addr(hdev, ¶ms->addr,
5537 params->addr_type)) {
5538 /* White list can not be used with RPAs */
5542 white_list_entries++;
5543 add_to_white_list(req, params);
5546 /* Select filter policy to use white list */
5550 void hci_req_add_le_passive_scan(struct hci_request *req)
5552 struct hci_cp_le_set_scan_param param_cp;
5553 struct hci_cp_le_set_scan_enable enable_cp;
5554 struct hci_dev *hdev = req->hdev;
5558 /* Set require_privacy to false since no SCAN_REQ are send
5559 * during passive scanning. Not using an unresolvable address
5560 * here is important so that peer devices using direct
5561 * advertising with our address will be correctly reported
5562 * by the controller.
5564 if (hci_update_random_address(req, false, &own_addr_type))
5567 /* Adding or removing entries from the white list must
5568 * happen before enabling scanning. The controller does
5569 * not allow white list modification while scanning.
5571 filter_policy = update_white_list(req);
5573 memset(¶m_cp, 0, sizeof(param_cp));
5574 param_cp.type = LE_SCAN_PASSIVE;
5575 param_cp.interval = cpu_to_le16(hdev->le_scan_interval);
5576 param_cp.window = cpu_to_le16(hdev->le_scan_window);
5577 param_cp.own_address_type = own_addr_type;
5578 param_cp.filter_policy = filter_policy;
5579 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
5582 memset(&enable_cp, 0, sizeof(enable_cp));
5583 enable_cp.enable = LE_SCAN_ENABLE;
5584 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
5585 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
5589 static void update_background_scan_complete(struct hci_dev *hdev, u8 status)
5592 BT_DBG("HCI request failed to update background scanning: "
5593 "status 0x%2.2x", status);
5596 /* This function controls the background scanning based on hdev->pend_le_conns
5597 * list. If there are pending LE connection we start the background scanning,
5598 * otherwise we stop it.
5600 * This function requires the caller holds hdev->lock.
5602 void hci_update_background_scan(struct hci_dev *hdev)
5604 struct hci_request req;
5605 struct hci_conn *conn;
5608 if (!test_bit(HCI_UP, &hdev->flags) ||
5609 test_bit(HCI_INIT, &hdev->flags) ||
5610 test_bit(HCI_SETUP, &hdev->dev_flags) ||
5611 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5612 test_bit(HCI_AUTO_OFF, &hdev->dev_flags) ||
5613 test_bit(HCI_UNREGISTER, &hdev->dev_flags))
5616 /* No point in doing scanning if LE support hasn't been enabled */
5617 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
5620 /* If discovery is active don't interfere with it */
5621 if (hdev->discovery.state != DISCOVERY_STOPPED)
5624 hci_req_init(&req, hdev);
5626 if (list_empty(&hdev->pend_le_conns) &&
5627 list_empty(&hdev->pend_le_reports)) {
5628 /* If there is no pending LE connections or devices
5629 * to be scanned for, we should stop the background
5633 /* If controller is not scanning we are done. */
5634 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5637 hci_req_add_le_scan_disable(&req);
5639 BT_DBG("%s stopping background scanning", hdev->name);
5641 /* If there is at least one pending LE connection, we should
5642 * keep the background scan running.
5645 /* If controller is connecting, we should not start scanning
5646 * since some controllers are not able to scan and connect at
5649 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
5653 /* If controller is currently scanning, we stop it to ensure we
5654 * don't miss any advertising (due to duplicates filter).
5656 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
5657 hci_req_add_le_scan_disable(&req);
5659 hci_req_add_le_passive_scan(&req);
5661 BT_DBG("%s starting background scanning", hdev->name);
5664 err = hci_req_run(&req, update_background_scan_complete);
5666 BT_ERR("Failed to run HCI request: err %d", err);
5669 static bool disconnected_whitelist_entries(struct hci_dev *hdev)
5671 struct bdaddr_list *b;
5673 list_for_each_entry(b, &hdev->whitelist, list) {
5674 struct hci_conn *conn;
5676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
5680 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
5687 void hci_update_page_scan(struct hci_dev *hdev, struct hci_request *req)
5691 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5694 if (!hdev_is_powered(hdev))
5697 if (mgmt_powering_down(hdev))
5700 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags) ||
5701 disconnected_whitelist_entries(hdev))
5704 scan = SCAN_DISABLED;
5706 if (test_bit(HCI_PSCAN, &hdev->flags) == !!(scan & SCAN_PAGE))
5709 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
5710 scan |= SCAN_INQUIRY;
5713 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
5715 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
git.openpandora.org / pandora-kernel.git / blob