2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
40 #include "hci_request.h"
41 #include "hci_debugfs.h"
45 static void hci_rx_work(struct work_struct *work);
46 static void hci_cmd_work(struct work_struct *work);
47 static void hci_tx_work(struct work_struct *work);
50 LIST_HEAD(hci_dev_list);
51 DEFINE_RWLOCK(hci_dev_list_lock);
53 /* HCI callback list */
54 LIST_HEAD(hci_cb_list);
55 DEFINE_MUTEX(hci_cb_list_lock);
57 /* HCI ID Numbering */
58 static DEFINE_IDA(hci_index_ida);
60 /* ---- HCI debugfs entries ---- */
62 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
63 size_t count, loff_t *ppos)
65 struct hci_dev *hdev = file->private_data;
68 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y' : 'N';
71 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
74 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
75 size_t count, loff_t *ppos)
77 struct hci_dev *hdev = file->private_data;
80 size_t buf_size = min(count, (sizeof(buf)-1));
83 if (!test_bit(HCI_UP, &hdev->flags))
86 if (copy_from_user(buf, user_buf, buf_size))
90 if (strtobool(buf, &enable))
93 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
96 hci_req_sync_lock(hdev);
98 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
101 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
103 hci_req_sync_unlock(hdev);
110 hci_dev_change_flag(hdev, HCI_DUT_MODE);
115 static const struct file_operations dut_mode_fops = {
117 .read = dut_mode_read,
118 .write = dut_mode_write,
119 .llseek = default_llseek,
122 static ssize_t vendor_diag_read(struct file *file, char __user *user_buf,
123 size_t count, loff_t *ppos)
125 struct hci_dev *hdev = file->private_data;
128 buf[0] = hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) ? 'Y' : 'N';
131 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
134 static ssize_t vendor_diag_write(struct file *file, const char __user *user_buf,
135 size_t count, loff_t *ppos)
137 struct hci_dev *hdev = file->private_data;
139 size_t buf_size = min(count, (sizeof(buf)-1));
143 if (copy_from_user(buf, user_buf, buf_size))
146 buf[buf_size] = '\0';
147 if (strtobool(buf, &enable))
150 /* When the diagnostic flags are not persistent and the transport
151 * is not active or in user channel operation, then there is no need
152 * for the vendor callback. Instead just store the desired value and
153 * the setting will be programmed when the controller gets powered on.
155 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
156 (!test_bit(HCI_RUNNING, &hdev->flags) ||
157 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)))
160 hci_req_sync_lock(hdev);
161 err = hdev->set_diag(hdev, enable);
162 hci_req_sync_unlock(hdev);
169 hci_dev_set_flag(hdev, HCI_VENDOR_DIAG);
171 hci_dev_clear_flag(hdev, HCI_VENDOR_DIAG);
176 static const struct file_operations vendor_diag_fops = {
178 .read = vendor_diag_read,
179 .write = vendor_diag_write,
180 .llseek = default_llseek,
183 static void hci_debugfs_create_basic(struct hci_dev *hdev)
185 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
189 debugfs_create_file("vendor_diag", 0644, hdev->debugfs, hdev,
193 static int hci_reset_req(struct hci_request *req, unsigned long opt)
195 BT_DBG("%s %ld", req->hdev->name, opt);
198 set_bit(HCI_RESET, &req->hdev->flags);
199 hci_req_add(req, HCI_OP_RESET, 0, NULL);
203 static void bredr_init(struct hci_request *req)
205 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
207 /* Read Local Supported Features */
208 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
210 /* Read Local Version */
211 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
213 /* Read BD Address */
214 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
217 static void amp_init1(struct hci_request *req)
219 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
221 /* Read Local Version */
222 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
224 /* Read Local Supported Commands */
225 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
227 /* Read Local AMP Info */
228 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
230 /* Read Data Blk size */
231 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
233 /* Read Flow Control Mode */
234 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
236 /* Read Location Data */
237 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
240 static int amp_init2(struct hci_request *req)
242 /* Read Local Supported Features. Not all AMP controllers
243 * support this so it's placed conditionally in the second
246 if (req->hdev->commands[14] & 0x20)
247 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
252 static int hci_init1_req(struct hci_request *req, unsigned long opt)
254 struct hci_dev *hdev = req->hdev;
256 BT_DBG("%s %ld", hdev->name, opt);
259 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
260 hci_reset_req(req, 0);
262 switch (hdev->dev_type) {
270 BT_ERR("Unknown device type %d", hdev->dev_type);
277 static void bredr_setup(struct hci_request *req)
282 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
283 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
285 /* Read Class of Device */
286 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
288 /* Read Local Name */
289 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
291 /* Read Voice Setting */
292 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
294 /* Read Number of Supported IAC */
295 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
297 /* Read Current IAC LAP */
298 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
300 /* Clear Event Filters */
301 flt_type = HCI_FLT_CLEAR_ALL;
302 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
304 /* Connection accept timeout ~20 secs */
305 param = cpu_to_le16(0x7d00);
306 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
309 static void le_setup(struct hci_request *req)
311 struct hci_dev *hdev = req->hdev;
313 /* Read LE Buffer Size */
314 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
316 /* Read LE Local Supported Features */
317 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
319 /* Read LE Supported States */
320 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
322 /* LE-only controllers have LE implicitly enabled */
323 if (!lmp_bredr_capable(hdev))
324 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
327 static void hci_setup_event_mask(struct hci_request *req)
329 struct hci_dev *hdev = req->hdev;
331 /* The second byte is 0xff instead of 0x9f (two reserved bits
332 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
335 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
337 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
338 * any event mask for pre 1.2 devices.
340 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
343 if (lmp_bredr_capable(hdev)) {
344 events[4] |= 0x01; /* Flow Specification Complete */
346 /* Use a different default for LE-only devices */
347 memset(events, 0, sizeof(events));
348 events[1] |= 0x20; /* Command Complete */
349 events[1] |= 0x40; /* Command Status */
350 events[1] |= 0x80; /* Hardware Error */
352 /* If the controller supports the Disconnect command, enable
353 * the corresponding event. In addition enable packet flow
354 * control related events.
356 if (hdev->commands[0] & 0x20) {
357 events[0] |= 0x10; /* Disconnection Complete */
358 events[2] |= 0x04; /* Number of Completed Packets */
359 events[3] |= 0x02; /* Data Buffer Overflow */
362 /* If the controller supports the Read Remote Version
363 * Information command, enable the corresponding event.
365 if (hdev->commands[2] & 0x80)
366 events[1] |= 0x08; /* Read Remote Version Information
370 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
371 events[0] |= 0x80; /* Encryption Change */
372 events[5] |= 0x80; /* Encryption Key Refresh Complete */
376 if (lmp_inq_rssi_capable(hdev) ||
377 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
378 events[4] |= 0x02; /* Inquiry Result with RSSI */
380 if (lmp_ext_feat_capable(hdev))
381 events[4] |= 0x04; /* Read Remote Extended Features Complete */
383 if (lmp_esco_capable(hdev)) {
384 events[5] |= 0x08; /* Synchronous Connection Complete */
385 events[5] |= 0x10; /* Synchronous Connection Changed */
388 if (lmp_sniffsubr_capable(hdev))
389 events[5] |= 0x20; /* Sniff Subrating */
391 if (lmp_pause_enc_capable(hdev))
392 events[5] |= 0x80; /* Encryption Key Refresh Complete */
394 if (lmp_ext_inq_capable(hdev))
395 events[5] |= 0x40; /* Extended Inquiry Result */
397 if (lmp_no_flush_capable(hdev))
398 events[7] |= 0x01; /* Enhanced Flush Complete */
400 if (lmp_lsto_capable(hdev))
401 events[6] |= 0x80; /* Link Supervision Timeout Changed */
403 if (lmp_ssp_capable(hdev)) {
404 events[6] |= 0x01; /* IO Capability Request */
405 events[6] |= 0x02; /* IO Capability Response */
406 events[6] |= 0x04; /* User Confirmation Request */
407 events[6] |= 0x08; /* User Passkey Request */
408 events[6] |= 0x10; /* Remote OOB Data Request */
409 events[6] |= 0x20; /* Simple Pairing Complete */
410 events[7] |= 0x04; /* User Passkey Notification */
411 events[7] |= 0x08; /* Keypress Notification */
412 events[7] |= 0x10; /* Remote Host Supported
413 * Features Notification
417 if (lmp_le_capable(hdev))
418 events[7] |= 0x20; /* LE Meta-Event */
420 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
423 static int hci_init2_req(struct hci_request *req, unsigned long opt)
425 struct hci_dev *hdev = req->hdev;
427 if (hdev->dev_type == HCI_AMP)
428 return amp_init2(req);
430 if (lmp_bredr_capable(hdev))
433 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
435 if (lmp_le_capable(hdev))
438 /* All Bluetooth 1.2 and later controllers should support the
439 * HCI command for reading the local supported commands.
441 * Unfortunately some controllers indicate Bluetooth 1.2 support,
442 * but do not have support for this command. If that is the case,
443 * the driver can quirk the behavior and skip reading the local
444 * supported commands.
446 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
447 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
448 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
450 if (lmp_ssp_capable(hdev)) {
451 /* When SSP is available, then the host features page
452 * should also be available as well. However some
453 * controllers list the max_page as 0 as long as SSP
454 * has not been enabled. To achieve proper debugging
455 * output, force the minimum max_page to 1 at least.
457 hdev->max_page = 0x01;
459 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
462 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
463 sizeof(mode), &mode);
465 struct hci_cp_write_eir cp;
467 memset(hdev->eir, 0, sizeof(hdev->eir));
468 memset(&cp, 0, sizeof(cp));
470 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
474 if (lmp_inq_rssi_capable(hdev) ||
475 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
478 /* If Extended Inquiry Result events are supported, then
479 * they are clearly preferred over Inquiry Result with RSSI
482 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
484 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
487 if (lmp_inq_tx_pwr_capable(hdev))
488 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
490 if (lmp_ext_feat_capable(hdev)) {
491 struct hci_cp_read_local_ext_features cp;
494 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
498 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
500 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
507 static void hci_setup_link_policy(struct hci_request *req)
509 struct hci_dev *hdev = req->hdev;
510 struct hci_cp_write_def_link_policy cp;
513 if (lmp_rswitch_capable(hdev))
514 link_policy |= HCI_LP_RSWITCH;
515 if (lmp_hold_capable(hdev))
516 link_policy |= HCI_LP_HOLD;
517 if (lmp_sniff_capable(hdev))
518 link_policy |= HCI_LP_SNIFF;
519 if (lmp_park_capable(hdev))
520 link_policy |= HCI_LP_PARK;
522 cp.policy = cpu_to_le16(link_policy);
523 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
526 static void hci_set_le_support(struct hci_request *req)
528 struct hci_dev *hdev = req->hdev;
529 struct hci_cp_write_le_host_supported cp;
531 /* LE-only devices do not support explicit enablement */
532 if (!lmp_bredr_capable(hdev))
535 memset(&cp, 0, sizeof(cp));
537 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
542 if (cp.le != lmp_host_le_capable(hdev))
543 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
547 static void hci_set_event_mask_page_2(struct hci_request *req)
549 struct hci_dev *hdev = req->hdev;
550 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
551 bool changed = false;
553 /* If Connectionless Slave Broadcast master role is supported
554 * enable all necessary events for it.
556 if (lmp_csb_master_capable(hdev)) {
557 events[1] |= 0x40; /* Triggered Clock Capture */
558 events[1] |= 0x80; /* Synchronization Train Complete */
559 events[2] |= 0x10; /* Slave Page Response Timeout */
560 events[2] |= 0x20; /* CSB Channel Map Change */
564 /* If Connectionless Slave Broadcast slave role is supported
565 * enable all necessary events for it.
567 if (lmp_csb_slave_capable(hdev)) {
568 events[2] |= 0x01; /* Synchronization Train Received */
569 events[2] |= 0x02; /* CSB Receive */
570 events[2] |= 0x04; /* CSB Timeout */
571 events[2] |= 0x08; /* Truncated Page Complete */
575 /* Enable Authenticated Payload Timeout Expired event if supported */
576 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) {
581 /* Some Broadcom based controllers indicate support for Set Event
582 * Mask Page 2 command, but then actually do not support it. Since
583 * the default value is all bits set to zero, the command is only
584 * required if the event mask has to be changed. In case no change
585 * to the event mask is needed, skip this command.
588 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2,
589 sizeof(events), events);
592 static int hci_init3_req(struct hci_request *req, unsigned long opt)
594 struct hci_dev *hdev = req->hdev;
597 hci_setup_event_mask(req);
599 if (hdev->commands[6] & 0x20 &&
600 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
601 struct hci_cp_read_stored_link_key cp;
603 bacpy(&cp.bdaddr, BDADDR_ANY);
605 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
608 if (hdev->commands[5] & 0x10)
609 hci_setup_link_policy(req);
611 if (hdev->commands[8] & 0x01)
612 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
614 /* Some older Broadcom based Bluetooth 1.2 controllers do not
615 * support the Read Page Scan Type command. Check support for
616 * this command in the bit mask of supported commands.
618 if (hdev->commands[13] & 0x01)
619 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
621 if (lmp_le_capable(hdev)) {
624 memset(events, 0, sizeof(events));
626 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
627 events[0] |= 0x10; /* LE Long Term Key Request */
629 /* If controller supports the Connection Parameters Request
630 * Link Layer Procedure, enable the corresponding event.
632 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
633 events[0] |= 0x20; /* LE Remote Connection
637 /* If the controller supports the Data Length Extension
638 * feature, enable the corresponding event.
640 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
641 events[0] |= 0x40; /* LE Data Length Change */
643 /* If the controller supports Extended Scanner Filter
644 * Policies, enable the correspondig event.
646 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
647 events[1] |= 0x04; /* LE Direct Advertising
651 /* If the controller supports Channel Selection Algorithm #2
652 * feature, enable the corresponding event.
654 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2)
655 events[2] |= 0x08; /* LE Channel Selection
659 /* If the controller supports the LE Set Scan Enable command,
660 * enable the corresponding advertising report event.
662 if (hdev->commands[26] & 0x08)
663 events[0] |= 0x02; /* LE Advertising Report */
665 /* If the controller supports the LE Create Connection
666 * command, enable the corresponding event.
668 if (hdev->commands[26] & 0x10)
669 events[0] |= 0x01; /* LE Connection Complete */
671 /* If the controller supports the LE Connection Update
672 * command, enable the corresponding event.
674 if (hdev->commands[27] & 0x04)
675 events[0] |= 0x04; /* LE Connection Update
679 /* If the controller supports the LE Read Remote Used Features
680 * command, enable the corresponding event.
682 if (hdev->commands[27] & 0x20)
683 events[0] |= 0x08; /* LE Read Remote Used
687 /* If the controller supports the LE Read Local P-256
688 * Public Key command, enable the corresponding event.
690 if (hdev->commands[34] & 0x02)
691 events[0] |= 0x80; /* LE Read Local P-256
692 * Public Key Complete
695 /* If the controller supports the LE Generate DHKey
696 * command, enable the corresponding event.
698 if (hdev->commands[34] & 0x04)
699 events[1] |= 0x01; /* LE Generate DHKey Complete */
701 /* If the controller supports the LE Set Default PHY or
702 * LE Set PHY commands, enable the corresponding event.
704 if (hdev->commands[35] & (0x20 | 0x40))
705 events[1] |= 0x08; /* LE PHY Update Complete */
707 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
710 if (hdev->commands[25] & 0x40) {
711 /* Read LE Advertising Channel TX Power */
712 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
715 if (hdev->commands[26] & 0x40) {
716 /* Read LE White List Size */
717 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE,
721 if (hdev->commands[26] & 0x80) {
722 /* Clear LE White List */
723 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
726 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
727 /* Read LE Maximum Data Length */
728 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
730 /* Read LE Suggested Default Data Length */
731 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
734 hci_set_le_support(req);
737 /* Read features beyond page 1 if available */
738 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
739 struct hci_cp_read_local_ext_features cp;
742 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
749 static int hci_init4_req(struct hci_request *req, unsigned long opt)
751 struct hci_dev *hdev = req->hdev;
753 /* Some Broadcom based Bluetooth controllers do not support the
754 * Delete Stored Link Key command. They are clearly indicating its
755 * absence in the bit mask of supported commands.
757 * Check the supported commands and only if the the command is marked
758 * as supported send it. If not supported assume that the controller
759 * does not have actual support for stored link keys which makes this
760 * command redundant anyway.
762 * Some controllers indicate that they support handling deleting
763 * stored link keys, but they don't. The quirk lets a driver
764 * just disable this command.
766 if (hdev->commands[6] & 0x80 &&
767 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
768 struct hci_cp_delete_stored_link_key cp;
770 bacpy(&cp.bdaddr, BDADDR_ANY);
771 cp.delete_all = 0x01;
772 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
776 /* Set event mask page 2 if the HCI command for it is supported */
777 if (hdev->commands[22] & 0x04)
778 hci_set_event_mask_page_2(req);
780 /* Read local codec list if the HCI command is supported */
781 if (hdev->commands[29] & 0x20)
782 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
784 /* Get MWS transport configuration if the HCI command is supported */
785 if (hdev->commands[30] & 0x08)
786 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
788 /* Check for Synchronization Train support */
789 if (lmp_sync_train_capable(hdev))
790 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
792 /* Enable Secure Connections if supported and configured */
793 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
794 bredr_sc_enabled(hdev)) {
797 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
798 sizeof(support), &support);
801 /* Set Suggested Default Data Length to maximum if supported */
802 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
803 struct hci_cp_le_write_def_data_len cp;
805 cp.tx_len = cpu_to_le16(hdev->le_max_tx_len);
806 cp.tx_time = cpu_to_le16(hdev->le_max_tx_time);
807 hci_req_add(req, HCI_OP_LE_WRITE_DEF_DATA_LEN, sizeof(cp), &cp);
810 /* Set Default PHY parameters if command is supported */
811 if (hdev->commands[35] & 0x20) {
812 struct hci_cp_le_set_default_phy cp;
814 /* No transmitter PHY or receiver PHY preferences */
819 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp);
825 static int __hci_init(struct hci_dev *hdev)
829 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT, NULL);
833 if (hci_dev_test_flag(hdev, HCI_SETUP))
834 hci_debugfs_create_basic(hdev);
836 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT, NULL);
840 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode
841 * BR/EDR/LE type controllers. AMP controllers only need the
842 * first two stages of init.
844 if (hdev->dev_type != HCI_PRIMARY)
847 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT, NULL);
851 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT, NULL);
855 /* This function is only called when the controller is actually in
856 * configured state. When the controller is marked as unconfigured,
857 * this initialization procedure is not run.
859 * It means that it is possible that a controller runs through its
860 * setup phase and then discovers missing settings. If that is the
861 * case, then this function will not be called. It then will only
862 * be called during the config phase.
864 * So only when in setup phase or config phase, create the debugfs
865 * entries and register the SMP channels.
867 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
868 !hci_dev_test_flag(hdev, HCI_CONFIG))
871 hci_debugfs_create_common(hdev);
873 if (lmp_bredr_capable(hdev))
874 hci_debugfs_create_bredr(hdev);
876 if (lmp_le_capable(hdev))
877 hci_debugfs_create_le(hdev);
882 static int hci_init0_req(struct hci_request *req, unsigned long opt)
884 struct hci_dev *hdev = req->hdev;
886 BT_DBG("%s %ld", hdev->name, opt);
889 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
890 hci_reset_req(req, 0);
892 /* Read Local Version */
893 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
895 /* Read BD Address */
896 if (hdev->set_bdaddr)
897 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
902 static int __hci_unconf_init(struct hci_dev *hdev)
906 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
909 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT, NULL);
913 if (hci_dev_test_flag(hdev, HCI_SETUP))
914 hci_debugfs_create_basic(hdev);
919 static int hci_scan_req(struct hci_request *req, unsigned long opt)
923 BT_DBG("%s %x", req->hdev->name, scan);
925 /* Inquiry and Page scans */
926 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
930 static int hci_auth_req(struct hci_request *req, unsigned long opt)
934 BT_DBG("%s %x", req->hdev->name, auth);
937 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
941 static int hci_encrypt_req(struct hci_request *req, unsigned long opt)
945 BT_DBG("%s %x", req->hdev->name, encrypt);
948 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
952 static int hci_linkpol_req(struct hci_request *req, unsigned long opt)
954 __le16 policy = cpu_to_le16(opt);
956 BT_DBG("%s %x", req->hdev->name, policy);
958 /* Default link policy */
959 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
963 /* Get HCI device by index.
964 * Device is held on return. */
965 struct hci_dev *hci_dev_get(int index)
967 struct hci_dev *hdev = NULL, *d;
974 read_lock(&hci_dev_list_lock);
975 list_for_each_entry(d, &hci_dev_list, list) {
976 if (d->id == index) {
977 hdev = hci_dev_hold(d);
981 read_unlock(&hci_dev_list_lock);
985 /* ---- Inquiry support ---- */
987 bool hci_discovery_active(struct hci_dev *hdev)
989 struct discovery_state *discov = &hdev->discovery;
991 switch (discov->state) {
992 case DISCOVERY_FINDING:
993 case DISCOVERY_RESOLVING:
1001 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1003 int old_state = hdev->discovery.state;
1005 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1007 if (old_state == state)
1010 hdev->discovery.state = state;
1013 case DISCOVERY_STOPPED:
1014 hci_update_background_scan(hdev);
1016 if (old_state != DISCOVERY_STARTING)
1017 mgmt_discovering(hdev, 0);
1019 case DISCOVERY_STARTING:
1021 case DISCOVERY_FINDING:
1022 mgmt_discovering(hdev, 1);
1024 case DISCOVERY_RESOLVING:
1026 case DISCOVERY_STOPPING:
1031 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1033 struct discovery_state *cache = &hdev->discovery;
1034 struct inquiry_entry *p, *n;
1036 list_for_each_entry_safe(p, n, &cache->all, all) {
1041 INIT_LIST_HEAD(&cache->unknown);
1042 INIT_LIST_HEAD(&cache->resolve);
1045 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1048 struct discovery_state *cache = &hdev->discovery;
1049 struct inquiry_entry *e;
1051 BT_DBG("cache %p, %pMR", cache, bdaddr);
1053 list_for_each_entry(e, &cache->all, all) {
1054 if (!bacmp(&e->data.bdaddr, bdaddr))
1061 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1064 struct discovery_state *cache = &hdev->discovery;
1065 struct inquiry_entry *e;
1067 BT_DBG("cache %p, %pMR", cache, bdaddr);
1069 list_for_each_entry(e, &cache->unknown, list) {
1070 if (!bacmp(&e->data.bdaddr, bdaddr))
1077 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1081 struct discovery_state *cache = &hdev->discovery;
1082 struct inquiry_entry *e;
1084 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1086 list_for_each_entry(e, &cache->resolve, list) {
1087 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1089 if (!bacmp(&e->data.bdaddr, bdaddr))
1096 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1097 struct inquiry_entry *ie)
1099 struct discovery_state *cache = &hdev->discovery;
1100 struct list_head *pos = &cache->resolve;
1101 struct inquiry_entry *p;
1103 list_del(&ie->list);
1105 list_for_each_entry(p, &cache->resolve, list) {
1106 if (p->name_state != NAME_PENDING &&
1107 abs(p->data.rssi) >= abs(ie->data.rssi))
1112 list_add(&ie->list, pos);
1115 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1118 struct discovery_state *cache = &hdev->discovery;
1119 struct inquiry_entry *ie;
1122 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1124 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1126 if (!data->ssp_mode)
1127 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1129 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1131 if (!ie->data.ssp_mode)
1132 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1134 if (ie->name_state == NAME_NEEDED &&
1135 data->rssi != ie->data.rssi) {
1136 ie->data.rssi = data->rssi;
1137 hci_inquiry_cache_update_resolve(hdev, ie);
1143 /* Entry not in the cache. Add new one. */
1144 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1146 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1150 list_add(&ie->all, &cache->all);
1153 ie->name_state = NAME_KNOWN;
1155 ie->name_state = NAME_NOT_KNOWN;
1156 list_add(&ie->list, &cache->unknown);
1160 if (name_known && ie->name_state != NAME_KNOWN &&
1161 ie->name_state != NAME_PENDING) {
1162 ie->name_state = NAME_KNOWN;
1163 list_del(&ie->list);
1166 memcpy(&ie->data, data, sizeof(*data));
1167 ie->timestamp = jiffies;
1168 cache->timestamp = jiffies;
1170 if (ie->name_state == NAME_NOT_KNOWN)
1171 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1177 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1179 struct discovery_state *cache = &hdev->discovery;
1180 struct inquiry_info *info = (struct inquiry_info *) buf;
1181 struct inquiry_entry *e;
1184 list_for_each_entry(e, &cache->all, all) {
1185 struct inquiry_data *data = &e->data;
1190 bacpy(&info->bdaddr, &data->bdaddr);
1191 info->pscan_rep_mode = data->pscan_rep_mode;
1192 info->pscan_period_mode = data->pscan_period_mode;
1193 info->pscan_mode = data->pscan_mode;
1194 memcpy(info->dev_class, data->dev_class, 3);
1195 info->clock_offset = data->clock_offset;
1201 BT_DBG("cache %p, copied %d", cache, copied);
1205 static int hci_inq_req(struct hci_request *req, unsigned long opt)
1207 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1208 struct hci_dev *hdev = req->hdev;
1209 struct hci_cp_inquiry cp;
1211 BT_DBG("%s", hdev->name);
1213 if (test_bit(HCI_INQUIRY, &hdev->flags))
1217 memcpy(&cp.lap, &ir->lap, 3);
1218 cp.length = ir->length;
1219 cp.num_rsp = ir->num_rsp;
1220 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1225 int hci_inquiry(void __user *arg)
1227 __u8 __user *ptr = arg;
1228 struct hci_inquiry_req ir;
1229 struct hci_dev *hdev;
1230 int err = 0, do_inquiry = 0, max_rsp;
1234 if (copy_from_user(&ir, ptr, sizeof(ir)))
1237 hdev = hci_dev_get(ir.dev_id);
1241 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1246 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1251 if (hdev->dev_type != HCI_PRIMARY) {
1256 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1261 /* Restrict maximum inquiry length to 60 seconds */
1262 if (ir.length > 60) {
1268 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1269 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1270 hci_inquiry_cache_flush(hdev);
1273 hci_dev_unlock(hdev);
1275 timeo = ir.length * msecs_to_jiffies(2000);
1278 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1283 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1284 * cleared). If it is interrupted by a signal, return -EINTR.
1286 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1287 TASK_INTERRUPTIBLE)) {
1293 /* for unlimited number of responses we will use buffer with
1296 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1298 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1299 * copy it to the user space.
1301 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
1308 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1309 hci_dev_unlock(hdev);
1311 BT_DBG("num_rsp %d", ir.num_rsp);
1313 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1315 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1328 static int hci_dev_do_open(struct hci_dev *hdev)
1332 BT_DBG("%s %p", hdev->name, hdev);
1334 hci_req_sync_lock(hdev);
1336 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1341 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1342 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1343 /* Check for rfkill but allow the HCI setup stage to
1344 * proceed (which in itself doesn't cause any RF activity).
1346 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1351 /* Check for valid public address or a configured static
1352 * random adddress, but let the HCI setup proceed to
1353 * be able to determine if there is a public address
1356 * In case of user channel usage, it is not important
1357 * if a public address or static random address is
1360 * This check is only valid for BR/EDR controllers
1361 * since AMP controllers do not have an address.
1363 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1364 hdev->dev_type == HCI_PRIMARY &&
1365 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1366 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1367 ret = -EADDRNOTAVAIL;
1372 if (test_bit(HCI_UP, &hdev->flags)) {
1377 if (hdev->open(hdev)) {
1382 set_bit(HCI_RUNNING, &hdev->flags);
1383 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
1385 atomic_set(&hdev->cmd_cnt, 1);
1386 set_bit(HCI_INIT, &hdev->flags);
1388 if (hci_dev_test_flag(hdev, HCI_SETUP)) {
1389 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1392 ret = hdev->setup(hdev);
1394 /* The transport driver can set these quirks before
1395 * creating the HCI device or in its setup callback.
1397 * In case any of them is set, the controller has to
1398 * start up as unconfigured.
1400 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1401 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
1402 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1404 /* For an unconfigured controller it is required to
1405 * read at least the version information provided by
1406 * the Read Local Version Information command.
1408 * If the set_bdaddr driver callback is provided, then
1409 * also the original Bluetooth public device address
1410 * will be read using the Read BD Address command.
1412 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1413 ret = __hci_unconf_init(hdev);
1416 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1417 /* If public address change is configured, ensure that
1418 * the address gets programmed. If the driver does not
1419 * support changing the public address, fail the power
1422 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1424 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1426 ret = -EADDRNOTAVAIL;
1430 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1431 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1432 ret = __hci_init(hdev);
1433 if (!ret && hdev->post_init)
1434 ret = hdev->post_init(hdev);
1438 /* If the HCI Reset command is clearing all diagnostic settings,
1439 * then they need to be reprogrammed after the init procedure
1442 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
1443 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1444 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
1445 ret = hdev->set_diag(hdev, true);
1447 clear_bit(HCI_INIT, &hdev->flags);
1451 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1452 set_bit(HCI_UP, &hdev->flags);
1453 hci_sock_dev_event(hdev, HCI_DEV_UP);
1454 hci_leds_update_powered(hdev, true);
1455 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1456 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1457 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1458 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1459 hci_dev_test_flag(hdev, HCI_MGMT) &&
1460 hdev->dev_type == HCI_PRIMARY) {
1461 ret = __hci_req_hci_power_on(hdev);
1462 mgmt_power_on(hdev, ret);
1465 /* Init failed, cleanup */
1466 flush_work(&hdev->tx_work);
1468 /* Since hci_rx_work() is possible to awake new cmd_work
1469 * it should be flushed first to avoid unexpected call of
1472 flush_work(&hdev->rx_work);
1473 flush_work(&hdev->cmd_work);
1475 skb_queue_purge(&hdev->cmd_q);
1476 skb_queue_purge(&hdev->rx_q);
1481 if (hdev->sent_cmd) {
1482 cancel_delayed_work_sync(&hdev->cmd_timer);
1483 kfree_skb(hdev->sent_cmd);
1484 hdev->sent_cmd = NULL;
1487 clear_bit(HCI_RUNNING, &hdev->flags);
1488 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1491 hdev->flags &= BIT(HCI_RAW);
1495 hci_req_sync_unlock(hdev);
1499 /* ---- HCI ioctl helpers ---- */
1501 int hci_dev_open(__u16 dev)
1503 struct hci_dev *hdev;
1506 hdev = hci_dev_get(dev);
1510 /* Devices that are marked as unconfigured can only be powered
1511 * up as user channel. Trying to bring them up as normal devices
1512 * will result into a failure. Only user channel operation is
1515 * When this function is called for a user channel, the flag
1516 * HCI_USER_CHANNEL will be set first before attempting to
1519 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1520 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1525 /* We need to ensure that no other power on/off work is pending
1526 * before proceeding to call hci_dev_do_open. This is
1527 * particularly important if the setup procedure has not yet
1530 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1531 cancel_delayed_work(&hdev->power_off);
1533 /* After this call it is guaranteed that the setup procedure
1534 * has finished. This means that error conditions like RFKILL
1535 * or no valid public or static random address apply.
1537 flush_workqueue(hdev->req_workqueue);
1539 /* For controllers not using the management interface and that
1540 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1541 * so that pairing works for them. Once the management interface
1542 * is in use this bit will be cleared again and userspace has
1543 * to explicitly enable it.
1545 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1546 !hci_dev_test_flag(hdev, HCI_MGMT))
1547 hci_dev_set_flag(hdev, HCI_BONDABLE);
1549 err = hci_dev_do_open(hdev);
1556 /* This function requires the caller holds hdev->lock */
1557 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1559 struct hci_conn_params *p;
1561 list_for_each_entry(p, &hdev->le_conn_params, list) {
1563 hci_conn_drop(p->conn);
1564 hci_conn_put(p->conn);
1567 list_del_init(&p->action);
1570 BT_DBG("All LE pending actions cleared");
1573 int hci_dev_do_close(struct hci_dev *hdev)
1577 BT_DBG("%s %p", hdev->name, hdev);
1579 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1580 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1581 test_bit(HCI_UP, &hdev->flags)) {
1582 /* Execute vendor specific shutdown routine */
1584 hdev->shutdown(hdev);
1587 cancel_delayed_work(&hdev->power_off);
1589 hci_request_cancel_all(hdev);
1590 hci_req_sync_lock(hdev);
1592 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1593 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1594 test_bit(HCI_UP, &hdev->flags)) {
1595 /* Execute vendor specific shutdown routine */
1597 hdev->shutdown(hdev);
1600 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1601 cancel_delayed_work_sync(&hdev->cmd_timer);
1602 hci_req_sync_unlock(hdev);
1606 hci_leds_update_powered(hdev, false);
1608 /* Flush RX and TX works */
1609 flush_work(&hdev->tx_work);
1610 flush_work(&hdev->rx_work);
1612 if (hdev->discov_timeout > 0) {
1613 hdev->discov_timeout = 0;
1614 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1615 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1618 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1619 cancel_delayed_work(&hdev->service_cache);
1621 if (hci_dev_test_flag(hdev, HCI_MGMT))
1622 cancel_delayed_work_sync(&hdev->rpa_expired);
1624 /* Avoid potential lockdep warnings from the *_flush() calls by
1625 * ensuring the workqueue is empty up front.
1627 drain_workqueue(hdev->workqueue);
1631 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1633 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
1635 if (!auto_off && hdev->dev_type == HCI_PRIMARY &&
1636 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1637 hci_dev_test_flag(hdev, HCI_MGMT))
1638 __mgmt_power_off(hdev);
1640 hci_inquiry_cache_flush(hdev);
1641 hci_pend_le_actions_clear(hdev);
1642 hci_conn_hash_flush(hdev);
1643 hci_dev_unlock(hdev);
1645 smp_unregister(hdev);
1647 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
1653 skb_queue_purge(&hdev->cmd_q);
1654 atomic_set(&hdev->cmd_cnt, 1);
1655 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
1656 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1657 set_bit(HCI_INIT, &hdev->flags);
1658 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT, NULL);
1659 clear_bit(HCI_INIT, &hdev->flags);
1662 /* flush cmd work */
1663 flush_work(&hdev->cmd_work);
1666 skb_queue_purge(&hdev->rx_q);
1667 skb_queue_purge(&hdev->cmd_q);
1668 skb_queue_purge(&hdev->raw_q);
1670 /* Drop last sent command */
1671 if (hdev->sent_cmd) {
1672 cancel_delayed_work_sync(&hdev->cmd_timer);
1673 kfree_skb(hdev->sent_cmd);
1674 hdev->sent_cmd = NULL;
1677 clear_bit(HCI_RUNNING, &hdev->flags);
1678 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1680 /* After this point our queues are empty
1681 * and no tasks are scheduled. */
1685 hdev->flags &= BIT(HCI_RAW);
1686 hci_dev_clear_volatile_flags(hdev);
1688 /* Controller radio is available but is currently powered down */
1689 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1691 memset(hdev->eir, 0, sizeof(hdev->eir));
1692 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1693 bacpy(&hdev->random_addr, BDADDR_ANY);
1695 hci_req_sync_unlock(hdev);
1701 int hci_dev_close(__u16 dev)
1703 struct hci_dev *hdev;
1706 hdev = hci_dev_get(dev);
1710 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1715 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1716 cancel_delayed_work(&hdev->power_off);
1718 err = hci_dev_do_close(hdev);
1725 static int hci_dev_do_reset(struct hci_dev *hdev)
1729 BT_DBG("%s %p", hdev->name, hdev);
1731 hci_req_sync_lock(hdev);
1734 skb_queue_purge(&hdev->rx_q);
1735 skb_queue_purge(&hdev->cmd_q);
1737 /* Avoid potential lockdep warnings from the *_flush() calls by
1738 * ensuring the workqueue is empty up front.
1740 drain_workqueue(hdev->workqueue);
1743 hci_inquiry_cache_flush(hdev);
1744 hci_conn_hash_flush(hdev);
1745 hci_dev_unlock(hdev);
1750 atomic_set(&hdev->cmd_cnt, 1);
1751 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1753 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT, NULL);
1755 hci_req_sync_unlock(hdev);
1759 int hci_dev_reset(__u16 dev)
1761 struct hci_dev *hdev;
1764 hdev = hci_dev_get(dev);
1768 if (!test_bit(HCI_UP, &hdev->flags)) {
1773 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1778 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1783 err = hci_dev_do_reset(hdev);
1790 int hci_dev_reset_stat(__u16 dev)
1792 struct hci_dev *hdev;
1795 hdev = hci_dev_get(dev);
1799 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1804 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1809 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1816 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1818 bool conn_changed, discov_changed;
1820 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1822 if ((scan & SCAN_PAGE))
1823 conn_changed = !hci_dev_test_and_set_flag(hdev,
1826 conn_changed = hci_dev_test_and_clear_flag(hdev,
1829 if ((scan & SCAN_INQUIRY)) {
1830 discov_changed = !hci_dev_test_and_set_flag(hdev,
1833 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1834 discov_changed = hci_dev_test_and_clear_flag(hdev,
1838 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1841 if (conn_changed || discov_changed) {
1842 /* In case this was disabled through mgmt */
1843 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1845 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1846 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1848 mgmt_new_settings(hdev);
1852 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1854 struct hci_dev *hdev;
1855 struct hci_dev_req dr;
1858 if (copy_from_user(&dr, arg, sizeof(dr)))
1861 hdev = hci_dev_get(dr.dev_id);
1865 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1870 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1875 if (hdev->dev_type != HCI_PRIMARY) {
1880 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1887 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1888 HCI_INIT_TIMEOUT, NULL);
1892 if (!lmp_encrypt_capable(hdev)) {
1897 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1898 /* Auth must be enabled first */
1899 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1900 HCI_INIT_TIMEOUT, NULL);
1905 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1906 HCI_INIT_TIMEOUT, NULL);
1910 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1911 HCI_INIT_TIMEOUT, NULL);
1913 /* Ensure that the connectable and discoverable states
1914 * get correctly modified as this was a non-mgmt change.
1917 hci_update_scan_state(hdev, dr.dev_opt);
1921 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1922 HCI_INIT_TIMEOUT, NULL);
1925 case HCISETLINKMODE:
1926 hdev->link_mode = ((__u16) dr.dev_opt) &
1927 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1931 hdev->pkt_type = (__u16) dr.dev_opt;
1935 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1936 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1940 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1941 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1954 int hci_get_dev_list(void __user *arg)
1956 struct hci_dev *hdev;
1957 struct hci_dev_list_req *dl;
1958 struct hci_dev_req *dr;
1959 int n = 0, size, err;
1962 if (get_user(dev_num, (__u16 __user *) arg))
1965 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1968 size = sizeof(*dl) + dev_num * sizeof(*dr);
1970 dl = kzalloc(size, GFP_KERNEL);
1976 read_lock(&hci_dev_list_lock);
1977 list_for_each_entry(hdev, &hci_dev_list, list) {
1978 unsigned long flags = hdev->flags;
1980 /* When the auto-off is configured it means the transport
1981 * is running, but in that case still indicate that the
1982 * device is actually down.
1984 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
1985 flags &= ~BIT(HCI_UP);
1987 (dr + n)->dev_id = hdev->id;
1988 (dr + n)->dev_opt = flags;
1993 read_unlock(&hci_dev_list_lock);
1996 size = sizeof(*dl) + n * sizeof(*dr);
1998 err = copy_to_user(arg, dl, size);
2001 return err ? -EFAULT : 0;
2004 int hci_get_dev_info(void __user *arg)
2006 struct hci_dev *hdev;
2007 struct hci_dev_info di;
2008 unsigned long flags;
2011 if (copy_from_user(&di, arg, sizeof(di)))
2014 hdev = hci_dev_get(di.dev_id);
2018 /* When the auto-off is configured it means the transport
2019 * is running, but in that case still indicate that the
2020 * device is actually down.
2022 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2023 flags = hdev->flags & ~BIT(HCI_UP);
2025 flags = hdev->flags;
2027 strcpy(di.name, hdev->name);
2028 di.bdaddr = hdev->bdaddr;
2029 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2031 di.pkt_type = hdev->pkt_type;
2032 if (lmp_bredr_capable(hdev)) {
2033 di.acl_mtu = hdev->acl_mtu;
2034 di.acl_pkts = hdev->acl_pkts;
2035 di.sco_mtu = hdev->sco_mtu;
2036 di.sco_pkts = hdev->sco_pkts;
2038 di.acl_mtu = hdev->le_mtu;
2039 di.acl_pkts = hdev->le_pkts;
2043 di.link_policy = hdev->link_policy;
2044 di.link_mode = hdev->link_mode;
2046 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2047 memcpy(&di.features, &hdev->features, sizeof(di.features));
2049 if (copy_to_user(arg, &di, sizeof(di)))
2057 /* ---- Interface to HCI drivers ---- */
2059 static int hci_rfkill_set_block(void *data, bool blocked)
2061 struct hci_dev *hdev = data;
2063 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2065 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2069 hci_dev_set_flag(hdev, HCI_RFKILLED);
2070 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2071 !hci_dev_test_flag(hdev, HCI_CONFIG))
2072 hci_dev_do_close(hdev);
2074 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2080 static const struct rfkill_ops hci_rfkill_ops = {
2081 .set_block = hci_rfkill_set_block,
2084 static void hci_power_on(struct work_struct *work)
2086 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2089 BT_DBG("%s", hdev->name);
2091 if (test_bit(HCI_UP, &hdev->flags) &&
2092 hci_dev_test_flag(hdev, HCI_MGMT) &&
2093 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
2094 cancel_delayed_work(&hdev->power_off);
2095 hci_req_sync_lock(hdev);
2096 err = __hci_req_hci_power_on(hdev);
2097 hci_req_sync_unlock(hdev);
2098 mgmt_power_on(hdev, err);
2102 err = hci_dev_do_open(hdev);
2105 mgmt_set_powered_failed(hdev, err);
2106 hci_dev_unlock(hdev);
2110 /* During the HCI setup phase, a few error conditions are
2111 * ignored and they need to be checked now. If they are still
2112 * valid, it is important to turn the device back off.
2114 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2115 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2116 (hdev->dev_type == HCI_PRIMARY &&
2117 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2118 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2119 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2120 hci_dev_do_close(hdev);
2121 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2122 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2123 HCI_AUTO_OFF_TIMEOUT);
2126 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2127 /* For unconfigured devices, set the HCI_RAW flag
2128 * so that userspace can easily identify them.
2130 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2131 set_bit(HCI_RAW, &hdev->flags);
2133 /* For fully configured devices, this will send
2134 * the Index Added event. For unconfigured devices,
2135 * it will send Unconfigued Index Added event.
2137 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2138 * and no event will be send.
2140 mgmt_index_added(hdev);
2141 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2142 /* When the controller is now configured, then it
2143 * is important to clear the HCI_RAW flag.
2145 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2146 clear_bit(HCI_RAW, &hdev->flags);
2148 /* Powering on the controller with HCI_CONFIG set only
2149 * happens with the transition from unconfigured to
2150 * configured. This will send the Index Added event.
2152 mgmt_index_added(hdev);
2156 static void hci_power_off(struct work_struct *work)
2158 struct hci_dev *hdev = container_of(work, struct hci_dev,
2161 BT_DBG("%s", hdev->name);
2163 hci_dev_do_close(hdev);
2166 static void hci_error_reset(struct work_struct *work)
2168 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2170 BT_DBG("%s", hdev->name);
2173 hdev->hw_error(hdev, hdev->hw_error_code);
2175 BT_ERR("%s hardware error 0x%2.2x", hdev->name,
2176 hdev->hw_error_code);
2178 if (hci_dev_do_close(hdev))
2181 hci_dev_do_open(hdev);
2184 void hci_uuids_clear(struct hci_dev *hdev)
2186 struct bt_uuid *uuid, *tmp;
2188 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2189 list_del(&uuid->list);
2194 void hci_link_keys_clear(struct hci_dev *hdev)
2196 struct link_key *key;
2198 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
2199 list_del_rcu(&key->list);
2200 kfree_rcu(key, rcu);
2204 void hci_smp_ltks_clear(struct hci_dev *hdev)
2208 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2209 list_del_rcu(&k->list);
2214 void hci_smp_irks_clear(struct hci_dev *hdev)
2218 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2219 list_del_rcu(&k->list);
2224 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2229 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2230 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2240 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2241 u8 key_type, u8 old_key_type)
2244 if (key_type < 0x03)
2247 /* Debug keys are insecure so don't store them persistently */
2248 if (key_type == HCI_LK_DEBUG_COMBINATION)
2251 /* Changed combination key and there's no previous one */
2252 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2255 /* Security mode 3 case */
2259 /* BR/EDR key derived using SC from an LE link */
2260 if (conn->type == LE_LINK)
2263 /* Neither local nor remote side had no-bonding as requirement */
2264 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2267 /* Local side had dedicated bonding as requirement */
2268 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2271 /* Remote side had dedicated bonding as requirement */
2272 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2275 /* If none of the above criteria match, then don't store the key
2280 static u8 ltk_role(u8 type)
2282 if (type == SMP_LTK)
2283 return HCI_ROLE_MASTER;
2285 return HCI_ROLE_SLAVE;
2288 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2289 u8 addr_type, u8 role)
2294 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2295 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2298 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2308 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2310 struct smp_irk *irk;
2313 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2314 if (!bacmp(&irk->rpa, rpa)) {
2320 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2321 if (smp_irk_matches(hdev, irk->val, rpa)) {
2322 bacpy(&irk->rpa, rpa);
2332 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2335 struct smp_irk *irk;
2337 /* Identity Address must be public or static random */
2338 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2342 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2343 if (addr_type == irk->addr_type &&
2344 bacmp(bdaddr, &irk->bdaddr) == 0) {
2354 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2355 bdaddr_t *bdaddr, u8 *val, u8 type,
2356 u8 pin_len, bool *persistent)
2358 struct link_key *key, *old_key;
2361 old_key = hci_find_link_key(hdev, bdaddr);
2363 old_key_type = old_key->type;
2366 old_key_type = conn ? conn->key_type : 0xff;
2367 key = kzalloc(sizeof(*key), GFP_KERNEL);
2370 list_add_rcu(&key->list, &hdev->link_keys);
2373 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2375 /* Some buggy controller combinations generate a changed
2376 * combination key for legacy pairing even when there's no
2378 if (type == HCI_LK_CHANGED_COMBINATION &&
2379 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2380 type = HCI_LK_COMBINATION;
2382 conn->key_type = type;
2385 bacpy(&key->bdaddr, bdaddr);
2386 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2387 key->pin_len = pin_len;
2389 if (type == HCI_LK_CHANGED_COMBINATION)
2390 key->type = old_key_type;
2395 *persistent = hci_persistent_key(hdev, conn, type,
2401 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2402 u8 addr_type, u8 type, u8 authenticated,
2403 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2405 struct smp_ltk *key, *old_key;
2406 u8 role = ltk_role(type);
2408 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2412 key = kzalloc(sizeof(*key), GFP_KERNEL);
2415 list_add_rcu(&key->list, &hdev->long_term_keys);
2418 bacpy(&key->bdaddr, bdaddr);
2419 key->bdaddr_type = addr_type;
2420 memcpy(key->val, tk, sizeof(key->val));
2421 key->authenticated = authenticated;
2424 key->enc_size = enc_size;
2430 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2431 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2433 struct smp_irk *irk;
2435 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2437 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2441 bacpy(&irk->bdaddr, bdaddr);
2442 irk->addr_type = addr_type;
2444 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2447 memcpy(irk->val, val, 16);
2448 bacpy(&irk->rpa, rpa);
2453 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2455 struct link_key *key;
2457 key = hci_find_link_key(hdev, bdaddr);
2461 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2463 list_del_rcu(&key->list);
2464 kfree_rcu(key, rcu);
2469 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2474 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2475 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2478 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2480 list_del_rcu(&k->list);
2485 return removed ? 0 : -ENOENT;
2488 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2492 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2493 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2496 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2498 list_del_rcu(&k->list);
2503 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2506 struct smp_irk *irk;
2509 if (type == BDADDR_BREDR) {
2510 if (hci_find_link_key(hdev, bdaddr))
2515 /* Convert to HCI addr type which struct smp_ltk uses */
2516 if (type == BDADDR_LE_PUBLIC)
2517 addr_type = ADDR_LE_DEV_PUBLIC;
2519 addr_type = ADDR_LE_DEV_RANDOM;
2521 irk = hci_get_irk(hdev, bdaddr, addr_type);
2523 bdaddr = &irk->bdaddr;
2524 addr_type = irk->addr_type;
2528 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2529 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2539 /* HCI command timer function */
2540 static void hci_cmd_timeout(struct work_struct *work)
2542 struct hci_dev *hdev = container_of(work, struct hci_dev,
2545 if (hdev->sent_cmd) {
2546 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2547 u16 opcode = __le16_to_cpu(sent->opcode);
2549 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
2551 BT_ERR("%s command tx timeout", hdev->name);
2554 atomic_set(&hdev->cmd_cnt, 1);
2555 queue_work(hdev->workqueue, &hdev->cmd_work);
2558 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2559 bdaddr_t *bdaddr, u8 bdaddr_type)
2561 struct oob_data *data;
2563 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2564 if (bacmp(bdaddr, &data->bdaddr) != 0)
2566 if (data->bdaddr_type != bdaddr_type)
2574 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2577 struct oob_data *data;
2579 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2583 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2585 list_del(&data->list);
2591 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2593 struct oob_data *data, *n;
2595 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2596 list_del(&data->list);
2601 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2602 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2603 u8 *hash256, u8 *rand256)
2605 struct oob_data *data;
2607 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2609 data = kmalloc(sizeof(*data), GFP_KERNEL);
2613 bacpy(&data->bdaddr, bdaddr);
2614 data->bdaddr_type = bdaddr_type;
2615 list_add(&data->list, &hdev->remote_oob_data);
2618 if (hash192 && rand192) {
2619 memcpy(data->hash192, hash192, sizeof(data->hash192));
2620 memcpy(data->rand192, rand192, sizeof(data->rand192));
2621 if (hash256 && rand256)
2622 data->present = 0x03;
2624 memset(data->hash192, 0, sizeof(data->hash192));
2625 memset(data->rand192, 0, sizeof(data->rand192));
2626 if (hash256 && rand256)
2627 data->present = 0x02;
2629 data->present = 0x00;
2632 if (hash256 && rand256) {
2633 memcpy(data->hash256, hash256, sizeof(data->hash256));
2634 memcpy(data->rand256, rand256, sizeof(data->rand256));
2636 memset(data->hash256, 0, sizeof(data->hash256));
2637 memset(data->rand256, 0, sizeof(data->rand256));
2638 if (hash192 && rand192)
2639 data->present = 0x01;
2642 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2647 /* This function requires the caller holds hdev->lock */
2648 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2650 struct adv_info *adv_instance;
2652 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2653 if (adv_instance->instance == instance)
2654 return adv_instance;
2660 /* This function requires the caller holds hdev->lock */
2661 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance)
2663 struct adv_info *cur_instance;
2665 cur_instance = hci_find_adv_instance(hdev, instance);
2669 if (cur_instance == list_last_entry(&hdev->adv_instances,
2670 struct adv_info, list))
2671 return list_first_entry(&hdev->adv_instances,
2672 struct adv_info, list);
2674 return list_next_entry(cur_instance, list);
2677 /* This function requires the caller holds hdev->lock */
2678 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2680 struct adv_info *adv_instance;
2682 adv_instance = hci_find_adv_instance(hdev, instance);
2686 BT_DBG("%s removing %dMR", hdev->name, instance);
2688 if (hdev->cur_adv_instance == instance) {
2689 if (hdev->adv_instance_timeout) {
2690 cancel_delayed_work(&hdev->adv_instance_expire);
2691 hdev->adv_instance_timeout = 0;
2693 hdev->cur_adv_instance = 0x00;
2696 list_del(&adv_instance->list);
2697 kfree(adv_instance);
2699 hdev->adv_instance_cnt--;
2704 /* This function requires the caller holds hdev->lock */
2705 void hci_adv_instances_clear(struct hci_dev *hdev)
2707 struct adv_info *adv_instance, *n;
2709 if (hdev->adv_instance_timeout) {
2710 cancel_delayed_work(&hdev->adv_instance_expire);
2711 hdev->adv_instance_timeout = 0;
2714 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2715 list_del(&adv_instance->list);
2716 kfree(adv_instance);
2719 hdev->adv_instance_cnt = 0;
2720 hdev->cur_adv_instance = 0x00;
2723 /* This function requires the caller holds hdev->lock */
2724 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2725 u16 adv_data_len, u8 *adv_data,
2726 u16 scan_rsp_len, u8 *scan_rsp_data,
2727 u16 timeout, u16 duration)
2729 struct adv_info *adv_instance;
2731 adv_instance = hci_find_adv_instance(hdev, instance);
2733 memset(adv_instance->adv_data, 0,
2734 sizeof(adv_instance->adv_data));
2735 memset(adv_instance->scan_rsp_data, 0,
2736 sizeof(adv_instance->scan_rsp_data));
2738 if (hdev->adv_instance_cnt >= HCI_MAX_ADV_INSTANCES ||
2739 instance < 1 || instance > HCI_MAX_ADV_INSTANCES)
2742 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2746 adv_instance->pending = true;
2747 adv_instance->instance = instance;
2748 list_add(&adv_instance->list, &hdev->adv_instances);
2749 hdev->adv_instance_cnt++;
2752 adv_instance->flags = flags;
2753 adv_instance->adv_data_len = adv_data_len;
2754 adv_instance->scan_rsp_len = scan_rsp_len;
2757 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
2760 memcpy(adv_instance->scan_rsp_data,
2761 scan_rsp_data, scan_rsp_len);
2763 adv_instance->timeout = timeout;
2764 adv_instance->remaining_time = timeout;
2767 adv_instance->duration = HCI_DEFAULT_ADV_DURATION;
2769 adv_instance->duration = duration;
2771 BT_DBG("%s for %dMR", hdev->name, instance);
2776 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
2777 bdaddr_t *bdaddr, u8 type)
2779 struct bdaddr_list *b;
2781 list_for_each_entry(b, bdaddr_list, list) {
2782 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2789 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
2791 struct bdaddr_list *b, *n;
2793 list_for_each_entry_safe(b, n, bdaddr_list, list) {
2799 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2801 struct bdaddr_list *entry;
2803 if (!bacmp(bdaddr, BDADDR_ANY))
2806 if (hci_bdaddr_list_lookup(list, bdaddr, type))
2809 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
2813 bacpy(&entry->bdaddr, bdaddr);
2814 entry->bdaddr_type = type;
2816 list_add(&entry->list, list);
2821 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2823 struct bdaddr_list *entry;
2825 if (!bacmp(bdaddr, BDADDR_ANY)) {
2826 hci_bdaddr_list_clear(list);
2830 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
2834 list_del(&entry->list);
2840 /* This function requires the caller holds hdev->lock */
2841 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
2842 bdaddr_t *addr, u8 addr_type)
2844 struct hci_conn_params *params;
2846 list_for_each_entry(params, &hdev->le_conn_params, list) {
2847 if (bacmp(¶ms->addr, addr) == 0 &&
2848 params->addr_type == addr_type) {
2856 /* This function requires the caller holds hdev->lock */
2857 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
2858 bdaddr_t *addr, u8 addr_type)
2860 struct hci_conn_params *param;
2862 list_for_each_entry(param, list, action) {
2863 if (bacmp(¶m->addr, addr) == 0 &&
2864 param->addr_type == addr_type)
2871 /* This function requires the caller holds hdev->lock */
2872 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
2873 bdaddr_t *addr, u8 addr_type)
2875 struct hci_conn_params *params;
2877 params = hci_conn_params_lookup(hdev, addr, addr_type);
2881 params = kzalloc(sizeof(*params), GFP_KERNEL);
2883 BT_ERR("Out of memory");
2887 bacpy(¶ms->addr, addr);
2888 params->addr_type = addr_type;
2890 list_add(¶ms->list, &hdev->le_conn_params);
2891 INIT_LIST_HEAD(¶ms->action);
2893 params->conn_min_interval = hdev->le_conn_min_interval;
2894 params->conn_max_interval = hdev->le_conn_max_interval;
2895 params->conn_latency = hdev->le_conn_latency;
2896 params->supervision_timeout = hdev->le_supv_timeout;
2897 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2899 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2904 static void hci_conn_params_free(struct hci_conn_params *params)
2907 hci_conn_drop(params->conn);
2908 hci_conn_put(params->conn);
2911 list_del(¶ms->action);
2912 list_del(¶ms->list);
2916 /* This function requires the caller holds hdev->lock */
2917 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
2919 struct hci_conn_params *params;
2921 params = hci_conn_params_lookup(hdev, addr, addr_type);
2925 hci_conn_params_free(params);
2927 hci_update_background_scan(hdev);
2929 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2932 /* This function requires the caller holds hdev->lock */
2933 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
2935 struct hci_conn_params *params, *tmp;
2937 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
2938 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
2941 /* If trying to estabilish one time connection to disabled
2942 * device, leave the params, but mark them as just once.
2944 if (params->explicit_connect) {
2945 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2949 list_del(¶ms->list);
2953 BT_DBG("All LE disabled connection parameters were removed");
2956 /* This function requires the caller holds hdev->lock */
2957 static void hci_conn_params_clear_all(struct hci_dev *hdev)
2959 struct hci_conn_params *params, *tmp;
2961 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
2962 hci_conn_params_free(params);
2964 BT_DBG("All LE connection parameters were removed");
2967 /* Copy the Identity Address of the controller.
2969 * If the controller has a public BD_ADDR, then by default use that one.
2970 * If this is a LE only controller without a public address, default to
2971 * the static random address.
2973 * For debugging purposes it is possible to force controllers with a
2974 * public address to use the static random address instead.
2976 * In case BR/EDR has been disabled on a dual-mode controller and
2977 * userspace has configured a static address, then that address
2978 * becomes the identity address instead of the public BR/EDR address.
2980 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
2983 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
2984 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
2985 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
2986 bacmp(&hdev->static_addr, BDADDR_ANY))) {
2987 bacpy(bdaddr, &hdev->static_addr);
2988 *bdaddr_type = ADDR_LE_DEV_RANDOM;
2990 bacpy(bdaddr, &hdev->bdaddr);
2991 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
2995 /* Alloc HCI device */
2996 struct hci_dev *hci_alloc_dev(void)
2998 struct hci_dev *hdev;
3000 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3004 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3005 hdev->esco_type = (ESCO_HV1);
3006 hdev->link_mode = (HCI_LM_ACCEPT);
3007 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3008 hdev->io_capability = 0x03; /* No Input No Output */
3009 hdev->manufacturer = 0xffff; /* Default to internal use */
3010 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3011 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3012 hdev->adv_instance_cnt = 0;
3013 hdev->cur_adv_instance = 0x00;
3014 hdev->adv_instance_timeout = 0;
3016 hdev->sniff_max_interval = 800;
3017 hdev->sniff_min_interval = 80;
3019 hdev->le_adv_channel_map = 0x07;
3020 hdev->le_adv_min_interval = 0x0800;
3021 hdev->le_adv_max_interval = 0x0800;
3022 hdev->le_scan_interval = 0x0060;
3023 hdev->le_scan_window = 0x0030;
3024 hdev->le_conn_min_interval = 0x0018;
3025 hdev->le_conn_max_interval = 0x0028;
3026 hdev->le_conn_latency = 0x0000;
3027 hdev->le_supv_timeout = 0x002a;
3028 hdev->le_def_tx_len = 0x001b;
3029 hdev->le_def_tx_time = 0x0148;
3030 hdev->le_max_tx_len = 0x001b;
3031 hdev->le_max_tx_time = 0x0148;
3032 hdev->le_max_rx_len = 0x001b;
3033 hdev->le_max_rx_time = 0x0148;
3035 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3036 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3037 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3038 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3040 mutex_init(&hdev->lock);
3041 mutex_init(&hdev->req_lock);
3043 INIT_LIST_HEAD(&hdev->mgmt_pending);
3044 INIT_LIST_HEAD(&hdev->blacklist);
3045 INIT_LIST_HEAD(&hdev->whitelist);
3046 INIT_LIST_HEAD(&hdev->uuids);
3047 INIT_LIST_HEAD(&hdev->link_keys);
3048 INIT_LIST_HEAD(&hdev->long_term_keys);
3049 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3050 INIT_LIST_HEAD(&hdev->remote_oob_data);
3051 INIT_LIST_HEAD(&hdev->le_white_list);
3052 INIT_LIST_HEAD(&hdev->le_conn_params);
3053 INIT_LIST_HEAD(&hdev->pend_le_conns);
3054 INIT_LIST_HEAD(&hdev->pend_le_reports);
3055 INIT_LIST_HEAD(&hdev->conn_hash.list);
3056 INIT_LIST_HEAD(&hdev->adv_instances);
3058 INIT_WORK(&hdev->rx_work, hci_rx_work);
3059 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3060 INIT_WORK(&hdev->tx_work, hci_tx_work);
3061 INIT_WORK(&hdev->power_on, hci_power_on);
3062 INIT_WORK(&hdev->error_reset, hci_error_reset);
3064 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3066 skb_queue_head_init(&hdev->rx_q);
3067 skb_queue_head_init(&hdev->cmd_q);
3068 skb_queue_head_init(&hdev->raw_q);
3070 init_waitqueue_head(&hdev->req_wait_q);
3072 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3074 hci_request_setup(hdev);
3076 hci_init_sysfs(hdev);
3077 discovery_init(hdev);
3081 EXPORT_SYMBOL(hci_alloc_dev);
3083 /* Free HCI device */
3084 void hci_free_dev(struct hci_dev *hdev)
3086 /* will free via device release */
3087 put_device(&hdev->dev);
3089 EXPORT_SYMBOL(hci_free_dev);
3091 /* Register HCI device */
3092 int hci_register_dev(struct hci_dev *hdev)
3096 if (!hdev->open || !hdev->close || !hdev->send)
3099 /* Do not allow HCI_AMP devices to register at index 0,
3100 * so the index can be used as the AMP controller ID.
3102 switch (hdev->dev_type) {
3104 id = ida_simple_get(&hci_index_ida, 0, HCI_MAX_ID, GFP_KERNEL);
3107 id = ida_simple_get(&hci_index_ida, 1, HCI_MAX_ID, GFP_KERNEL);
3116 snprintf(hdev->name, sizeof(hdev->name), "hci%d", id);
3119 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3121 hdev->workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI, hdev->name);
3122 if (!hdev->workqueue) {
3127 hdev->req_workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI,
3129 if (!hdev->req_workqueue) {
3130 destroy_workqueue(hdev->workqueue);
3135 if (!IS_ERR_OR_NULL(bt_debugfs))
3136 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3138 dev_set_name(&hdev->dev, "%s", hdev->name);
3140 error = device_add(&hdev->dev);
3144 hci_leds_init(hdev);
3146 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3147 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3150 if (rfkill_register(hdev->rfkill) < 0) {
3151 rfkill_destroy(hdev->rfkill);
3152 hdev->rfkill = NULL;
3156 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3157 hci_dev_set_flag(hdev, HCI_RFKILLED);
3159 hci_dev_set_flag(hdev, HCI_SETUP);
3160 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3162 if (hdev->dev_type == HCI_PRIMARY) {
3163 /* Assume BR/EDR support until proven otherwise (such as
3164 * through reading supported features during init.
3166 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3169 write_lock(&hci_dev_list_lock);
3170 list_add(&hdev->list, &hci_dev_list);
3171 write_unlock(&hci_dev_list_lock);
3173 /* Devices that are marked for raw-only usage are unconfigured
3174 * and should not be included in normal operation.
3176 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3177 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3179 hci_sock_dev_event(hdev, HCI_DEV_REG);
3182 queue_work(hdev->req_workqueue, &hdev->power_on);
3187 debugfs_remove_recursive(hdev->debugfs);
3188 destroy_workqueue(hdev->workqueue);
3189 destroy_workqueue(hdev->req_workqueue);
3191 ida_simple_remove(&hci_index_ida, hdev->id);
3195 EXPORT_SYMBOL(hci_register_dev);
3197 /* Unregister HCI device */
3198 void hci_unregister_dev(struct hci_dev *hdev)
3200 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3202 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3204 write_lock(&hci_dev_list_lock);
3205 list_del(&hdev->list);
3206 write_unlock(&hci_dev_list_lock);
3208 cancel_work_sync(&hdev->power_on);
3210 hci_dev_do_close(hdev);
3212 if (!test_bit(HCI_INIT, &hdev->flags) &&
3213 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3214 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
3216 mgmt_index_removed(hdev);
3217 hci_dev_unlock(hdev);
3220 /* mgmt_index_removed should take care of emptying the
3222 BUG_ON(!list_empty(&hdev->mgmt_pending));
3224 hci_sock_dev_event(hdev, HCI_DEV_UNREG);
3227 rfkill_unregister(hdev->rfkill);
3228 rfkill_destroy(hdev->rfkill);
3231 device_del(&hdev->dev);
3232 /* Actual cleanup is deferred until hci_cleanup_dev(). */
3235 EXPORT_SYMBOL(hci_unregister_dev);
3237 /* Cleanup HCI device */
3238 void hci_cleanup_dev(struct hci_dev *hdev)
3240 debugfs_remove_recursive(hdev->debugfs);
3241 kfree_const(hdev->hw_info);
3242 kfree_const(hdev->fw_info);
3244 destroy_workqueue(hdev->workqueue);
3245 destroy_workqueue(hdev->req_workqueue);
3248 hci_bdaddr_list_clear(&hdev->blacklist);
3249 hci_bdaddr_list_clear(&hdev->whitelist);
3250 hci_uuids_clear(hdev);
3251 hci_link_keys_clear(hdev);
3252 hci_smp_ltks_clear(hdev);
3253 hci_smp_irks_clear(hdev);
3254 hci_remote_oob_data_clear(hdev);
3255 hci_adv_instances_clear(hdev);
3256 hci_bdaddr_list_clear(&hdev->le_white_list);
3257 hci_conn_params_clear_all(hdev);
3258 hci_discovery_filter_clear(hdev);
3259 hci_dev_unlock(hdev);
3261 ida_simple_remove(&hci_index_ida, hdev->id);
3264 /* Suspend HCI device */
3265 int hci_suspend_dev(struct hci_dev *hdev)
3267 hci_sock_dev_event(hdev, HCI_DEV_SUSPEND);
3270 EXPORT_SYMBOL(hci_suspend_dev);
3272 /* Resume HCI device */
3273 int hci_resume_dev(struct hci_dev *hdev)
3275 hci_sock_dev_event(hdev, HCI_DEV_RESUME);
3278 EXPORT_SYMBOL(hci_resume_dev);
3280 /* Reset HCI device */
3281 int hci_reset_dev(struct hci_dev *hdev)
3283 const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
3284 struct sk_buff *skb;
3286 skb = bt_skb_alloc(3, GFP_ATOMIC);
3290 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
3291 skb_put_data(skb, hw_err, 3);
3293 /* Send Hardware Error to upper stack */
3294 return hci_recv_frame(hdev, skb);
3296 EXPORT_SYMBOL(hci_reset_dev);
3298 /* Receive frame from HCI drivers */
3299 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3301 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3302 && !test_bit(HCI_INIT, &hdev->flags))) {
3307 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
3308 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
3309 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
3315 bt_cb(skb)->incoming = 1;
3318 __net_timestamp(skb);
3320 skb_queue_tail(&hdev->rx_q, skb);
3321 queue_work(hdev->workqueue, &hdev->rx_work);
3325 EXPORT_SYMBOL(hci_recv_frame);
3327 /* Receive diagnostic message from HCI drivers */
3328 int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
3330 /* Mark as diagnostic packet */
3331 hci_skb_pkt_type(skb) = HCI_DIAG_PKT;
3334 __net_timestamp(skb);
3336 skb_queue_tail(&hdev->rx_q, skb);
3337 queue_work(hdev->workqueue, &hdev->rx_work);
3341 EXPORT_SYMBOL(hci_recv_diag);
3343 void hci_set_hw_info(struct hci_dev *hdev, const char *fmt, ...)
3347 va_start(vargs, fmt);
3348 kfree_const(hdev->hw_info);
3349 hdev->hw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3352 EXPORT_SYMBOL(hci_set_hw_info);
3354 void hci_set_fw_info(struct hci_dev *hdev, const char *fmt, ...)
3358 va_start(vargs, fmt);
3359 kfree_const(hdev->fw_info);
3360 hdev->fw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3363 EXPORT_SYMBOL(hci_set_fw_info);
3365 /* ---- Interface to upper protocols ---- */
3367 int hci_register_cb(struct hci_cb *cb)
3369 BT_DBG("%p name %s", cb, cb->name);
3371 mutex_lock(&hci_cb_list_lock);
3372 list_add_tail(&cb->list, &hci_cb_list);
3373 mutex_unlock(&hci_cb_list_lock);
3377 EXPORT_SYMBOL(hci_register_cb);
3379 int hci_unregister_cb(struct hci_cb *cb)
3381 BT_DBG("%p name %s", cb, cb->name);
3383 mutex_lock(&hci_cb_list_lock);
3384 list_del(&cb->list);
3385 mutex_unlock(&hci_cb_list_lock);
3389 EXPORT_SYMBOL(hci_unregister_cb);
3391 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
3395 BT_DBG("%s type %d len %d", hdev->name, hci_skb_pkt_type(skb),
3399 __net_timestamp(skb);
3401 /* Send copy to monitor */
3402 hci_send_to_monitor(hdev, skb);
3404 if (atomic_read(&hdev->promisc)) {
3405 /* Send copy to the sockets */
3406 hci_send_to_sock(hdev, skb);
3409 /* Get rid of skb owner, prior to sending to the driver. */
3412 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3417 err = hdev->send(hdev, skb);
3419 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
3424 /* Send HCI command */
3425 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3428 struct sk_buff *skb;
3430 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3432 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3434 BT_ERR("%s no memory for command", hdev->name);
3438 /* Stand-alone HCI commands must be flagged as
3439 * single-command requests.
3441 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
3443 skb_queue_tail(&hdev->cmd_q, skb);
3444 queue_work(hdev->workqueue, &hdev->cmd_work);
3449 /* Get data from the previously sent command */
3450 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
3452 struct hci_command_hdr *hdr;
3454 if (!hdev->sent_cmd)
3457 hdr = (void *) hdev->sent_cmd->data;
3459 if (hdr->opcode != cpu_to_le16(opcode))
3462 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3464 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3467 /* Send HCI command and wait for command commplete event */
3468 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
3469 const void *param, u32 timeout)
3471 struct sk_buff *skb;
3473 if (!test_bit(HCI_UP, &hdev->flags))
3474 return ERR_PTR(-ENETDOWN);
3476 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
3478 hci_req_sync_lock(hdev);
3479 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
3480 hci_req_sync_unlock(hdev);
3484 EXPORT_SYMBOL(hci_cmd_sync);
3487 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3489 struct hci_acl_hdr *hdr;
3492 skb_push(skb, HCI_ACL_HDR_SIZE);
3493 skb_reset_transport_header(skb);
3494 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
3495 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3496 hdr->dlen = cpu_to_le16(len);
3499 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
3500 struct sk_buff *skb, __u16 flags)
3502 struct hci_conn *conn = chan->conn;
3503 struct hci_dev *hdev = conn->hdev;
3504 struct sk_buff *list;
3506 skb->len = skb_headlen(skb);
3509 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
3511 switch (hdev->dev_type) {
3513 hci_add_acl_hdr(skb, conn->handle, flags);
3516 hci_add_acl_hdr(skb, chan->handle, flags);
3519 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3523 list = skb_shinfo(skb)->frag_list;
3525 /* Non fragmented */
3526 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3528 skb_queue_tail(queue, skb);
3531 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3533 skb_shinfo(skb)->frag_list = NULL;
3535 /* Queue all fragments atomically. We need to use spin_lock_bh
3536 * here because of 6LoWPAN links, as there this function is
3537 * called from softirq and using normal spin lock could cause
3540 spin_lock_bh(&queue->lock);
3542 __skb_queue_tail(queue, skb);
3544 flags &= ~ACL_START;
3547 skb = list; list = list->next;
3549 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
3550 hci_add_acl_hdr(skb, conn->handle, flags);
3552 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3554 __skb_queue_tail(queue, skb);
3557 spin_unlock_bh(&queue->lock);
3561 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3563 struct hci_dev *hdev = chan->conn->hdev;
3565 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
3567 hci_queue_acl(chan, &chan->data_q, skb, flags);
3569 queue_work(hdev->workqueue, &hdev->tx_work);
3573 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
3575 struct hci_dev *hdev = conn->hdev;
3576 struct hci_sco_hdr hdr;
3578 BT_DBG("%s len %d", hdev->name, skb->len);
3580 hdr.handle = cpu_to_le16(conn->handle);
3581 hdr.dlen = skb->len;
3583 skb_push(skb, HCI_SCO_HDR_SIZE);
3584 skb_reset_transport_header(skb);
3585 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
3587 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
3589 skb_queue_tail(&conn->data_q, skb);
3590 queue_work(hdev->workqueue, &hdev->tx_work);
3593 /* ---- HCI TX task (outgoing data) ---- */
3595 /* HCI Connection scheduler */
3596 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3599 struct hci_conn_hash *h = &hdev->conn_hash;
3600 struct hci_conn *conn = NULL, *c;
3601 unsigned int num = 0, min = ~0;
3603 /* We don't have to lock device here. Connections are always
3604 * added and removed with TX task disabled. */
3608 list_for_each_entry_rcu(c, &h->list, list) {
3609 if (c->type != type || skb_queue_empty(&c->data_q))
3612 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3617 if (c->sent < min) {
3622 if (hci_conn_num(hdev, type) == num)
3631 switch (conn->type) {
3633 cnt = hdev->acl_cnt;
3637 cnt = hdev->sco_cnt;
3640 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3644 BT_ERR("Unknown link type");
3652 BT_DBG("conn %p quote %d", conn, *quote);
3656 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
3658 struct hci_conn_hash *h = &hdev->conn_hash;
3661 BT_ERR("%s link tx timeout", hdev->name);
3665 /* Kill stalled connections */
3666 list_for_each_entry_rcu(c, &h->list, list) {
3667 if (c->type == type && c->sent) {
3668 BT_ERR("%s killing stalled connection %pMR",
3669 hdev->name, &c->dst);
3670 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
3677 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3680 struct hci_conn_hash *h = &hdev->conn_hash;
3681 struct hci_chan *chan = NULL;
3682 unsigned int num = 0, min = ~0, cur_prio = 0;
3683 struct hci_conn *conn;
3684 int cnt, q, conn_num = 0;
3686 BT_DBG("%s", hdev->name);
3690 list_for_each_entry_rcu(conn, &h->list, list) {
3691 struct hci_chan *tmp;
3693 if (conn->type != type)
3696 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3701 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
3702 struct sk_buff *skb;
3704 if (skb_queue_empty(&tmp->data_q))
3707 skb = skb_peek(&tmp->data_q);
3708 if (skb->priority < cur_prio)
3711 if (skb->priority > cur_prio) {
3714 cur_prio = skb->priority;
3719 if (conn->sent < min) {
3725 if (hci_conn_num(hdev, type) == conn_num)
3734 switch (chan->conn->type) {
3736 cnt = hdev->acl_cnt;
3739 cnt = hdev->block_cnt;
3743 cnt = hdev->sco_cnt;
3746 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3750 BT_ERR("Unknown link type");
3755 BT_DBG("chan %p quote %d", chan, *quote);
3759 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3761 struct hci_conn_hash *h = &hdev->conn_hash;
3762 struct hci_conn *conn;
3765 BT_DBG("%s", hdev->name);
3769 list_for_each_entry_rcu(conn, &h->list, list) {
3770 struct hci_chan *chan;
3772 if (conn->type != type)
3775 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3780 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3781 struct sk_buff *skb;
3788 if (skb_queue_empty(&chan->data_q))
3791 skb = skb_peek(&chan->data_q);
3792 if (skb->priority >= HCI_PRIO_MAX - 1)
3795 skb->priority = HCI_PRIO_MAX - 1;
3797 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3801 if (hci_conn_num(hdev, type) == num)
3809 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3811 /* Calculate count of blocks used by this packet */
3812 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3815 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3817 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
3818 /* ACL tx timeout must be longer than maximum
3819 * link supervision timeout (40.9 seconds) */
3820 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3821 HCI_ACL_TX_TIMEOUT))
3822 hci_link_tx_to(hdev, ACL_LINK);
3826 static void hci_sched_acl_pkt(struct hci_dev *hdev)
3828 unsigned int cnt = hdev->acl_cnt;
3829 struct hci_chan *chan;
3830 struct sk_buff *skb;
3833 __check_timeout(hdev, cnt);
3835 while (hdev->acl_cnt &&
3836 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
3837 u32 priority = (skb_peek(&chan->data_q))->priority;
3838 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3839 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3840 skb->len, skb->priority);
3842 /* Stop if priority has changed */
3843 if (skb->priority < priority)
3846 skb = skb_dequeue(&chan->data_q);
3848 hci_conn_enter_active_mode(chan->conn,
3849 bt_cb(skb)->force_active);
3851 hci_send_frame(hdev, skb);
3852 hdev->acl_last_tx = jiffies;
3860 if (cnt != hdev->acl_cnt)
3861 hci_prio_recalculate(hdev, ACL_LINK);
3864 static void hci_sched_acl_blk(struct hci_dev *hdev)
3866 unsigned int cnt = hdev->block_cnt;
3867 struct hci_chan *chan;
3868 struct sk_buff *skb;
3872 __check_timeout(hdev, cnt);
3874 BT_DBG("%s", hdev->name);
3876 if (hdev->dev_type == HCI_AMP)
3881 while (hdev->block_cnt > 0 &&
3882 (chan = hci_chan_sent(hdev, type, "e))) {
3883 u32 priority = (skb_peek(&chan->data_q))->priority;
3884 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
3887 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3888 skb->len, skb->priority);
3890 /* Stop if priority has changed */
3891 if (skb->priority < priority)
3894 skb = skb_dequeue(&chan->data_q);
3896 blocks = __get_blocks(hdev, skb);
3897 if (blocks > hdev->block_cnt)
3900 hci_conn_enter_active_mode(chan->conn,
3901 bt_cb(skb)->force_active);
3903 hci_send_frame(hdev, skb);
3904 hdev->acl_last_tx = jiffies;
3906 hdev->block_cnt -= blocks;
3909 chan->sent += blocks;
3910 chan->conn->sent += blocks;
3914 if (cnt != hdev->block_cnt)
3915 hci_prio_recalculate(hdev, type);
3918 static void hci_sched_acl(struct hci_dev *hdev)
3920 BT_DBG("%s", hdev->name);
3922 /* No ACL link over BR/EDR controller */
3923 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_PRIMARY)
3926 /* No AMP link over AMP controller */
3927 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
3930 switch (hdev->flow_ctl_mode) {
3931 case HCI_FLOW_CTL_MODE_PACKET_BASED:
3932 hci_sched_acl_pkt(hdev);
3935 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
3936 hci_sched_acl_blk(hdev);
3942 static void hci_sched_sco(struct hci_dev *hdev)
3944 struct hci_conn *conn;
3945 struct sk_buff *skb;
3948 BT_DBG("%s", hdev->name);
3950 if (!hci_conn_num(hdev, SCO_LINK))
3953 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
3954 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3955 BT_DBG("skb %p len %d", skb, skb->len);
3956 hci_send_frame(hdev, skb);
3959 if (conn->sent == ~0)
3965 static void hci_sched_esco(struct hci_dev *hdev)
3967 struct hci_conn *conn;
3968 struct sk_buff *skb;
3971 BT_DBG("%s", hdev->name);
3973 if (!hci_conn_num(hdev, ESCO_LINK))
3976 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
3978 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3979 BT_DBG("skb %p len %d", skb, skb->len);
3980 hci_send_frame(hdev, skb);
3983 if (conn->sent == ~0)
3989 static void hci_sched_le(struct hci_dev *hdev)
3991 struct hci_chan *chan;
3992 struct sk_buff *skb;
3993 int quote, cnt, tmp;
3995 BT_DBG("%s", hdev->name);
3997 if (!hci_conn_num(hdev, LE_LINK))
4000 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
4001 /* LE tx timeout must be longer than maximum
4002 * link supervision timeout (40.9 seconds) */
4003 if (!hdev->le_cnt && hdev->le_pkts &&
4004 time_after(jiffies, hdev->le_last_tx + HZ * 45))
4005 hci_link_tx_to(hdev, LE_LINK);
4008 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
4010 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
4011 u32 priority = (skb_peek(&chan->data_q))->priority;
4012 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4013 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4014 skb->len, skb->priority);
4016 /* Stop if priority has changed */
4017 if (skb->priority < priority)
4020 skb = skb_dequeue(&chan->data_q);
4022 hci_send_frame(hdev, skb);
4023 hdev->le_last_tx = jiffies;
4034 hdev->acl_cnt = cnt;
4037 hci_prio_recalculate(hdev, LE_LINK);
4040 static void hci_tx_work(struct work_struct *work)
4042 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4043 struct sk_buff *skb;
4045 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4046 hdev->sco_cnt, hdev->le_cnt);
4048 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4049 /* Schedule queues and send stuff to HCI driver */
4050 hci_sched_acl(hdev);
4051 hci_sched_sco(hdev);
4052 hci_sched_esco(hdev);
4056 /* Send next queued raw (unknown type) packet */
4057 while ((skb = skb_dequeue(&hdev->raw_q)))
4058 hci_send_frame(hdev, skb);
4061 /* ----- HCI RX task (incoming data processing) ----- */
4063 /* ACL data packet */
4064 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4066 struct hci_acl_hdr *hdr = (void *) skb->data;
4067 struct hci_conn *conn;
4068 __u16 handle, flags;
4070 skb_pull(skb, HCI_ACL_HDR_SIZE);
4072 handle = __le16_to_cpu(hdr->handle);
4073 flags = hci_flags(handle);
4074 handle = hci_handle(handle);
4076 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4079 hdev->stat.acl_rx++;
4082 conn = hci_conn_hash_lookup_handle(hdev, handle);
4083 hci_dev_unlock(hdev);
4086 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4088 /* Send to upper protocol */
4089 l2cap_recv_acldata(conn, skb, flags);
4092 BT_ERR("%s ACL packet for unknown connection handle %d",
4093 hdev->name, handle);
4099 /* SCO data packet */
4100 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4102 struct hci_sco_hdr *hdr = (void *) skb->data;
4103 struct hci_conn *conn;
4106 skb_pull(skb, HCI_SCO_HDR_SIZE);
4108 handle = __le16_to_cpu(hdr->handle);
4110 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
4112 hdev->stat.sco_rx++;
4115 conn = hci_conn_hash_lookup_handle(hdev, handle);
4116 hci_dev_unlock(hdev);
4119 /* Send to upper protocol */
4120 sco_recv_scodata(conn, skb);
4123 BT_ERR("%s SCO packet for unknown connection handle %d",
4124 hdev->name, handle);
4130 static bool hci_req_is_complete(struct hci_dev *hdev)
4132 struct sk_buff *skb;
4134 skb = skb_peek(&hdev->cmd_q);
4138 return (bt_cb(skb)->hci.req_flags & HCI_REQ_START);
4141 static void hci_resend_last(struct hci_dev *hdev)
4143 struct hci_command_hdr *sent;
4144 struct sk_buff *skb;
4147 if (!hdev->sent_cmd)
4150 sent = (void *) hdev->sent_cmd->data;
4151 opcode = __le16_to_cpu(sent->opcode);
4152 if (opcode == HCI_OP_RESET)
4155 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4159 skb_queue_head(&hdev->cmd_q, skb);
4160 queue_work(hdev->workqueue, &hdev->cmd_work);
4163 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4164 hci_req_complete_t *req_complete,
4165 hci_req_complete_skb_t *req_complete_skb)
4167 struct sk_buff *skb;
4168 unsigned long flags;
4170 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4172 /* If the completed command doesn't match the last one that was
4173 * sent we need to do special handling of it.
4175 if (!hci_sent_cmd_data(hdev, opcode)) {
4176 /* Some CSR based controllers generate a spontaneous
4177 * reset complete event during init and any pending
4178 * command will never be completed. In such a case we
4179 * need to resend whatever was the last sent
4182 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4183 hci_resend_last(hdev);
4188 /* If the command succeeded and there's still more commands in
4189 * this request the request is not yet complete.
4191 if (!status && !hci_req_is_complete(hdev))
4194 /* If this was the last command in a request the complete
4195 * callback would be found in hdev->sent_cmd instead of the
4196 * command queue (hdev->cmd_q).
4198 if (bt_cb(hdev->sent_cmd)->hci.req_flags & HCI_REQ_SKB) {
4199 *req_complete_skb = bt_cb(hdev->sent_cmd)->hci.req_complete_skb;
4203 if (bt_cb(hdev->sent_cmd)->hci.req_complete) {
4204 *req_complete = bt_cb(hdev->sent_cmd)->hci.req_complete;
4208 /* Remove all pending commands belonging to this request */
4209 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4210 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4211 if (bt_cb(skb)->hci.req_flags & HCI_REQ_START) {
4212 __skb_queue_head(&hdev->cmd_q, skb);
4216 if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
4217 *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
4219 *req_complete = bt_cb(skb)->hci.req_complete;
4220 dev_kfree_skb_irq(skb);
4222 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4225 static void hci_rx_work(struct work_struct *work)
4227 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4228 struct sk_buff *skb;
4230 BT_DBG("%s", hdev->name);
4232 while ((skb = skb_dequeue(&hdev->rx_q))) {
4233 /* Send copy to monitor */
4234 hci_send_to_monitor(hdev, skb);
4236 if (atomic_read(&hdev->promisc)) {
4237 /* Send copy to the sockets */
4238 hci_send_to_sock(hdev, skb);
4241 /* If the device has been opened in HCI_USER_CHANNEL,
4242 * the userspace has exclusive access to device.
4243 * When device is HCI_INIT, we still need to process
4244 * the data packets to the driver in order
4245 * to complete its setup().
4247 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
4248 !test_bit(HCI_INIT, &hdev->flags)) {
4253 if (test_bit(HCI_INIT, &hdev->flags)) {
4254 /* Don't process data packets in this states. */
4255 switch (hci_skb_pkt_type(skb)) {
4256 case HCI_ACLDATA_PKT:
4257 case HCI_SCODATA_PKT:
4264 switch (hci_skb_pkt_type(skb)) {
4266 BT_DBG("%s Event packet", hdev->name);
4267 hci_event_packet(hdev, skb);
4270 case HCI_ACLDATA_PKT:
4271 BT_DBG("%s ACL data packet", hdev->name);
4272 hci_acldata_packet(hdev, skb);
4275 case HCI_SCODATA_PKT:
4276 BT_DBG("%s SCO data packet", hdev->name);
4277 hci_scodata_packet(hdev, skb);
4287 static void hci_cmd_work(struct work_struct *work)
4289 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4290 struct sk_buff *skb;
4292 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4293 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4295 /* Send queued commands */
4296 if (atomic_read(&hdev->cmd_cnt)) {
4297 skb = skb_dequeue(&hdev->cmd_q);
4301 kfree_skb(hdev->sent_cmd);
4303 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4304 if (hdev->sent_cmd) {
4305 atomic_dec(&hdev->cmd_cnt);
4306 hci_send_frame(hdev, skb);
4307 if (test_bit(HCI_RESET, &hdev->flags))
4308 cancel_delayed_work(&hdev->cmd_timer);
4310 schedule_delayed_work(&hdev->cmd_timer,
4313 skb_queue_head(&hdev->cmd_q, skb);
4314 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / releases.git / blob