2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/rfkill.h>
30 #include <linux/debugfs.h>
31 #include <linux/crypto.h>
32 #include <linux/property.h>
33 #include <linux/suspend.h>
34 #include <linux/wait.h>
35 #include <asm/unaligned.h>
37 #include <net/bluetooth/bluetooth.h>
38 #include <net/bluetooth/hci_core.h>
39 #include <net/bluetooth/l2cap.h>
40 #include <net/bluetooth/mgmt.h>
42 #include "hci_request.h"
43 #include "hci_debugfs.h"
48 static void hci_rx_work(struct work_struct *work);
49 static void hci_cmd_work(struct work_struct *work);
50 static void hci_tx_work(struct work_struct *work);
53 LIST_HEAD(hci_dev_list);
54 DEFINE_RWLOCK(hci_dev_list_lock);
56 /* HCI callback list */
57 LIST_HEAD(hci_cb_list);
58 DEFINE_MUTEX(hci_cb_list_lock);
60 /* HCI ID Numbering */
61 static DEFINE_IDA(hci_index_ida);
63 /* ---- HCI debugfs entries ---- */
65 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
66 size_t count, loff_t *ppos)
68 struct hci_dev *hdev = file->private_data;
71 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y' : 'N';
74 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
77 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
78 size_t count, loff_t *ppos)
80 struct hci_dev *hdev = file->private_data;
85 if (!test_bit(HCI_UP, &hdev->flags))
88 err = kstrtobool_from_user(user_buf, count, &enable);
92 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
95 hci_req_sync_lock(hdev);
97 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
100 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
102 hci_req_sync_unlock(hdev);
109 hci_dev_change_flag(hdev, HCI_DUT_MODE);
114 static const struct file_operations dut_mode_fops = {
116 .read = dut_mode_read,
117 .write = dut_mode_write,
118 .llseek = default_llseek,
121 static ssize_t vendor_diag_read(struct file *file, char __user *user_buf,
122 size_t count, loff_t *ppos)
124 struct hci_dev *hdev = file->private_data;
127 buf[0] = hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) ? 'Y' : 'N';
130 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
133 static ssize_t vendor_diag_write(struct file *file, const char __user *user_buf,
134 size_t count, loff_t *ppos)
136 struct hci_dev *hdev = file->private_data;
140 err = kstrtobool_from_user(user_buf, count, &enable);
144 /* When the diagnostic flags are not persistent and the transport
145 * is not active or in user channel operation, then there is no need
146 * for the vendor callback. Instead just store the desired value and
147 * the setting will be programmed when the controller gets powered on.
149 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
150 (!test_bit(HCI_RUNNING, &hdev->flags) ||
151 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)))
154 hci_req_sync_lock(hdev);
155 err = hdev->set_diag(hdev, enable);
156 hci_req_sync_unlock(hdev);
163 hci_dev_set_flag(hdev, HCI_VENDOR_DIAG);
165 hci_dev_clear_flag(hdev, HCI_VENDOR_DIAG);
170 static const struct file_operations vendor_diag_fops = {
172 .read = vendor_diag_read,
173 .write = vendor_diag_write,
174 .llseek = default_llseek,
177 static void hci_debugfs_create_basic(struct hci_dev *hdev)
179 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
183 debugfs_create_file("vendor_diag", 0644, hdev->debugfs, hdev,
187 static int hci_reset_req(struct hci_request *req, unsigned long opt)
189 BT_DBG("%s %ld", req->hdev->name, opt);
192 set_bit(HCI_RESET, &req->hdev->flags);
193 hci_req_add(req, HCI_OP_RESET, 0, NULL);
197 static void bredr_init(struct hci_request *req)
199 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
201 /* Read Local Supported Features */
202 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
204 /* Read Local Version */
205 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
207 /* Read BD Address */
208 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
211 static void amp_init1(struct hci_request *req)
213 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
215 /* Read Local Version */
216 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
218 /* Read Local Supported Commands */
219 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
221 /* Read Local AMP Info */
222 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
224 /* Read Data Blk size */
225 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
227 /* Read Flow Control Mode */
228 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
230 /* Read Location Data */
231 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
234 static int amp_init2(struct hci_request *req)
236 /* Read Local Supported Features. Not all AMP controllers
237 * support this so it's placed conditionally in the second
240 if (req->hdev->commands[14] & 0x20)
241 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
246 static int hci_init1_req(struct hci_request *req, unsigned long opt)
248 struct hci_dev *hdev = req->hdev;
250 BT_DBG("%s %ld", hdev->name, opt);
253 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
254 hci_reset_req(req, 0);
256 switch (hdev->dev_type) {
264 bt_dev_err(hdev, "Unknown device type %d", hdev->dev_type);
271 static void bredr_setup(struct hci_request *req)
276 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
277 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
279 /* Read Class of Device */
280 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
282 /* Read Local Name */
283 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
285 /* Read Voice Setting */
286 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
288 /* Read Number of Supported IAC */
289 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
291 /* Read Current IAC LAP */
292 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
294 /* Clear Event Filters */
295 flt_type = HCI_FLT_CLEAR_ALL;
296 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
298 /* Connection accept timeout ~20 secs */
299 param = cpu_to_le16(0x7d00);
300 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
303 static void le_setup(struct hci_request *req)
305 struct hci_dev *hdev = req->hdev;
307 /* Read LE Buffer Size */
308 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
310 /* Read LE Local Supported Features */
311 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
313 /* Read LE Supported States */
314 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
316 /* LE-only controllers have LE implicitly enabled */
317 if (!lmp_bredr_capable(hdev))
318 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
321 static void hci_setup_event_mask(struct hci_request *req)
323 struct hci_dev *hdev = req->hdev;
325 /* The second byte is 0xff instead of 0x9f (two reserved bits
326 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
329 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
331 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
332 * any event mask for pre 1.2 devices.
334 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
337 if (lmp_bredr_capable(hdev)) {
338 events[4] |= 0x01; /* Flow Specification Complete */
340 /* Use a different default for LE-only devices */
341 memset(events, 0, sizeof(events));
342 events[1] |= 0x20; /* Command Complete */
343 events[1] |= 0x40; /* Command Status */
344 events[1] |= 0x80; /* Hardware Error */
346 /* If the controller supports the Disconnect command, enable
347 * the corresponding event. In addition enable packet flow
348 * control related events.
350 if (hdev->commands[0] & 0x20) {
351 events[0] |= 0x10; /* Disconnection Complete */
352 events[2] |= 0x04; /* Number of Completed Packets */
353 events[3] |= 0x02; /* Data Buffer Overflow */
356 /* If the controller supports the Read Remote Version
357 * Information command, enable the corresponding event.
359 if (hdev->commands[2] & 0x80)
360 events[1] |= 0x08; /* Read Remote Version Information
364 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
365 events[0] |= 0x80; /* Encryption Change */
366 events[5] |= 0x80; /* Encryption Key Refresh Complete */
370 if (lmp_inq_rssi_capable(hdev) ||
371 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
372 events[4] |= 0x02; /* Inquiry Result with RSSI */
374 if (lmp_ext_feat_capable(hdev))
375 events[4] |= 0x04; /* Read Remote Extended Features Complete */
377 if (lmp_esco_capable(hdev)) {
378 events[5] |= 0x08; /* Synchronous Connection Complete */
379 events[5] |= 0x10; /* Synchronous Connection Changed */
382 if (lmp_sniffsubr_capable(hdev))
383 events[5] |= 0x20; /* Sniff Subrating */
385 if (lmp_pause_enc_capable(hdev))
386 events[5] |= 0x80; /* Encryption Key Refresh Complete */
388 if (lmp_ext_inq_capable(hdev))
389 events[5] |= 0x40; /* Extended Inquiry Result */
391 if (lmp_no_flush_capable(hdev))
392 events[7] |= 0x01; /* Enhanced Flush Complete */
394 if (lmp_lsto_capable(hdev))
395 events[6] |= 0x80; /* Link Supervision Timeout Changed */
397 if (lmp_ssp_capable(hdev)) {
398 events[6] |= 0x01; /* IO Capability Request */
399 events[6] |= 0x02; /* IO Capability Response */
400 events[6] |= 0x04; /* User Confirmation Request */
401 events[6] |= 0x08; /* User Passkey Request */
402 events[6] |= 0x10; /* Remote OOB Data Request */
403 events[6] |= 0x20; /* Simple Pairing Complete */
404 events[7] |= 0x04; /* User Passkey Notification */
405 events[7] |= 0x08; /* Keypress Notification */
406 events[7] |= 0x10; /* Remote Host Supported
407 * Features Notification
411 if (lmp_le_capable(hdev))
412 events[7] |= 0x20; /* LE Meta-Event */
414 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
417 static int hci_init2_req(struct hci_request *req, unsigned long opt)
419 struct hci_dev *hdev = req->hdev;
421 if (hdev->dev_type == HCI_AMP)
422 return amp_init2(req);
424 if (lmp_bredr_capable(hdev))
427 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
429 if (lmp_le_capable(hdev))
432 /* All Bluetooth 1.2 and later controllers should support the
433 * HCI command for reading the local supported commands.
435 * Unfortunately some controllers indicate Bluetooth 1.2 support,
436 * but do not have support for this command. If that is the case,
437 * the driver can quirk the behavior and skip reading the local
438 * supported commands.
440 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
441 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
442 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
444 if (lmp_ssp_capable(hdev)) {
445 /* When SSP is available, then the host features page
446 * should also be available as well. However some
447 * controllers list the max_page as 0 as long as SSP
448 * has not been enabled. To achieve proper debugging
449 * output, force the minimum max_page to 1 at least.
451 hdev->max_page = 0x01;
453 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
456 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
457 sizeof(mode), &mode);
459 struct hci_cp_write_eir cp;
461 memset(hdev->eir, 0, sizeof(hdev->eir));
462 memset(&cp, 0, sizeof(cp));
464 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
468 if (lmp_inq_rssi_capable(hdev) ||
469 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
472 /* If Extended Inquiry Result events are supported, then
473 * they are clearly preferred over Inquiry Result with RSSI
476 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
478 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
481 if (lmp_inq_tx_pwr_capable(hdev))
482 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
484 if (lmp_ext_feat_capable(hdev)) {
485 struct hci_cp_read_local_ext_features cp;
488 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
492 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
494 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
501 static void hci_setup_link_policy(struct hci_request *req)
503 struct hci_dev *hdev = req->hdev;
504 struct hci_cp_write_def_link_policy cp;
507 if (lmp_rswitch_capable(hdev))
508 link_policy |= HCI_LP_RSWITCH;
509 if (lmp_hold_capable(hdev))
510 link_policy |= HCI_LP_HOLD;
511 if (lmp_sniff_capable(hdev))
512 link_policy |= HCI_LP_SNIFF;
513 if (lmp_park_capable(hdev))
514 link_policy |= HCI_LP_PARK;
516 cp.policy = cpu_to_le16(link_policy);
517 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
520 static void hci_set_le_support(struct hci_request *req)
522 struct hci_dev *hdev = req->hdev;
523 struct hci_cp_write_le_host_supported cp;
525 /* LE-only devices do not support explicit enablement */
526 if (!lmp_bredr_capable(hdev))
529 memset(&cp, 0, sizeof(cp));
531 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
536 if (cp.le != lmp_host_le_capable(hdev))
537 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
541 static void hci_set_event_mask_page_2(struct hci_request *req)
543 struct hci_dev *hdev = req->hdev;
544 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
545 bool changed = false;
547 /* If Connectionless Slave Broadcast master role is supported
548 * enable all necessary events for it.
550 if (lmp_csb_master_capable(hdev)) {
551 events[1] |= 0x40; /* Triggered Clock Capture */
552 events[1] |= 0x80; /* Synchronization Train Complete */
553 events[2] |= 0x10; /* Slave Page Response Timeout */
554 events[2] |= 0x20; /* CSB Channel Map Change */
558 /* If Connectionless Slave Broadcast slave role is supported
559 * enable all necessary events for it.
561 if (lmp_csb_slave_capable(hdev)) {
562 events[2] |= 0x01; /* Synchronization Train Received */
563 events[2] |= 0x02; /* CSB Receive */
564 events[2] |= 0x04; /* CSB Timeout */
565 events[2] |= 0x08; /* Truncated Page Complete */
569 /* Enable Authenticated Payload Timeout Expired event if supported */
570 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) {
575 /* Some Broadcom based controllers indicate support for Set Event
576 * Mask Page 2 command, but then actually do not support it. Since
577 * the default value is all bits set to zero, the command is only
578 * required if the event mask has to be changed. In case no change
579 * to the event mask is needed, skip this command.
582 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2,
583 sizeof(events), events);
586 static int hci_init3_req(struct hci_request *req, unsigned long opt)
588 struct hci_dev *hdev = req->hdev;
591 hci_setup_event_mask(req);
593 if (hdev->commands[6] & 0x20 &&
594 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
595 struct hci_cp_read_stored_link_key cp;
597 bacpy(&cp.bdaddr, BDADDR_ANY);
599 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
602 if (hdev->commands[5] & 0x10)
603 hci_setup_link_policy(req);
605 if (hdev->commands[8] & 0x01)
606 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
608 if (hdev->commands[18] & 0x04 &&
609 !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks))
610 hci_req_add(req, HCI_OP_READ_DEF_ERR_DATA_REPORTING, 0, NULL);
612 /* Some older Broadcom based Bluetooth 1.2 controllers do not
613 * support the Read Page Scan Type command. Check support for
614 * this command in the bit mask of supported commands.
616 if (hdev->commands[13] & 0x01)
617 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
619 if (lmp_le_capable(hdev)) {
622 memset(events, 0, sizeof(events));
624 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
625 events[0] |= 0x10; /* LE Long Term Key Request */
627 /* If controller supports the Connection Parameters Request
628 * Link Layer Procedure, enable the corresponding event.
630 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
631 events[0] |= 0x20; /* LE Remote Connection
635 /* If the controller supports the Data Length Extension
636 * feature, enable the corresponding event.
638 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
639 events[0] |= 0x40; /* LE Data Length Change */
641 /* If the controller supports LL Privacy feature, enable
642 * the corresponding event.
644 if (hdev->le_features[0] & HCI_LE_LL_PRIVACY)
645 events[1] |= 0x02; /* LE Enhanced Connection
649 /* If the controller supports Extended Scanner Filter
650 * Policies, enable the correspondig event.
652 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
653 events[1] |= 0x04; /* LE Direct Advertising
657 /* If the controller supports Channel Selection Algorithm #2
658 * feature, enable the corresponding event.
660 if (hdev->le_features[1] & HCI_LE_CHAN_SEL_ALG2)
661 events[2] |= 0x08; /* LE Channel Selection
665 /* If the controller supports the LE Set Scan Enable command,
666 * enable the corresponding advertising report event.
668 if (hdev->commands[26] & 0x08)
669 events[0] |= 0x02; /* LE Advertising Report */
671 /* If the controller supports the LE Create Connection
672 * command, enable the corresponding event.
674 if (hdev->commands[26] & 0x10)
675 events[0] |= 0x01; /* LE Connection Complete */
677 /* If the controller supports the LE Connection Update
678 * command, enable the corresponding event.
680 if (hdev->commands[27] & 0x04)
681 events[0] |= 0x04; /* LE Connection Update
685 /* If the controller supports the LE Read Remote Used Features
686 * command, enable the corresponding event.
688 if (hdev->commands[27] & 0x20)
689 events[0] |= 0x08; /* LE Read Remote Used
693 /* If the controller supports the LE Read Local P-256
694 * Public Key command, enable the corresponding event.
696 if (hdev->commands[34] & 0x02)
697 events[0] |= 0x80; /* LE Read Local P-256
698 * Public Key Complete
701 /* If the controller supports the LE Generate DHKey
702 * command, enable the corresponding event.
704 if (hdev->commands[34] & 0x04)
705 events[1] |= 0x01; /* LE Generate DHKey Complete */
707 /* If the controller supports the LE Set Default PHY or
708 * LE Set PHY commands, enable the corresponding event.
710 if (hdev->commands[35] & (0x20 | 0x40))
711 events[1] |= 0x08; /* LE PHY Update Complete */
713 /* If the controller supports LE Set Extended Scan Parameters
714 * and LE Set Extended Scan Enable commands, enable the
715 * corresponding event.
717 if (use_ext_scan(hdev))
718 events[1] |= 0x10; /* LE Extended Advertising
722 /* If the controller supports the LE Extended Advertising
723 * command, enable the corresponding event.
725 if (ext_adv_capable(hdev))
726 events[2] |= 0x02; /* LE Advertising Set
730 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
733 /* Read LE Advertising Channel TX Power */
734 if ((hdev->commands[25] & 0x40) && !ext_adv_capable(hdev)) {
735 /* HCI TS spec forbids mixing of legacy and extended
736 * advertising commands wherein READ_ADV_TX_POWER is
737 * also included. So do not call it if extended adv
738 * is supported otherwise controller will return
739 * COMMAND_DISALLOWED for extended commands.
741 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
744 if (hdev->commands[26] & 0x40) {
745 /* Read LE Accept List Size */
746 hci_req_add(req, HCI_OP_LE_READ_ACCEPT_LIST_SIZE,
750 if (hdev->commands[26] & 0x80) {
751 /* Clear LE Accept List */
752 hci_req_add(req, HCI_OP_LE_CLEAR_ACCEPT_LIST, 0, NULL);
755 if (hdev->commands[34] & 0x40) {
756 /* Read LE Resolving List Size */
757 hci_req_add(req, HCI_OP_LE_READ_RESOLV_LIST_SIZE,
761 if (hdev->commands[34] & 0x20) {
762 /* Clear LE Resolving List */
763 hci_req_add(req, HCI_OP_LE_CLEAR_RESOLV_LIST, 0, NULL);
766 if (hdev->commands[35] & 0x04) {
767 __le16 rpa_timeout = cpu_to_le16(hdev->rpa_timeout);
769 /* Set RPA timeout */
770 hci_req_add(req, HCI_OP_LE_SET_RPA_TIMEOUT, 2,
774 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
775 /* Read LE Maximum Data Length */
776 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
778 /* Read LE Suggested Default Data Length */
779 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
782 if (ext_adv_capable(hdev)) {
783 /* Read LE Number of Supported Advertising Sets */
784 hci_req_add(req, HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS,
788 hci_set_le_support(req);
791 /* Read features beyond page 1 if available */
792 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
793 struct hci_cp_read_local_ext_features cp;
796 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
803 static int hci_init4_req(struct hci_request *req, unsigned long opt)
805 struct hci_dev *hdev = req->hdev;
807 /* Some Broadcom based Bluetooth controllers do not support the
808 * Delete Stored Link Key command. They are clearly indicating its
809 * absence in the bit mask of supported commands.
811 * Check the supported commands and only if the command is marked
812 * as supported send it. If not supported assume that the controller
813 * does not have actual support for stored link keys which makes this
814 * command redundant anyway.
816 * Some controllers indicate that they support handling deleting
817 * stored link keys, but they don't. The quirk lets a driver
818 * just disable this command.
820 if (hdev->commands[6] & 0x80 &&
821 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
822 struct hci_cp_delete_stored_link_key cp;
824 bacpy(&cp.bdaddr, BDADDR_ANY);
825 cp.delete_all = 0x01;
826 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
830 /* Set event mask page 2 if the HCI command for it is supported */
831 if (hdev->commands[22] & 0x04)
832 hci_set_event_mask_page_2(req);
834 /* Read local codec list if the HCI command is supported */
835 if (hdev->commands[29] & 0x20)
836 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
838 /* Read local pairing options if the HCI command is supported */
839 if (hdev->commands[41] & 0x08)
840 hci_req_add(req, HCI_OP_READ_LOCAL_PAIRING_OPTS, 0, NULL);
842 /* Get MWS transport configuration if the HCI command is supported */
843 if (hdev->commands[30] & 0x08)
844 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
846 /* Check for Synchronization Train support */
847 if (lmp_sync_train_capable(hdev))
848 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
850 /* Enable Secure Connections if supported and configured */
851 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
852 bredr_sc_enabled(hdev)) {
855 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
856 sizeof(support), &support);
859 /* Set erroneous data reporting if supported to the wideband speech
862 if (hdev->commands[18] & 0x08 &&
863 !test_bit(HCI_QUIRK_BROKEN_ERR_DATA_REPORTING, &hdev->quirks)) {
864 bool enabled = hci_dev_test_flag(hdev,
865 HCI_WIDEBAND_SPEECH_ENABLED);
868 (hdev->err_data_reporting == ERR_DATA_REPORTING_ENABLED)) {
869 struct hci_cp_write_def_err_data_reporting cp;
871 cp.err_data_reporting = enabled ?
872 ERR_DATA_REPORTING_ENABLED :
873 ERR_DATA_REPORTING_DISABLED;
875 hci_req_add(req, HCI_OP_WRITE_DEF_ERR_DATA_REPORTING,
880 /* Set Suggested Default Data Length to maximum if supported */
881 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
882 struct hci_cp_le_write_def_data_len cp;
884 cp.tx_len = cpu_to_le16(hdev->le_max_tx_len);
885 cp.tx_time = cpu_to_le16(hdev->le_max_tx_time);
886 hci_req_add(req, HCI_OP_LE_WRITE_DEF_DATA_LEN, sizeof(cp), &cp);
889 /* Set Default PHY parameters if command is supported */
890 if (hdev->commands[35] & 0x20) {
891 struct hci_cp_le_set_default_phy cp;
894 cp.tx_phys = hdev->le_tx_def_phys;
895 cp.rx_phys = hdev->le_rx_def_phys;
897 hci_req_add(req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp), &cp);
903 static int __hci_init(struct hci_dev *hdev)
907 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT, NULL);
911 if (hci_dev_test_flag(hdev, HCI_SETUP))
912 hci_debugfs_create_basic(hdev);
914 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT, NULL);
918 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode
919 * BR/EDR/LE type controllers. AMP controllers only need the
920 * first two stages of init.
922 if (hdev->dev_type != HCI_PRIMARY)
925 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT, NULL);
929 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT, NULL);
933 /* This function is only called when the controller is actually in
934 * configured state. When the controller is marked as unconfigured,
935 * this initialization procedure is not run.
937 * It means that it is possible that a controller runs through its
938 * setup phase and then discovers missing settings. If that is the
939 * case, then this function will not be called. It then will only
940 * be called during the config phase.
942 * So only when in setup phase or config phase, create the debugfs
943 * entries and register the SMP channels.
945 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
946 !hci_dev_test_flag(hdev, HCI_CONFIG))
949 hci_debugfs_create_common(hdev);
951 if (lmp_bredr_capable(hdev))
952 hci_debugfs_create_bredr(hdev);
954 if (lmp_le_capable(hdev))
955 hci_debugfs_create_le(hdev);
960 static int hci_init0_req(struct hci_request *req, unsigned long opt)
962 struct hci_dev *hdev = req->hdev;
964 BT_DBG("%s %ld", hdev->name, opt);
967 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
968 hci_reset_req(req, 0);
970 /* Read Local Version */
971 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
973 /* Read BD Address */
974 if (hdev->set_bdaddr)
975 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
980 static int __hci_unconf_init(struct hci_dev *hdev)
984 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
987 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT, NULL);
991 if (hci_dev_test_flag(hdev, HCI_SETUP))
992 hci_debugfs_create_basic(hdev);
997 static int hci_scan_req(struct hci_request *req, unsigned long opt)
1001 BT_DBG("%s %x", req->hdev->name, scan);
1003 /* Inquiry and Page scans */
1004 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1008 static int hci_auth_req(struct hci_request *req, unsigned long opt)
1012 BT_DBG("%s %x", req->hdev->name, auth);
1014 /* Authentication */
1015 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
1019 static int hci_encrypt_req(struct hci_request *req, unsigned long opt)
1023 BT_DBG("%s %x", req->hdev->name, encrypt);
1026 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
1030 static int hci_linkpol_req(struct hci_request *req, unsigned long opt)
1032 __le16 policy = cpu_to_le16(opt);
1034 BT_DBG("%s %x", req->hdev->name, policy);
1036 /* Default link policy */
1037 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
1041 /* Get HCI device by index.
1042 * Device is held on return. */
1043 struct hci_dev *hci_dev_get(int index)
1045 struct hci_dev *hdev = NULL, *d;
1047 BT_DBG("%d", index);
1052 read_lock(&hci_dev_list_lock);
1053 list_for_each_entry(d, &hci_dev_list, list) {
1054 if (d->id == index) {
1055 hdev = hci_dev_hold(d);
1059 read_unlock(&hci_dev_list_lock);
1063 /* ---- Inquiry support ---- */
1065 bool hci_discovery_active(struct hci_dev *hdev)
1067 struct discovery_state *discov = &hdev->discovery;
1069 switch (discov->state) {
1070 case DISCOVERY_FINDING:
1071 case DISCOVERY_RESOLVING:
1079 void hci_discovery_set_state(struct hci_dev *hdev, int state)
1081 int old_state = hdev->discovery.state;
1083 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
1085 if (old_state == state)
1088 hdev->discovery.state = state;
1091 case DISCOVERY_STOPPED:
1092 hci_update_background_scan(hdev);
1094 if (old_state != DISCOVERY_STARTING)
1095 mgmt_discovering(hdev, 0);
1097 case DISCOVERY_STARTING:
1099 case DISCOVERY_FINDING:
1100 mgmt_discovering(hdev, 1);
1102 case DISCOVERY_RESOLVING:
1104 case DISCOVERY_STOPPING:
1109 void hci_inquiry_cache_flush(struct hci_dev *hdev)
1111 struct discovery_state *cache = &hdev->discovery;
1112 struct inquiry_entry *p, *n;
1114 list_for_each_entry_safe(p, n, &cache->all, all) {
1119 INIT_LIST_HEAD(&cache->unknown);
1120 INIT_LIST_HEAD(&cache->resolve);
1123 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1126 struct discovery_state *cache = &hdev->discovery;
1127 struct inquiry_entry *e;
1129 BT_DBG("cache %p, %pMR", cache, bdaddr);
1131 list_for_each_entry(e, &cache->all, all) {
1132 if (!bacmp(&e->data.bdaddr, bdaddr))
1139 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1142 struct discovery_state *cache = &hdev->discovery;
1143 struct inquiry_entry *e;
1145 BT_DBG("cache %p, %pMR", cache, bdaddr);
1147 list_for_each_entry(e, &cache->unknown, list) {
1148 if (!bacmp(&e->data.bdaddr, bdaddr))
1155 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1159 struct discovery_state *cache = &hdev->discovery;
1160 struct inquiry_entry *e;
1162 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1164 list_for_each_entry(e, &cache->resolve, list) {
1165 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1167 if (!bacmp(&e->data.bdaddr, bdaddr))
1174 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1175 struct inquiry_entry *ie)
1177 struct discovery_state *cache = &hdev->discovery;
1178 struct list_head *pos = &cache->resolve;
1179 struct inquiry_entry *p;
1181 list_del(&ie->list);
1183 list_for_each_entry(p, &cache->resolve, list) {
1184 if (p->name_state != NAME_PENDING &&
1185 abs(p->data.rssi) >= abs(ie->data.rssi))
1190 list_add(&ie->list, pos);
1193 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1196 struct discovery_state *cache = &hdev->discovery;
1197 struct inquiry_entry *ie;
1200 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1202 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1204 if (!data->ssp_mode)
1205 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1207 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1209 if (!ie->data.ssp_mode)
1210 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1212 if (ie->name_state == NAME_NEEDED &&
1213 data->rssi != ie->data.rssi) {
1214 ie->data.rssi = data->rssi;
1215 hci_inquiry_cache_update_resolve(hdev, ie);
1221 /* Entry not in the cache. Add new one. */
1222 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1224 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1228 list_add(&ie->all, &cache->all);
1231 ie->name_state = NAME_KNOWN;
1233 ie->name_state = NAME_NOT_KNOWN;
1234 list_add(&ie->list, &cache->unknown);
1238 if (name_known && ie->name_state != NAME_KNOWN &&
1239 ie->name_state != NAME_PENDING) {
1240 ie->name_state = NAME_KNOWN;
1241 list_del(&ie->list);
1244 memcpy(&ie->data, data, sizeof(*data));
1245 ie->timestamp = jiffies;
1246 cache->timestamp = jiffies;
1248 if (ie->name_state == NAME_NOT_KNOWN)
1249 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1255 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1257 struct discovery_state *cache = &hdev->discovery;
1258 struct inquiry_info *info = (struct inquiry_info *) buf;
1259 struct inquiry_entry *e;
1262 list_for_each_entry(e, &cache->all, all) {
1263 struct inquiry_data *data = &e->data;
1268 bacpy(&info->bdaddr, &data->bdaddr);
1269 info->pscan_rep_mode = data->pscan_rep_mode;
1270 info->pscan_period_mode = data->pscan_period_mode;
1271 info->pscan_mode = data->pscan_mode;
1272 memcpy(info->dev_class, data->dev_class, 3);
1273 info->clock_offset = data->clock_offset;
1279 BT_DBG("cache %p, copied %d", cache, copied);
1283 static int hci_inq_req(struct hci_request *req, unsigned long opt)
1285 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1286 struct hci_dev *hdev = req->hdev;
1287 struct hci_cp_inquiry cp;
1289 BT_DBG("%s", hdev->name);
1291 if (test_bit(HCI_INQUIRY, &hdev->flags))
1295 memcpy(&cp.lap, &ir->lap, 3);
1296 cp.length = ir->length;
1297 cp.num_rsp = ir->num_rsp;
1298 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1303 int hci_inquiry(void __user *arg)
1305 __u8 __user *ptr = arg;
1306 struct hci_inquiry_req ir;
1307 struct hci_dev *hdev;
1308 int err = 0, do_inquiry = 0, max_rsp;
1312 if (copy_from_user(&ir, ptr, sizeof(ir)))
1315 hdev = hci_dev_get(ir.dev_id);
1319 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1324 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1329 if (hdev->dev_type != HCI_PRIMARY) {
1334 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1339 /* Restrict maximum inquiry length to 60 seconds */
1340 if (ir.length > 60) {
1346 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1347 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1348 hci_inquiry_cache_flush(hdev);
1351 hci_dev_unlock(hdev);
1353 timeo = ir.length * msecs_to_jiffies(2000);
1356 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1361 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1362 * cleared). If it is interrupted by a signal, return -EINTR.
1364 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1365 TASK_INTERRUPTIBLE)) {
1371 /* for unlimited number of responses we will use buffer with
1374 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1376 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1377 * copy it to the user space.
1379 buf = kmalloc_array(max_rsp, sizeof(struct inquiry_info), GFP_KERNEL);
1386 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1387 hci_dev_unlock(hdev);
1389 BT_DBG("num_rsp %d", ir.num_rsp);
1391 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1393 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1407 * hci_dev_get_bd_addr_from_property - Get the Bluetooth Device Address
1408 * (BD_ADDR) for a HCI device from
1409 * a firmware node property.
1410 * @hdev: The HCI device
1412 * Search the firmware node for 'local-bd-address'.
1414 * All-zero BD addresses are rejected, because those could be properties
1415 * that exist in the firmware tables, but were not updated by the firmware. For
1416 * example, the DTS could define 'local-bd-address', with zero BD addresses.
1418 static void hci_dev_get_bd_addr_from_property(struct hci_dev *hdev)
1420 struct fwnode_handle *fwnode = dev_fwnode(hdev->dev.parent);
1424 ret = fwnode_property_read_u8_array(fwnode, "local-bd-address",
1425 (u8 *)&ba, sizeof(ba));
1426 if (ret < 0 || !bacmp(&ba, BDADDR_ANY))
1429 bacpy(&hdev->public_addr, &ba);
1432 static int hci_dev_do_open(struct hci_dev *hdev)
1436 BT_DBG("%s %p", hdev->name, hdev);
1438 hci_req_sync_lock(hdev);
1440 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1445 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1446 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1447 /* Check for rfkill but allow the HCI setup stage to
1448 * proceed (which in itself doesn't cause any RF activity).
1450 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1455 /* Check for valid public address or a configured static
1456 * random adddress, but let the HCI setup proceed to
1457 * be able to determine if there is a public address
1460 * In case of user channel usage, it is not important
1461 * if a public address or static random address is
1464 * This check is only valid for BR/EDR controllers
1465 * since AMP controllers do not have an address.
1467 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1468 hdev->dev_type == HCI_PRIMARY &&
1469 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1470 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1471 ret = -EADDRNOTAVAIL;
1476 if (test_bit(HCI_UP, &hdev->flags)) {
1481 if (hdev->open(hdev)) {
1486 set_bit(HCI_RUNNING, &hdev->flags);
1487 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
1489 atomic_set(&hdev->cmd_cnt, 1);
1490 set_bit(HCI_INIT, &hdev->flags);
1492 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
1493 test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
1494 bool invalid_bdaddr;
1496 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1499 ret = hdev->setup(hdev);
1501 /* The transport driver can set the quirk to mark the
1502 * BD_ADDR invalid before creating the HCI device or in
1503 * its setup callback.
1505 invalid_bdaddr = test_bit(HCI_QUIRK_INVALID_BDADDR,
1511 if (test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) {
1512 if (!bacmp(&hdev->public_addr, BDADDR_ANY))
1513 hci_dev_get_bd_addr_from_property(hdev);
1515 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1517 ret = hdev->set_bdaddr(hdev,
1518 &hdev->public_addr);
1520 /* If setting of the BD_ADDR from the device
1521 * property succeeds, then treat the address
1522 * as valid even if the invalid BD_ADDR
1523 * quirk indicates otherwise.
1526 invalid_bdaddr = false;
1531 /* The transport driver can set these quirks before
1532 * creating the HCI device or in its setup callback.
1534 * For the invalid BD_ADDR quirk it is possible that
1535 * it becomes a valid address if the bootloader does
1536 * provide it (see above).
1538 * In case any of them is set, the controller has to
1539 * start up as unconfigured.
1541 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1543 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1545 /* For an unconfigured controller it is required to
1546 * read at least the version information provided by
1547 * the Read Local Version Information command.
1549 * If the set_bdaddr driver callback is provided, then
1550 * also the original Bluetooth public device address
1551 * will be read using the Read BD Address command.
1553 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1554 ret = __hci_unconf_init(hdev);
1557 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1558 /* If public address change is configured, ensure that
1559 * the address gets programmed. If the driver does not
1560 * support changing the public address, fail the power
1563 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1565 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1567 ret = -EADDRNOTAVAIL;
1571 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1572 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1573 ret = __hci_init(hdev);
1574 if (!ret && hdev->post_init)
1575 ret = hdev->post_init(hdev);
1579 /* If the HCI Reset command is clearing all diagnostic settings,
1580 * then they need to be reprogrammed after the init procedure
1583 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
1584 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1585 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
1586 ret = hdev->set_diag(hdev, true);
1590 clear_bit(HCI_INIT, &hdev->flags);
1594 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1595 hci_adv_instances_set_rpa_expired(hdev, true);
1596 set_bit(HCI_UP, &hdev->flags);
1597 hci_sock_dev_event(hdev, HCI_DEV_UP);
1598 hci_leds_update_powered(hdev, true);
1599 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1600 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1601 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1602 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1603 hci_dev_test_flag(hdev, HCI_MGMT) &&
1604 hdev->dev_type == HCI_PRIMARY) {
1605 ret = __hci_req_hci_power_on(hdev);
1606 mgmt_power_on(hdev, ret);
1609 /* Init failed, cleanup */
1610 flush_work(&hdev->tx_work);
1612 /* Since hci_rx_work() is possible to awake new cmd_work
1613 * it should be flushed first to avoid unexpected call of
1616 flush_work(&hdev->rx_work);
1617 flush_work(&hdev->cmd_work);
1619 skb_queue_purge(&hdev->cmd_q);
1620 skb_queue_purge(&hdev->rx_q);
1625 if (hdev->sent_cmd) {
1626 cancel_delayed_work_sync(&hdev->cmd_timer);
1627 kfree_skb(hdev->sent_cmd);
1628 hdev->sent_cmd = NULL;
1631 clear_bit(HCI_RUNNING, &hdev->flags);
1632 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1635 hdev->flags &= BIT(HCI_RAW);
1639 hci_req_sync_unlock(hdev);
1643 /* ---- HCI ioctl helpers ---- */
1645 int hci_dev_open(__u16 dev)
1647 struct hci_dev *hdev;
1650 hdev = hci_dev_get(dev);
1654 /* Devices that are marked as unconfigured can only be powered
1655 * up as user channel. Trying to bring them up as normal devices
1656 * will result into a failure. Only user channel operation is
1659 * When this function is called for a user channel, the flag
1660 * HCI_USER_CHANNEL will be set first before attempting to
1663 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1664 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1669 /* We need to ensure that no other power on/off work is pending
1670 * before proceeding to call hci_dev_do_open. This is
1671 * particularly important if the setup procedure has not yet
1674 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1675 cancel_delayed_work(&hdev->power_off);
1677 /* After this call it is guaranteed that the setup procedure
1678 * has finished. This means that error conditions like RFKILL
1679 * or no valid public or static random address apply.
1681 flush_workqueue(hdev->req_workqueue);
1683 /* For controllers not using the management interface and that
1684 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1685 * so that pairing works for them. Once the management interface
1686 * is in use this bit will be cleared again and userspace has
1687 * to explicitly enable it.
1689 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1690 !hci_dev_test_flag(hdev, HCI_MGMT))
1691 hci_dev_set_flag(hdev, HCI_BONDABLE);
1693 err = hci_dev_do_open(hdev);
1700 /* This function requires the caller holds hdev->lock */
1701 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1703 struct hci_conn_params *p;
1705 list_for_each_entry(p, &hdev->le_conn_params, list) {
1707 hci_conn_drop(p->conn);
1708 hci_conn_put(p->conn);
1711 list_del_init(&p->action);
1714 BT_DBG("All LE pending actions cleared");
1717 int hci_dev_do_close(struct hci_dev *hdev)
1721 BT_DBG("%s %p", hdev->name, hdev);
1723 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1724 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1725 test_bit(HCI_UP, &hdev->flags)) {
1726 /* Execute vendor specific shutdown routine */
1728 hdev->shutdown(hdev);
1731 cancel_delayed_work(&hdev->power_off);
1733 hci_request_cancel_all(hdev);
1734 hci_req_sync_lock(hdev);
1736 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1737 cancel_delayed_work_sync(&hdev->cmd_timer);
1738 hci_req_sync_unlock(hdev);
1742 hci_leds_update_powered(hdev, false);
1744 /* Flush RX and TX works */
1745 flush_work(&hdev->tx_work);
1746 flush_work(&hdev->rx_work);
1748 if (hdev->discov_timeout > 0) {
1749 hdev->discov_timeout = 0;
1750 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1751 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1754 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1755 cancel_delayed_work(&hdev->service_cache);
1757 if (hci_dev_test_flag(hdev, HCI_MGMT)) {
1758 struct adv_info *adv_instance;
1760 cancel_delayed_work_sync(&hdev->rpa_expired);
1762 list_for_each_entry(adv_instance, &hdev->adv_instances, list)
1763 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
1766 /* Avoid potential lockdep warnings from the *_flush() calls by
1767 * ensuring the workqueue is empty up front.
1769 drain_workqueue(hdev->workqueue);
1773 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1775 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
1777 if (!auto_off && hdev->dev_type == HCI_PRIMARY &&
1778 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1779 hci_dev_test_flag(hdev, HCI_MGMT))
1780 __mgmt_power_off(hdev);
1782 hci_inquiry_cache_flush(hdev);
1783 hci_pend_le_actions_clear(hdev);
1784 hci_conn_hash_flush(hdev);
1785 hci_dev_unlock(hdev);
1787 smp_unregister(hdev);
1789 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
1791 msft_do_close(hdev);
1797 skb_queue_purge(&hdev->cmd_q);
1798 atomic_set(&hdev->cmd_cnt, 1);
1799 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
1800 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1801 set_bit(HCI_INIT, &hdev->flags);
1802 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT, NULL);
1803 clear_bit(HCI_INIT, &hdev->flags);
1806 /* flush cmd work */
1807 flush_work(&hdev->cmd_work);
1810 skb_queue_purge(&hdev->rx_q);
1811 skb_queue_purge(&hdev->cmd_q);
1812 skb_queue_purge(&hdev->raw_q);
1814 /* Drop last sent command */
1815 if (hdev->sent_cmd) {
1816 cancel_delayed_work_sync(&hdev->cmd_timer);
1817 kfree_skb(hdev->sent_cmd);
1818 hdev->sent_cmd = NULL;
1821 clear_bit(HCI_RUNNING, &hdev->flags);
1822 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1824 if (test_and_clear_bit(SUSPEND_POWERING_DOWN, hdev->suspend_tasks))
1825 wake_up(&hdev->suspend_wait_q);
1827 /* After this point our queues are empty
1828 * and no tasks are scheduled. */
1832 hdev->flags &= BIT(HCI_RAW);
1833 hci_dev_clear_volatile_flags(hdev);
1835 /* Controller radio is available but is currently powered down */
1836 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1838 memset(hdev->eir, 0, sizeof(hdev->eir));
1839 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1840 bacpy(&hdev->random_addr, BDADDR_ANY);
1842 hci_req_sync_unlock(hdev);
1848 int hci_dev_close(__u16 dev)
1850 struct hci_dev *hdev;
1853 hdev = hci_dev_get(dev);
1857 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1862 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1863 cancel_delayed_work(&hdev->power_off);
1865 err = hci_dev_do_close(hdev);
1872 static int hci_dev_do_reset(struct hci_dev *hdev)
1876 BT_DBG("%s %p", hdev->name, hdev);
1878 hci_req_sync_lock(hdev);
1881 skb_queue_purge(&hdev->rx_q);
1882 skb_queue_purge(&hdev->cmd_q);
1884 /* Avoid potential lockdep warnings from the *_flush() calls by
1885 * ensuring the workqueue is empty up front.
1887 drain_workqueue(hdev->workqueue);
1890 hci_inquiry_cache_flush(hdev);
1891 hci_conn_hash_flush(hdev);
1892 hci_dev_unlock(hdev);
1897 atomic_set(&hdev->cmd_cnt, 1);
1898 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1900 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT, NULL);
1902 hci_req_sync_unlock(hdev);
1906 int hci_dev_reset(__u16 dev)
1908 struct hci_dev *hdev;
1911 hdev = hci_dev_get(dev);
1915 if (!test_bit(HCI_UP, &hdev->flags)) {
1920 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1925 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1930 err = hci_dev_do_reset(hdev);
1937 int hci_dev_reset_stat(__u16 dev)
1939 struct hci_dev *hdev;
1942 hdev = hci_dev_get(dev);
1946 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1951 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1956 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1963 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1965 bool conn_changed, discov_changed;
1967 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1969 if ((scan & SCAN_PAGE))
1970 conn_changed = !hci_dev_test_and_set_flag(hdev,
1973 conn_changed = hci_dev_test_and_clear_flag(hdev,
1976 if ((scan & SCAN_INQUIRY)) {
1977 discov_changed = !hci_dev_test_and_set_flag(hdev,
1980 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1981 discov_changed = hci_dev_test_and_clear_flag(hdev,
1985 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1988 if (conn_changed || discov_changed) {
1989 /* In case this was disabled through mgmt */
1990 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1992 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1993 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1995 mgmt_new_settings(hdev);
1999 int hci_dev_cmd(unsigned int cmd, void __user *arg)
2001 struct hci_dev *hdev;
2002 struct hci_dev_req dr;
2005 if (copy_from_user(&dr, arg, sizeof(dr)))
2008 hdev = hci_dev_get(dr.dev_id);
2012 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
2017 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
2022 if (hdev->dev_type != HCI_PRIMARY) {
2027 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2034 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2035 HCI_INIT_TIMEOUT, NULL);
2039 if (!lmp_encrypt_capable(hdev)) {
2044 if (!test_bit(HCI_AUTH, &hdev->flags)) {
2045 /* Auth must be enabled first */
2046 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
2047 HCI_INIT_TIMEOUT, NULL);
2052 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
2053 HCI_INIT_TIMEOUT, NULL);
2057 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
2058 HCI_INIT_TIMEOUT, NULL);
2060 /* Ensure that the connectable and discoverable states
2061 * get correctly modified as this was a non-mgmt change.
2064 hci_update_scan_state(hdev, dr.dev_opt);
2068 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
2069 HCI_INIT_TIMEOUT, NULL);
2072 case HCISETLINKMODE:
2073 hdev->link_mode = ((__u16) dr.dev_opt) &
2074 (HCI_LM_MASTER | HCI_LM_ACCEPT);
2078 if (hdev->pkt_type == (__u16) dr.dev_opt)
2081 hdev->pkt_type = (__u16) dr.dev_opt;
2082 mgmt_phy_configuration_changed(hdev, NULL);
2086 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
2087 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
2091 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
2092 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
2105 int hci_get_dev_list(void __user *arg)
2107 struct hci_dev *hdev;
2108 struct hci_dev_list_req *dl;
2109 struct hci_dev_req *dr;
2110 int n = 0, size, err;
2113 if (get_user(dev_num, (__u16 __user *) arg))
2116 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
2119 size = sizeof(*dl) + dev_num * sizeof(*dr);
2121 dl = kzalloc(size, GFP_KERNEL);
2127 read_lock(&hci_dev_list_lock);
2128 list_for_each_entry(hdev, &hci_dev_list, list) {
2129 unsigned long flags = hdev->flags;
2131 /* When the auto-off is configured it means the transport
2132 * is running, but in that case still indicate that the
2133 * device is actually down.
2135 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2136 flags &= ~BIT(HCI_UP);
2138 (dr + n)->dev_id = hdev->id;
2139 (dr + n)->dev_opt = flags;
2144 read_unlock(&hci_dev_list_lock);
2147 size = sizeof(*dl) + n * sizeof(*dr);
2149 err = copy_to_user(arg, dl, size);
2152 return err ? -EFAULT : 0;
2155 int hci_get_dev_info(void __user *arg)
2157 struct hci_dev *hdev;
2158 struct hci_dev_info di;
2159 unsigned long flags;
2162 if (copy_from_user(&di, arg, sizeof(di)))
2165 hdev = hci_dev_get(di.dev_id);
2169 /* When the auto-off is configured it means the transport
2170 * is running, but in that case still indicate that the
2171 * device is actually down.
2173 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
2174 flags = hdev->flags & ~BIT(HCI_UP);
2176 flags = hdev->flags;
2178 strscpy(di.name, hdev->name, sizeof(di.name));
2179 di.bdaddr = hdev->bdaddr;
2180 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
2182 di.pkt_type = hdev->pkt_type;
2183 if (lmp_bredr_capable(hdev)) {
2184 di.acl_mtu = hdev->acl_mtu;
2185 di.acl_pkts = hdev->acl_pkts;
2186 di.sco_mtu = hdev->sco_mtu;
2187 di.sco_pkts = hdev->sco_pkts;
2189 di.acl_mtu = hdev->le_mtu;
2190 di.acl_pkts = hdev->le_pkts;
2194 di.link_policy = hdev->link_policy;
2195 di.link_mode = hdev->link_mode;
2197 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2198 memcpy(&di.features, &hdev->features, sizeof(di.features));
2200 if (copy_to_user(arg, &di, sizeof(di)))
2208 /* ---- Interface to HCI drivers ---- */
2210 static int hci_rfkill_set_block(void *data, bool blocked)
2212 struct hci_dev *hdev = data;
2214 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2216 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2220 hci_dev_set_flag(hdev, HCI_RFKILLED);
2221 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2222 !hci_dev_test_flag(hdev, HCI_CONFIG))
2223 hci_dev_do_close(hdev);
2225 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2231 static const struct rfkill_ops hci_rfkill_ops = {
2232 .set_block = hci_rfkill_set_block,
2235 static void hci_power_on(struct work_struct *work)
2237 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2240 BT_DBG("%s", hdev->name);
2242 if (test_bit(HCI_UP, &hdev->flags) &&
2243 hci_dev_test_flag(hdev, HCI_MGMT) &&
2244 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
2245 cancel_delayed_work(&hdev->power_off);
2246 hci_req_sync_lock(hdev);
2247 err = __hci_req_hci_power_on(hdev);
2248 hci_req_sync_unlock(hdev);
2249 mgmt_power_on(hdev, err);
2253 err = hci_dev_do_open(hdev);
2256 mgmt_set_powered_failed(hdev, err);
2257 hci_dev_unlock(hdev);
2261 /* During the HCI setup phase, a few error conditions are
2262 * ignored and they need to be checked now. If they are still
2263 * valid, it is important to turn the device back off.
2265 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2266 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2267 (hdev->dev_type == HCI_PRIMARY &&
2268 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2269 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2270 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2271 hci_dev_do_close(hdev);
2272 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2273 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2274 HCI_AUTO_OFF_TIMEOUT);
2277 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2278 /* For unconfigured devices, set the HCI_RAW flag
2279 * so that userspace can easily identify them.
2281 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2282 set_bit(HCI_RAW, &hdev->flags);
2284 /* For fully configured devices, this will send
2285 * the Index Added event. For unconfigured devices,
2286 * it will send Unconfigued Index Added event.
2288 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2289 * and no event will be send.
2291 mgmt_index_added(hdev);
2292 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2293 /* When the controller is now configured, then it
2294 * is important to clear the HCI_RAW flag.
2296 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2297 clear_bit(HCI_RAW, &hdev->flags);
2299 /* Powering on the controller with HCI_CONFIG set only
2300 * happens with the transition from unconfigured to
2301 * configured. This will send the Index Added event.
2303 mgmt_index_added(hdev);
2307 static void hci_power_off(struct work_struct *work)
2309 struct hci_dev *hdev = container_of(work, struct hci_dev,
2312 BT_DBG("%s", hdev->name);
2314 hci_dev_do_close(hdev);
2317 static void hci_error_reset(struct work_struct *work)
2319 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2322 BT_DBG("%s", hdev->name);
2325 hdev->hw_error(hdev, hdev->hw_error_code);
2327 bt_dev_err(hdev, "hardware error 0x%2.2x", hdev->hw_error_code);
2329 if (!hci_dev_do_close(hdev))
2330 hci_dev_do_open(hdev);
2335 void hci_uuids_clear(struct hci_dev *hdev)
2337 struct bt_uuid *uuid, *tmp;
2339 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2340 list_del(&uuid->list);
2345 void hci_link_keys_clear(struct hci_dev *hdev)
2347 struct link_key *key, *tmp;
2349 list_for_each_entry_safe(key, tmp, &hdev->link_keys, list) {
2350 list_del_rcu(&key->list);
2351 kfree_rcu(key, rcu);
2355 void hci_smp_ltks_clear(struct hci_dev *hdev)
2357 struct smp_ltk *k, *tmp;
2359 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
2360 list_del_rcu(&k->list);
2365 void hci_smp_irks_clear(struct hci_dev *hdev)
2367 struct smp_irk *k, *tmp;
2369 list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
2370 list_del_rcu(&k->list);
2375 void hci_blocked_keys_clear(struct hci_dev *hdev)
2377 struct blocked_key *b, *tmp;
2379 list_for_each_entry_safe(b, tmp, &hdev->blocked_keys, list) {
2380 list_del_rcu(&b->list);
2385 bool hci_is_blocked_key(struct hci_dev *hdev, u8 type, u8 val[16])
2387 bool blocked = false;
2388 struct blocked_key *b;
2391 list_for_each_entry_rcu(b, &hdev->blocked_keys, list) {
2392 if (b->type == type && !memcmp(b->val, val, sizeof(b->val))) {
2402 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2407 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2408 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2411 if (hci_is_blocked_key(hdev,
2412 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2414 bt_dev_warn_ratelimited(hdev,
2415 "Link key blocked for %pMR",
2428 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2429 u8 key_type, u8 old_key_type)
2432 if (key_type < 0x03)
2435 /* Debug keys are insecure so don't store them persistently */
2436 if (key_type == HCI_LK_DEBUG_COMBINATION)
2439 /* Changed combination key and there's no previous one */
2440 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2443 /* Security mode 3 case */
2447 /* BR/EDR key derived using SC from an LE link */
2448 if (conn->type == LE_LINK)
2451 /* Neither local nor remote side had no-bonding as requirement */
2452 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2455 /* Local side had dedicated bonding as requirement */
2456 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2459 /* Remote side had dedicated bonding as requirement */
2460 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2463 /* If none of the above criteria match, then don't store the key
2468 static u8 ltk_role(u8 type)
2470 if (type == SMP_LTK)
2471 return HCI_ROLE_MASTER;
2473 return HCI_ROLE_SLAVE;
2476 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2477 u8 addr_type, u8 role)
2482 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2483 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2486 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2489 if (hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_LTK,
2491 bt_dev_warn_ratelimited(hdev,
2492 "LTK blocked for %pMR",
2505 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2507 struct smp_irk *irk_to_return = NULL;
2508 struct smp_irk *irk;
2511 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2512 if (!bacmp(&irk->rpa, rpa)) {
2513 irk_to_return = irk;
2518 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2519 if (smp_irk_matches(hdev, irk->val, rpa)) {
2520 bacpy(&irk->rpa, rpa);
2521 irk_to_return = irk;
2527 if (irk_to_return && hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_IRK,
2528 irk_to_return->val)) {
2529 bt_dev_warn_ratelimited(hdev, "Identity key blocked for %pMR",
2530 &irk_to_return->bdaddr);
2531 irk_to_return = NULL;
2536 return irk_to_return;
2539 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2542 struct smp_irk *irk_to_return = NULL;
2543 struct smp_irk *irk;
2545 /* Identity Address must be public or static random */
2546 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2550 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2551 if (addr_type == irk->addr_type &&
2552 bacmp(bdaddr, &irk->bdaddr) == 0) {
2553 irk_to_return = irk;
2560 if (irk_to_return && hci_is_blocked_key(hdev, HCI_BLOCKED_KEY_TYPE_IRK,
2561 irk_to_return->val)) {
2562 bt_dev_warn_ratelimited(hdev, "Identity key blocked for %pMR",
2563 &irk_to_return->bdaddr);
2564 irk_to_return = NULL;
2569 return irk_to_return;
2572 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2573 bdaddr_t *bdaddr, u8 *val, u8 type,
2574 u8 pin_len, bool *persistent)
2576 struct link_key *key, *old_key;
2579 old_key = hci_find_link_key(hdev, bdaddr);
2581 old_key_type = old_key->type;
2584 old_key_type = conn ? conn->key_type : 0xff;
2585 key = kzalloc(sizeof(*key), GFP_KERNEL);
2588 list_add_rcu(&key->list, &hdev->link_keys);
2591 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2593 /* Some buggy controller combinations generate a changed
2594 * combination key for legacy pairing even when there's no
2596 if (type == HCI_LK_CHANGED_COMBINATION &&
2597 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2598 type = HCI_LK_COMBINATION;
2600 conn->key_type = type;
2603 bacpy(&key->bdaddr, bdaddr);
2604 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2605 key->pin_len = pin_len;
2607 if (type == HCI_LK_CHANGED_COMBINATION)
2608 key->type = old_key_type;
2613 *persistent = hci_persistent_key(hdev, conn, type,
2619 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2620 u8 addr_type, u8 type, u8 authenticated,
2621 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2623 struct smp_ltk *key, *old_key;
2624 u8 role = ltk_role(type);
2626 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2630 key = kzalloc(sizeof(*key), GFP_KERNEL);
2633 list_add_rcu(&key->list, &hdev->long_term_keys);
2636 bacpy(&key->bdaddr, bdaddr);
2637 key->bdaddr_type = addr_type;
2638 memcpy(key->val, tk, sizeof(key->val));
2639 key->authenticated = authenticated;
2642 key->enc_size = enc_size;
2648 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2649 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2651 struct smp_irk *irk;
2653 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2655 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2659 bacpy(&irk->bdaddr, bdaddr);
2660 irk->addr_type = addr_type;
2662 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2665 memcpy(irk->val, val, 16);
2666 bacpy(&irk->rpa, rpa);
2671 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2673 struct link_key *key;
2675 key = hci_find_link_key(hdev, bdaddr);
2679 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2681 list_del_rcu(&key->list);
2682 kfree_rcu(key, rcu);
2687 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2689 struct smp_ltk *k, *tmp;
2692 list_for_each_entry_safe(k, tmp, &hdev->long_term_keys, list) {
2693 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2696 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2698 list_del_rcu(&k->list);
2703 return removed ? 0 : -ENOENT;
2706 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2708 struct smp_irk *k, *tmp;
2710 list_for_each_entry_safe(k, tmp, &hdev->identity_resolving_keys, list) {
2711 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2714 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2716 list_del_rcu(&k->list);
2721 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2724 struct smp_irk *irk;
2727 if (type == BDADDR_BREDR) {
2728 if (hci_find_link_key(hdev, bdaddr))
2733 /* Convert to HCI addr type which struct smp_ltk uses */
2734 if (type == BDADDR_LE_PUBLIC)
2735 addr_type = ADDR_LE_DEV_PUBLIC;
2737 addr_type = ADDR_LE_DEV_RANDOM;
2739 irk = hci_get_irk(hdev, bdaddr, addr_type);
2741 bdaddr = &irk->bdaddr;
2742 addr_type = irk->addr_type;
2746 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2747 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2757 /* HCI command timer function */
2758 static void hci_cmd_timeout(struct work_struct *work)
2760 struct hci_dev *hdev = container_of(work, struct hci_dev,
2763 if (hdev->sent_cmd) {
2764 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2765 u16 opcode = __le16_to_cpu(sent->opcode);
2767 bt_dev_err(hdev, "command 0x%4.4x tx timeout", opcode);
2769 bt_dev_err(hdev, "command tx timeout");
2772 if (hdev->cmd_timeout)
2773 hdev->cmd_timeout(hdev);
2775 atomic_set(&hdev->cmd_cnt, 1);
2776 queue_work(hdev->workqueue, &hdev->cmd_work);
2779 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2780 bdaddr_t *bdaddr, u8 bdaddr_type)
2782 struct oob_data *data;
2784 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2785 if (bacmp(bdaddr, &data->bdaddr) != 0)
2787 if (data->bdaddr_type != bdaddr_type)
2795 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2798 struct oob_data *data;
2800 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2804 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2806 list_del(&data->list);
2812 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2814 struct oob_data *data, *n;
2816 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2817 list_del(&data->list);
2822 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2823 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2824 u8 *hash256, u8 *rand256)
2826 struct oob_data *data;
2828 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2830 data = kmalloc(sizeof(*data), GFP_KERNEL);
2834 bacpy(&data->bdaddr, bdaddr);
2835 data->bdaddr_type = bdaddr_type;
2836 list_add(&data->list, &hdev->remote_oob_data);
2839 if (hash192 && rand192) {
2840 memcpy(data->hash192, hash192, sizeof(data->hash192));
2841 memcpy(data->rand192, rand192, sizeof(data->rand192));
2842 if (hash256 && rand256)
2843 data->present = 0x03;
2845 memset(data->hash192, 0, sizeof(data->hash192));
2846 memset(data->rand192, 0, sizeof(data->rand192));
2847 if (hash256 && rand256)
2848 data->present = 0x02;
2850 data->present = 0x00;
2853 if (hash256 && rand256) {
2854 memcpy(data->hash256, hash256, sizeof(data->hash256));
2855 memcpy(data->rand256, rand256, sizeof(data->rand256));
2857 memset(data->hash256, 0, sizeof(data->hash256));
2858 memset(data->rand256, 0, sizeof(data->rand256));
2859 if (hash192 && rand192)
2860 data->present = 0x01;
2863 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2868 /* This function requires the caller holds hdev->lock */
2869 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2871 struct adv_info *adv_instance;
2873 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2874 if (adv_instance->instance == instance)
2875 return adv_instance;
2881 /* This function requires the caller holds hdev->lock */
2882 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance)
2884 struct adv_info *cur_instance;
2886 cur_instance = hci_find_adv_instance(hdev, instance);
2890 if (cur_instance == list_last_entry(&hdev->adv_instances,
2891 struct adv_info, list))
2892 return list_first_entry(&hdev->adv_instances,
2893 struct adv_info, list);
2895 return list_next_entry(cur_instance, list);
2898 /* This function requires the caller holds hdev->lock */
2899 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2901 struct adv_info *adv_instance;
2903 adv_instance = hci_find_adv_instance(hdev, instance);
2907 BT_DBG("%s removing %dMR", hdev->name, instance);
2909 if (hdev->cur_adv_instance == instance) {
2910 if (hdev->adv_instance_timeout) {
2911 cancel_delayed_work(&hdev->adv_instance_expire);
2912 hdev->adv_instance_timeout = 0;
2914 hdev->cur_adv_instance = 0x00;
2917 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2919 list_del(&adv_instance->list);
2920 kfree(adv_instance);
2922 hdev->adv_instance_cnt--;
2927 void hci_adv_instances_set_rpa_expired(struct hci_dev *hdev, bool rpa_expired)
2929 struct adv_info *adv_instance, *n;
2931 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list)
2932 adv_instance->rpa_expired = rpa_expired;
2935 /* This function requires the caller holds hdev->lock */
2936 void hci_adv_instances_clear(struct hci_dev *hdev)
2938 struct adv_info *adv_instance, *n;
2940 if (hdev->adv_instance_timeout) {
2941 cancel_delayed_work(&hdev->adv_instance_expire);
2942 hdev->adv_instance_timeout = 0;
2945 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2946 cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
2947 list_del(&adv_instance->list);
2948 kfree(adv_instance);
2951 hdev->adv_instance_cnt = 0;
2952 hdev->cur_adv_instance = 0x00;
2955 static void adv_instance_rpa_expired(struct work_struct *work)
2957 struct adv_info *adv_instance = container_of(work, struct adv_info,
2958 rpa_expired_cb.work);
2962 adv_instance->rpa_expired = true;
2965 /* This function requires the caller holds hdev->lock */
2966 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2967 u16 adv_data_len, u8 *adv_data,
2968 u16 scan_rsp_len, u8 *scan_rsp_data,
2969 u16 timeout, u16 duration)
2971 struct adv_info *adv_instance;
2973 adv_instance = hci_find_adv_instance(hdev, instance);
2975 memset(adv_instance->adv_data, 0,
2976 sizeof(adv_instance->adv_data));
2977 memset(adv_instance->scan_rsp_data, 0,
2978 sizeof(adv_instance->scan_rsp_data));
2980 if (hdev->adv_instance_cnt >= hdev->le_num_of_adv_sets ||
2981 instance < 1 || instance > hdev->le_num_of_adv_sets)
2984 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2988 adv_instance->pending = true;
2989 adv_instance->instance = instance;
2990 list_add(&adv_instance->list, &hdev->adv_instances);
2991 hdev->adv_instance_cnt++;
2994 adv_instance->flags = flags;
2995 adv_instance->adv_data_len = adv_data_len;
2996 adv_instance->scan_rsp_len = scan_rsp_len;
2999 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
3002 memcpy(adv_instance->scan_rsp_data,
3003 scan_rsp_data, scan_rsp_len);
3005 adv_instance->timeout = timeout;
3006 adv_instance->remaining_time = timeout;
3009 adv_instance->duration = hdev->def_multi_adv_rotation_duration;
3011 adv_instance->duration = duration;
3013 adv_instance->tx_power = HCI_TX_POWER_INVALID;
3015 INIT_DELAYED_WORK(&adv_instance->rpa_expired_cb,
3016 adv_instance_rpa_expired);
3018 BT_DBG("%s for %dMR", hdev->name, instance);
3023 /* This function requires the caller holds hdev->lock */
3024 void hci_adv_monitors_clear(struct hci_dev *hdev)
3026 struct adv_monitor *monitor;
3029 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
3030 hci_free_adv_monitor(monitor);
3032 idr_destroy(&hdev->adv_monitors_idr);
3035 void hci_free_adv_monitor(struct adv_monitor *monitor)
3037 struct adv_pattern *pattern;
3038 struct adv_pattern *tmp;
3043 list_for_each_entry_safe(pattern, tmp, &monitor->patterns, list)
3049 /* This function requires the caller holds hdev->lock */
3050 int hci_add_adv_monitor(struct hci_dev *hdev, struct adv_monitor *monitor)
3052 int min, max, handle;
3057 min = HCI_MIN_ADV_MONITOR_HANDLE;
3058 max = HCI_MIN_ADV_MONITOR_HANDLE + HCI_MAX_ADV_MONITOR_NUM_HANDLES;
3059 handle = idr_alloc(&hdev->adv_monitors_idr, monitor, min, max,
3064 hdev->adv_monitors_cnt++;
3065 monitor->handle = handle;
3067 hci_update_background_scan(hdev);
3072 static int free_adv_monitor(int id, void *ptr, void *data)
3074 struct hci_dev *hdev = data;
3075 struct adv_monitor *monitor = ptr;
3077 idr_remove(&hdev->adv_monitors_idr, monitor->handle);
3078 hci_free_adv_monitor(monitor);
3079 hdev->adv_monitors_cnt--;
3084 /* This function requires the caller holds hdev->lock */
3085 int hci_remove_adv_monitor(struct hci_dev *hdev, u16 handle)
3087 struct adv_monitor *monitor;
3090 monitor = idr_find(&hdev->adv_monitors_idr, handle);
3094 idr_remove(&hdev->adv_monitors_idr, monitor->handle);
3095 hci_free_adv_monitor(monitor);
3096 hdev->adv_monitors_cnt--;
3098 /* Remove all monitors if handle is 0. */
3099 idr_for_each(&hdev->adv_monitors_idr, &free_adv_monitor, hdev);
3102 hci_update_background_scan(hdev);
3107 /* This function requires the caller holds hdev->lock */
3108 bool hci_is_adv_monitoring(struct hci_dev *hdev)
3110 return !idr_is_empty(&hdev->adv_monitors_idr);
3113 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
3114 bdaddr_t *bdaddr, u8 type)
3116 struct bdaddr_list *b;
3118 list_for_each_entry(b, bdaddr_list, list) {
3119 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3126 struct bdaddr_list_with_irk *hci_bdaddr_list_lookup_with_irk(
3127 struct list_head *bdaddr_list, bdaddr_t *bdaddr,
3130 struct bdaddr_list_with_irk *b;
3132 list_for_each_entry(b, bdaddr_list, list) {
3133 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3140 struct bdaddr_list_with_flags *
3141 hci_bdaddr_list_lookup_with_flags(struct list_head *bdaddr_list,
3142 bdaddr_t *bdaddr, u8 type)
3144 struct bdaddr_list_with_flags *b;
3146 list_for_each_entry(b, bdaddr_list, list) {
3147 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
3154 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
3156 struct bdaddr_list *b, *n;
3158 list_for_each_entry_safe(b, n, bdaddr_list, list) {
3164 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3166 struct bdaddr_list *entry;
3168 if (!bacmp(bdaddr, BDADDR_ANY))
3171 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3174 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3178 bacpy(&entry->bdaddr, bdaddr);
3179 entry->bdaddr_type = type;
3181 list_add(&entry->list, list);
3186 int hci_bdaddr_list_add_with_irk(struct list_head *list, bdaddr_t *bdaddr,
3187 u8 type, u8 *peer_irk, u8 *local_irk)
3189 struct bdaddr_list_with_irk *entry;
3191 if (!bacmp(bdaddr, BDADDR_ANY))
3194 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3197 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3201 bacpy(&entry->bdaddr, bdaddr);
3202 entry->bdaddr_type = type;
3205 memcpy(entry->peer_irk, peer_irk, 16);
3208 memcpy(entry->local_irk, local_irk, 16);
3210 list_add(&entry->list, list);
3215 int hci_bdaddr_list_add_with_flags(struct list_head *list, bdaddr_t *bdaddr,
3218 struct bdaddr_list_with_flags *entry;
3220 if (!bacmp(bdaddr, BDADDR_ANY))
3223 if (hci_bdaddr_list_lookup(list, bdaddr, type))
3226 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
3230 bacpy(&entry->bdaddr, bdaddr);
3231 entry->bdaddr_type = type;
3232 entry->current_flags = flags;
3234 list_add(&entry->list, list);
3239 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
3241 struct bdaddr_list *entry;
3243 if (!bacmp(bdaddr, BDADDR_ANY)) {
3244 hci_bdaddr_list_clear(list);
3248 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
3252 list_del(&entry->list);
3258 int hci_bdaddr_list_del_with_irk(struct list_head *list, bdaddr_t *bdaddr,
3261 struct bdaddr_list_with_irk *entry;
3263 if (!bacmp(bdaddr, BDADDR_ANY)) {
3264 hci_bdaddr_list_clear(list);
3268 entry = hci_bdaddr_list_lookup_with_irk(list, bdaddr, type);
3272 list_del(&entry->list);
3278 int hci_bdaddr_list_del_with_flags(struct list_head *list, bdaddr_t *bdaddr,
3281 struct bdaddr_list_with_flags *entry;
3283 if (!bacmp(bdaddr, BDADDR_ANY)) {
3284 hci_bdaddr_list_clear(list);
3288 entry = hci_bdaddr_list_lookup_with_flags(list, bdaddr, type);
3292 list_del(&entry->list);
3298 /* This function requires the caller holds hdev->lock */
3299 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
3300 bdaddr_t *addr, u8 addr_type)
3302 struct hci_conn_params *params;
3304 list_for_each_entry(params, &hdev->le_conn_params, list) {
3305 if (bacmp(¶ms->addr, addr) == 0 &&
3306 params->addr_type == addr_type) {
3314 /* This function requires the caller holds hdev->lock */
3315 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
3316 bdaddr_t *addr, u8 addr_type)
3318 struct hci_conn_params *param;
3320 switch (addr_type) {
3321 case ADDR_LE_DEV_PUBLIC_RESOLVED:
3322 addr_type = ADDR_LE_DEV_PUBLIC;
3324 case ADDR_LE_DEV_RANDOM_RESOLVED:
3325 addr_type = ADDR_LE_DEV_RANDOM;
3329 list_for_each_entry(param, list, action) {
3330 if (bacmp(¶m->addr, addr) == 0 &&
3331 param->addr_type == addr_type)
3338 /* This function requires the caller holds hdev->lock */
3339 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
3340 bdaddr_t *addr, u8 addr_type)
3342 struct hci_conn_params *params;
3344 params = hci_conn_params_lookup(hdev, addr, addr_type);
3348 params = kzalloc(sizeof(*params), GFP_KERNEL);
3350 bt_dev_err(hdev, "out of memory");
3354 bacpy(¶ms->addr, addr);
3355 params->addr_type = addr_type;
3357 list_add(¶ms->list, &hdev->le_conn_params);
3358 INIT_LIST_HEAD(¶ms->action);
3360 params->conn_min_interval = hdev->le_conn_min_interval;
3361 params->conn_max_interval = hdev->le_conn_max_interval;
3362 params->conn_latency = hdev->le_conn_latency;
3363 params->supervision_timeout = hdev->le_supv_timeout;
3364 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3366 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3371 static void hci_conn_params_free(struct hci_conn_params *params)
3374 hci_conn_drop(params->conn);
3375 hci_conn_put(params->conn);
3378 list_del(¶ms->action);
3379 list_del(¶ms->list);
3383 /* This function requires the caller holds hdev->lock */
3384 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
3386 struct hci_conn_params *params;
3388 params = hci_conn_params_lookup(hdev, addr, addr_type);
3392 hci_conn_params_free(params);
3394 hci_update_background_scan(hdev);
3396 BT_DBG("addr %pMR (type %u)", addr, addr_type);
3399 /* This function requires the caller holds hdev->lock */
3400 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
3402 struct hci_conn_params *params, *tmp;
3404 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
3405 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
3408 /* If trying to estabilish one time connection to disabled
3409 * device, leave the params, but mark them as just once.
3411 if (params->explicit_connect) {
3412 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3416 list_del(¶ms->list);
3420 BT_DBG("All LE disabled connection parameters were removed");
3423 /* This function requires the caller holds hdev->lock */
3424 static void hci_conn_params_clear_all(struct hci_dev *hdev)
3426 struct hci_conn_params *params, *tmp;
3428 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
3429 hci_conn_params_free(params);
3431 BT_DBG("All LE connection parameters were removed");
3434 /* Copy the Identity Address of the controller.
3436 * If the controller has a public BD_ADDR, then by default use that one.
3437 * If this is a LE only controller without a public address, default to
3438 * the static random address.
3440 * For debugging purposes it is possible to force controllers with a
3441 * public address to use the static random address instead.
3443 * In case BR/EDR has been disabled on a dual-mode controller and
3444 * userspace has configured a static address, then that address
3445 * becomes the identity address instead of the public BR/EDR address.
3447 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
3450 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
3451 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
3452 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3453 bacmp(&hdev->static_addr, BDADDR_ANY))) {
3454 bacpy(bdaddr, &hdev->static_addr);
3455 *bdaddr_type = ADDR_LE_DEV_RANDOM;
3457 bacpy(bdaddr, &hdev->bdaddr);
3458 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
3462 static void hci_suspend_clear_tasks(struct hci_dev *hdev)
3466 for (i = 0; i < __SUSPEND_NUM_TASKS; i++)
3467 clear_bit(i, hdev->suspend_tasks);
3469 wake_up(&hdev->suspend_wait_q);
3472 static int hci_suspend_wait_event(struct hci_dev *hdev)
3475 (find_first_bit(hdev->suspend_tasks, __SUSPEND_NUM_TASKS) == \
3476 __SUSPEND_NUM_TASKS)
3479 int ret = wait_event_timeout(hdev->suspend_wait_q,
3480 WAKE_COND, SUSPEND_NOTIFIER_TIMEOUT);
3483 bt_dev_err(hdev, "Timed out waiting for suspend events");
3484 for (i = 0; i < __SUSPEND_NUM_TASKS; ++i) {
3485 if (test_bit(i, hdev->suspend_tasks))
3486 bt_dev_err(hdev, "Suspend timeout bit: %d", i);
3487 clear_bit(i, hdev->suspend_tasks);
3498 static void hci_prepare_suspend(struct work_struct *work)
3500 struct hci_dev *hdev =
3501 container_of(work, struct hci_dev, suspend_prepare);
3504 hci_req_prepare_suspend(hdev, hdev->suspend_state_next);
3505 hci_dev_unlock(hdev);
3508 static int hci_change_suspend_state(struct hci_dev *hdev,
3509 enum suspended_state next)
3511 hdev->suspend_state_next = next;
3512 set_bit(SUSPEND_PREPARE_NOTIFIER, hdev->suspend_tasks);
3513 queue_work(hdev->req_workqueue, &hdev->suspend_prepare);
3514 return hci_suspend_wait_event(hdev);
3517 static void hci_clear_wake_reason(struct hci_dev *hdev)
3521 hdev->wake_reason = 0;
3522 bacpy(&hdev->wake_addr, BDADDR_ANY);
3523 hdev->wake_addr_type = 0;
3525 hci_dev_unlock(hdev);
3528 static int hci_suspend_notifier(struct notifier_block *nb, unsigned long action,
3531 struct hci_dev *hdev =
3532 container_of(nb, struct hci_dev, suspend_notifier);
3534 u8 state = BT_RUNNING;
3536 /* If powering down, wait for completion. */
3537 if (mgmt_powering_down(hdev)) {
3538 set_bit(SUSPEND_POWERING_DOWN, hdev->suspend_tasks);
3539 ret = hci_suspend_wait_event(hdev);
3544 /* Suspend notifier should only act on events when powered. */
3545 if (!hdev_is_powered(hdev) ||
3546 hci_dev_test_flag(hdev, HCI_UNREGISTER))
3549 if (action == PM_SUSPEND_PREPARE) {
3550 /* Suspend consists of two actions:
3551 * - First, disconnect everything and make the controller not
3552 * connectable (disabling scanning)
3553 * - Second, program event filter/accept list and enable scan
3555 ret = hci_change_suspend_state(hdev, BT_SUSPEND_DISCONNECT);
3557 state = BT_SUSPEND_DISCONNECT;
3559 /* Only configure accept list if disconnect succeeded and wake
3560 * isn't being prevented.
3562 if (!ret && !(hdev->prevent_wake && hdev->prevent_wake(hdev))) {
3563 ret = hci_change_suspend_state(hdev,
3564 BT_SUSPEND_CONFIGURE_WAKE);
3566 state = BT_SUSPEND_CONFIGURE_WAKE;
3569 hci_clear_wake_reason(hdev);
3570 mgmt_suspending(hdev, state);
3572 } else if (action == PM_POST_SUSPEND) {
3573 ret = hci_change_suspend_state(hdev, BT_RUNNING);
3575 mgmt_resuming(hdev, hdev->wake_reason, &hdev->wake_addr,
3576 hdev->wake_addr_type);
3580 /* We always allow suspend even if suspend preparation failed and
3581 * attempt to recover in resume.
3584 bt_dev_err(hdev, "Suspend notifier action (%lu) failed: %d",
3590 /* Alloc HCI device */
3591 struct hci_dev *hci_alloc_dev(void)
3593 struct hci_dev *hdev;
3595 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
3599 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
3600 hdev->esco_type = (ESCO_HV1);
3601 hdev->link_mode = (HCI_LM_ACCEPT);
3602 hdev->num_iac = 0x01; /* One IAC support is mandatory */
3603 hdev->io_capability = 0x03; /* No Input No Output */
3604 hdev->manufacturer = 0xffff; /* Default to internal use */
3605 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
3606 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
3607 hdev->adv_instance_cnt = 0;
3608 hdev->cur_adv_instance = 0x00;
3609 hdev->adv_instance_timeout = 0;
3611 hdev->advmon_allowlist_duration = 300;
3612 hdev->advmon_no_filter_duration = 500;
3614 hdev->sniff_max_interval = 800;
3615 hdev->sniff_min_interval = 80;
3617 hdev->le_adv_channel_map = 0x07;
3618 hdev->le_adv_min_interval = 0x0800;
3619 hdev->le_adv_max_interval = 0x0800;
3620 hdev->le_scan_interval = 0x0060;
3621 hdev->le_scan_window = 0x0030;
3622 hdev->le_scan_int_suspend = 0x0400;
3623 hdev->le_scan_window_suspend = 0x0012;
3624 hdev->le_scan_int_discovery = DISCOV_LE_SCAN_INT;
3625 hdev->le_scan_window_discovery = DISCOV_LE_SCAN_WIN;
3626 hdev->le_scan_int_connect = 0x0060;
3627 hdev->le_scan_window_connect = 0x0060;
3628 hdev->le_conn_min_interval = 0x0018;
3629 hdev->le_conn_max_interval = 0x0028;
3630 hdev->le_conn_latency = 0x0000;
3631 hdev->le_supv_timeout = 0x002a;
3632 hdev->le_def_tx_len = 0x001b;
3633 hdev->le_def_tx_time = 0x0148;
3634 hdev->le_max_tx_len = 0x001b;
3635 hdev->le_max_tx_time = 0x0148;
3636 hdev->le_max_rx_len = 0x001b;
3637 hdev->le_max_rx_time = 0x0148;
3638 hdev->le_max_key_size = SMP_MAX_ENC_KEY_SIZE;
3639 hdev->le_min_key_size = SMP_MIN_ENC_KEY_SIZE;
3640 hdev->le_tx_def_phys = HCI_LE_SET_PHY_1M;
3641 hdev->le_rx_def_phys = HCI_LE_SET_PHY_1M;
3642 hdev->le_num_of_adv_sets = HCI_MAX_ADV_INSTANCES;
3643 hdev->def_multi_adv_rotation_duration = HCI_DEFAULT_ADV_DURATION;
3644 hdev->def_le_autoconnect_timeout = HCI_LE_AUTOCONN_TIMEOUT;
3646 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
3647 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3648 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3649 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3650 hdev->auth_payload_timeout = DEFAULT_AUTH_PAYLOAD_TIMEOUT;
3651 hdev->min_enc_key_size = HCI_MIN_ENC_KEY_SIZE;
3653 /* default 1.28 sec page scan */
3654 hdev->def_page_scan_type = PAGE_SCAN_TYPE_STANDARD;
3655 hdev->def_page_scan_int = 0x0800;
3656 hdev->def_page_scan_window = 0x0012;
3658 mutex_init(&hdev->lock);
3659 mutex_init(&hdev->req_lock);
3661 INIT_LIST_HEAD(&hdev->mgmt_pending);
3662 INIT_LIST_HEAD(&hdev->reject_list);
3663 INIT_LIST_HEAD(&hdev->accept_list);
3664 INIT_LIST_HEAD(&hdev->uuids);
3665 INIT_LIST_HEAD(&hdev->link_keys);
3666 INIT_LIST_HEAD(&hdev->long_term_keys);
3667 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3668 INIT_LIST_HEAD(&hdev->remote_oob_data);
3669 INIT_LIST_HEAD(&hdev->le_accept_list);
3670 INIT_LIST_HEAD(&hdev->le_resolv_list);
3671 INIT_LIST_HEAD(&hdev->le_conn_params);
3672 INIT_LIST_HEAD(&hdev->pend_le_conns);
3673 INIT_LIST_HEAD(&hdev->pend_le_reports);
3674 INIT_LIST_HEAD(&hdev->conn_hash.list);
3675 INIT_LIST_HEAD(&hdev->adv_instances);
3676 INIT_LIST_HEAD(&hdev->blocked_keys);
3678 INIT_WORK(&hdev->rx_work, hci_rx_work);
3679 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3680 INIT_WORK(&hdev->tx_work, hci_tx_work);
3681 INIT_WORK(&hdev->power_on, hci_power_on);
3682 INIT_WORK(&hdev->error_reset, hci_error_reset);
3683 INIT_WORK(&hdev->suspend_prepare, hci_prepare_suspend);
3685 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3687 skb_queue_head_init(&hdev->rx_q);
3688 skb_queue_head_init(&hdev->cmd_q);
3689 skb_queue_head_init(&hdev->raw_q);
3691 init_waitqueue_head(&hdev->req_wait_q);
3692 init_waitqueue_head(&hdev->suspend_wait_q);
3694 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3696 hci_request_setup(hdev);
3698 hci_init_sysfs(hdev);
3699 discovery_init(hdev);
3703 EXPORT_SYMBOL(hci_alloc_dev);
3705 /* Free HCI device */
3706 void hci_free_dev(struct hci_dev *hdev)
3708 /* will free via device release */
3709 put_device(&hdev->dev);
3711 EXPORT_SYMBOL(hci_free_dev);
3713 /* Register HCI device */
3714 int hci_register_dev(struct hci_dev *hdev)
3718 if (!hdev->open || !hdev->close || !hdev->send)
3721 /* Do not allow HCI_AMP devices to register at index 0,
3722 * so the index can be used as the AMP controller ID.
3724 switch (hdev->dev_type) {
3726 id = ida_simple_get(&hci_index_ida, 0, HCI_MAX_ID, GFP_KERNEL);
3729 id = ida_simple_get(&hci_index_ida, 1, HCI_MAX_ID, GFP_KERNEL);
3738 error = dev_set_name(&hdev->dev, "hci%u", id);
3742 hdev->name = dev_name(&hdev->dev);
3745 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3747 hdev->workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI, hdev->name);
3748 if (!hdev->workqueue) {
3753 hdev->req_workqueue = alloc_ordered_workqueue("%s", WQ_HIGHPRI,
3755 if (!hdev->req_workqueue) {
3756 destroy_workqueue(hdev->workqueue);
3761 if (!IS_ERR_OR_NULL(bt_debugfs))
3762 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3764 error = device_add(&hdev->dev);
3768 hci_leds_init(hdev);
3770 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3771 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3774 if (rfkill_register(hdev->rfkill) < 0) {
3775 rfkill_destroy(hdev->rfkill);
3776 hdev->rfkill = NULL;
3780 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3781 hci_dev_set_flag(hdev, HCI_RFKILLED);
3783 hci_dev_set_flag(hdev, HCI_SETUP);
3784 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3786 if (hdev->dev_type == HCI_PRIMARY) {
3787 /* Assume BR/EDR support until proven otherwise (such as
3788 * through reading supported features during init.
3790 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3793 write_lock(&hci_dev_list_lock);
3794 list_add(&hdev->list, &hci_dev_list);
3795 write_unlock(&hci_dev_list_lock);
3797 /* Devices that are marked for raw-only usage are unconfigured
3798 * and should not be included in normal operation.
3800 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3801 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3803 hci_sock_dev_event(hdev, HCI_DEV_REG);
3806 if (!hdev->suspend_notifier.notifier_call &&
3807 !test_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks)) {
3808 hdev->suspend_notifier.notifier_call = hci_suspend_notifier;
3809 error = register_pm_notifier(&hdev->suspend_notifier);
3814 queue_work(hdev->req_workqueue, &hdev->power_on);
3816 idr_init(&hdev->adv_monitors_idr);
3821 debugfs_remove_recursive(hdev->debugfs);
3822 destroy_workqueue(hdev->workqueue);
3823 destroy_workqueue(hdev->req_workqueue);
3825 ida_simple_remove(&hci_index_ida, hdev->id);
3829 EXPORT_SYMBOL(hci_register_dev);
3831 /* Unregister HCI device */
3832 void hci_unregister_dev(struct hci_dev *hdev)
3834 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3836 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3838 write_lock(&hci_dev_list_lock);
3839 list_del(&hdev->list);
3840 write_unlock(&hci_dev_list_lock);
3842 cancel_work_sync(&hdev->power_on);
3844 if (!test_bit(HCI_QUIRK_NO_SUSPEND_NOTIFIER, &hdev->quirks)) {
3845 hci_suspend_clear_tasks(hdev);
3846 unregister_pm_notifier(&hdev->suspend_notifier);
3847 cancel_work_sync(&hdev->suspend_prepare);
3850 hci_dev_do_close(hdev);
3852 if (!test_bit(HCI_INIT, &hdev->flags) &&
3853 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3854 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
3856 mgmt_index_removed(hdev);
3857 hci_dev_unlock(hdev);
3860 /* mgmt_index_removed should take care of emptying the
3862 BUG_ON(!list_empty(&hdev->mgmt_pending));
3864 hci_sock_dev_event(hdev, HCI_DEV_UNREG);
3867 rfkill_unregister(hdev->rfkill);
3868 rfkill_destroy(hdev->rfkill);
3871 device_del(&hdev->dev);
3872 /* Actual cleanup is deferred until hci_cleanup_dev(). */
3875 EXPORT_SYMBOL(hci_unregister_dev);
3877 /* Cleanup HCI device */
3878 void hci_cleanup_dev(struct hci_dev *hdev)
3880 debugfs_remove_recursive(hdev->debugfs);
3881 kfree_const(hdev->hw_info);
3882 kfree_const(hdev->fw_info);
3884 destroy_workqueue(hdev->workqueue);
3885 destroy_workqueue(hdev->req_workqueue);
3888 hci_bdaddr_list_clear(&hdev->reject_list);
3889 hci_bdaddr_list_clear(&hdev->accept_list);
3890 hci_uuids_clear(hdev);
3891 hci_link_keys_clear(hdev);
3892 hci_smp_ltks_clear(hdev);
3893 hci_smp_irks_clear(hdev);
3894 hci_remote_oob_data_clear(hdev);
3895 hci_adv_instances_clear(hdev);
3896 hci_adv_monitors_clear(hdev);
3897 hci_bdaddr_list_clear(&hdev->le_accept_list);
3898 hci_bdaddr_list_clear(&hdev->le_resolv_list);
3899 hci_conn_params_clear_all(hdev);
3900 hci_discovery_filter_clear(hdev);
3901 hci_blocked_keys_clear(hdev);
3902 hci_dev_unlock(hdev);
3904 ida_simple_remove(&hci_index_ida, hdev->id);
3907 /* Suspend HCI device */
3908 int hci_suspend_dev(struct hci_dev *hdev)
3910 hci_sock_dev_event(hdev, HCI_DEV_SUSPEND);
3913 EXPORT_SYMBOL(hci_suspend_dev);
3915 /* Resume HCI device */
3916 int hci_resume_dev(struct hci_dev *hdev)
3918 hci_sock_dev_event(hdev, HCI_DEV_RESUME);
3921 EXPORT_SYMBOL(hci_resume_dev);
3923 /* Reset HCI device */
3924 int hci_reset_dev(struct hci_dev *hdev)
3926 static const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
3927 struct sk_buff *skb;
3929 skb = bt_skb_alloc(3, GFP_ATOMIC);
3933 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
3934 skb_put_data(skb, hw_err, 3);
3936 /* Send Hardware Error to upper stack */
3937 return hci_recv_frame(hdev, skb);
3939 EXPORT_SYMBOL(hci_reset_dev);
3941 /* Receive frame from HCI drivers */
3942 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3944 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3945 && !test_bit(HCI_INIT, &hdev->flags))) {
3950 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
3951 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
3952 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT &&
3953 hci_skb_pkt_type(skb) != HCI_ISODATA_PKT) {
3959 bt_cb(skb)->incoming = 1;
3962 __net_timestamp(skb);
3964 skb_queue_tail(&hdev->rx_q, skb);
3965 queue_work(hdev->workqueue, &hdev->rx_work);
3969 EXPORT_SYMBOL(hci_recv_frame);
3971 /* Receive diagnostic message from HCI drivers */
3972 int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
3974 /* Mark as diagnostic packet */
3975 hci_skb_pkt_type(skb) = HCI_DIAG_PKT;
3978 __net_timestamp(skb);
3980 skb_queue_tail(&hdev->rx_q, skb);
3981 queue_work(hdev->workqueue, &hdev->rx_work);
3985 EXPORT_SYMBOL(hci_recv_diag);
3987 void hci_set_hw_info(struct hci_dev *hdev, const char *fmt, ...)
3991 va_start(vargs, fmt);
3992 kfree_const(hdev->hw_info);
3993 hdev->hw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3996 EXPORT_SYMBOL(hci_set_hw_info);
3998 void hci_set_fw_info(struct hci_dev *hdev, const char *fmt, ...)
4002 va_start(vargs, fmt);
4003 kfree_const(hdev->fw_info);
4004 hdev->fw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
4007 EXPORT_SYMBOL(hci_set_fw_info);
4009 /* ---- Interface to upper protocols ---- */
4011 int hci_register_cb(struct hci_cb *cb)
4013 BT_DBG("%p name %s", cb, cb->name);
4015 mutex_lock(&hci_cb_list_lock);
4016 list_add_tail(&cb->list, &hci_cb_list);
4017 mutex_unlock(&hci_cb_list_lock);
4021 EXPORT_SYMBOL(hci_register_cb);
4023 int hci_unregister_cb(struct hci_cb *cb)
4025 BT_DBG("%p name %s", cb, cb->name);
4027 mutex_lock(&hci_cb_list_lock);
4028 list_del(&cb->list);
4029 mutex_unlock(&hci_cb_list_lock);
4033 EXPORT_SYMBOL(hci_unregister_cb);
4035 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
4039 BT_DBG("%s type %d len %d", hdev->name, hci_skb_pkt_type(skb),
4043 __net_timestamp(skb);
4045 /* Send copy to monitor */
4046 hci_send_to_monitor(hdev, skb);
4048 if (atomic_read(&hdev->promisc)) {
4049 /* Send copy to the sockets */
4050 hci_send_to_sock(hdev, skb);
4053 /* Get rid of skb owner, prior to sending to the driver. */
4056 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
4061 err = hdev->send(hdev, skb);
4063 bt_dev_err(hdev, "sending frame failed (%d)", err);
4068 /* Send HCI command */
4069 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
4072 struct sk_buff *skb;
4074 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
4076 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4078 bt_dev_err(hdev, "no memory for command");
4082 /* Stand-alone HCI commands must be flagged as
4083 * single-command requests.
4085 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
4087 skb_queue_tail(&hdev->cmd_q, skb);
4088 queue_work(hdev->workqueue, &hdev->cmd_work);
4093 int __hci_cmd_send(struct hci_dev *hdev, u16 opcode, u32 plen,
4096 struct sk_buff *skb;
4098 if (hci_opcode_ogf(opcode) != 0x3f) {
4099 /* A controller receiving a command shall respond with either
4100 * a Command Status Event or a Command Complete Event.
4101 * Therefore, all standard HCI commands must be sent via the
4102 * standard API, using hci_send_cmd or hci_cmd_sync helpers.
4103 * Some vendors do not comply with this rule for vendor-specific
4104 * commands and do not return any event. We want to support
4105 * unresponded commands for such cases only.
4107 bt_dev_err(hdev, "unresponded command not supported");
4111 skb = hci_prepare_cmd(hdev, opcode, plen, param);
4113 bt_dev_err(hdev, "no memory for command (opcode 0x%4.4x)",
4118 hci_send_frame(hdev, skb);
4122 EXPORT_SYMBOL(__hci_cmd_send);
4124 /* Get data from the previously sent command */
4125 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
4127 struct hci_command_hdr *hdr;
4129 if (!hdev->sent_cmd)
4132 hdr = (void *) hdev->sent_cmd->data;
4134 if (hdr->opcode != cpu_to_le16(opcode))
4137 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
4139 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
4142 /* Send HCI command and wait for command commplete event */
4143 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
4144 const void *param, u32 timeout)
4146 struct sk_buff *skb;
4148 if (!test_bit(HCI_UP, &hdev->flags))
4149 return ERR_PTR(-ENETDOWN);
4151 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
4153 hci_req_sync_lock(hdev);
4154 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
4155 hci_req_sync_unlock(hdev);
4159 EXPORT_SYMBOL(hci_cmd_sync);
4162 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
4164 struct hci_acl_hdr *hdr;
4167 skb_push(skb, HCI_ACL_HDR_SIZE);
4168 skb_reset_transport_header(skb);
4169 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
4170 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
4171 hdr->dlen = cpu_to_le16(len);
4174 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
4175 struct sk_buff *skb, __u16 flags)
4177 struct hci_conn *conn = chan->conn;
4178 struct hci_dev *hdev = conn->hdev;
4179 struct sk_buff *list;
4181 skb->len = skb_headlen(skb);
4184 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
4186 switch (hdev->dev_type) {
4188 hci_add_acl_hdr(skb, conn->handle, flags);
4191 hci_add_acl_hdr(skb, chan->handle, flags);
4194 bt_dev_err(hdev, "unknown dev_type %d", hdev->dev_type);
4198 list = skb_shinfo(skb)->frag_list;
4200 /* Non fragmented */
4201 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
4203 skb_queue_tail(queue, skb);
4206 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4208 skb_shinfo(skb)->frag_list = NULL;
4210 /* Queue all fragments atomically. We need to use spin_lock_bh
4211 * here because of 6LoWPAN links, as there this function is
4212 * called from softirq and using normal spin lock could cause
4215 spin_lock_bh(&queue->lock);
4217 __skb_queue_tail(queue, skb);
4219 flags &= ~ACL_START;
4222 skb = list; list = list->next;
4224 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
4225 hci_add_acl_hdr(skb, conn->handle, flags);
4227 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
4229 __skb_queue_tail(queue, skb);
4232 spin_unlock_bh(&queue->lock);
4236 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
4238 struct hci_dev *hdev = chan->conn->hdev;
4240 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
4242 hci_queue_acl(chan, &chan->data_q, skb, flags);
4244 queue_work(hdev->workqueue, &hdev->tx_work);
4248 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
4250 struct hci_dev *hdev = conn->hdev;
4251 struct hci_sco_hdr hdr;
4253 BT_DBG("%s len %d", hdev->name, skb->len);
4255 hdr.handle = cpu_to_le16(conn->handle);
4256 hdr.dlen = skb->len;
4258 skb_push(skb, HCI_SCO_HDR_SIZE);
4259 skb_reset_transport_header(skb);
4260 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
4262 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
4264 skb_queue_tail(&conn->data_q, skb);
4265 queue_work(hdev->workqueue, &hdev->tx_work);
4268 /* ---- HCI TX task (outgoing data) ---- */
4270 /* HCI Connection scheduler */
4271 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
4274 struct hci_conn_hash *h = &hdev->conn_hash;
4275 struct hci_conn *conn = NULL, *c;
4276 unsigned int num = 0, min = ~0;
4278 /* We don't have to lock device here. Connections are always
4279 * added and removed with TX task disabled. */
4283 list_for_each_entry_rcu(c, &h->list, list) {
4284 if (c->type != type || skb_queue_empty(&c->data_q))
4287 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
4292 if (c->sent < min) {
4297 if (hci_conn_num(hdev, type) == num)
4306 switch (conn->type) {
4308 cnt = hdev->acl_cnt;
4312 cnt = hdev->sco_cnt;
4315 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4319 bt_dev_err(hdev, "unknown link type %d", conn->type);
4327 BT_DBG("conn %p quote %d", conn, *quote);
4331 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
4333 struct hci_conn_hash *h = &hdev->conn_hash;
4336 bt_dev_err(hdev, "link tx timeout");
4340 /* Kill stalled connections */
4341 list_for_each_entry_rcu(c, &h->list, list) {
4342 if (c->type == type && c->sent) {
4343 bt_dev_err(hdev, "killing stalled connection %pMR",
4345 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
4352 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
4355 struct hci_conn_hash *h = &hdev->conn_hash;
4356 struct hci_chan *chan = NULL;
4357 unsigned int num = 0, min = ~0, cur_prio = 0;
4358 struct hci_conn *conn;
4359 int cnt, q, conn_num = 0;
4361 BT_DBG("%s", hdev->name);
4365 list_for_each_entry_rcu(conn, &h->list, list) {
4366 struct hci_chan *tmp;
4368 if (conn->type != type)
4371 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4376 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
4377 struct sk_buff *skb;
4379 if (skb_queue_empty(&tmp->data_q))
4382 skb = skb_peek(&tmp->data_q);
4383 if (skb->priority < cur_prio)
4386 if (skb->priority > cur_prio) {
4389 cur_prio = skb->priority;
4394 if (conn->sent < min) {
4400 if (hci_conn_num(hdev, type) == conn_num)
4409 switch (chan->conn->type) {
4411 cnt = hdev->acl_cnt;
4414 cnt = hdev->block_cnt;
4418 cnt = hdev->sco_cnt;
4421 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
4425 bt_dev_err(hdev, "unknown link type %d", chan->conn->type);
4430 BT_DBG("chan %p quote %d", chan, *quote);
4434 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
4436 struct hci_conn_hash *h = &hdev->conn_hash;
4437 struct hci_conn *conn;
4440 BT_DBG("%s", hdev->name);
4444 list_for_each_entry_rcu(conn, &h->list, list) {
4445 struct hci_chan *chan;
4447 if (conn->type != type)
4450 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
4455 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
4456 struct sk_buff *skb;
4463 if (skb_queue_empty(&chan->data_q))
4466 skb = skb_peek(&chan->data_q);
4467 if (skb->priority >= HCI_PRIO_MAX - 1)
4470 skb->priority = HCI_PRIO_MAX - 1;
4472 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
4476 if (hci_conn_num(hdev, type) == num)
4484 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
4486 /* Calculate count of blocks used by this packet */
4487 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
4490 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt, u8 type)
4492 unsigned long last_tx;
4494 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
4499 last_tx = hdev->le_last_tx;
4502 last_tx = hdev->acl_last_tx;
4506 /* tx timeout must be longer than maximum link supervision timeout
4509 if (!cnt && time_after(jiffies, last_tx + HCI_ACL_TX_TIMEOUT))
4510 hci_link_tx_to(hdev, type);
4514 static void hci_sched_sco(struct hci_dev *hdev)
4516 struct hci_conn *conn;
4517 struct sk_buff *skb;
4520 BT_DBG("%s", hdev->name);
4522 if (!hci_conn_num(hdev, SCO_LINK))
4525 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
4526 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4527 BT_DBG("skb %p len %d", skb, skb->len);
4528 hci_send_frame(hdev, skb);
4531 if (conn->sent == ~0)
4537 static void hci_sched_esco(struct hci_dev *hdev)
4539 struct hci_conn *conn;
4540 struct sk_buff *skb;
4543 BT_DBG("%s", hdev->name);
4545 if (!hci_conn_num(hdev, ESCO_LINK))
4548 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
4550 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
4551 BT_DBG("skb %p len %d", skb, skb->len);
4552 hci_send_frame(hdev, skb);
4555 if (conn->sent == ~0)
4561 static void hci_sched_acl_pkt(struct hci_dev *hdev)
4563 unsigned int cnt = hdev->acl_cnt;
4564 struct hci_chan *chan;
4565 struct sk_buff *skb;
4568 __check_timeout(hdev, cnt, ACL_LINK);
4570 while (hdev->acl_cnt &&
4571 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
4572 u32 priority = (skb_peek(&chan->data_q))->priority;
4573 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4574 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4575 skb->len, skb->priority);
4577 /* Stop if priority has changed */
4578 if (skb->priority < priority)
4581 skb = skb_dequeue(&chan->data_q);
4583 hci_conn_enter_active_mode(chan->conn,
4584 bt_cb(skb)->force_active);
4586 hci_send_frame(hdev, skb);
4587 hdev->acl_last_tx = jiffies;
4593 /* Send pending SCO packets right away */
4594 hci_sched_sco(hdev);
4595 hci_sched_esco(hdev);
4599 if (cnt != hdev->acl_cnt)
4600 hci_prio_recalculate(hdev, ACL_LINK);
4603 static void hci_sched_acl_blk(struct hci_dev *hdev)
4605 unsigned int cnt = hdev->block_cnt;
4606 struct hci_chan *chan;
4607 struct sk_buff *skb;
4611 BT_DBG("%s", hdev->name);
4613 if (hdev->dev_type == HCI_AMP)
4618 __check_timeout(hdev, cnt, type);
4620 while (hdev->block_cnt > 0 &&
4621 (chan = hci_chan_sent(hdev, type, "e))) {
4622 u32 priority = (skb_peek(&chan->data_q))->priority;
4623 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
4626 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4627 skb->len, skb->priority);
4629 /* Stop if priority has changed */
4630 if (skb->priority < priority)
4633 skb = skb_dequeue(&chan->data_q);
4635 blocks = __get_blocks(hdev, skb);
4636 if (blocks > hdev->block_cnt)
4639 hci_conn_enter_active_mode(chan->conn,
4640 bt_cb(skb)->force_active);
4642 hci_send_frame(hdev, skb);
4643 hdev->acl_last_tx = jiffies;
4645 hdev->block_cnt -= blocks;
4648 chan->sent += blocks;
4649 chan->conn->sent += blocks;
4653 if (cnt != hdev->block_cnt)
4654 hci_prio_recalculate(hdev, type);
4657 static void hci_sched_acl(struct hci_dev *hdev)
4659 BT_DBG("%s", hdev->name);
4661 /* No ACL link over BR/EDR controller */
4662 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_PRIMARY)
4665 /* No AMP link over AMP controller */
4666 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
4669 switch (hdev->flow_ctl_mode) {
4670 case HCI_FLOW_CTL_MODE_PACKET_BASED:
4671 hci_sched_acl_pkt(hdev);
4674 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
4675 hci_sched_acl_blk(hdev);
4680 static void hci_sched_le(struct hci_dev *hdev)
4682 struct hci_chan *chan;
4683 struct sk_buff *skb;
4684 int quote, cnt, tmp;
4686 BT_DBG("%s", hdev->name);
4688 if (!hci_conn_num(hdev, LE_LINK))
4691 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
4693 __check_timeout(hdev, cnt, LE_LINK);
4696 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
4697 u32 priority = (skb_peek(&chan->data_q))->priority;
4698 while (quote-- && (skb = skb_peek(&chan->data_q))) {
4699 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
4700 skb->len, skb->priority);
4702 /* Stop if priority has changed */
4703 if (skb->priority < priority)
4706 skb = skb_dequeue(&chan->data_q);
4708 hci_send_frame(hdev, skb);
4709 hdev->le_last_tx = jiffies;
4715 /* Send pending SCO packets right away */
4716 hci_sched_sco(hdev);
4717 hci_sched_esco(hdev);
4724 hdev->acl_cnt = cnt;
4727 hci_prio_recalculate(hdev, LE_LINK);
4730 static void hci_tx_work(struct work_struct *work)
4732 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4733 struct sk_buff *skb;
4735 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4736 hdev->sco_cnt, hdev->le_cnt);
4738 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4739 /* Schedule queues and send stuff to HCI driver */
4740 hci_sched_sco(hdev);
4741 hci_sched_esco(hdev);
4742 hci_sched_acl(hdev);
4746 /* Send next queued raw (unknown type) packet */
4747 while ((skb = skb_dequeue(&hdev->raw_q)))
4748 hci_send_frame(hdev, skb);
4751 /* ----- HCI RX task (incoming data processing) ----- */
4753 /* ACL data packet */
4754 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4756 struct hci_acl_hdr *hdr = (void *) skb->data;
4757 struct hci_conn *conn;
4758 __u16 handle, flags;
4760 skb_pull(skb, HCI_ACL_HDR_SIZE);
4762 handle = __le16_to_cpu(hdr->handle);
4763 flags = hci_flags(handle);
4764 handle = hci_handle(handle);
4766 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4769 hdev->stat.acl_rx++;
4772 conn = hci_conn_hash_lookup_handle(hdev, handle);
4773 hci_dev_unlock(hdev);
4776 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4778 /* Send to upper protocol */
4779 l2cap_recv_acldata(conn, skb, flags);
4782 bt_dev_err(hdev, "ACL packet for unknown connection handle %d",
4789 /* SCO data packet */
4790 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4792 struct hci_sco_hdr *hdr = (void *) skb->data;
4793 struct hci_conn *conn;
4794 __u16 handle, flags;
4796 skb_pull(skb, HCI_SCO_HDR_SIZE);
4798 handle = __le16_to_cpu(hdr->handle);
4799 flags = hci_flags(handle);
4800 handle = hci_handle(handle);
4802 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4805 hdev->stat.sco_rx++;
4808 conn = hci_conn_hash_lookup_handle(hdev, handle);
4809 hci_dev_unlock(hdev);
4812 /* Send to upper protocol */
4813 bt_cb(skb)->sco.pkt_status = flags & 0x03;
4814 sco_recv_scodata(conn, skb);
4817 bt_dev_err(hdev, "SCO packet for unknown connection handle %d",
4824 static bool hci_req_is_complete(struct hci_dev *hdev)
4826 struct sk_buff *skb;
4828 skb = skb_peek(&hdev->cmd_q);
4832 return (bt_cb(skb)->hci.req_flags & HCI_REQ_START);
4835 static void hci_resend_last(struct hci_dev *hdev)
4837 struct hci_command_hdr *sent;
4838 struct sk_buff *skb;
4841 if (!hdev->sent_cmd)
4844 sent = (void *) hdev->sent_cmd->data;
4845 opcode = __le16_to_cpu(sent->opcode);
4846 if (opcode == HCI_OP_RESET)
4849 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4853 skb_queue_head(&hdev->cmd_q, skb);
4854 queue_work(hdev->workqueue, &hdev->cmd_work);
4857 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4858 hci_req_complete_t *req_complete,
4859 hci_req_complete_skb_t *req_complete_skb)
4861 struct sk_buff *skb;
4862 unsigned long flags;
4864 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4866 /* If the completed command doesn't match the last one that was
4867 * sent we need to do special handling of it.
4869 if (!hci_sent_cmd_data(hdev, opcode)) {
4870 /* Some CSR based controllers generate a spontaneous
4871 * reset complete event during init and any pending
4872 * command will never be completed. In such a case we
4873 * need to resend whatever was the last sent
4876 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4877 hci_resend_last(hdev);
4882 /* If we reach this point this event matches the last command sent */
4883 hci_dev_clear_flag(hdev, HCI_CMD_PENDING);
4885 /* If the command succeeded and there's still more commands in
4886 * this request the request is not yet complete.
4888 if (!status && !hci_req_is_complete(hdev))
4891 /* If this was the last command in a request the complete
4892 * callback would be found in hdev->sent_cmd instead of the
4893 * command queue (hdev->cmd_q).
4895 if (bt_cb(hdev->sent_cmd)->hci.req_flags & HCI_REQ_SKB) {
4896 *req_complete_skb = bt_cb(hdev->sent_cmd)->hci.req_complete_skb;
4900 if (bt_cb(hdev->sent_cmd)->hci.req_complete) {
4901 *req_complete = bt_cb(hdev->sent_cmd)->hci.req_complete;
4905 /* Remove all pending commands belonging to this request */
4906 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4907 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4908 if (bt_cb(skb)->hci.req_flags & HCI_REQ_START) {
4909 __skb_queue_head(&hdev->cmd_q, skb);
4913 if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
4914 *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
4916 *req_complete = bt_cb(skb)->hci.req_complete;
4917 dev_kfree_skb_irq(skb);
4919 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4922 static void hci_rx_work(struct work_struct *work)
4924 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4925 struct sk_buff *skb;
4927 BT_DBG("%s", hdev->name);
4929 while ((skb = skb_dequeue(&hdev->rx_q))) {
4930 /* Send copy to monitor */
4931 hci_send_to_monitor(hdev, skb);
4933 if (atomic_read(&hdev->promisc)) {
4934 /* Send copy to the sockets */
4935 hci_send_to_sock(hdev, skb);
4938 /* If the device has been opened in HCI_USER_CHANNEL,
4939 * the userspace has exclusive access to device.
4940 * When device is HCI_INIT, we still need to process
4941 * the data packets to the driver in order
4942 * to complete its setup().
4944 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
4945 !test_bit(HCI_INIT, &hdev->flags)) {
4950 if (test_bit(HCI_INIT, &hdev->flags)) {
4951 /* Don't process data packets in this states. */
4952 switch (hci_skb_pkt_type(skb)) {
4953 case HCI_ACLDATA_PKT:
4954 case HCI_SCODATA_PKT:
4955 case HCI_ISODATA_PKT:
4962 switch (hci_skb_pkt_type(skb)) {
4964 BT_DBG("%s Event packet", hdev->name);
4965 hci_event_packet(hdev, skb);
4968 case HCI_ACLDATA_PKT:
4969 BT_DBG("%s ACL data packet", hdev->name);
4970 hci_acldata_packet(hdev, skb);
4973 case HCI_SCODATA_PKT:
4974 BT_DBG("%s SCO data packet", hdev->name);
4975 hci_scodata_packet(hdev, skb);
4985 static void hci_cmd_work(struct work_struct *work)
4987 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4988 struct sk_buff *skb;
4990 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4991 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4993 /* Send queued commands */
4994 if (atomic_read(&hdev->cmd_cnt)) {
4995 skb = skb_dequeue(&hdev->cmd_q);
4999 kfree_skb(hdev->sent_cmd);
5001 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
5002 if (hdev->sent_cmd) {
5003 if (hci_req_status_pend(hdev))
5004 hci_dev_set_flag(hdev, HCI_CMD_PENDING);
5005 atomic_dec(&hdev->cmd_cnt);
5006 hci_send_frame(hdev, skb);
5007 if (test_bit(HCI_RESET, &hdev->flags))
5008 cancel_delayed_work(&hdev->cmd_timer);
5010 schedule_delayed_work(&hdev->cmd_timer,
5013 skb_queue_head(&hdev->cmd_q, skb);
5014 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / releases.git / blob