2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2011 ProFUSION Embedded Systems
6 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License version 2 as
10 published by the Free Software Foundation;
12 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
13 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
14 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
15 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
16 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
17 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
22 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
23 SOFTWARE IS DISCLAIMED.
26 /* Bluetooth HCI core. */
28 #include <linux/export.h>
29 #include <linux/idr.h>
30 #include <linux/rfkill.h>
31 #include <linux/debugfs.h>
32 #include <linux/crypto.h>
33 #include <asm/unaligned.h>
35 #include <net/bluetooth/bluetooth.h>
36 #include <net/bluetooth/hci_core.h>
37 #include <net/bluetooth/l2cap.h>
38 #include <net/bluetooth/mgmt.h>
40 #include "hci_request.h"
41 #include "hci_debugfs.h"
45 static void hci_rx_work(struct work_struct *work);
46 static void hci_cmd_work(struct work_struct *work);
47 static void hci_tx_work(struct work_struct *work);
50 LIST_HEAD(hci_dev_list);
51 DEFINE_RWLOCK(hci_dev_list_lock);
53 /* HCI callback list */
54 LIST_HEAD(hci_cb_list);
55 DEFINE_MUTEX(hci_cb_list_lock);
57 /* HCI ID Numbering */
58 static DEFINE_IDA(hci_index_ida);
60 /* ---- HCI debugfs entries ---- */
62 static ssize_t dut_mode_read(struct file *file, char __user *user_buf,
63 size_t count, loff_t *ppos)
65 struct hci_dev *hdev = file->private_data;
68 buf[0] = hci_dev_test_flag(hdev, HCI_DUT_MODE) ? 'Y' : 'N';
71 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
74 static ssize_t dut_mode_write(struct file *file, const char __user *user_buf,
75 size_t count, loff_t *ppos)
77 struct hci_dev *hdev = file->private_data;
80 size_t buf_size = min(count, (sizeof(buf)-1));
83 if (!test_bit(HCI_UP, &hdev->flags))
86 if (copy_from_user(buf, user_buf, buf_size))
90 if (strtobool(buf, &enable))
93 if (enable == hci_dev_test_flag(hdev, HCI_DUT_MODE))
96 hci_req_sync_lock(hdev);
98 skb = __hci_cmd_sync(hdev, HCI_OP_ENABLE_DUT_MODE, 0, NULL,
101 skb = __hci_cmd_sync(hdev, HCI_OP_RESET, 0, NULL,
103 hci_req_sync_unlock(hdev);
110 hci_dev_change_flag(hdev, HCI_DUT_MODE);
115 static const struct file_operations dut_mode_fops = {
117 .read = dut_mode_read,
118 .write = dut_mode_write,
119 .llseek = default_llseek,
122 static ssize_t vendor_diag_read(struct file *file, char __user *user_buf,
123 size_t count, loff_t *ppos)
125 struct hci_dev *hdev = file->private_data;
128 buf[0] = hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) ? 'Y' : 'N';
131 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
134 static ssize_t vendor_diag_write(struct file *file, const char __user *user_buf,
135 size_t count, loff_t *ppos)
137 struct hci_dev *hdev = file->private_data;
139 size_t buf_size = min(count, (sizeof(buf)-1));
143 if (copy_from_user(buf, user_buf, buf_size))
146 buf[buf_size] = '\0';
147 if (strtobool(buf, &enable))
150 /* When the diagnostic flags are not persistent and the transport
151 * is not active, then there is no need for the vendor callback.
153 * Instead just store the desired value. If needed the setting
154 * will be programmed when the controller gets powered on.
156 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
157 !test_bit(HCI_RUNNING, &hdev->flags))
160 hci_req_sync_lock(hdev);
161 err = hdev->set_diag(hdev, enable);
162 hci_req_sync_unlock(hdev);
169 hci_dev_set_flag(hdev, HCI_VENDOR_DIAG);
171 hci_dev_clear_flag(hdev, HCI_VENDOR_DIAG);
176 static const struct file_operations vendor_diag_fops = {
178 .read = vendor_diag_read,
179 .write = vendor_diag_write,
180 .llseek = default_llseek,
183 static void hci_debugfs_create_basic(struct hci_dev *hdev)
185 debugfs_create_file("dut_mode", 0644, hdev->debugfs, hdev,
189 debugfs_create_file("vendor_diag", 0644, hdev->debugfs, hdev,
193 static int hci_reset_req(struct hci_request *req, unsigned long opt)
195 BT_DBG("%s %ld", req->hdev->name, opt);
198 set_bit(HCI_RESET, &req->hdev->flags);
199 hci_req_add(req, HCI_OP_RESET, 0, NULL);
203 static void bredr_init(struct hci_request *req)
205 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_PACKET_BASED;
207 /* Read Local Supported Features */
208 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
210 /* Read Local Version */
211 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
213 /* Read BD Address */
214 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
217 static void amp_init1(struct hci_request *req)
219 req->hdev->flow_ctl_mode = HCI_FLOW_CTL_MODE_BLOCK_BASED;
221 /* Read Local Version */
222 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
224 /* Read Local Supported Commands */
225 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
227 /* Read Local AMP Info */
228 hci_req_add(req, HCI_OP_READ_LOCAL_AMP_INFO, 0, NULL);
230 /* Read Data Blk size */
231 hci_req_add(req, HCI_OP_READ_DATA_BLOCK_SIZE, 0, NULL);
233 /* Read Flow Control Mode */
234 hci_req_add(req, HCI_OP_READ_FLOW_CONTROL_MODE, 0, NULL);
236 /* Read Location Data */
237 hci_req_add(req, HCI_OP_READ_LOCATION_DATA, 0, NULL);
240 static int amp_init2(struct hci_request *req)
242 /* Read Local Supported Features. Not all AMP controllers
243 * support this so it's placed conditionally in the second
246 if (req->hdev->commands[14] & 0x20)
247 hci_req_add(req, HCI_OP_READ_LOCAL_FEATURES, 0, NULL);
252 static int hci_init1_req(struct hci_request *req, unsigned long opt)
254 struct hci_dev *hdev = req->hdev;
256 BT_DBG("%s %ld", hdev->name, opt);
259 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
260 hci_reset_req(req, 0);
262 switch (hdev->dev_type) {
270 BT_ERR("Unknown device type %d", hdev->dev_type);
277 static void bredr_setup(struct hci_request *req)
282 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
283 hci_req_add(req, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
285 /* Read Class of Device */
286 hci_req_add(req, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
288 /* Read Local Name */
289 hci_req_add(req, HCI_OP_READ_LOCAL_NAME, 0, NULL);
291 /* Read Voice Setting */
292 hci_req_add(req, HCI_OP_READ_VOICE_SETTING, 0, NULL);
294 /* Read Number of Supported IAC */
295 hci_req_add(req, HCI_OP_READ_NUM_SUPPORTED_IAC, 0, NULL);
297 /* Read Current IAC LAP */
298 hci_req_add(req, HCI_OP_READ_CURRENT_IAC_LAP, 0, NULL);
300 /* Clear Event Filters */
301 flt_type = HCI_FLT_CLEAR_ALL;
302 hci_req_add(req, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
304 /* Connection accept timeout ~20 secs */
305 param = cpu_to_le16(0x7d00);
306 hci_req_add(req, HCI_OP_WRITE_CA_TIMEOUT, 2, ¶m);
309 static void le_setup(struct hci_request *req)
311 struct hci_dev *hdev = req->hdev;
313 /* Read LE Buffer Size */
314 hci_req_add(req, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
316 /* Read LE Local Supported Features */
317 hci_req_add(req, HCI_OP_LE_READ_LOCAL_FEATURES, 0, NULL);
319 /* Read LE Supported States */
320 hci_req_add(req, HCI_OP_LE_READ_SUPPORTED_STATES, 0, NULL);
322 /* LE-only controllers have LE implicitly enabled */
323 if (!lmp_bredr_capable(hdev))
324 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
327 static void hci_setup_event_mask(struct hci_request *req)
329 struct hci_dev *hdev = req->hdev;
331 /* The second byte is 0xff instead of 0x9f (two reserved bits
332 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
335 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
337 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
338 * any event mask for pre 1.2 devices.
340 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
343 if (lmp_bredr_capable(hdev)) {
344 events[4] |= 0x01; /* Flow Specification Complete */
346 /* Use a different default for LE-only devices */
347 memset(events, 0, sizeof(events));
348 events[1] |= 0x20; /* Command Complete */
349 events[1] |= 0x40; /* Command Status */
350 events[1] |= 0x80; /* Hardware Error */
352 /* If the controller supports the Disconnect command, enable
353 * the corresponding event. In addition enable packet flow
354 * control related events.
356 if (hdev->commands[0] & 0x20) {
357 events[0] |= 0x10; /* Disconnection Complete */
358 events[2] |= 0x04; /* Number of Completed Packets */
359 events[3] |= 0x02; /* Data Buffer Overflow */
362 /* If the controller supports the Read Remote Version
363 * Information command, enable the corresponding event.
365 if (hdev->commands[2] & 0x80)
366 events[1] |= 0x08; /* Read Remote Version Information
370 if (hdev->le_features[0] & HCI_LE_ENCRYPTION) {
371 events[0] |= 0x80; /* Encryption Change */
372 events[5] |= 0x80; /* Encryption Key Refresh Complete */
376 if (lmp_inq_rssi_capable(hdev) ||
377 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks))
378 events[4] |= 0x02; /* Inquiry Result with RSSI */
380 if (lmp_ext_feat_capable(hdev))
381 events[4] |= 0x04; /* Read Remote Extended Features Complete */
383 if (lmp_esco_capable(hdev)) {
384 events[5] |= 0x08; /* Synchronous Connection Complete */
385 events[5] |= 0x10; /* Synchronous Connection Changed */
388 if (lmp_sniffsubr_capable(hdev))
389 events[5] |= 0x20; /* Sniff Subrating */
391 if (lmp_pause_enc_capable(hdev))
392 events[5] |= 0x80; /* Encryption Key Refresh Complete */
394 if (lmp_ext_inq_capable(hdev))
395 events[5] |= 0x40; /* Extended Inquiry Result */
397 if (lmp_no_flush_capable(hdev))
398 events[7] |= 0x01; /* Enhanced Flush Complete */
400 if (lmp_lsto_capable(hdev))
401 events[6] |= 0x80; /* Link Supervision Timeout Changed */
403 if (lmp_ssp_capable(hdev)) {
404 events[6] |= 0x01; /* IO Capability Request */
405 events[6] |= 0x02; /* IO Capability Response */
406 events[6] |= 0x04; /* User Confirmation Request */
407 events[6] |= 0x08; /* User Passkey Request */
408 events[6] |= 0x10; /* Remote OOB Data Request */
409 events[6] |= 0x20; /* Simple Pairing Complete */
410 events[7] |= 0x04; /* User Passkey Notification */
411 events[7] |= 0x08; /* Keypress Notification */
412 events[7] |= 0x10; /* Remote Host Supported
413 * Features Notification
417 if (lmp_le_capable(hdev))
418 events[7] |= 0x20; /* LE Meta-Event */
420 hci_req_add(req, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
423 static int hci_init2_req(struct hci_request *req, unsigned long opt)
425 struct hci_dev *hdev = req->hdev;
427 if (hdev->dev_type == HCI_AMP)
428 return amp_init2(req);
430 if (lmp_bredr_capable(hdev))
433 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
435 if (lmp_le_capable(hdev))
438 /* All Bluetooth 1.2 and later controllers should support the
439 * HCI command for reading the local supported commands.
441 * Unfortunately some controllers indicate Bluetooth 1.2 support,
442 * but do not have support for this command. If that is the case,
443 * the driver can quirk the behavior and skip reading the local
444 * supported commands.
446 if (hdev->hci_ver > BLUETOOTH_VER_1_1 &&
447 !test_bit(HCI_QUIRK_BROKEN_LOCAL_COMMANDS, &hdev->quirks))
448 hci_req_add(req, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
450 if (lmp_ssp_capable(hdev)) {
451 /* When SSP is available, then the host features page
452 * should also be available as well. However some
453 * controllers list the max_page as 0 as long as SSP
454 * has not been enabled. To achieve proper debugging
455 * output, force the minimum max_page to 1 at least.
457 hdev->max_page = 0x01;
459 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
462 hci_req_add(req, HCI_OP_WRITE_SSP_MODE,
463 sizeof(mode), &mode);
465 struct hci_cp_write_eir cp;
467 memset(hdev->eir, 0, sizeof(hdev->eir));
468 memset(&cp, 0, sizeof(cp));
470 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
474 if (lmp_inq_rssi_capable(hdev) ||
475 test_bit(HCI_QUIRK_FIXUP_INQUIRY_MODE, &hdev->quirks)) {
478 /* If Extended Inquiry Result events are supported, then
479 * they are clearly preferred over Inquiry Result with RSSI
482 mode = lmp_ext_inq_capable(hdev) ? 0x02 : 0x01;
484 hci_req_add(req, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
487 if (lmp_inq_tx_pwr_capable(hdev))
488 hci_req_add(req, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
490 if (lmp_ext_feat_capable(hdev)) {
491 struct hci_cp_read_local_ext_features cp;
494 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
498 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
500 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
507 static void hci_setup_link_policy(struct hci_request *req)
509 struct hci_dev *hdev = req->hdev;
510 struct hci_cp_write_def_link_policy cp;
513 if (lmp_rswitch_capable(hdev))
514 link_policy |= HCI_LP_RSWITCH;
515 if (lmp_hold_capable(hdev))
516 link_policy |= HCI_LP_HOLD;
517 if (lmp_sniff_capable(hdev))
518 link_policy |= HCI_LP_SNIFF;
519 if (lmp_park_capable(hdev))
520 link_policy |= HCI_LP_PARK;
522 cp.policy = cpu_to_le16(link_policy);
523 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
526 static void hci_set_le_support(struct hci_request *req)
528 struct hci_dev *hdev = req->hdev;
529 struct hci_cp_write_le_host_supported cp;
531 /* LE-only devices do not support explicit enablement */
532 if (!lmp_bredr_capable(hdev))
535 memset(&cp, 0, sizeof(cp));
537 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
542 if (cp.le != lmp_host_le_capable(hdev))
543 hci_req_add(req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
547 static void hci_set_event_mask_page_2(struct hci_request *req)
549 struct hci_dev *hdev = req->hdev;
550 u8 events[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
551 bool changed = false;
553 /* If Connectionless Slave Broadcast master role is supported
554 * enable all necessary events for it.
556 if (lmp_csb_master_capable(hdev)) {
557 events[1] |= 0x40; /* Triggered Clock Capture */
558 events[1] |= 0x80; /* Synchronization Train Complete */
559 events[2] |= 0x10; /* Slave Page Response Timeout */
560 events[2] |= 0x20; /* CSB Channel Map Change */
564 /* If Connectionless Slave Broadcast slave role is supported
565 * enable all necessary events for it.
567 if (lmp_csb_slave_capable(hdev)) {
568 events[2] |= 0x01; /* Synchronization Train Received */
569 events[2] |= 0x02; /* CSB Receive */
570 events[2] |= 0x04; /* CSB Timeout */
571 events[2] |= 0x08; /* Truncated Page Complete */
575 /* Enable Authenticated Payload Timeout Expired event if supported */
576 if (lmp_ping_capable(hdev) || hdev->le_features[0] & HCI_LE_PING) {
581 /* Some Broadcom based controllers indicate support for Set Event
582 * Mask Page 2 command, but then actually do not support it. Since
583 * the default value is all bits set to zero, the command is only
584 * required if the event mask has to be changed. In case no change
585 * to the event mask is needed, skip this command.
588 hci_req_add(req, HCI_OP_SET_EVENT_MASK_PAGE_2,
589 sizeof(events), events);
592 static int hci_init3_req(struct hci_request *req, unsigned long opt)
594 struct hci_dev *hdev = req->hdev;
597 hci_setup_event_mask(req);
599 if (hdev->commands[6] & 0x20 &&
600 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
601 struct hci_cp_read_stored_link_key cp;
603 bacpy(&cp.bdaddr, BDADDR_ANY);
605 hci_req_add(req, HCI_OP_READ_STORED_LINK_KEY, sizeof(cp), &cp);
608 if (hdev->commands[5] & 0x10)
609 hci_setup_link_policy(req);
611 if (hdev->commands[8] & 0x01)
612 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_ACTIVITY, 0, NULL);
614 /* Some older Broadcom based Bluetooth 1.2 controllers do not
615 * support the Read Page Scan Type command. Check support for
616 * this command in the bit mask of supported commands.
618 if (hdev->commands[13] & 0x01)
619 hci_req_add(req, HCI_OP_READ_PAGE_SCAN_TYPE, 0, NULL);
621 if (lmp_le_capable(hdev)) {
624 memset(events, 0, sizeof(events));
626 if (hdev->le_features[0] & HCI_LE_ENCRYPTION)
627 events[0] |= 0x10; /* LE Long Term Key Request */
629 /* If controller supports the Connection Parameters Request
630 * Link Layer Procedure, enable the corresponding event.
632 if (hdev->le_features[0] & HCI_LE_CONN_PARAM_REQ_PROC)
633 events[0] |= 0x20; /* LE Remote Connection
637 /* If the controller supports the Data Length Extension
638 * feature, enable the corresponding event.
640 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT)
641 events[0] |= 0x40; /* LE Data Length Change */
643 /* If the controller supports Extended Scanner Filter
644 * Policies, enable the correspondig event.
646 if (hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY)
647 events[1] |= 0x04; /* LE Direct Advertising
651 /* If the controller supports the LE Set Scan Enable command,
652 * enable the corresponding advertising report event.
654 if (hdev->commands[26] & 0x08)
655 events[0] |= 0x02; /* LE Advertising Report */
657 /* If the controller supports the LE Create Connection
658 * command, enable the corresponding event.
660 if (hdev->commands[26] & 0x10)
661 events[0] |= 0x01; /* LE Connection Complete */
663 /* If the controller supports the LE Connection Update
664 * command, enable the corresponding event.
666 if (hdev->commands[27] & 0x04)
667 events[0] |= 0x04; /* LE Connection Update
671 /* If the controller supports the LE Read Remote Used Features
672 * command, enable the corresponding event.
674 if (hdev->commands[27] & 0x20)
675 events[0] |= 0x08; /* LE Read Remote Used
679 /* If the controller supports the LE Read Local P-256
680 * Public Key command, enable the corresponding event.
682 if (hdev->commands[34] & 0x02)
683 events[0] |= 0x80; /* LE Read Local P-256
684 * Public Key Complete
687 /* If the controller supports the LE Generate DHKey
688 * command, enable the corresponding event.
690 if (hdev->commands[34] & 0x04)
691 events[1] |= 0x01; /* LE Generate DHKey Complete */
693 hci_req_add(req, HCI_OP_LE_SET_EVENT_MASK, sizeof(events),
696 if (hdev->commands[25] & 0x40) {
697 /* Read LE Advertising Channel TX Power */
698 hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
701 if (hdev->commands[26] & 0x40) {
702 /* Read LE White List Size */
703 hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE,
707 if (hdev->commands[26] & 0x80) {
708 /* Clear LE White List */
709 hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
712 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) {
713 /* Read LE Maximum Data Length */
714 hci_req_add(req, HCI_OP_LE_READ_MAX_DATA_LEN, 0, NULL);
716 /* Read LE Suggested Default Data Length */
717 hci_req_add(req, HCI_OP_LE_READ_DEF_DATA_LEN, 0, NULL);
720 hci_set_le_support(req);
723 /* Read features beyond page 1 if available */
724 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
725 struct hci_cp_read_local_ext_features cp;
728 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
735 static int hci_init4_req(struct hci_request *req, unsigned long opt)
737 struct hci_dev *hdev = req->hdev;
739 /* Some Broadcom based Bluetooth controllers do not support the
740 * Delete Stored Link Key command. They are clearly indicating its
741 * absence in the bit mask of supported commands.
743 * Check the supported commands and only if the the command is marked
744 * as supported send it. If not supported assume that the controller
745 * does not have actual support for stored link keys which makes this
746 * command redundant anyway.
748 * Some controllers indicate that they support handling deleting
749 * stored link keys, but they don't. The quirk lets a driver
750 * just disable this command.
752 if (hdev->commands[6] & 0x80 &&
753 !test_bit(HCI_QUIRK_BROKEN_STORED_LINK_KEY, &hdev->quirks)) {
754 struct hci_cp_delete_stored_link_key cp;
756 bacpy(&cp.bdaddr, BDADDR_ANY);
757 cp.delete_all = 0x01;
758 hci_req_add(req, HCI_OP_DELETE_STORED_LINK_KEY,
762 /* Set event mask page 2 if the HCI command for it is supported */
763 if (hdev->commands[22] & 0x04)
764 hci_set_event_mask_page_2(req);
766 /* Read local codec list if the HCI command is supported */
767 if (hdev->commands[29] & 0x20)
768 hci_req_add(req, HCI_OP_READ_LOCAL_CODECS, 0, NULL);
770 /* Get MWS transport configuration if the HCI command is supported */
771 if (hdev->commands[30] & 0x08)
772 hci_req_add(req, HCI_OP_GET_MWS_TRANSPORT_CONFIG, 0, NULL);
774 /* Check for Synchronization Train support */
775 if (lmp_sync_train_capable(hdev))
776 hci_req_add(req, HCI_OP_READ_SYNC_TRAIN_PARAMS, 0, NULL);
778 /* Enable Secure Connections if supported and configured */
779 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
780 bredr_sc_enabled(hdev)) {
783 hci_req_add(req, HCI_OP_WRITE_SC_SUPPORT,
784 sizeof(support), &support);
790 static int __hci_init(struct hci_dev *hdev)
794 err = __hci_req_sync(hdev, hci_init1_req, 0, HCI_INIT_TIMEOUT, NULL);
798 if (hci_dev_test_flag(hdev, HCI_SETUP))
799 hci_debugfs_create_basic(hdev);
801 err = __hci_req_sync(hdev, hci_init2_req, 0, HCI_INIT_TIMEOUT, NULL);
805 /* HCI_PRIMARY covers both single-mode LE, BR/EDR and dual-mode
806 * BR/EDR/LE type controllers. AMP controllers only need the
807 * first two stages of init.
809 if (hdev->dev_type != HCI_PRIMARY)
812 err = __hci_req_sync(hdev, hci_init3_req, 0, HCI_INIT_TIMEOUT, NULL);
816 err = __hci_req_sync(hdev, hci_init4_req, 0, HCI_INIT_TIMEOUT, NULL);
820 /* This function is only called when the controller is actually in
821 * configured state. When the controller is marked as unconfigured,
822 * this initialization procedure is not run.
824 * It means that it is possible that a controller runs through its
825 * setup phase and then discovers missing settings. If that is the
826 * case, then this function will not be called. It then will only
827 * be called during the config phase.
829 * So only when in setup phase or config phase, create the debugfs
830 * entries and register the SMP channels.
832 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
833 !hci_dev_test_flag(hdev, HCI_CONFIG))
836 hci_debugfs_create_common(hdev);
838 if (lmp_bredr_capable(hdev))
839 hci_debugfs_create_bredr(hdev);
841 if (lmp_le_capable(hdev))
842 hci_debugfs_create_le(hdev);
847 static int hci_init0_req(struct hci_request *req, unsigned long opt)
849 struct hci_dev *hdev = req->hdev;
851 BT_DBG("%s %ld", hdev->name, opt);
854 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
855 hci_reset_req(req, 0);
857 /* Read Local Version */
858 hci_req_add(req, HCI_OP_READ_LOCAL_VERSION, 0, NULL);
860 /* Read BD Address */
861 if (hdev->set_bdaddr)
862 hci_req_add(req, HCI_OP_READ_BD_ADDR, 0, NULL);
867 static int __hci_unconf_init(struct hci_dev *hdev)
871 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
874 err = __hci_req_sync(hdev, hci_init0_req, 0, HCI_INIT_TIMEOUT, NULL);
878 if (hci_dev_test_flag(hdev, HCI_SETUP))
879 hci_debugfs_create_basic(hdev);
884 static int hci_scan_req(struct hci_request *req, unsigned long opt)
888 BT_DBG("%s %x", req->hdev->name, scan);
890 /* Inquiry and Page scans */
891 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
895 static int hci_auth_req(struct hci_request *req, unsigned long opt)
899 BT_DBG("%s %x", req->hdev->name, auth);
902 hci_req_add(req, HCI_OP_WRITE_AUTH_ENABLE, 1, &auth);
906 static int hci_encrypt_req(struct hci_request *req, unsigned long opt)
910 BT_DBG("%s %x", req->hdev->name, encrypt);
913 hci_req_add(req, HCI_OP_WRITE_ENCRYPT_MODE, 1, &encrypt);
917 static int hci_linkpol_req(struct hci_request *req, unsigned long opt)
919 __le16 policy = cpu_to_le16(opt);
921 BT_DBG("%s %x", req->hdev->name, policy);
923 /* Default link policy */
924 hci_req_add(req, HCI_OP_WRITE_DEF_LINK_POLICY, 2, &policy);
928 /* Get HCI device by index.
929 * Device is held on return. */
930 struct hci_dev *hci_dev_get(int index)
932 struct hci_dev *hdev = NULL, *d;
939 read_lock(&hci_dev_list_lock);
940 list_for_each_entry(d, &hci_dev_list, list) {
941 if (d->id == index) {
942 hdev = hci_dev_hold(d);
946 read_unlock(&hci_dev_list_lock);
950 /* ---- Inquiry support ---- */
952 bool hci_discovery_active(struct hci_dev *hdev)
954 struct discovery_state *discov = &hdev->discovery;
956 switch (discov->state) {
957 case DISCOVERY_FINDING:
958 case DISCOVERY_RESOLVING:
966 void hci_discovery_set_state(struct hci_dev *hdev, int state)
968 int old_state = hdev->discovery.state;
970 BT_DBG("%s state %u -> %u", hdev->name, hdev->discovery.state, state);
972 if (old_state == state)
975 hdev->discovery.state = state;
978 case DISCOVERY_STOPPED:
979 hci_update_background_scan(hdev);
981 if (old_state != DISCOVERY_STARTING)
982 mgmt_discovering(hdev, 0);
984 case DISCOVERY_STARTING:
986 case DISCOVERY_FINDING:
987 mgmt_discovering(hdev, 1);
989 case DISCOVERY_RESOLVING:
991 case DISCOVERY_STOPPING:
996 void hci_inquiry_cache_flush(struct hci_dev *hdev)
998 struct discovery_state *cache = &hdev->discovery;
999 struct inquiry_entry *p, *n;
1001 list_for_each_entry_safe(p, n, &cache->all, all) {
1006 INIT_LIST_HEAD(&cache->unknown);
1007 INIT_LIST_HEAD(&cache->resolve);
1010 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
1013 struct discovery_state *cache = &hdev->discovery;
1014 struct inquiry_entry *e;
1016 BT_DBG("cache %p, %pMR", cache, bdaddr);
1018 list_for_each_entry(e, &cache->all, all) {
1019 if (!bacmp(&e->data.bdaddr, bdaddr))
1026 struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
1029 struct discovery_state *cache = &hdev->discovery;
1030 struct inquiry_entry *e;
1032 BT_DBG("cache %p, %pMR", cache, bdaddr);
1034 list_for_each_entry(e, &cache->unknown, list) {
1035 if (!bacmp(&e->data.bdaddr, bdaddr))
1042 struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
1046 struct discovery_state *cache = &hdev->discovery;
1047 struct inquiry_entry *e;
1049 BT_DBG("cache %p bdaddr %pMR state %d", cache, bdaddr, state);
1051 list_for_each_entry(e, &cache->resolve, list) {
1052 if (!bacmp(bdaddr, BDADDR_ANY) && e->name_state == state)
1054 if (!bacmp(&e->data.bdaddr, bdaddr))
1061 void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
1062 struct inquiry_entry *ie)
1064 struct discovery_state *cache = &hdev->discovery;
1065 struct list_head *pos = &cache->resolve;
1066 struct inquiry_entry *p;
1068 list_del(&ie->list);
1070 list_for_each_entry(p, &cache->resolve, list) {
1071 if (p->name_state != NAME_PENDING &&
1072 abs(p->data.rssi) >= abs(ie->data.rssi))
1077 list_add(&ie->list, pos);
1080 u32 hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
1083 struct discovery_state *cache = &hdev->discovery;
1084 struct inquiry_entry *ie;
1087 BT_DBG("cache %p, %pMR", cache, &data->bdaddr);
1089 hci_remove_remote_oob_data(hdev, &data->bdaddr, BDADDR_BREDR);
1091 if (!data->ssp_mode)
1092 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1094 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
1096 if (!ie->data.ssp_mode)
1097 flags |= MGMT_DEV_FOUND_LEGACY_PAIRING;
1099 if (ie->name_state == NAME_NEEDED &&
1100 data->rssi != ie->data.rssi) {
1101 ie->data.rssi = data->rssi;
1102 hci_inquiry_cache_update_resolve(hdev, ie);
1108 /* Entry not in the cache. Add new one. */
1109 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
1111 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1115 list_add(&ie->all, &cache->all);
1118 ie->name_state = NAME_KNOWN;
1120 ie->name_state = NAME_NOT_KNOWN;
1121 list_add(&ie->list, &cache->unknown);
1125 if (name_known && ie->name_state != NAME_KNOWN &&
1126 ie->name_state != NAME_PENDING) {
1127 ie->name_state = NAME_KNOWN;
1128 list_del(&ie->list);
1131 memcpy(&ie->data, data, sizeof(*data));
1132 ie->timestamp = jiffies;
1133 cache->timestamp = jiffies;
1135 if (ie->name_state == NAME_NOT_KNOWN)
1136 flags |= MGMT_DEV_FOUND_CONFIRM_NAME;
1142 static int inquiry_cache_dump(struct hci_dev *hdev, int num, __u8 *buf)
1144 struct discovery_state *cache = &hdev->discovery;
1145 struct inquiry_info *info = (struct inquiry_info *) buf;
1146 struct inquiry_entry *e;
1149 list_for_each_entry(e, &cache->all, all) {
1150 struct inquiry_data *data = &e->data;
1155 bacpy(&info->bdaddr, &data->bdaddr);
1156 info->pscan_rep_mode = data->pscan_rep_mode;
1157 info->pscan_period_mode = data->pscan_period_mode;
1158 info->pscan_mode = data->pscan_mode;
1159 memcpy(info->dev_class, data->dev_class, 3);
1160 info->clock_offset = data->clock_offset;
1166 BT_DBG("cache %p, copied %d", cache, copied);
1170 static int hci_inq_req(struct hci_request *req, unsigned long opt)
1172 struct hci_inquiry_req *ir = (struct hci_inquiry_req *) opt;
1173 struct hci_dev *hdev = req->hdev;
1174 struct hci_cp_inquiry cp;
1176 BT_DBG("%s", hdev->name);
1178 if (test_bit(HCI_INQUIRY, &hdev->flags))
1182 memcpy(&cp.lap, &ir->lap, 3);
1183 cp.length = ir->length;
1184 cp.num_rsp = ir->num_rsp;
1185 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
1190 int hci_inquiry(void __user *arg)
1192 __u8 __user *ptr = arg;
1193 struct hci_inquiry_req ir;
1194 struct hci_dev *hdev;
1195 int err = 0, do_inquiry = 0, max_rsp;
1199 if (copy_from_user(&ir, ptr, sizeof(ir)))
1202 hdev = hci_dev_get(ir.dev_id);
1206 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1211 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1216 if (hdev->dev_type != HCI_PRIMARY) {
1221 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1226 /* Restrict maximum inquiry length to 60 seconds */
1227 if (ir.length > 60) {
1233 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
1234 inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) {
1235 hci_inquiry_cache_flush(hdev);
1238 hci_dev_unlock(hdev);
1240 timeo = ir.length * msecs_to_jiffies(2000);
1243 err = hci_req_sync(hdev, hci_inq_req, (unsigned long) &ir,
1248 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
1249 * cleared). If it is interrupted by a signal, return -EINTR.
1251 if (wait_on_bit(&hdev->flags, HCI_INQUIRY,
1252 TASK_INTERRUPTIBLE)) {
1258 /* for unlimited number of responses we will use buffer with
1261 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
1263 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
1264 * copy it to the user space.
1266 buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL);
1273 ir.num_rsp = inquiry_cache_dump(hdev, max_rsp, buf);
1274 hci_dev_unlock(hdev);
1276 BT_DBG("num_rsp %d", ir.num_rsp);
1278 if (!copy_to_user(ptr, &ir, sizeof(ir))) {
1280 if (copy_to_user(ptr, buf, sizeof(struct inquiry_info) *
1293 static int hci_dev_do_open(struct hci_dev *hdev)
1297 BT_DBG("%s %p", hdev->name, hdev);
1299 hci_req_sync_lock(hdev);
1301 if (hci_dev_test_flag(hdev, HCI_UNREGISTER)) {
1306 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1307 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
1308 /* Check for rfkill but allow the HCI setup stage to
1309 * proceed (which in itself doesn't cause any RF activity).
1311 if (hci_dev_test_flag(hdev, HCI_RFKILLED)) {
1316 /* Check for valid public address or a configured static
1317 * random adddress, but let the HCI setup proceed to
1318 * be able to determine if there is a public address
1321 * In case of user channel usage, it is not important
1322 * if a public address or static random address is
1325 * This check is only valid for BR/EDR controllers
1326 * since AMP controllers do not have an address.
1328 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1329 hdev->dev_type == HCI_PRIMARY &&
1330 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
1331 !bacmp(&hdev->static_addr, BDADDR_ANY)) {
1332 ret = -EADDRNOTAVAIL;
1337 if (test_bit(HCI_UP, &hdev->flags)) {
1342 if (hdev->open(hdev)) {
1347 set_bit(HCI_RUNNING, &hdev->flags);
1348 hci_sock_dev_event(hdev, HCI_DEV_OPEN);
1350 atomic_set(&hdev->cmd_cnt, 1);
1351 set_bit(HCI_INIT, &hdev->flags);
1353 if (hci_dev_test_flag(hdev, HCI_SETUP)) {
1354 hci_sock_dev_event(hdev, HCI_DEV_SETUP);
1357 ret = hdev->setup(hdev);
1359 /* The transport driver can set these quirks before
1360 * creating the HCI device or in its setup callback.
1362 * In case any of them is set, the controller has to
1363 * start up as unconfigured.
1365 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
1366 test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks))
1367 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
1369 /* For an unconfigured controller it is required to
1370 * read at least the version information provided by
1371 * the Read Local Version Information command.
1373 * If the set_bdaddr driver callback is provided, then
1374 * also the original Bluetooth public device address
1375 * will be read using the Read BD Address command.
1377 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
1378 ret = __hci_unconf_init(hdev);
1381 if (hci_dev_test_flag(hdev, HCI_CONFIG)) {
1382 /* If public address change is configured, ensure that
1383 * the address gets programmed. If the driver does not
1384 * support changing the public address, fail the power
1387 if (bacmp(&hdev->public_addr, BDADDR_ANY) &&
1389 ret = hdev->set_bdaddr(hdev, &hdev->public_addr);
1391 ret = -EADDRNOTAVAIL;
1395 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1396 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1397 ret = __hci_init(hdev);
1398 if (!ret && hdev->post_init)
1399 ret = hdev->post_init(hdev);
1403 /* If the HCI Reset command is clearing all diagnostic settings,
1404 * then they need to be reprogrammed after the init procedure
1407 if (test_bit(HCI_QUIRK_NON_PERSISTENT_DIAG, &hdev->quirks) &&
1408 hci_dev_test_flag(hdev, HCI_VENDOR_DIAG) && hdev->set_diag)
1409 ret = hdev->set_diag(hdev, true);
1411 clear_bit(HCI_INIT, &hdev->flags);
1415 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1416 set_bit(HCI_UP, &hdev->flags);
1417 hci_sock_dev_event(hdev, HCI_DEV_UP);
1418 hci_leds_update_powered(hdev, true);
1419 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
1420 !hci_dev_test_flag(hdev, HCI_CONFIG) &&
1421 !hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1422 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1423 hci_dev_test_flag(hdev, HCI_MGMT) &&
1424 hdev->dev_type == HCI_PRIMARY) {
1425 ret = __hci_req_hci_power_on(hdev);
1426 mgmt_power_on(hdev, ret);
1429 /* Init failed, cleanup */
1430 flush_work(&hdev->tx_work);
1432 /* Since hci_rx_work() is possible to awake new cmd_work
1433 * it should be flushed first to avoid unexpected call of
1436 flush_work(&hdev->rx_work);
1437 flush_work(&hdev->cmd_work);
1439 skb_queue_purge(&hdev->cmd_q);
1440 skb_queue_purge(&hdev->rx_q);
1445 if (hdev->sent_cmd) {
1446 kfree_skb(hdev->sent_cmd);
1447 hdev->sent_cmd = NULL;
1450 clear_bit(HCI_RUNNING, &hdev->flags);
1451 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1454 hdev->flags &= BIT(HCI_RAW);
1458 hci_req_sync_unlock(hdev);
1462 /* ---- HCI ioctl helpers ---- */
1464 int hci_dev_open(__u16 dev)
1466 struct hci_dev *hdev;
1469 hdev = hci_dev_get(dev);
1473 /* Devices that are marked as unconfigured can only be powered
1474 * up as user channel. Trying to bring them up as normal devices
1475 * will result into a failure. Only user channel operation is
1478 * When this function is called for a user channel, the flag
1479 * HCI_USER_CHANNEL will be set first before attempting to
1482 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
1483 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1488 /* We need to ensure that no other power on/off work is pending
1489 * before proceeding to call hci_dev_do_open. This is
1490 * particularly important if the setup procedure has not yet
1493 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1494 cancel_delayed_work(&hdev->power_off);
1496 /* After this call it is guaranteed that the setup procedure
1497 * has finished. This means that error conditions like RFKILL
1498 * or no valid public or static random address apply.
1500 flush_workqueue(hdev->req_workqueue);
1502 /* For controllers not using the management interface and that
1503 * are brought up using legacy ioctl, set the HCI_BONDABLE bit
1504 * so that pairing works for them. Once the management interface
1505 * is in use this bit will be cleared again and userspace has
1506 * to explicitly enable it.
1508 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1509 !hci_dev_test_flag(hdev, HCI_MGMT))
1510 hci_dev_set_flag(hdev, HCI_BONDABLE);
1512 err = hci_dev_do_open(hdev);
1519 /* This function requires the caller holds hdev->lock */
1520 static void hci_pend_le_actions_clear(struct hci_dev *hdev)
1522 struct hci_conn_params *p;
1524 list_for_each_entry(p, &hdev->le_conn_params, list) {
1526 hci_conn_drop(p->conn);
1527 hci_conn_put(p->conn);
1530 list_del_init(&p->action);
1533 BT_DBG("All LE pending actions cleared");
1536 int hci_dev_do_close(struct hci_dev *hdev)
1540 BT_DBG("%s %p", hdev->name, hdev);
1542 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1543 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1544 test_bit(HCI_UP, &hdev->flags)) {
1545 /* Execute vendor specific shutdown routine */
1547 hdev->shutdown(hdev);
1550 cancel_delayed_work(&hdev->power_off);
1552 hci_request_cancel_all(hdev);
1553 hci_req_sync_lock(hdev);
1555 if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
1556 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1557 test_bit(HCI_UP, &hdev->flags)) {
1558 /* Execute vendor specific shutdown routine */
1560 hdev->shutdown(hdev);
1563 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
1564 cancel_delayed_work_sync(&hdev->cmd_timer);
1565 hci_req_sync_unlock(hdev);
1569 hci_leds_update_powered(hdev, false);
1571 /* Flush RX and TX works */
1572 flush_work(&hdev->tx_work);
1573 flush_work(&hdev->rx_work);
1575 if (hdev->discov_timeout > 0) {
1576 hdev->discov_timeout = 0;
1577 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1578 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1581 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1582 cancel_delayed_work(&hdev->service_cache);
1584 if (hci_dev_test_flag(hdev, HCI_MGMT))
1585 cancel_delayed_work_sync(&hdev->rpa_expired);
1587 /* Avoid potential lockdep warnings from the *_flush() calls by
1588 * ensuring the workqueue is empty up front.
1590 drain_workqueue(hdev->workqueue);
1594 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1596 auto_off = hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF);
1598 if (!auto_off && hdev->dev_type == HCI_PRIMARY &&
1599 !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
1600 hci_dev_test_flag(hdev, HCI_MGMT))
1601 __mgmt_power_off(hdev);
1603 hci_inquiry_cache_flush(hdev);
1604 hci_pend_le_actions_clear(hdev);
1605 hci_conn_hash_flush(hdev);
1606 hci_dev_unlock(hdev);
1608 smp_unregister(hdev);
1610 hci_sock_dev_event(hdev, HCI_DEV_DOWN);
1616 skb_queue_purge(&hdev->cmd_q);
1617 atomic_set(&hdev->cmd_cnt, 1);
1618 if (test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks) &&
1619 !auto_off && !hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1620 set_bit(HCI_INIT, &hdev->flags);
1621 __hci_req_sync(hdev, hci_reset_req, 0, HCI_CMD_TIMEOUT, NULL);
1622 clear_bit(HCI_INIT, &hdev->flags);
1625 /* flush cmd work */
1626 flush_work(&hdev->cmd_work);
1629 skb_queue_purge(&hdev->rx_q);
1630 skb_queue_purge(&hdev->cmd_q);
1631 skb_queue_purge(&hdev->raw_q);
1633 /* Drop last sent command */
1634 if (hdev->sent_cmd) {
1635 cancel_delayed_work_sync(&hdev->cmd_timer);
1636 kfree_skb(hdev->sent_cmd);
1637 hdev->sent_cmd = NULL;
1640 clear_bit(HCI_RUNNING, &hdev->flags);
1641 hci_sock_dev_event(hdev, HCI_DEV_CLOSE);
1643 /* After this point our queues are empty
1644 * and no tasks are scheduled. */
1648 hdev->flags &= BIT(HCI_RAW);
1649 hci_dev_clear_volatile_flags(hdev);
1651 /* Controller radio is available but is currently powered down */
1652 hdev->amp_status = AMP_STATUS_POWERED_DOWN;
1654 memset(hdev->eir, 0, sizeof(hdev->eir));
1655 memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
1656 bacpy(&hdev->random_addr, BDADDR_ANY);
1658 hci_req_sync_unlock(hdev);
1664 int hci_dev_close(__u16 dev)
1666 struct hci_dev *hdev;
1669 hdev = hci_dev_get(dev);
1673 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1678 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF))
1679 cancel_delayed_work(&hdev->power_off);
1681 err = hci_dev_do_close(hdev);
1688 static int hci_dev_do_reset(struct hci_dev *hdev)
1692 BT_DBG("%s %p", hdev->name, hdev);
1694 hci_req_sync_lock(hdev);
1697 skb_queue_purge(&hdev->rx_q);
1698 skb_queue_purge(&hdev->cmd_q);
1700 /* Avoid potential lockdep warnings from the *_flush() calls by
1701 * ensuring the workqueue is empty up front.
1703 drain_workqueue(hdev->workqueue);
1706 hci_inquiry_cache_flush(hdev);
1707 hci_conn_hash_flush(hdev);
1708 hci_dev_unlock(hdev);
1713 atomic_set(&hdev->cmd_cnt, 1);
1714 hdev->acl_cnt = 0; hdev->sco_cnt = 0; hdev->le_cnt = 0;
1716 ret = __hci_req_sync(hdev, hci_reset_req, 0, HCI_INIT_TIMEOUT, NULL);
1718 hci_req_sync_unlock(hdev);
1722 int hci_dev_reset(__u16 dev)
1724 struct hci_dev *hdev;
1727 hdev = hci_dev_get(dev);
1731 if (!test_bit(HCI_UP, &hdev->flags)) {
1736 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1741 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1746 err = hci_dev_do_reset(hdev);
1753 int hci_dev_reset_stat(__u16 dev)
1755 struct hci_dev *hdev;
1758 hdev = hci_dev_get(dev);
1762 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1767 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1772 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
1779 static void hci_update_scan_state(struct hci_dev *hdev, u8 scan)
1781 bool conn_changed, discov_changed;
1783 BT_DBG("%s scan 0x%02x", hdev->name, scan);
1785 if ((scan & SCAN_PAGE))
1786 conn_changed = !hci_dev_test_and_set_flag(hdev,
1789 conn_changed = hci_dev_test_and_clear_flag(hdev,
1792 if ((scan & SCAN_INQUIRY)) {
1793 discov_changed = !hci_dev_test_and_set_flag(hdev,
1796 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1797 discov_changed = hci_dev_test_and_clear_flag(hdev,
1801 if (!hci_dev_test_flag(hdev, HCI_MGMT))
1804 if (conn_changed || discov_changed) {
1805 /* In case this was disabled through mgmt */
1806 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
1808 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1809 hci_req_update_adv_data(hdev, hdev->cur_adv_instance);
1811 mgmt_new_settings(hdev);
1815 int hci_dev_cmd(unsigned int cmd, void __user *arg)
1817 struct hci_dev *hdev;
1818 struct hci_dev_req dr;
1821 if (copy_from_user(&dr, arg, sizeof(dr)))
1824 hdev = hci_dev_get(dr.dev_id);
1828 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
1833 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
1838 if (hdev->dev_type != HCI_PRIMARY) {
1843 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1850 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1851 HCI_INIT_TIMEOUT, NULL);
1855 if (!lmp_encrypt_capable(hdev)) {
1860 if (!test_bit(HCI_AUTH, &hdev->flags)) {
1861 /* Auth must be enabled first */
1862 err = hci_req_sync(hdev, hci_auth_req, dr.dev_opt,
1863 HCI_INIT_TIMEOUT, NULL);
1868 err = hci_req_sync(hdev, hci_encrypt_req, dr.dev_opt,
1869 HCI_INIT_TIMEOUT, NULL);
1873 err = hci_req_sync(hdev, hci_scan_req, dr.dev_opt,
1874 HCI_INIT_TIMEOUT, NULL);
1876 /* Ensure that the connectable and discoverable states
1877 * get correctly modified as this was a non-mgmt change.
1880 hci_update_scan_state(hdev, dr.dev_opt);
1884 err = hci_req_sync(hdev, hci_linkpol_req, dr.dev_opt,
1885 HCI_INIT_TIMEOUT, NULL);
1888 case HCISETLINKMODE:
1889 hdev->link_mode = ((__u16) dr.dev_opt) &
1890 (HCI_LM_MASTER | HCI_LM_ACCEPT);
1894 hdev->pkt_type = (__u16) dr.dev_opt;
1898 hdev->acl_mtu = *((__u16 *) &dr.dev_opt + 1);
1899 hdev->acl_pkts = *((__u16 *) &dr.dev_opt + 0);
1903 hdev->sco_mtu = *((__u16 *) &dr.dev_opt + 1);
1904 hdev->sco_pkts = *((__u16 *) &dr.dev_opt + 0);
1917 int hci_get_dev_list(void __user *arg)
1919 struct hci_dev *hdev;
1920 struct hci_dev_list_req *dl;
1921 struct hci_dev_req *dr;
1922 int n = 0, size, err;
1925 if (get_user(dev_num, (__u16 __user *) arg))
1928 if (!dev_num || dev_num > (PAGE_SIZE * 2) / sizeof(*dr))
1931 size = sizeof(*dl) + dev_num * sizeof(*dr);
1933 dl = kzalloc(size, GFP_KERNEL);
1939 read_lock(&hci_dev_list_lock);
1940 list_for_each_entry(hdev, &hci_dev_list, list) {
1941 unsigned long flags = hdev->flags;
1943 /* When the auto-off is configured it means the transport
1944 * is running, but in that case still indicate that the
1945 * device is actually down.
1947 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
1948 flags &= ~BIT(HCI_UP);
1950 (dr + n)->dev_id = hdev->id;
1951 (dr + n)->dev_opt = flags;
1956 read_unlock(&hci_dev_list_lock);
1959 size = sizeof(*dl) + n * sizeof(*dr);
1961 err = copy_to_user(arg, dl, size);
1964 return err ? -EFAULT : 0;
1967 int hci_get_dev_info(void __user *arg)
1969 struct hci_dev *hdev;
1970 struct hci_dev_info di;
1971 unsigned long flags;
1974 if (copy_from_user(&di, arg, sizeof(di)))
1977 hdev = hci_dev_get(di.dev_id);
1981 /* When the auto-off is configured it means the transport
1982 * is running, but in that case still indicate that the
1983 * device is actually down.
1985 if (hci_dev_test_flag(hdev, HCI_AUTO_OFF))
1986 flags = hdev->flags & ~BIT(HCI_UP);
1988 flags = hdev->flags;
1990 strcpy(di.name, hdev->name);
1991 di.bdaddr = hdev->bdaddr;
1992 di.type = (hdev->bus & 0x0f) | ((hdev->dev_type & 0x03) << 4);
1994 di.pkt_type = hdev->pkt_type;
1995 if (lmp_bredr_capable(hdev)) {
1996 di.acl_mtu = hdev->acl_mtu;
1997 di.acl_pkts = hdev->acl_pkts;
1998 di.sco_mtu = hdev->sco_mtu;
1999 di.sco_pkts = hdev->sco_pkts;
2001 di.acl_mtu = hdev->le_mtu;
2002 di.acl_pkts = hdev->le_pkts;
2006 di.link_policy = hdev->link_policy;
2007 di.link_mode = hdev->link_mode;
2009 memcpy(&di.stat, &hdev->stat, sizeof(di.stat));
2010 memcpy(&di.features, &hdev->features, sizeof(di.features));
2012 if (copy_to_user(arg, &di, sizeof(di)))
2020 /* ---- Interface to HCI drivers ---- */
2022 static int hci_rfkill_set_block(void *data, bool blocked)
2024 struct hci_dev *hdev = data;
2026 BT_DBG("%p name %s blocked %d", hdev, hdev->name, blocked);
2028 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL))
2032 hci_dev_set_flag(hdev, HCI_RFKILLED);
2033 if (!hci_dev_test_flag(hdev, HCI_SETUP) &&
2034 !hci_dev_test_flag(hdev, HCI_CONFIG))
2035 hci_dev_do_close(hdev);
2037 hci_dev_clear_flag(hdev, HCI_RFKILLED);
2043 static const struct rfkill_ops hci_rfkill_ops = {
2044 .set_block = hci_rfkill_set_block,
2047 static void hci_power_on(struct work_struct *work)
2049 struct hci_dev *hdev = container_of(work, struct hci_dev, power_on);
2052 BT_DBG("%s", hdev->name);
2054 if (test_bit(HCI_UP, &hdev->flags) &&
2055 hci_dev_test_flag(hdev, HCI_MGMT) &&
2056 hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
2057 cancel_delayed_work(&hdev->power_off);
2058 hci_req_sync_lock(hdev);
2059 err = __hci_req_hci_power_on(hdev);
2060 hci_req_sync_unlock(hdev);
2061 mgmt_power_on(hdev, err);
2065 err = hci_dev_do_open(hdev);
2068 mgmt_set_powered_failed(hdev, err);
2069 hci_dev_unlock(hdev);
2073 /* During the HCI setup phase, a few error conditions are
2074 * ignored and they need to be checked now. If they are still
2075 * valid, it is important to turn the device back off.
2077 if (hci_dev_test_flag(hdev, HCI_RFKILLED) ||
2078 hci_dev_test_flag(hdev, HCI_UNCONFIGURED) ||
2079 (hdev->dev_type == HCI_PRIMARY &&
2080 !bacmp(&hdev->bdaddr, BDADDR_ANY) &&
2081 !bacmp(&hdev->static_addr, BDADDR_ANY))) {
2082 hci_dev_clear_flag(hdev, HCI_AUTO_OFF);
2083 hci_dev_do_close(hdev);
2084 } else if (hci_dev_test_flag(hdev, HCI_AUTO_OFF)) {
2085 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
2086 HCI_AUTO_OFF_TIMEOUT);
2089 if (hci_dev_test_and_clear_flag(hdev, HCI_SETUP)) {
2090 /* For unconfigured devices, set the HCI_RAW flag
2091 * so that userspace can easily identify them.
2093 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2094 set_bit(HCI_RAW, &hdev->flags);
2096 /* For fully configured devices, this will send
2097 * the Index Added event. For unconfigured devices,
2098 * it will send Unconfigued Index Added event.
2100 * Devices with HCI_QUIRK_RAW_DEVICE are ignored
2101 * and no event will be send.
2103 mgmt_index_added(hdev);
2104 } else if (hci_dev_test_and_clear_flag(hdev, HCI_CONFIG)) {
2105 /* When the controller is now configured, then it
2106 * is important to clear the HCI_RAW flag.
2108 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
2109 clear_bit(HCI_RAW, &hdev->flags);
2111 /* Powering on the controller with HCI_CONFIG set only
2112 * happens with the transition from unconfigured to
2113 * configured. This will send the Index Added event.
2115 mgmt_index_added(hdev);
2119 static void hci_power_off(struct work_struct *work)
2121 struct hci_dev *hdev = container_of(work, struct hci_dev,
2124 BT_DBG("%s", hdev->name);
2126 hci_dev_do_close(hdev);
2129 static void hci_error_reset(struct work_struct *work)
2131 struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset);
2133 BT_DBG("%s", hdev->name);
2136 hdev->hw_error(hdev, hdev->hw_error_code);
2138 BT_ERR("%s hardware error 0x%2.2x", hdev->name,
2139 hdev->hw_error_code);
2141 if (hci_dev_do_close(hdev))
2144 hci_dev_do_open(hdev);
2147 void hci_uuids_clear(struct hci_dev *hdev)
2149 struct bt_uuid *uuid, *tmp;
2151 list_for_each_entry_safe(uuid, tmp, &hdev->uuids, list) {
2152 list_del(&uuid->list);
2157 void hci_link_keys_clear(struct hci_dev *hdev)
2159 struct link_key *key;
2161 list_for_each_entry_rcu(key, &hdev->link_keys, list) {
2162 list_del_rcu(&key->list);
2163 kfree_rcu(key, rcu);
2167 void hci_smp_ltks_clear(struct hci_dev *hdev)
2171 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2172 list_del_rcu(&k->list);
2177 void hci_smp_irks_clear(struct hci_dev *hdev)
2181 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2182 list_del_rcu(&k->list);
2187 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2192 list_for_each_entry_rcu(k, &hdev->link_keys, list) {
2193 if (bacmp(bdaddr, &k->bdaddr) == 0) {
2203 static bool hci_persistent_key(struct hci_dev *hdev, struct hci_conn *conn,
2204 u8 key_type, u8 old_key_type)
2207 if (key_type < 0x03)
2210 /* Debug keys are insecure so don't store them persistently */
2211 if (key_type == HCI_LK_DEBUG_COMBINATION)
2214 /* Changed combination key and there's no previous one */
2215 if (key_type == HCI_LK_CHANGED_COMBINATION && old_key_type == 0xff)
2218 /* Security mode 3 case */
2222 /* BR/EDR key derived using SC from an LE link */
2223 if (conn->type == LE_LINK)
2226 /* Neither local nor remote side had no-bonding as requirement */
2227 if (conn->auth_type > 0x01 && conn->remote_auth > 0x01)
2230 /* Local side had dedicated bonding as requirement */
2231 if (conn->auth_type == 0x02 || conn->auth_type == 0x03)
2234 /* Remote side had dedicated bonding as requirement */
2235 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03)
2238 /* If none of the above criteria match, then don't store the key
2243 static u8 ltk_role(u8 type)
2245 if (type == SMP_LTK)
2246 return HCI_ROLE_MASTER;
2248 return HCI_ROLE_SLAVE;
2251 struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2252 u8 addr_type, u8 role)
2257 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2258 if (addr_type != k->bdaddr_type || bacmp(bdaddr, &k->bdaddr))
2261 if (smp_ltk_is_sc(k) || ltk_role(k->type) == role) {
2271 struct smp_irk *hci_find_irk_by_rpa(struct hci_dev *hdev, bdaddr_t *rpa)
2273 struct smp_irk *irk;
2276 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2277 if (!bacmp(&irk->rpa, rpa)) {
2283 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2284 if (smp_irk_matches(hdev, irk->val, rpa)) {
2285 bacpy(&irk->rpa, rpa);
2295 struct smp_irk *hci_find_irk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
2298 struct smp_irk *irk;
2300 /* Identity Address must be public or static random */
2301 if (addr_type == ADDR_LE_DEV_RANDOM && (bdaddr->b[5] & 0xc0) != 0xc0)
2305 list_for_each_entry_rcu(irk, &hdev->identity_resolving_keys, list) {
2306 if (addr_type == irk->addr_type &&
2307 bacmp(bdaddr, &irk->bdaddr) == 0) {
2317 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn,
2318 bdaddr_t *bdaddr, u8 *val, u8 type,
2319 u8 pin_len, bool *persistent)
2321 struct link_key *key, *old_key;
2324 old_key = hci_find_link_key(hdev, bdaddr);
2326 old_key_type = old_key->type;
2329 old_key_type = conn ? conn->key_type : 0xff;
2330 key = kzalloc(sizeof(*key), GFP_KERNEL);
2333 list_add_rcu(&key->list, &hdev->link_keys);
2336 BT_DBG("%s key for %pMR type %u", hdev->name, bdaddr, type);
2338 /* Some buggy controller combinations generate a changed
2339 * combination key for legacy pairing even when there's no
2341 if (type == HCI_LK_CHANGED_COMBINATION &&
2342 (!conn || conn->remote_auth == 0xff) && old_key_type == 0xff) {
2343 type = HCI_LK_COMBINATION;
2345 conn->key_type = type;
2348 bacpy(&key->bdaddr, bdaddr);
2349 memcpy(key->val, val, HCI_LINK_KEY_SIZE);
2350 key->pin_len = pin_len;
2352 if (type == HCI_LK_CHANGED_COMBINATION)
2353 key->type = old_key_type;
2358 *persistent = hci_persistent_key(hdev, conn, type,
2364 struct smp_ltk *hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2365 u8 addr_type, u8 type, u8 authenticated,
2366 u8 tk[16], u8 enc_size, __le16 ediv, __le64 rand)
2368 struct smp_ltk *key, *old_key;
2369 u8 role = ltk_role(type);
2371 old_key = hci_find_ltk(hdev, bdaddr, addr_type, role);
2375 key = kzalloc(sizeof(*key), GFP_KERNEL);
2378 list_add_rcu(&key->list, &hdev->long_term_keys);
2381 bacpy(&key->bdaddr, bdaddr);
2382 key->bdaddr_type = addr_type;
2383 memcpy(key->val, tk, sizeof(key->val));
2384 key->authenticated = authenticated;
2387 key->enc_size = enc_size;
2393 struct smp_irk *hci_add_irk(struct hci_dev *hdev, bdaddr_t *bdaddr,
2394 u8 addr_type, u8 val[16], bdaddr_t *rpa)
2396 struct smp_irk *irk;
2398 irk = hci_find_irk_by_addr(hdev, bdaddr, addr_type);
2400 irk = kzalloc(sizeof(*irk), GFP_KERNEL);
2404 bacpy(&irk->bdaddr, bdaddr);
2405 irk->addr_type = addr_type;
2407 list_add_rcu(&irk->list, &hdev->identity_resolving_keys);
2410 memcpy(irk->val, val, 16);
2411 bacpy(&irk->rpa, rpa);
2416 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr)
2418 struct link_key *key;
2420 key = hci_find_link_key(hdev, bdaddr);
2424 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2426 list_del_rcu(&key->list);
2427 kfree_rcu(key, rcu);
2432 int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 bdaddr_type)
2437 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2438 if (bacmp(bdaddr, &k->bdaddr) || k->bdaddr_type != bdaddr_type)
2441 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2443 list_del_rcu(&k->list);
2448 return removed ? 0 : -ENOENT;
2451 void hci_remove_irk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type)
2455 list_for_each_entry_rcu(k, &hdev->identity_resolving_keys, list) {
2456 if (bacmp(bdaddr, &k->bdaddr) || k->addr_type != addr_type)
2459 BT_DBG("%s removing %pMR", hdev->name, bdaddr);
2461 list_del_rcu(&k->list);
2466 bool hci_bdaddr_is_paired(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2469 struct smp_irk *irk;
2472 if (type == BDADDR_BREDR) {
2473 if (hci_find_link_key(hdev, bdaddr))
2478 /* Convert to HCI addr type which struct smp_ltk uses */
2479 if (type == BDADDR_LE_PUBLIC)
2480 addr_type = ADDR_LE_DEV_PUBLIC;
2482 addr_type = ADDR_LE_DEV_RANDOM;
2484 irk = hci_get_irk(hdev, bdaddr, addr_type);
2486 bdaddr = &irk->bdaddr;
2487 addr_type = irk->addr_type;
2491 list_for_each_entry_rcu(k, &hdev->long_term_keys, list) {
2492 if (k->bdaddr_type == addr_type && !bacmp(bdaddr, &k->bdaddr)) {
2502 /* HCI command timer function */
2503 static void hci_cmd_timeout(struct work_struct *work)
2505 struct hci_dev *hdev = container_of(work, struct hci_dev,
2508 if (hdev->sent_cmd) {
2509 struct hci_command_hdr *sent = (void *) hdev->sent_cmd->data;
2510 u16 opcode = __le16_to_cpu(sent->opcode);
2512 BT_ERR("%s command 0x%4.4x tx timeout", hdev->name, opcode);
2514 BT_ERR("%s command tx timeout", hdev->name);
2517 atomic_set(&hdev->cmd_cnt, 1);
2518 queue_work(hdev->workqueue, &hdev->cmd_work);
2521 struct oob_data *hci_find_remote_oob_data(struct hci_dev *hdev,
2522 bdaddr_t *bdaddr, u8 bdaddr_type)
2524 struct oob_data *data;
2526 list_for_each_entry(data, &hdev->remote_oob_data, list) {
2527 if (bacmp(bdaddr, &data->bdaddr) != 0)
2529 if (data->bdaddr_type != bdaddr_type)
2537 int hci_remove_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2540 struct oob_data *data;
2542 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2546 BT_DBG("%s removing %pMR (%u)", hdev->name, bdaddr, bdaddr_type);
2548 list_del(&data->list);
2554 void hci_remote_oob_data_clear(struct hci_dev *hdev)
2556 struct oob_data *data, *n;
2558 list_for_each_entry_safe(data, n, &hdev->remote_oob_data, list) {
2559 list_del(&data->list);
2564 int hci_add_remote_oob_data(struct hci_dev *hdev, bdaddr_t *bdaddr,
2565 u8 bdaddr_type, u8 *hash192, u8 *rand192,
2566 u8 *hash256, u8 *rand256)
2568 struct oob_data *data;
2570 data = hci_find_remote_oob_data(hdev, bdaddr, bdaddr_type);
2572 data = kmalloc(sizeof(*data), GFP_KERNEL);
2576 bacpy(&data->bdaddr, bdaddr);
2577 data->bdaddr_type = bdaddr_type;
2578 list_add(&data->list, &hdev->remote_oob_data);
2581 if (hash192 && rand192) {
2582 memcpy(data->hash192, hash192, sizeof(data->hash192));
2583 memcpy(data->rand192, rand192, sizeof(data->rand192));
2584 if (hash256 && rand256)
2585 data->present = 0x03;
2587 memset(data->hash192, 0, sizeof(data->hash192));
2588 memset(data->rand192, 0, sizeof(data->rand192));
2589 if (hash256 && rand256)
2590 data->present = 0x02;
2592 data->present = 0x00;
2595 if (hash256 && rand256) {
2596 memcpy(data->hash256, hash256, sizeof(data->hash256));
2597 memcpy(data->rand256, rand256, sizeof(data->rand256));
2599 memset(data->hash256, 0, sizeof(data->hash256));
2600 memset(data->rand256, 0, sizeof(data->rand256));
2601 if (hash192 && rand192)
2602 data->present = 0x01;
2605 BT_DBG("%s for %pMR", hdev->name, bdaddr);
2610 /* This function requires the caller holds hdev->lock */
2611 struct adv_info *hci_find_adv_instance(struct hci_dev *hdev, u8 instance)
2613 struct adv_info *adv_instance;
2615 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
2616 if (adv_instance->instance == instance)
2617 return adv_instance;
2623 /* This function requires the caller holds hdev->lock */
2624 struct adv_info *hci_get_next_instance(struct hci_dev *hdev, u8 instance)
2626 struct adv_info *cur_instance;
2628 cur_instance = hci_find_adv_instance(hdev, instance);
2632 if (cur_instance == list_last_entry(&hdev->adv_instances,
2633 struct adv_info, list))
2634 return list_first_entry(&hdev->adv_instances,
2635 struct adv_info, list);
2637 return list_next_entry(cur_instance, list);
2640 /* This function requires the caller holds hdev->lock */
2641 int hci_remove_adv_instance(struct hci_dev *hdev, u8 instance)
2643 struct adv_info *adv_instance;
2645 adv_instance = hci_find_adv_instance(hdev, instance);
2649 BT_DBG("%s removing %dMR", hdev->name, instance);
2651 if (hdev->cur_adv_instance == instance) {
2652 if (hdev->adv_instance_timeout) {
2653 cancel_delayed_work(&hdev->adv_instance_expire);
2654 hdev->adv_instance_timeout = 0;
2656 hdev->cur_adv_instance = 0x00;
2659 list_del(&adv_instance->list);
2660 kfree(adv_instance);
2662 hdev->adv_instance_cnt--;
2667 /* This function requires the caller holds hdev->lock */
2668 void hci_adv_instances_clear(struct hci_dev *hdev)
2670 struct adv_info *adv_instance, *n;
2672 if (hdev->adv_instance_timeout) {
2673 cancel_delayed_work(&hdev->adv_instance_expire);
2674 hdev->adv_instance_timeout = 0;
2677 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
2678 list_del(&adv_instance->list);
2679 kfree(adv_instance);
2682 hdev->adv_instance_cnt = 0;
2683 hdev->cur_adv_instance = 0x00;
2686 /* This function requires the caller holds hdev->lock */
2687 int hci_add_adv_instance(struct hci_dev *hdev, u8 instance, u32 flags,
2688 u16 adv_data_len, u8 *adv_data,
2689 u16 scan_rsp_len, u8 *scan_rsp_data,
2690 u16 timeout, u16 duration)
2692 struct adv_info *adv_instance;
2694 adv_instance = hci_find_adv_instance(hdev, instance);
2696 memset(adv_instance->adv_data, 0,
2697 sizeof(adv_instance->adv_data));
2698 memset(adv_instance->scan_rsp_data, 0,
2699 sizeof(adv_instance->scan_rsp_data));
2701 if (hdev->adv_instance_cnt >= HCI_MAX_ADV_INSTANCES ||
2702 instance < 1 || instance > HCI_MAX_ADV_INSTANCES)
2705 adv_instance = kzalloc(sizeof(*adv_instance), GFP_KERNEL);
2709 adv_instance->pending = true;
2710 adv_instance->instance = instance;
2711 list_add(&adv_instance->list, &hdev->adv_instances);
2712 hdev->adv_instance_cnt++;
2715 adv_instance->flags = flags;
2716 adv_instance->adv_data_len = adv_data_len;
2717 adv_instance->scan_rsp_len = scan_rsp_len;
2720 memcpy(adv_instance->adv_data, adv_data, adv_data_len);
2723 memcpy(adv_instance->scan_rsp_data,
2724 scan_rsp_data, scan_rsp_len);
2726 adv_instance->timeout = timeout;
2727 adv_instance->remaining_time = timeout;
2730 adv_instance->duration = HCI_DEFAULT_ADV_DURATION;
2732 adv_instance->duration = duration;
2734 BT_DBG("%s for %dMR", hdev->name, instance);
2739 struct bdaddr_list *hci_bdaddr_list_lookup(struct list_head *bdaddr_list,
2740 bdaddr_t *bdaddr, u8 type)
2742 struct bdaddr_list *b;
2744 list_for_each_entry(b, bdaddr_list, list) {
2745 if (!bacmp(&b->bdaddr, bdaddr) && b->bdaddr_type == type)
2752 void hci_bdaddr_list_clear(struct list_head *bdaddr_list)
2754 struct bdaddr_list *b, *n;
2756 list_for_each_entry_safe(b, n, bdaddr_list, list) {
2762 int hci_bdaddr_list_add(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2764 struct bdaddr_list *entry;
2766 if (!bacmp(bdaddr, BDADDR_ANY))
2769 if (hci_bdaddr_list_lookup(list, bdaddr, type))
2772 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
2776 bacpy(&entry->bdaddr, bdaddr);
2777 entry->bdaddr_type = type;
2779 list_add(&entry->list, list);
2784 int hci_bdaddr_list_del(struct list_head *list, bdaddr_t *bdaddr, u8 type)
2786 struct bdaddr_list *entry;
2788 if (!bacmp(bdaddr, BDADDR_ANY)) {
2789 hci_bdaddr_list_clear(list);
2793 entry = hci_bdaddr_list_lookup(list, bdaddr, type);
2797 list_del(&entry->list);
2803 /* This function requires the caller holds hdev->lock */
2804 struct hci_conn_params *hci_conn_params_lookup(struct hci_dev *hdev,
2805 bdaddr_t *addr, u8 addr_type)
2807 struct hci_conn_params *params;
2809 list_for_each_entry(params, &hdev->le_conn_params, list) {
2810 if (bacmp(¶ms->addr, addr) == 0 &&
2811 params->addr_type == addr_type) {
2819 /* This function requires the caller holds hdev->lock */
2820 struct hci_conn_params *hci_pend_le_action_lookup(struct list_head *list,
2821 bdaddr_t *addr, u8 addr_type)
2823 struct hci_conn_params *param;
2825 list_for_each_entry(param, list, action) {
2826 if (bacmp(¶m->addr, addr) == 0 &&
2827 param->addr_type == addr_type)
2834 /* This function requires the caller holds hdev->lock */
2835 struct hci_conn_params *hci_conn_params_add(struct hci_dev *hdev,
2836 bdaddr_t *addr, u8 addr_type)
2838 struct hci_conn_params *params;
2840 params = hci_conn_params_lookup(hdev, addr, addr_type);
2844 params = kzalloc(sizeof(*params), GFP_KERNEL);
2846 BT_ERR("Out of memory");
2850 bacpy(¶ms->addr, addr);
2851 params->addr_type = addr_type;
2853 list_add(¶ms->list, &hdev->le_conn_params);
2854 INIT_LIST_HEAD(¶ms->action);
2856 params->conn_min_interval = hdev->le_conn_min_interval;
2857 params->conn_max_interval = hdev->le_conn_max_interval;
2858 params->conn_latency = hdev->le_conn_latency;
2859 params->supervision_timeout = hdev->le_supv_timeout;
2860 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2862 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2867 static void hci_conn_params_free(struct hci_conn_params *params)
2870 hci_conn_drop(params->conn);
2871 hci_conn_put(params->conn);
2874 list_del(¶ms->action);
2875 list_del(¶ms->list);
2879 /* This function requires the caller holds hdev->lock */
2880 void hci_conn_params_del(struct hci_dev *hdev, bdaddr_t *addr, u8 addr_type)
2882 struct hci_conn_params *params;
2884 params = hci_conn_params_lookup(hdev, addr, addr_type);
2888 hci_conn_params_free(params);
2890 hci_update_background_scan(hdev);
2892 BT_DBG("addr %pMR (type %u)", addr, addr_type);
2895 /* This function requires the caller holds hdev->lock */
2896 void hci_conn_params_clear_disabled(struct hci_dev *hdev)
2898 struct hci_conn_params *params, *tmp;
2900 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list) {
2901 if (params->auto_connect != HCI_AUTO_CONN_DISABLED)
2904 /* If trying to estabilish one time connection to disabled
2905 * device, leave the params, but mark them as just once.
2907 if (params->explicit_connect) {
2908 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2912 list_del(¶ms->list);
2916 BT_DBG("All LE disabled connection parameters were removed");
2919 /* This function requires the caller holds hdev->lock */
2920 static void hci_conn_params_clear_all(struct hci_dev *hdev)
2922 struct hci_conn_params *params, *tmp;
2924 list_for_each_entry_safe(params, tmp, &hdev->le_conn_params, list)
2925 hci_conn_params_free(params);
2927 BT_DBG("All LE connection parameters were removed");
2930 /* Copy the Identity Address of the controller.
2932 * If the controller has a public BD_ADDR, then by default use that one.
2933 * If this is a LE only controller without a public address, default to
2934 * the static random address.
2936 * For debugging purposes it is possible to force controllers with a
2937 * public address to use the static random address instead.
2939 * In case BR/EDR has been disabled on a dual-mode controller and
2940 * userspace has configured a static address, then that address
2941 * becomes the identity address instead of the public BR/EDR address.
2943 void hci_copy_identity_address(struct hci_dev *hdev, bdaddr_t *bdaddr,
2946 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
2947 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
2948 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
2949 bacmp(&hdev->static_addr, BDADDR_ANY))) {
2950 bacpy(bdaddr, &hdev->static_addr);
2951 *bdaddr_type = ADDR_LE_DEV_RANDOM;
2953 bacpy(bdaddr, &hdev->bdaddr);
2954 *bdaddr_type = ADDR_LE_DEV_PUBLIC;
2958 /* Alloc HCI device */
2959 struct hci_dev *hci_alloc_dev(void)
2961 struct hci_dev *hdev;
2963 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2967 hdev->pkt_type = (HCI_DM1 | HCI_DH1 | HCI_HV1);
2968 hdev->esco_type = (ESCO_HV1);
2969 hdev->link_mode = (HCI_LM_ACCEPT);
2970 hdev->num_iac = 0x01; /* One IAC support is mandatory */
2971 hdev->io_capability = 0x03; /* No Input No Output */
2972 hdev->manufacturer = 0xffff; /* Default to internal use */
2973 hdev->inq_tx_power = HCI_TX_POWER_INVALID;
2974 hdev->adv_tx_power = HCI_TX_POWER_INVALID;
2975 hdev->adv_instance_cnt = 0;
2976 hdev->cur_adv_instance = 0x00;
2977 hdev->adv_instance_timeout = 0;
2979 hdev->sniff_max_interval = 800;
2980 hdev->sniff_min_interval = 80;
2982 hdev->le_adv_channel_map = 0x07;
2983 hdev->le_adv_min_interval = 0x0800;
2984 hdev->le_adv_max_interval = 0x0800;
2985 hdev->le_scan_interval = 0x0060;
2986 hdev->le_scan_window = 0x0030;
2987 hdev->le_conn_min_interval = 0x0028;
2988 hdev->le_conn_max_interval = 0x0038;
2989 hdev->le_conn_latency = 0x0000;
2990 hdev->le_supv_timeout = 0x002a;
2991 hdev->le_def_tx_len = 0x001b;
2992 hdev->le_def_tx_time = 0x0148;
2993 hdev->le_max_tx_len = 0x001b;
2994 hdev->le_max_tx_time = 0x0148;
2995 hdev->le_max_rx_len = 0x001b;
2996 hdev->le_max_rx_time = 0x0148;
2998 hdev->rpa_timeout = HCI_DEFAULT_RPA_TIMEOUT;
2999 hdev->discov_interleaved_timeout = DISCOV_INTERLEAVED_TIMEOUT;
3000 hdev->conn_info_min_age = DEFAULT_CONN_INFO_MIN_AGE;
3001 hdev->conn_info_max_age = DEFAULT_CONN_INFO_MAX_AGE;
3003 mutex_init(&hdev->lock);
3004 mutex_init(&hdev->req_lock);
3006 INIT_LIST_HEAD(&hdev->mgmt_pending);
3007 INIT_LIST_HEAD(&hdev->blacklist);
3008 INIT_LIST_HEAD(&hdev->whitelist);
3009 INIT_LIST_HEAD(&hdev->uuids);
3010 INIT_LIST_HEAD(&hdev->link_keys);
3011 INIT_LIST_HEAD(&hdev->long_term_keys);
3012 INIT_LIST_HEAD(&hdev->identity_resolving_keys);
3013 INIT_LIST_HEAD(&hdev->remote_oob_data);
3014 INIT_LIST_HEAD(&hdev->le_white_list);
3015 INIT_LIST_HEAD(&hdev->le_conn_params);
3016 INIT_LIST_HEAD(&hdev->pend_le_conns);
3017 INIT_LIST_HEAD(&hdev->pend_le_reports);
3018 INIT_LIST_HEAD(&hdev->conn_hash.list);
3019 INIT_LIST_HEAD(&hdev->adv_instances);
3021 INIT_WORK(&hdev->rx_work, hci_rx_work);
3022 INIT_WORK(&hdev->cmd_work, hci_cmd_work);
3023 INIT_WORK(&hdev->tx_work, hci_tx_work);
3024 INIT_WORK(&hdev->power_on, hci_power_on);
3025 INIT_WORK(&hdev->error_reset, hci_error_reset);
3027 INIT_DELAYED_WORK(&hdev->power_off, hci_power_off);
3029 skb_queue_head_init(&hdev->rx_q);
3030 skb_queue_head_init(&hdev->cmd_q);
3031 skb_queue_head_init(&hdev->raw_q);
3033 init_waitqueue_head(&hdev->req_wait_q);
3035 INIT_DELAYED_WORK(&hdev->cmd_timer, hci_cmd_timeout);
3037 hci_request_setup(hdev);
3039 hci_init_sysfs(hdev);
3040 discovery_init(hdev);
3044 EXPORT_SYMBOL(hci_alloc_dev);
3046 /* Free HCI device */
3047 void hci_free_dev(struct hci_dev *hdev)
3049 /* will free via device release */
3050 put_device(&hdev->dev);
3052 EXPORT_SYMBOL(hci_free_dev);
3054 /* Register HCI device */
3055 int hci_register_dev(struct hci_dev *hdev)
3059 if (!hdev->open || !hdev->close || !hdev->send)
3062 /* Do not allow HCI_AMP devices to register at index 0,
3063 * so the index can be used as the AMP controller ID.
3065 switch (hdev->dev_type) {
3067 id = ida_simple_get(&hci_index_ida, 0, 0, GFP_KERNEL);
3070 id = ida_simple_get(&hci_index_ida, 1, 0, GFP_KERNEL);
3079 sprintf(hdev->name, "hci%d", id);
3082 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3084 hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3085 WQ_MEM_RECLAIM, 1, hdev->name);
3086 if (!hdev->workqueue) {
3091 hdev->req_workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
3092 WQ_MEM_RECLAIM, 1, hdev->name);
3093 if (!hdev->req_workqueue) {
3094 destroy_workqueue(hdev->workqueue);
3099 if (!IS_ERR_OR_NULL(bt_debugfs))
3100 hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);
3102 dev_set_name(&hdev->dev, "%s", hdev->name);
3104 error = device_add(&hdev->dev);
3108 hci_leds_init(hdev);
3110 hdev->rfkill = rfkill_alloc(hdev->name, &hdev->dev,
3111 RFKILL_TYPE_BLUETOOTH, &hci_rfkill_ops,
3114 if (rfkill_register(hdev->rfkill) < 0) {
3115 rfkill_destroy(hdev->rfkill);
3116 hdev->rfkill = NULL;
3120 if (hdev->rfkill && rfkill_blocked(hdev->rfkill))
3121 hci_dev_set_flag(hdev, HCI_RFKILLED);
3123 hci_dev_set_flag(hdev, HCI_SETUP);
3124 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
3126 if (hdev->dev_type == HCI_PRIMARY) {
3127 /* Assume BR/EDR support until proven otherwise (such as
3128 * through reading supported features during init.
3130 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
3133 write_lock(&hci_dev_list_lock);
3134 list_add(&hdev->list, &hci_dev_list);
3135 write_unlock(&hci_dev_list_lock);
3137 /* Devices that are marked for raw-only usage are unconfigured
3138 * and should not be included in normal operation.
3140 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
3141 hci_dev_set_flag(hdev, HCI_UNCONFIGURED);
3143 hci_sock_dev_event(hdev, HCI_DEV_REG);
3146 queue_work(hdev->req_workqueue, &hdev->power_on);
3151 debugfs_remove_recursive(hdev->debugfs);
3152 destroy_workqueue(hdev->workqueue);
3153 destroy_workqueue(hdev->req_workqueue);
3155 ida_simple_remove(&hci_index_ida, hdev->id);
3159 EXPORT_SYMBOL(hci_register_dev);
3161 /* Unregister HCI device */
3162 void hci_unregister_dev(struct hci_dev *hdev)
3164 BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
3166 hci_dev_set_flag(hdev, HCI_UNREGISTER);
3168 write_lock(&hci_dev_list_lock);
3169 list_del(&hdev->list);
3170 write_unlock(&hci_dev_list_lock);
3172 cancel_work_sync(&hdev->power_on);
3174 hci_dev_do_close(hdev);
3176 if (!test_bit(HCI_INIT, &hdev->flags) &&
3177 !hci_dev_test_flag(hdev, HCI_SETUP) &&
3178 !hci_dev_test_flag(hdev, HCI_CONFIG)) {
3180 mgmt_index_removed(hdev);
3181 hci_dev_unlock(hdev);
3184 /* mgmt_index_removed should take care of emptying the
3186 BUG_ON(!list_empty(&hdev->mgmt_pending));
3188 hci_sock_dev_event(hdev, HCI_DEV_UNREG);
3191 rfkill_unregister(hdev->rfkill);
3192 rfkill_destroy(hdev->rfkill);
3195 device_del(&hdev->dev);
3196 /* Actual cleanup is deferred until hci_cleanup_dev(). */
3199 EXPORT_SYMBOL(hci_unregister_dev);
3201 /* Cleanup HCI device */
3202 void hci_cleanup_dev(struct hci_dev *hdev)
3204 debugfs_remove_recursive(hdev->debugfs);
3205 kfree_const(hdev->hw_info);
3206 kfree_const(hdev->fw_info);
3208 destroy_workqueue(hdev->workqueue);
3209 destroy_workqueue(hdev->req_workqueue);
3212 hci_bdaddr_list_clear(&hdev->blacklist);
3213 hci_bdaddr_list_clear(&hdev->whitelist);
3214 hci_uuids_clear(hdev);
3215 hci_link_keys_clear(hdev);
3216 hci_smp_ltks_clear(hdev);
3217 hci_smp_irks_clear(hdev);
3218 hci_remote_oob_data_clear(hdev);
3219 hci_adv_instances_clear(hdev);
3220 hci_bdaddr_list_clear(&hdev->le_white_list);
3221 hci_conn_params_clear_all(hdev);
3222 hci_discovery_filter_clear(hdev);
3223 hci_dev_unlock(hdev);
3225 ida_simple_remove(&hci_index_ida, hdev->id);
3228 /* Suspend HCI device */
3229 int hci_suspend_dev(struct hci_dev *hdev)
3231 hci_sock_dev_event(hdev, HCI_DEV_SUSPEND);
3234 EXPORT_SYMBOL(hci_suspend_dev);
3236 /* Resume HCI device */
3237 int hci_resume_dev(struct hci_dev *hdev)
3239 hci_sock_dev_event(hdev, HCI_DEV_RESUME);
3242 EXPORT_SYMBOL(hci_resume_dev);
3244 /* Reset HCI device */
3245 int hci_reset_dev(struct hci_dev *hdev)
3247 const u8 hw_err[] = { HCI_EV_HARDWARE_ERROR, 0x01, 0x00 };
3248 struct sk_buff *skb;
3250 skb = bt_skb_alloc(3, GFP_ATOMIC);
3254 hci_skb_pkt_type(skb) = HCI_EVENT_PKT;
3255 memcpy(skb_put(skb, 3), hw_err, 3);
3257 /* Send Hardware Error to upper stack */
3258 return hci_recv_frame(hdev, skb);
3260 EXPORT_SYMBOL(hci_reset_dev);
3262 /* Receive frame from HCI drivers */
3263 int hci_recv_frame(struct hci_dev *hdev, struct sk_buff *skb)
3265 if (!hdev || (!test_bit(HCI_UP, &hdev->flags)
3266 && !test_bit(HCI_INIT, &hdev->flags))) {
3271 if (hci_skb_pkt_type(skb) != HCI_EVENT_PKT &&
3272 hci_skb_pkt_type(skb) != HCI_ACLDATA_PKT &&
3273 hci_skb_pkt_type(skb) != HCI_SCODATA_PKT) {
3279 bt_cb(skb)->incoming = 1;
3282 __net_timestamp(skb);
3284 skb_queue_tail(&hdev->rx_q, skb);
3285 queue_work(hdev->workqueue, &hdev->rx_work);
3289 EXPORT_SYMBOL(hci_recv_frame);
3291 /* Receive diagnostic message from HCI drivers */
3292 int hci_recv_diag(struct hci_dev *hdev, struct sk_buff *skb)
3294 /* Mark as diagnostic packet */
3295 hci_skb_pkt_type(skb) = HCI_DIAG_PKT;
3298 __net_timestamp(skb);
3300 skb_queue_tail(&hdev->rx_q, skb);
3301 queue_work(hdev->workqueue, &hdev->rx_work);
3305 EXPORT_SYMBOL(hci_recv_diag);
3307 void hci_set_hw_info(struct hci_dev *hdev, const char *fmt, ...)
3311 va_start(vargs, fmt);
3312 kfree_const(hdev->hw_info);
3313 hdev->hw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3316 EXPORT_SYMBOL(hci_set_hw_info);
3318 void hci_set_fw_info(struct hci_dev *hdev, const char *fmt, ...)
3322 va_start(vargs, fmt);
3323 kfree_const(hdev->fw_info);
3324 hdev->fw_info = kvasprintf_const(GFP_KERNEL, fmt, vargs);
3327 EXPORT_SYMBOL(hci_set_fw_info);
3329 /* ---- Interface to upper protocols ---- */
3331 int hci_register_cb(struct hci_cb *cb)
3333 BT_DBG("%p name %s", cb, cb->name);
3335 mutex_lock(&hci_cb_list_lock);
3336 list_add_tail(&cb->list, &hci_cb_list);
3337 mutex_unlock(&hci_cb_list_lock);
3341 EXPORT_SYMBOL(hci_register_cb);
3343 int hci_unregister_cb(struct hci_cb *cb)
3345 BT_DBG("%p name %s", cb, cb->name);
3347 mutex_lock(&hci_cb_list_lock);
3348 list_del(&cb->list);
3349 mutex_unlock(&hci_cb_list_lock);
3353 EXPORT_SYMBOL(hci_unregister_cb);
3355 static void hci_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
3359 BT_DBG("%s type %d len %d", hdev->name, hci_skb_pkt_type(skb),
3363 __net_timestamp(skb);
3365 /* Send copy to monitor */
3366 hci_send_to_monitor(hdev, skb);
3368 if (atomic_read(&hdev->promisc)) {
3369 /* Send copy to the sockets */
3370 hci_send_to_sock(hdev, skb);
3373 /* Get rid of skb owner, prior to sending to the driver. */
3376 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
3381 err = hdev->send(hdev, skb);
3383 BT_ERR("%s sending frame failed (%d)", hdev->name, err);
3388 /* Send HCI command */
3389 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen,
3392 struct sk_buff *skb;
3394 BT_DBG("%s opcode 0x%4.4x plen %d", hdev->name, opcode, plen);
3396 skb = hci_prepare_cmd(hdev, opcode, plen, param);
3398 BT_ERR("%s no memory for command", hdev->name);
3402 /* Stand-alone HCI commands must be flagged as
3403 * single-command requests.
3405 bt_cb(skb)->hci.req_flags |= HCI_REQ_START;
3407 skb_queue_tail(&hdev->cmd_q, skb);
3408 queue_work(hdev->workqueue, &hdev->cmd_work);
3413 /* Get data from the previously sent command */
3414 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
3416 struct hci_command_hdr *hdr;
3418 if (!hdev->sent_cmd)
3421 hdr = (void *) hdev->sent_cmd->data;
3423 if (hdr->opcode != cpu_to_le16(opcode))
3426 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
3428 return hdev->sent_cmd->data + HCI_COMMAND_HDR_SIZE;
3431 /* Send HCI command and wait for command commplete event */
3432 struct sk_buff *hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
3433 const void *param, u32 timeout)
3435 struct sk_buff *skb;
3437 if (!test_bit(HCI_UP, &hdev->flags))
3438 return ERR_PTR(-ENETDOWN);
3440 bt_dev_dbg(hdev, "opcode 0x%4.4x plen %d", opcode, plen);
3442 hci_req_sync_lock(hdev);
3443 skb = __hci_cmd_sync(hdev, opcode, plen, param, timeout);
3444 hci_req_sync_unlock(hdev);
3448 EXPORT_SYMBOL(hci_cmd_sync);
3451 static void hci_add_acl_hdr(struct sk_buff *skb, __u16 handle, __u16 flags)
3453 struct hci_acl_hdr *hdr;
3456 skb_push(skb, HCI_ACL_HDR_SIZE);
3457 skb_reset_transport_header(skb);
3458 hdr = (struct hci_acl_hdr *)skb_transport_header(skb);
3459 hdr->handle = cpu_to_le16(hci_handle_pack(handle, flags));
3460 hdr->dlen = cpu_to_le16(len);
3463 static void hci_queue_acl(struct hci_chan *chan, struct sk_buff_head *queue,
3464 struct sk_buff *skb, __u16 flags)
3466 struct hci_conn *conn = chan->conn;
3467 struct hci_dev *hdev = conn->hdev;
3468 struct sk_buff *list;
3470 skb->len = skb_headlen(skb);
3473 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
3475 switch (hdev->dev_type) {
3477 hci_add_acl_hdr(skb, conn->handle, flags);
3480 hci_add_acl_hdr(skb, chan->handle, flags);
3483 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
3487 list = skb_shinfo(skb)->frag_list;
3489 /* Non fragmented */
3490 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
3492 skb_queue_tail(queue, skb);
3495 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3497 skb_shinfo(skb)->frag_list = NULL;
3499 /* Queue all fragments atomically. We need to use spin_lock_bh
3500 * here because of 6LoWPAN links, as there this function is
3501 * called from softirq and using normal spin lock could cause
3504 spin_lock_bh(&queue->lock);
3506 __skb_queue_tail(queue, skb);
3508 flags &= ~ACL_START;
3511 skb = list; list = list->next;
3513 hci_skb_pkt_type(skb) = HCI_ACLDATA_PKT;
3514 hci_add_acl_hdr(skb, conn->handle, flags);
3516 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
3518 __skb_queue_tail(queue, skb);
3521 spin_unlock_bh(&queue->lock);
3525 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags)
3527 struct hci_dev *hdev = chan->conn->hdev;
3529 BT_DBG("%s chan %p flags 0x%4.4x", hdev->name, chan, flags);
3531 hci_queue_acl(chan, &chan->data_q, skb, flags);
3533 queue_work(hdev->workqueue, &hdev->tx_work);
3537 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
3539 struct hci_dev *hdev = conn->hdev;
3540 struct hci_sco_hdr hdr;
3542 BT_DBG("%s len %d", hdev->name, skb->len);
3544 hdr.handle = cpu_to_le16(conn->handle);
3545 hdr.dlen = skb->len;
3547 skb_push(skb, HCI_SCO_HDR_SIZE);
3548 skb_reset_transport_header(skb);
3549 memcpy(skb_transport_header(skb), &hdr, HCI_SCO_HDR_SIZE);
3551 hci_skb_pkt_type(skb) = HCI_SCODATA_PKT;
3553 skb_queue_tail(&conn->data_q, skb);
3554 queue_work(hdev->workqueue, &hdev->tx_work);
3557 /* ---- HCI TX task (outgoing data) ---- */
3559 /* HCI Connection scheduler */
3560 static struct hci_conn *hci_low_sent(struct hci_dev *hdev, __u8 type,
3563 struct hci_conn_hash *h = &hdev->conn_hash;
3564 struct hci_conn *conn = NULL, *c;
3565 unsigned int num = 0, min = ~0;
3567 /* We don't have to lock device here. Connections are always
3568 * added and removed with TX task disabled. */
3572 list_for_each_entry_rcu(c, &h->list, list) {
3573 if (c->type != type || skb_queue_empty(&c->data_q))
3576 if (c->state != BT_CONNECTED && c->state != BT_CONFIG)
3581 if (c->sent < min) {
3586 if (hci_conn_num(hdev, type) == num)
3595 switch (conn->type) {
3597 cnt = hdev->acl_cnt;
3601 cnt = hdev->sco_cnt;
3604 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3608 BT_ERR("Unknown link type");
3616 BT_DBG("conn %p quote %d", conn, *quote);
3620 static void hci_link_tx_to(struct hci_dev *hdev, __u8 type)
3622 struct hci_conn_hash *h = &hdev->conn_hash;
3625 BT_ERR("%s link tx timeout", hdev->name);
3629 /* Kill stalled connections */
3630 list_for_each_entry_rcu(c, &h->list, list) {
3631 if (c->type == type && c->sent) {
3632 BT_ERR("%s killing stalled connection %pMR",
3633 hdev->name, &c->dst);
3634 hci_disconnect(c, HCI_ERROR_REMOTE_USER_TERM);
3641 static struct hci_chan *hci_chan_sent(struct hci_dev *hdev, __u8 type,
3644 struct hci_conn_hash *h = &hdev->conn_hash;
3645 struct hci_chan *chan = NULL;
3646 unsigned int num = 0, min = ~0, cur_prio = 0;
3647 struct hci_conn *conn;
3648 int cnt, q, conn_num = 0;
3650 BT_DBG("%s", hdev->name);
3654 list_for_each_entry_rcu(conn, &h->list, list) {
3655 struct hci_chan *tmp;
3657 if (conn->type != type)
3660 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3665 list_for_each_entry_rcu(tmp, &conn->chan_list, list) {
3666 struct sk_buff *skb;
3668 if (skb_queue_empty(&tmp->data_q))
3671 skb = skb_peek(&tmp->data_q);
3672 if (skb->priority < cur_prio)
3675 if (skb->priority > cur_prio) {
3678 cur_prio = skb->priority;
3683 if (conn->sent < min) {
3689 if (hci_conn_num(hdev, type) == conn_num)
3698 switch (chan->conn->type) {
3700 cnt = hdev->acl_cnt;
3703 cnt = hdev->block_cnt;
3707 cnt = hdev->sco_cnt;
3710 cnt = hdev->le_mtu ? hdev->le_cnt : hdev->acl_cnt;
3714 BT_ERR("Unknown link type");
3719 BT_DBG("chan %p quote %d", chan, *quote);
3723 static void hci_prio_recalculate(struct hci_dev *hdev, __u8 type)
3725 struct hci_conn_hash *h = &hdev->conn_hash;
3726 struct hci_conn *conn;
3729 BT_DBG("%s", hdev->name);
3733 list_for_each_entry_rcu(conn, &h->list, list) {
3734 struct hci_chan *chan;
3736 if (conn->type != type)
3739 if (conn->state != BT_CONNECTED && conn->state != BT_CONFIG)
3744 list_for_each_entry_rcu(chan, &conn->chan_list, list) {
3745 struct sk_buff *skb;
3752 if (skb_queue_empty(&chan->data_q))
3755 skb = skb_peek(&chan->data_q);
3756 if (skb->priority >= HCI_PRIO_MAX - 1)
3759 skb->priority = HCI_PRIO_MAX - 1;
3761 BT_DBG("chan %p skb %p promoted to %d", chan, skb,
3765 if (hci_conn_num(hdev, type) == num)
3773 static inline int __get_blocks(struct hci_dev *hdev, struct sk_buff *skb)
3775 /* Calculate count of blocks used by this packet */
3776 return DIV_ROUND_UP(skb->len - HCI_ACL_HDR_SIZE, hdev->block_len);
3779 static void __check_timeout(struct hci_dev *hdev, unsigned int cnt)
3781 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
3782 /* ACL tx timeout must be longer than maximum
3783 * link supervision timeout (40.9 seconds) */
3784 if (!cnt && time_after(jiffies, hdev->acl_last_tx +
3785 HCI_ACL_TX_TIMEOUT))
3786 hci_link_tx_to(hdev, ACL_LINK);
3790 static void hci_sched_acl_pkt(struct hci_dev *hdev)
3792 unsigned int cnt = hdev->acl_cnt;
3793 struct hci_chan *chan;
3794 struct sk_buff *skb;
3797 __check_timeout(hdev, cnt);
3799 while (hdev->acl_cnt &&
3800 (chan = hci_chan_sent(hdev, ACL_LINK, "e))) {
3801 u32 priority = (skb_peek(&chan->data_q))->priority;
3802 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3803 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3804 skb->len, skb->priority);
3806 /* Stop if priority has changed */
3807 if (skb->priority < priority)
3810 skb = skb_dequeue(&chan->data_q);
3812 hci_conn_enter_active_mode(chan->conn,
3813 bt_cb(skb)->force_active);
3815 hci_send_frame(hdev, skb);
3816 hdev->acl_last_tx = jiffies;
3824 if (cnt != hdev->acl_cnt)
3825 hci_prio_recalculate(hdev, ACL_LINK);
3828 static void hci_sched_acl_blk(struct hci_dev *hdev)
3830 unsigned int cnt = hdev->block_cnt;
3831 struct hci_chan *chan;
3832 struct sk_buff *skb;
3836 __check_timeout(hdev, cnt);
3838 BT_DBG("%s", hdev->name);
3840 if (hdev->dev_type == HCI_AMP)
3845 while (hdev->block_cnt > 0 &&
3846 (chan = hci_chan_sent(hdev, type, "e))) {
3847 u32 priority = (skb_peek(&chan->data_q))->priority;
3848 while (quote > 0 && (skb = skb_peek(&chan->data_q))) {
3851 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3852 skb->len, skb->priority);
3854 /* Stop if priority has changed */
3855 if (skb->priority < priority)
3858 skb = skb_dequeue(&chan->data_q);
3860 blocks = __get_blocks(hdev, skb);
3861 if (blocks > hdev->block_cnt)
3864 hci_conn_enter_active_mode(chan->conn,
3865 bt_cb(skb)->force_active);
3867 hci_send_frame(hdev, skb);
3868 hdev->acl_last_tx = jiffies;
3870 hdev->block_cnt -= blocks;
3873 chan->sent += blocks;
3874 chan->conn->sent += blocks;
3878 if (cnt != hdev->block_cnt)
3879 hci_prio_recalculate(hdev, type);
3882 static void hci_sched_acl(struct hci_dev *hdev)
3884 BT_DBG("%s", hdev->name);
3886 /* No ACL link over BR/EDR controller */
3887 if (!hci_conn_num(hdev, ACL_LINK) && hdev->dev_type == HCI_PRIMARY)
3890 /* No AMP link over AMP controller */
3891 if (!hci_conn_num(hdev, AMP_LINK) && hdev->dev_type == HCI_AMP)
3894 switch (hdev->flow_ctl_mode) {
3895 case HCI_FLOW_CTL_MODE_PACKET_BASED:
3896 hci_sched_acl_pkt(hdev);
3899 case HCI_FLOW_CTL_MODE_BLOCK_BASED:
3900 hci_sched_acl_blk(hdev);
3906 static void hci_sched_sco(struct hci_dev *hdev)
3908 struct hci_conn *conn;
3909 struct sk_buff *skb;
3912 BT_DBG("%s", hdev->name);
3914 if (!hci_conn_num(hdev, SCO_LINK))
3917 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, SCO_LINK, "e))) {
3918 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3919 BT_DBG("skb %p len %d", skb, skb->len);
3920 hci_send_frame(hdev, skb);
3923 if (conn->sent == ~0)
3929 static void hci_sched_esco(struct hci_dev *hdev)
3931 struct hci_conn *conn;
3932 struct sk_buff *skb;
3935 BT_DBG("%s", hdev->name);
3937 if (!hci_conn_num(hdev, ESCO_LINK))
3940 while (hdev->sco_cnt && (conn = hci_low_sent(hdev, ESCO_LINK,
3942 while (quote-- && (skb = skb_dequeue(&conn->data_q))) {
3943 BT_DBG("skb %p len %d", skb, skb->len);
3944 hci_send_frame(hdev, skb);
3947 if (conn->sent == ~0)
3953 static void hci_sched_le(struct hci_dev *hdev)
3955 struct hci_chan *chan;
3956 struct sk_buff *skb;
3957 int quote, cnt, tmp;
3959 BT_DBG("%s", hdev->name);
3961 if (!hci_conn_num(hdev, LE_LINK))
3964 if (!hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
3965 /* LE tx timeout must be longer than maximum
3966 * link supervision timeout (40.9 seconds) */
3967 if (!hdev->le_cnt && hdev->le_pkts &&
3968 time_after(jiffies, hdev->le_last_tx + HZ * 45))
3969 hci_link_tx_to(hdev, LE_LINK);
3972 cnt = hdev->le_pkts ? hdev->le_cnt : hdev->acl_cnt;
3974 while (cnt && (chan = hci_chan_sent(hdev, LE_LINK, "e))) {
3975 u32 priority = (skb_peek(&chan->data_q))->priority;
3976 while (quote-- && (skb = skb_peek(&chan->data_q))) {
3977 BT_DBG("chan %p skb %p len %d priority %u", chan, skb,
3978 skb->len, skb->priority);
3980 /* Stop if priority has changed */
3981 if (skb->priority < priority)
3984 skb = skb_dequeue(&chan->data_q);
3986 hci_send_frame(hdev, skb);
3987 hdev->le_last_tx = jiffies;
3998 hdev->acl_cnt = cnt;
4001 hci_prio_recalculate(hdev, LE_LINK);
4004 static void hci_tx_work(struct work_struct *work)
4006 struct hci_dev *hdev = container_of(work, struct hci_dev, tx_work);
4007 struct sk_buff *skb;
4009 BT_DBG("%s acl %d sco %d le %d", hdev->name, hdev->acl_cnt,
4010 hdev->sco_cnt, hdev->le_cnt);
4012 if (!hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
4013 /* Schedule queues and send stuff to HCI driver */
4014 hci_sched_acl(hdev);
4015 hci_sched_sco(hdev);
4016 hci_sched_esco(hdev);
4020 /* Send next queued raw (unknown type) packet */
4021 while ((skb = skb_dequeue(&hdev->raw_q)))
4022 hci_send_frame(hdev, skb);
4025 /* ----- HCI RX task (incoming data processing) ----- */
4027 /* ACL data packet */
4028 static void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4030 struct hci_acl_hdr *hdr = (void *) skb->data;
4031 struct hci_conn *conn;
4032 __u16 handle, flags;
4034 skb_pull(skb, HCI_ACL_HDR_SIZE);
4036 handle = __le16_to_cpu(hdr->handle);
4037 flags = hci_flags(handle);
4038 handle = hci_handle(handle);
4040 BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
4043 hdev->stat.acl_rx++;
4046 conn = hci_conn_hash_lookup_handle(hdev, handle);
4047 hci_dev_unlock(hdev);
4050 hci_conn_enter_active_mode(conn, BT_POWER_FORCE_ACTIVE_OFF);
4052 /* Send to upper protocol */
4053 l2cap_recv_acldata(conn, skb, flags);
4056 BT_ERR("%s ACL packet for unknown connection handle %d",
4057 hdev->name, handle);
4063 /* SCO data packet */
4064 static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
4066 struct hci_sco_hdr *hdr = (void *) skb->data;
4067 struct hci_conn *conn;
4070 skb_pull(skb, HCI_SCO_HDR_SIZE);
4072 handle = __le16_to_cpu(hdr->handle);
4074 BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
4076 hdev->stat.sco_rx++;
4079 conn = hci_conn_hash_lookup_handle(hdev, handle);
4080 hci_dev_unlock(hdev);
4083 /* Send to upper protocol */
4084 sco_recv_scodata(conn, skb);
4087 BT_ERR("%s SCO packet for unknown connection handle %d",
4088 hdev->name, handle);
4094 static bool hci_req_is_complete(struct hci_dev *hdev)
4096 struct sk_buff *skb;
4098 skb = skb_peek(&hdev->cmd_q);
4102 return (bt_cb(skb)->hci.req_flags & HCI_REQ_START);
4105 static void hci_resend_last(struct hci_dev *hdev)
4107 struct hci_command_hdr *sent;
4108 struct sk_buff *skb;
4111 if (!hdev->sent_cmd)
4114 sent = (void *) hdev->sent_cmd->data;
4115 opcode = __le16_to_cpu(sent->opcode);
4116 if (opcode == HCI_OP_RESET)
4119 skb = skb_clone(hdev->sent_cmd, GFP_KERNEL);
4123 skb_queue_head(&hdev->cmd_q, skb);
4124 queue_work(hdev->workqueue, &hdev->cmd_work);
4127 void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
4128 hci_req_complete_t *req_complete,
4129 hci_req_complete_skb_t *req_complete_skb)
4131 struct sk_buff *skb;
4132 unsigned long flags;
4134 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
4136 /* If the completed command doesn't match the last one that was
4137 * sent we need to do special handling of it.
4139 if (!hci_sent_cmd_data(hdev, opcode)) {
4140 /* Some CSR based controllers generate a spontaneous
4141 * reset complete event during init and any pending
4142 * command will never be completed. In such a case we
4143 * need to resend whatever was the last sent
4146 if (test_bit(HCI_INIT, &hdev->flags) && opcode == HCI_OP_RESET)
4147 hci_resend_last(hdev);
4152 /* If the command succeeded and there's still more commands in
4153 * this request the request is not yet complete.
4155 if (!status && !hci_req_is_complete(hdev))
4158 /* If this was the last command in a request the complete
4159 * callback would be found in hdev->sent_cmd instead of the
4160 * command queue (hdev->cmd_q).
4162 if (bt_cb(hdev->sent_cmd)->hci.req_flags & HCI_REQ_SKB) {
4163 *req_complete_skb = bt_cb(hdev->sent_cmd)->hci.req_complete_skb;
4167 if (bt_cb(hdev->sent_cmd)->hci.req_complete) {
4168 *req_complete = bt_cb(hdev->sent_cmd)->hci.req_complete;
4172 /* Remove all pending commands belonging to this request */
4173 spin_lock_irqsave(&hdev->cmd_q.lock, flags);
4174 while ((skb = __skb_dequeue(&hdev->cmd_q))) {
4175 if (bt_cb(skb)->hci.req_flags & HCI_REQ_START) {
4176 __skb_queue_head(&hdev->cmd_q, skb);
4180 if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
4181 *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
4183 *req_complete = bt_cb(skb)->hci.req_complete;
4186 spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
4189 static void hci_rx_work(struct work_struct *work)
4191 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
4192 struct sk_buff *skb;
4194 BT_DBG("%s", hdev->name);
4196 while ((skb = skb_dequeue(&hdev->rx_q))) {
4197 /* Send copy to monitor */
4198 hci_send_to_monitor(hdev, skb);
4200 if (atomic_read(&hdev->promisc)) {
4201 /* Send copy to the sockets */
4202 hci_send_to_sock(hdev, skb);
4205 /* If the device has been opened in HCI_USER_CHANNEL,
4206 * the userspace has exclusive access to device.
4207 * When device is HCI_INIT, we still need to process
4208 * the data packets to the driver in order
4209 * to complete its setup().
4211 if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
4212 !test_bit(HCI_INIT, &hdev->flags)) {
4217 if (test_bit(HCI_INIT, &hdev->flags)) {
4218 /* Don't process data packets in this states. */
4219 switch (hci_skb_pkt_type(skb)) {
4220 case HCI_ACLDATA_PKT:
4221 case HCI_SCODATA_PKT:
4228 switch (hci_skb_pkt_type(skb)) {
4230 BT_DBG("%s Event packet", hdev->name);
4231 hci_event_packet(hdev, skb);
4234 case HCI_ACLDATA_PKT:
4235 BT_DBG("%s ACL data packet", hdev->name);
4236 hci_acldata_packet(hdev, skb);
4239 case HCI_SCODATA_PKT:
4240 BT_DBG("%s SCO data packet", hdev->name);
4241 hci_scodata_packet(hdev, skb);
4251 static void hci_cmd_work(struct work_struct *work)
4253 struct hci_dev *hdev = container_of(work, struct hci_dev, cmd_work);
4254 struct sk_buff *skb;
4256 BT_DBG("%s cmd_cnt %d cmd queued %d", hdev->name,
4257 atomic_read(&hdev->cmd_cnt), skb_queue_len(&hdev->cmd_q));
4259 /* Send queued commands */
4260 if (atomic_read(&hdev->cmd_cnt)) {
4261 skb = skb_dequeue(&hdev->cmd_q);
4265 kfree_skb(hdev->sent_cmd);
4267 hdev->sent_cmd = skb_clone(skb, GFP_KERNEL);
4268 if (hdev->sent_cmd) {
4269 atomic_dec(&hdev->cmd_cnt);
4270 hci_send_frame(hdev, skb);
4271 if (test_bit(HCI_RESET, &hdev->flags))
4272 cancel_delayed_work(&hdev->cmd_timer);
4274 schedule_delayed_work(&hdev->cmd_timer,
4277 skb_queue_head(&hdev->cmd_q, skb);
4278 queue_work(hdev->workqueue, &hdev->cmd_work);
projects / releases.git / blob